From 15b3e6d0ef9f2728f1e079f3b2eed900710eea20 Mon Sep 17 00:00:00 2001
From: Ilona Shakurova <ilona.shakurova@wolt.com>
Date: Fri, 22 Aug 2025 13:24:26 +0300
Subject: [PATCH] fix: update sha.js to ^2.4.12 to address CVE-2025-9288

- Bumps sha.js from ^2.4.11 to ^2.4.12
- Fixes security vulnerability where missing input type checks
  could lead to hash state rewind and value miscalculation
- CVE-2025-9288: https://github.com/advisories/GHSA-95m3-7q98-8xr5
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index a5ae04c..f54b811 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
 		"readable-stream": "^2.3.8",
 		"ripemd160": "^2.0.2",
 		"safe-buffer": "^5.2.1",
-		"sha.js": "^2.4.11"
+		"sha.js": "^2.4.12"
 	},
 	"optionalDependencies": {
 		"@noble/hashes": "^1.3.3"