Three moderate findings on main were blocking every non-bot PR's Security Tests stage. None of the affected packages are direct dependencies — they all flow through agentation-mcp → @modelcontextprotocol/sdk. Force-bumping via overrides was the cleanest fix.
| Package | CVE / advisory | Was | Now |
|---|---|---|---|
| hono | GHSA-9vqf-7f2p-gf9v · bodyLimit() bypass on chunked / unknown-length requests GHSA-69xw-7hcm-h432 · hono/jsx unvalidated tag names → HTML injection |
4.11.4 | ^4.12.18 |
| ip-address | GHSA-v2v4-37r5-5v8g · XSS in Address6 HTML-emitting methods | 10.1.0 | ^10.2.0 |
| express-rate-limit | Indirectly vulnerable: depends on vulnerable ip-address | 8.0.1–8.5.0 | ^8.5.1 |
{
"devDependencies": {
"agentation-mcp": "^1.2.0"
},
"overrides": {
"hono": "^4.12.18",
"ip-address": "^10.2.0",
"express-rate-limit": "^8.5.1"
}
}
$ npm audit --audit-level=moderate 3 moderate severity vulnerabilities [FAIL] test-npm-audit.sh (1s) ##[error]Process completed with exit code 1.
$ npm audit --audit-level=moderate found 0 vulnerabilities PASS: npm audit gate Total: 13 | Passed: 13 | Failed: 0 All security tests passed
overrides instead of bumping agentation-mcp?agentation-mcp@1.2.0 is the latest published version, and the vulnerable deps come in via its @modelcontextprotocol/sdk dependency. Waiting for the upstream chain to publish a fix would leave us exposed indefinitely. overrides is the documented npm way to force a transitive dep to a safer version while keeping the rest of the tree resolution intact. The lockfile delta is 24 lines — no userspace contract changes.
Once this lands, dispatch claude-release-watch.yml to refresh the cc-watch snapshot PR with real features extracted via the now-working cc-triage step.