[Aikido] Fix 39 security issues in handlebars, undici, lodash and 10 more

[aikido-autofix]

Upgrade dependencies to fix critical RCE vulnerabilities in Handlebars (AST injection, precompiler injection, partial-block hijacking) and HTTP request smuggling in Undici.

✅ 39 CVEs resolved by this upgrade, including 2 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-33937	🚨 CRITICAL	[handlebars] A vulnerability in Handlebars.compile() allows attackers to inject arbitrary JavaScript through crafted AST objects, enabling Remote Code Execution when the NumberLiteral value field is emitted without sanitization.
CVE-2026-33941	HIGH	[handlebars] The Handlebars CLI precompiler fails to sanitize user-controlled template filenames and CLI options, allowing injection of arbitrary JavaScript into generated bundles that executes during loading. This enables remote code execution for attackers who can control precompiler inputs.
CVE-2026-33938	HIGH	[handlebars] A vulnerability allows attackers to execute arbitrary JavaScript by overwriting the @partial-block variable with a malicious Handlebars AST through helpers, enabling remote code execution when the partial block is subsequently invoked.
CVE-2026-33940	HIGH	[handlebars] A crafted object in the template context can bypass conditional guards and trigger compilation of a malicious Handlebars AST, leading to remote code execution on the server when dynamic partial lookups are used.
CVE-2026-33939	HIGH	[handlebars] Unregistered decorator syntax in templates causes unhandled TypeError that crashes the Node.js process, enabling Denial of Service attacks when compiling user-supplied templates without error handling.
GHSA-7rx3-28cr-v5wh	MEDIUM	[handlebars] A prototype method blocklist omits __lookupSetter__ while blocking its symmetric counterparts, allowing prototype pollution when the non-default allowProtoMethodsByDefault: true option is set. This creates an inconsistent security boundary enabling potential code execution or object manipulation through template injection.
CVE-2026-33916	MEDIUM	[handlebars] Prototype pollution vulnerability in resolvePartial() allows attackers to inject malicious strings into Object.prototype that are rendered as unescaped partial templates, enabling reflected or stored XSS attacks.
GHSA-442j-39wm-28r2	LOW	[handlebars] A Time-of-Check Time-of-Use (TOCTOU) vulnerability in the lookup() function allows prototype pollution and property access bypass when the compat option is enabled, potentially leading to information disclosure or code execution. The security check via lookupProperty() is discarded, and an unguarded property access is performed instead.
CVE-2026-1525	🚨 CRITICAL	[undici] Duplicate HTTP Content-Length headers with case-variant names are allowed, creating malformed requests that can cause denial of service or enable HTTP request smuggling attacks in inconsistent header interpretation scenarios.
CVE-2026-1526	HIGH	[undici] A malicious WebSocket server can send compressed frames that expand to extremely large sizes in memory without limits, causing denial-of-service through memory exhaustion and process crash. The vulnerability stems from unbounded decompression in the permessage-deflate extension without size validation.
CVE-2026-2229	HIGH	[undici] A malicious WebSocket server can crash the client process by sending an invalid server_max_window_bits parameter in the permessage-deflate extension, causing an uncaught RangeError when creating a zlib decompressor with an out-of-range value.
CVE-2026-22036	HIGH	[undici] An unbounded decompression chain vulnerability allows a malicious server to insert thousands of compression steps, causing excessive CPU usage and memory allocation. This results in denial of service through resource exhaustion.
AIKIDO-2024-10065	MEDIUM	[undici] Affected versions of the undici library are vulnerable to memory leaks. By making multiple fetch requests with the same AbortSignal, undici adds event listeners without removing them, leading to excessive memory consumption.
CVE-2026-1527	MEDIUM	[undici] HTTP request smuggling vulnerability allowing CRLF injection through the upgrade option, enabling arbitrary header injection and premature request termination to smuggle data to non-HTTP services.
AIKIDO-2026-10369	LOW	[undici] Prototype pollution vulnerability allows attackers to modify object prototypes through specially crafted input with keys like __proto__ or constructor, potentially influencing application behavior or enabling further attacks.
AIKIDO-2026-10385	LOW	[undici] A prototype pollution vulnerability allows attackers to inject special keys like __proto__, constructor, or prototype into internal objects, potentially modifying the prototype chain and influencing application behavior or enabling further attacks.
CVE-2026-4800	HIGH	[lodash] A vulnerability in _.template allows arbitrary code execution through untrusted key names in options.imports or prototype pollution, as validation was incomplete after a prior CVE fix. An attacker can inject malicious code that executes during template compilation.
CVE-2026-2950	MEDIUM	[lodash] Prototype pollution vulnerability in _.unset and _.omit functions allows attackers to bypass previous fixes using array-wrapped path segments, enabling deletion of properties from built-in prototypes. While this doesn't allow overwriting prototype behavior, it can cause denial of service or unexpected application behavior.
CVE-2025-13465	MEDIUM	[lodash] A prototype pollution vulnerability in _.unset and _.omit functions allows attackers to delete methods from global prototypes via crafted paths. While this prevents property overwriting, it can cause denial of service by removing critical functionality.
CVE-2026-24842	HIGH	[tar] A path traversal vulnerability exists where hardlink security checks use different path resolution semantics than the actual creation logic, allowing attackers to bypass protections and create hardlinks to arbitrary files outside the extraction directory.
CVE-2026-26960	HIGH	[tar] An attacker-controlled tar archive can create hardlinks pointing outside the extraction directory, enabling arbitrary file read/write access as the extracting user. This bypasses path protections and allows direct filesystem access during archive extraction.
CVE-2026-29786	MEDIUM	[tar] A vulnerability allows attackers to create hardlinks pointing outside the extraction directory using drive-relative paths, enabling arbitrary file overwrite during extraction. This could lead to remote code execution or data tampering depending on the target files.
CVE-2026-23745	MEDIUM	[tar] A vulnerability in tar extraction fails to sanitize link paths in hardlink and symbolic link entries, allowing malicious archives to bypass path restrictions and overwrite arbitrary files or create symlink poisoning attacks.
CVE-2026-23950	MEDIUM	[tar] A race condition in the path-reservations system fails to lock Unicode-equivalent paths (e.g., ß and ss) on case-insensitive filesystems, allowing symlink poisoning attacks that enable arbitrary file overwrites through concurrent processing of malicious tar archives.
CVE-2026-31802	MEDIUM	[tar] A vulnerability allows attackers to create symlinks pointing outside the extraction directory using drive-relative paths, enabling arbitrary file overwrite during extraction. This could lead to remote code execution or data tampering depending on the target files.
AIKIDO-2024-10562	HIGH	[adm-zip] Directory traversal vulnerability during file extraction allows attackers to write files outside the intended directory using ../ sequences in archive filenames, enabling arbitrary file overwrite and potential code execution.
CVE-2025-58754	HIGH	[axios] A vulnerability allows attackers to supply large data: scheme URLs that bypass memory limits, causing unbounded memory allocation and process crashes (DoS) on Node.js. The issue affects versions 0.28.0 through 0.30.1 and 1.x before 1.12.0.
CVE-2026-25639	HIGH	[axios] The mergeConfig function crashes with a TypeError when processing configuration objects containing proto as an own property, allowing attackers to trigger denial of service. An attacker can exploit this by providing a malicious configuration object created via JSON.parse().
CVE-2026-33891	HIGH	[node-forge] An infinite loop in the BigInteger.modInverse() function causes a Denial of Service when called with zero input, hanging the process and consuming 100% CPU due to an unreachable exit condition in the Extended Euclidean Algorithm.
CVE-2026-33894	HIGH	[node-forge] RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3) due to improper ASN structure validation and insufficient padding checks. This allows attackers to forge signatures via Bleichenbacher-style attacks, enabling authentication bypass.
CVE-2026-33895	HIGH	[node-forge] Ed25519 signature verification accepts forged non-canonical signatures with unreduced scalars, allowing signature malleability attacks that bypass authentication, authorization, and deduplication logic. This enables attackers to forge valid signatures that differ from canonical ones.
CVE-2026-33896	HIGH	[node-forge] A vulnerability in certificate chain verification fails to enforce basicConstraints requirements when intermediate certificates lack specific extensions, allowing leaf certificates to act as CAs and sign other certificates that are incorrectly validated as legitimate.
CVE-2026-4926	HIGH	[path-to-regexp] A bad regular expression is generated for multiple sequential optional groups, causing exponential regex growth that leads to denial of service. Attackers can exploit this by crafting malicious route patterns with many optional groups to consume excessive resources.
CVE-2026-4923	LOW	[path-to-regexp] Multiple wildcards combined with parameters can generate a regular expression vulnerable to ReDoS (Regular Expression Denial of Service), causing excessive backtracking and potential denial of service when the second wildcard is not at the path end.
AIKIDO-2025-10564	MEDIUM	[@fastify/busboy] Improper parsing of quoted filename parameters allows attackers to bypass file extension validation by appending forbidden extensions outside closing quotes, potentially enabling malicious script execution or XSS attacks.
CVE-2026-2739	MEDIUM	[bn.js] This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
CVE-2025-54798	MEDIUM	[tmp] is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
AIKIDO-2026-10046	MEDIUM	[pino] Prototype pollution vulnerability in transport loading mechanism via unsafe globalThis.__bundlerPathsOverrides access allows attackers to manipulate the prototype chain and alter application behavior.
CVE-2025-69873	LOW	[ajv] A ReDoS vulnerability allows attackers to inject malicious regex patterns via the $data option, causing catastrophic backtracking and CPU exhaustion. A 31-character payload can block execution for ~44 seconds, enabling complete denial of service with minimal effort.

[netlify]

✅ Deploy Preview for vortexfi ready!

Name	Link
🔨 Latest commit	8254aa8
🔍 Latest deploy log	https://app.netlify.com/projects/vortexfi/deploys/69ce483b98f6cf000832c080
😎 Deploy Preview	https://deploy-preview-1110--vortexfi.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for vortex-sandbox ready!

Name	Link
🔨 Latest commit	8254aa8
🔍 Latest deploy log	https://app.netlify.com/projects/vortex-sandbox/deploys/69ce483b8973e2000832411d
😎 Deploy Preview	https://deploy-preview-1110--vortex-sandbox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

This PR updates the repo’s Bun dependency overrides/lockfile to remediate a large set of reported CVEs, primarily targeting Handlebars RCE issues and Undici HTTP request smuggling, by forcing newer versions of a number of transitive packages.

Changes:

• Added/updated package.json overrides entries to pin multiple vulnerable dependencies to newer versions.
• Regenerated bun.lock to reflect the new override resolutions (including new/updated transitive packages).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File	Description
package.json	Updates Bun overrides to pin vulnerable dependencies (handlebars, undici, lodash, tar, axios, etc.) to specific versions.
bun.lock	Lockfile refresh to apply the new overrides and update resolved package versions/transitives accordingly.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The override pins bn.js to 4.12.3, which is a downgrade from the previously locked 5.2.3 and still below the >=5.2.3 threshold referenced by the bn.js security advisory (CVE-2026-2739 affects versions before 5.2.3). This means the PR likely does not resolve that issue and may reintroduce the vulnerable version. Consider pinning bn.js to 5.2.3 (or later) and regenerating bun.lock, or otherwise document why a downgrade is required and how the CVE is mitigated.

Suggested change

	"bn.js": "4.12.3",
	"bn.js": "5.2.3",

[Copilot]

This override forces undici to 7.24.1, but the lockfile shows hardhat / @nomicfoundation/hardhat-verify depend on undici: ^5.14.0. Forcing a major-version jump via overrides can break those tools at runtime if they rely on Undici v5 APIs. If possible, prefer upgrading the dependent packages to versions compatible with Undici v7, or pin Undici to the latest patched release within the major line they support.

Suggested change

	"undici": "7.24.1",
	"undici": "5.28.5",

[Copilot]

The override pins pino to 10.1.1, but the lockfile indicates @walletconnect/logger@2.1.2 depends on pino 7.11.0. Overriding across major versions risks breaking WalletConnect logging (and anything else expecting the v7 API). Consider upgrading the WalletConnect packages to a version that supports Pino v10, or keep the override within the major version range required by dependents while still addressing the advisory.

Suggested change

	"pino": "10.1.1",
	"pino": "7.11.0",

[Copilot]

Overriding ajv to 8.18.0 is likely incompatible with tooling dependencies in the lockfile such as @eslint/eslintrc@2.1.4 / eslint@8.57.1, which declare ajv: ^6.12.4. Ajv has breaking API changes between v6 and v8, so forcing v8 globally may break lint/config loading in CI. Consider either (1) updating the eslint toolchain to versions that use Ajv v8, or (2) pinning Ajv to a patched v6 release if the goal is to remediate the ReDoS advisory while staying compatible.

Suggested change

	"ajv": "8.18.0"
	"ajv": "6.12.6"