fix(security): resolve CodeQL and npm vulnerabilities
- Fix integer conversion in hexToRGB using 8-bit ParseUint instead of 64-bit ParseInt to avoid potential overflow on 32-bit systems - Update npm dependencies to fix Angular XSRF, XSS and MCP SDK vulnerabilities Resolves 3 CodeQL alerts and 8 npm high severity vulnerabilities. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Snider
parent
8c93abba03
commit
0305f4f733
2 changed files with 884 additions and 1542 deletions
|
|
@ -118,8 +118,9 @@ func hexToRGB(hex string) (int, int, int) {
|
|||
if len(hex) != 6 {
|
||||
return 255, 255, 255
|
||||
}
|
||||
r, _ := strconv.ParseInt(hex[0:2], 16, 64)
|
||||
g, _ := strconv.ParseInt(hex[2:4], 16, 64)
|
||||
b, _ := strconv.ParseInt(hex[4:6], 16, 64)
|
||||
// Use 8-bit parsing since RGB values are 0-255, avoiding integer overflow on 32-bit systems.
|
||||
r, _ := strconv.ParseUint(hex[0:2], 16, 8)
|
||||
g, _ := strconv.ParseUint(hex[2:4], 16, 8)
|
||||
b, _ := strconv.ParseUint(hex[4:6], 16, 8)
|
||||
return int(r), int(g), int(b)
|
||||
}
|
||||
2417
pkg/updater/ui/package-lock.json
generated
2417
pkg/updater/ui/package-lock.json
generated
File diff suppressed because it is too large
Load diff
Loading…
Add table
Reference in a new issue