fix(security): add dompurify override >=3.3.2 — XSS bypass fix#2638
fix(security): add dompurify override >=3.3.2 — XSS bypass fix#2638amikofalvy merged 7 commits intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
|
TL;DR — Pins all transitive Key changesSummary | 2 files | 1 commit | base:
The override mechanism forces the pnpm resolver to pick
|
There was a problem hiding this comment.
Root override is correct — both old dompurify versions (3.2.7, 3.3.1) are fully replaced with 3.3.2, lockfile is clean, and Node compatibility is fine (repo requires >=22.18.0, [email protected] requires >=20). One gap: create-agents-template/ has its own overrides and lockfile that still resolve the vulnerable version.
| "@hono/node-server": ">=1.19.10", | ||
| "@workflow/core": ">=4.2.0-beta.64" | ||
| "@workflow/core": ">=4.2.0-beta.64", | ||
| "dompurify": ">=3.3.2" |
There was a problem hiding this comment.
The root override is correct, but create-agents-template/package.json has its own pnpm.overrides (line ~53) and its own pnpm-lock.yaml — root overrides don't propagate into standalone lockfiles. [email protected] in that template still resolves to the vulnerable [email protected]. Add "dompurify": ">=3.3.2" to create-agents-template/package.json's overrides as well and regenerate its lockfile.
There was a problem hiding this comment.
PR Review Summary
(2) Total Issues | Risk: Medium
🟠⚠️ Major (1) 🟠⚠️
🟠 1) create-agents-template/package.json Missing dompurify override in self-hosted template
files:
create-agents-template/package.jsoncreate-agents-template/pnpm-lock.yaml
Issue: The root package.json adds the dompurify >= 3.3.2 override to fix CVE-2026-0540, but create-agents-template/package.json has its own pnpm.overrides section that is not updated. The template's lockfile still shows monaco-editor depending on [email protected] (line 22422), which is the vulnerable version.
Why: Self-hosted customers who scaffold new projects using @inkeep/create-agents will deploy with the vulnerable dompurify version. This contradicts the security intent of the PR. Previous security fixes in this branch (e.g., @modelcontextprotocol/sdk in fa64456, @hono/node-server in 02bcd0e) correctly updated both the root AND the template.
Fix: Add "dompurify": ">=3.3.2" to create-agents-template/package.json under pnpm.overrides:
"pnpm": {
"overrides": {
"@modelcontextprotocol/sdk": ">=1.26.0",
"@hono/node-server": ">=1.19.10",
"dompurify": ">=3.3.2"
}
}Then run pnpm install in that directory to regenerate the lockfile. Verify that [email protected] is replaced by [email protected].
Refs:
- create-agents-template/package.json:52-56 — existing pnpm.overrides section
- create-agents-template/pnpm-lock.yaml (vulnerable version) — monaco-editor still using [email protected]
🟡 Minor (1) 🟡
🟡 1) .changeset/* Consider adding changeset for security fix visibility
Issue: This PR fixes a security vulnerability but does not include a changeset. The prior security fixes in this branch (b9b1a75, 980fab5, fa64456, 02bcd0e) included changesets.
Why: Security fixes should be documented in release notes so downstream consumers of @inkeep/agents-manage-ui (which uses monaco-editor → dompurify) know to upgrade.
Fix: Optional but recommended — create a changeset:
pnpm bump patch --pkg agents-manage-ui "Fix XSS bypass vulnerability in dompurify transitive dependency (CVE-2026-0540)"Refs: Changeset bot comment above — already flagged missing changeset
💭 Consider (1) 💭
Inline Comments:
- 💭 Consider:
package.json:130Open-ended version range (>=3.3.2) — consistent with existing patterns
🚫 REQUEST CHANGES
Summary: The root monorepo fix is correct — dompurify 3.2.7/3.3.1 are consolidated to 3.3.2 and the override is working. However, the self-hosted template is missing the override and will deploy vulnerable [email protected] to customers who scaffold from it. Please apply the same fix to create-agents-template/package.json to complete the security remediation.
Discarded (1)
| Location | Issue | Reason Discarded |
|---|---|---|
pnpm-lock.yaml |
Lockfile correctly consolidates dompurify versions | Positive observation — no action needed |
Reviewers (1)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
4 | 2 | 0 | 0 | 1 | 0 | 1 |
| Total | 4 | 2 | 0 | 0 | 1 | 0 | 1 |
| "@hono/node-server": ">=1.19.10", | ||
| "@workflow/core": ">=4.2.0-beta.64" | ||
| "@workflow/core": ">=4.2.0-beta.64", | ||
| "dompurify": ">=3.3.2" |
There was a problem hiding this comment.
💭 Consider: Open-ended version range consistency
Issue: Using >=3.3.2 is an open-ended range that will accept any future version.
Why: This is consistent with the existing pattern in this repo — both @hono/node-server and @workflow/core use >= ranges. The trade-off is automatic uptake of future patches vs. version predictability.
Fix: No action needed — the current approach matches established conventions. Just noting the deliberate trade-off for future maintainers.
Fixes XSS bypass vulnerability (CVE-2026-0540) in transitive dompurify dependency by adding pnpm override. Closes dependabot alerts #210, #211. Co-Authored-By: Claude Opus 4.6 <[email protected]>
Fixes stack overflow with preserveOrder (CVE-2026-27942) in transitive fast-xml-parser dependency. Closes dependabot alert #205. Co-Authored-By: Claude Opus 4.6 <[email protected]>
Fixes RCE vulnerability via RegExp.flags and Date.prototype.toISOString() in transitive serialize-javascript dependency (build-time only). Closes dependabot alert #203. Co-Authored-By: Claude Opus 4.6 <[email protected]>
Fixes DoS via entity expansion in DOCTYPE (CVE-2026-29074) in transitive svgo dependency (build-time only). Closes dependabot alert #212. Co-Authored-By: Claude Opus 4.6 <[email protected]>
* fix(security): add minimatch override >=5.1.8 Fixes multiple ReDoS vulnerabilities (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904) in transitive [email protected] dependency. Closes dependabot alerts #188, #199, #200. Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(security): add lodash/lodash-es override >=4.17.23 — prototype pollution fix (#2643) * fix(security): add lodash/lodash-es override >=4.17.23 Fixes prototype pollution in _.unset and _.omit (CVE-2025-13465) in transitive lodash dependencies. Closes dependabot alerts #120, #123. Co-Authored-By: Claude Opus 4.6 <[email protected]> * fix(security): add express-rate-limit override >=8.2.2 (#2644) Fixes IPv4-mapped IPv6 rate limit bypass (CVE-2026-30827) in transitive express-rate-limit dependency. Closes dependabot alert #213. Co-authored-by: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
7b58e80 to
f142e2a
Compare
There was a problem hiding this comment.
PR Review Summary
(1) Total Issues | Risk: Medium
🕐 Pending Recommendations (1)
- 🟠
create-agents-template/package.json:52-56Missing security overrides in self-hosted template — vulnerable[email protected]still resolves viamonaco-editor
🚫 REQUEST CHANGES
Summary: The root monorepo fix is correct — all 8 security overrides are properly applied and the lockfile shows safe versions. However, the prior review finding remains unresolved: create-agents-template/package.json has its own pnpm.overrides section that was not updated, leaving self-hosted customers vulnerable to CVE-2026-0540 (and potentially other CVEs addressed in this PR).
To resolve: Add all new overrides to create-agents-template/package.json:
"pnpm": {
"overrides": {
"@modelcontextprotocol/sdk": ">=1.26.0",
"@hono/node-server": ">=1.19.10",
"dompurify": ">=3.3.2",
"fast-xml-parser": ">=5.3.8",
"serialize-javascript": ">=7.0.3",
"svgo": ">=3.3.3",
"minimatch": ">=5.1.8",
"lodash": ">=4.17.23",
"lodash-es": ">=4.17.23",
"express-rate-limit": ">=8.2.2"
}
}Then run pnpm install in create-agents-template/ to regenerate the lockfile.
Discarded (1)
| Location | Issue | Reason Discarded |
|---|---|---|
pnpm-lock.yaml |
Root lockfile correctly resolves all overridden packages to safe versions | Positive observation — confirms the fix is working in the monorepo |
Reviewers (1)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
2 | 0 | 0 | 0 | 0 | 1 | 1 |
| Total | 2 | 0 | 0 | 0 | 0 | 1 | 1 |
Ensures self-hosted deployments using the template also get patched transitive dependency versions. Co-Authored-By: Claude Opus 4.6 <[email protected]>
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
✅ Prior Feedback Addressed
The delta commit (78d5cb820) correctly addresses the previously identified issue:
| Prior Issue | Resolution |
|---|---|
🟠 create-agents-template missing security overrides |
✅ All 8 overrides now present in template's package.json |
🟠 Template lockfile had vulnerable [email protected] |
✅ Lockfile regenerated with [email protected] |
🟠 Template lockfile had vulnerable [email protected] |
✅ Lockfile updated to [email protected] |
Verification
Template overrides now match root monorepo:
"pnpm": {
"overrides": {
"@modelcontextprotocol/sdk": ">=1.26.0",
"@hono/node-server": ">=1.19.10",
"dompurify": ">=3.3.2",
"fast-xml-parser": ">=5.3.8",
"serialize-javascript": ">=7.0.3",
"svgo": ">=3.3.3",
"minimatch": ">=5.1.8",
"lodash": ">=4.17.23",
"lodash-es": ">=4.17.23",
"express-rate-limit": ">=8.2.2"
}
}Lockfile validation:
- ✅
[email protected]entry removed - ✅
[email protected]now used bymonaco-editor - ✅
[email protected]no longer used (marked optional, replaced by10.2.4)
✅ APPROVE
Summary: The delta fully addresses the prior review feedback. Both the root monorepo and the self-hosted template now have consistent security overrides, ensuring customers deploying via @inkeep/create-agents will receive patched dependency versions. All vulnerable transitive dependencies are properly pinned to safe versions. Ship it! 🚀
Reviewers (1)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Note: Clean review — delta correctly implements the requested fix with no issues found.
Makes pnpm.overrides identical in both package.json files so the monorepo and self-hosted template have the same security floor. Co-Authored-By: Claude Opus 4.6 <[email protected]>
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
✅ Delta Review — Clean Sync Commit
This is a delta review scoped to commit 489fc1875 fix(security): sync overrides between root and create-agents-template. The prior review already APPROVED the core security fix.
Delta changes verified:
| File | Change | Status |
|---|---|---|
package.json (root) |
Added @modelcontextprotocol/sdk: ">=1.26.0" override |
✅ Synced from template |
create-agents-template/package.json |
Added @workflow/core: ">=4.2.0-beta.64" override, sorted alphabetically |
✅ Synced from root |
create-agents-template/pnpm-lock.yaml |
Regenerated with @workflow/core override applied |
✅ @workflow/[email protected] removed, now resolves to 4.2.0-beta.67 |
Verification:
- ✅ Root and template now have identical 11 security overrides
- ✅ Template lockfile correctly applies all overrides
- ✅ No vulnerable transitive dependencies remain
- ✅ Lockfile pruned ~40 lines of dead packages
✅ APPROVE
Summary: The delta correctly synchronizes pnpm overrides between the root monorepo and create-agents-template. Both now have identical security overrides, ensuring consistent vulnerability remediation for both monorepo development and self-hosted deployments via @inkeep/create-agents. Clean sync — ship it! 🚀
Reviewers (1)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
1 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
Note: The single finding was an INFO-level verification confirmation (override sync validated), not an actionable issue.
Summary
pnpm.overridesfordompurifyto>=3.3.2Security
Test plan
pnpm typecheckpassespnpm testpasses🤖 Generated with Claude Code