fix(security): resolve CodeQL and npm vulnerabilities
- Fix integer conversion in hexToRGB using 8-bit ParseUint instead of 64-bit ParseInt to avoid potential overflow on 32-bit systems - Update npm dependencies to fix Angular XSRF, XSS and MCP SDK vulnerabilities Resolves 3 CodeQL alerts and 8 npm high severity vulnerabilities. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Snider
parent
d52f1080a5
commit
29683c1ce7
2 changed files with 884 additions and 1542 deletions
|
|
@ -118,8 +118,9 @@ func hexToRGB(hex string) (int, int, int) {
|
||||||
if len(hex) != 6 {
|
if len(hex) != 6 {
|
||||||
return 255, 255, 255
|
return 255, 255, 255
|
||||||
}
|
}
|
||||||
r, _ := strconv.ParseInt(hex[0:2], 16, 64)
|
// Use 8-bit parsing since RGB values are 0-255, avoiding integer overflow on 32-bit systems.
|
||||||
g, _ := strconv.ParseInt(hex[2:4], 16, 64)
|
r, _ := strconv.ParseUint(hex[0:2], 16, 8)
|
||||||
b, _ := strconv.ParseInt(hex[4:6], 16, 64)
|
g, _ := strconv.ParseUint(hex[2:4], 16, 8)
|
||||||
|
b, _ := strconv.ParseUint(hex[4:6], 16, 8)
|
||||||
return int(r), int(g), int(b)
|
return int(r), int(g), int(b)
|
||||||
}
|
}
|
||||||
2419
pkg/updater/ui/package-lock.json
generated
2419
pkg/updater/ui/package-lock.json
generated
File diff suppressed because it is too large
Load diff
Loading…
Add table
Reference in a new issue