Skip to content

fix(deps): bump elysia to ~1.4.28 to fix ReDoS (CVE-2026-30837)#838

Merged
antonreshetov merged 2 commits into
mainfrom
fix/elysia-redos-688
Jun 16, 2026
Merged

fix(deps): bump elysia to ~1.4.28 to fix ReDoS (CVE-2026-30837)#838
antonreshetov merged 2 commits into
mainfrom
fix/elysia-redos-688

Conversation

@antonreshetov

Copy link
Copy Markdown
Member

closes #688

Bumps elysia from 1.4.16 to ~1.4.28 to fix the URL-format ReDoS vulnerability (CVE-2026-30837), patched upstream in 1.4.26. No breaking changes across the 1.4.x range — all releases are bug/security fixes. Pinned with tilde to prevent accidental jumps to a future 1.5/2.0 minor.

Also adds a build:mac:local script for local builds without notarization (-c.mac.notarize=false), leaving the production electron-builder config untouched.

@antonreshetov antonreshetov self-assigned this Jun 16, 2026
@antonreshetov antonreshetov merged commit 9a32aeb into main Jun 16, 2026
@antonreshetov antonreshetov deleted the fix/elysia-redos-688 branch June 16, 2026 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Vulnerability in massCode project

1 participant