Skip to content

Commit 591f9d2

Browse files
rubixvirubixvi
authored
fix(deps): bump undici to 7.18.2 to mitigate chained decompression (#15221)
Addresses a vulnerability in undici fetch decompression handling where unbounded Content-Encoding chains could cause excessive CPU and memory usage. CVE-2026-22036
1 parent 49c9fa9 commit 591f9d2

File tree

2 files changed

+27
-57
lines changed

2 files changed

+27
-57
lines changed

packages/payload/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@
128128
"scmp": "2.1.0",
129129
"ts-essentials": "10.0.3",
130130
"tsx": "4.20.3",
131-
"undici": "7.10.0",
131+
"undici": "7.18.2",
132132
"uuid": "10.0.0",
133133
"ws": "^8.16.0"
134134
},

pnpm-lock.yaml

Lines changed: 26 additions & 56 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)