[SECURITY] Vulnerable Dependency: wrangler@4.7.0 (CVE-2026-0933)

## Vulnerability Found

unpkg depends on wrangler@4.7.0, which contains **CVE-2026-0933** - an OS Command Injection vulnerability.

## Affected Files
- packages/unpkg-app/package.json: `"wrangler": "^4.3.0"`
- packages/unpkg-www/package.json: `"wrangler": "^4.3.0"`
- pnpm-lock.yaml:946

## Fix
Update to wrangler@4.59.1+:
```bash
pnpm update wrangler@4.59.1
```

## Details
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2026-0933
- Type: OS Command Injection
- Current: 4.7.0 (vulnerable)
- Fixed: 4.59.1+

Sunbelt Computer Software

PL/B Language Development and Support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[SECURITY] Vulnerable Dependency: wrangler@4.7.0 (CVE-2026-0933) #468

Vulnerability Found

Affected Files

Fix

Details

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Sunbelt Computer Software

PL/B Language Development and Support

Uh oh!

[SECURITY] Vulnerable Dependency: wrangler@4.7.0 (CVE-2026-0933) #468

Description

Vulnerability Found

Affected Files

Fix

Details

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions