#12387: security: fix SSRF vulnerability in matrix-bot-sdk
stale
This PR addresses a Server-Side Request Forgery (SSRF) vulnerability by patching matrix-bot-sdk to use undici instead of the deprecated request package.
Changes:
- Added pnpm patch to replace request with undici
- Updated request.ts to use undici request function
- Updated pnpm-lock.yaml with patched dependency
Most Similar PRs
#20278: Fix/matrix missing bot sdk dependency
by saurav470 · 2026-02-18
59.2%
#12077: Matrix: stabilize E2EE verification and modularize SDK
by gumadeiras · 2026-02-08
58.7%
#10313: fix(matrix): fallback to authenticated media download (Matrix v1.11+)
by iter-next · 2026-02-06
56.9%
#8852: fix(matrix): Await mxcToHttp to properly detect authenticated media...
by emadomedher · 2026-02-04
56.6%
#8571: fix: support system proxy in web_fetch SSRF dispatcher
by Asura-2010 · 2026-02-04
55.3%
#2902: fix(matrix): check if requestOwnUserVerification exists before calling
by dokterdok · 2026-01-27
54.3%
#7845: Fix Matrix mention detection with URL-encoded user IDs
by emadomedher · 2026-02-03
53.9%
#7842: Fix Matrix mention detection for Element client (formatted_body links)
by emadomedher · 2026-02-03
53.6%
#11812: fix: MSTeams attachment fetch follows redirects before allowlist ch...
by coygeek · 2026-02-08
53.3%
#19294: fix: normalize room ID case in Matrix config lookup
by MisterGuy420 · 2026-02-17
53.2%