Skip to content

Fix security alerts: npm overrides, webpack-dev-server, and regex fix#50

Closed
wardnn wants to merge 1 commit intoltvco:mainfrom
wardnn:fix/security-updates
Closed

Fix security alerts: npm overrides, webpack-dev-server, and regex fix#50
wardnn wants to merge 1 commit intoltvco:mainfrom
wardnn:fix/security-updates

Conversation

@wardnn
Copy link

@wardnn wardnn commented Feb 20, 2026

Summary

  • Added npm overrides for lodash (>=4.17.23), qs (>=6.14.2), node-forge (>=1.3.2), and on-headers (>=1.1.0) to resolve Dependabot alerts
  • Bumped webpack-dev-server to ^5.2.1
  • Fixed overly permissive regex in src/rules.ts noSpecialCharacters rule that used a character range ($-/ and :-?) instead of explicit characters, which could allow unintended matches

Test plan

  • Verify npm install completes without errors
  • Run existing test suite to ensure the regex fix doesn't break validation
  • Verify Dependabot and code scanning alerts are resolved

@wardnn
Fix security vulnerabilities in dependencies and code
8d77afe 
- Add npm overrides for lodash, qs, node-forge, on-headers
- Bump webpack-dev-server to ^5.2.1
- Fix overly permissive regex range in noSpecialCharacters rule
  (js/overly-large-range code scanning alert)
@wardnn wardnn closed this by deleting the head repository Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Brian06 Brian06 Awaiting requested review from Brian06 Brian06 is a code owner

@KennethCalvo KennethCalvo Awaiting requested review from KennethCalvo KennethCalvo is a code owner

@alsoto25 alsoto25 Awaiting requested review from alsoto25 alsoto25 is a code owner

@eric-bv eric-bv Awaiting requested review from eric-bv eric-bv is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wardnn