fix(HERO-11977): CVE mitigation (#64)

KeesTucker · web-flow · commit 7925f5b1b0b2 · 2025-10-13T12:26:04.000+13:00
diff --git a/package.json b/package.json
@@ -99,6 +99,7 @@
     "got": "11.8.5",
     "micromatch": "4.0.8",
     "path-to-regexp": "0.1.12",
-    "brace-expansion": "2.0.2"
+    "brace-expansion": "2.0.2",
+    "on-headers": "1.1.0"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -7386,10 +7386,10 @@ on-finished@~2.3.0:
   dependencies:
     ee-first "1.1.1"
 
-on-headers@~1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
-  integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
+on-headers@1.1.0, on-headers@~1.0.2:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.1.0.tgz#59da4f91c45f5f989c6e4bcedc5a3b0aed70ff65"
+  integrity sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==
 
 once@^1.3.0, once@^1.3.1, once@^1.4.0:
   version "1.4.0"
