Skip to content

Commit 828ff0a

Browse files
author
Claude Bot
committed
Security: update vulnerable dependencies and align overrides with 26_1
- Align pnpm.overrides with 26_1 branch for cherry-pick compatibility - Add overrides for: minimatch, picomatch, path-to-regexp, serialize-javascript, flatted, undici, socket.io-parser, lodash, lodash.template, bn.js, brace-expansion, cookie, diff, dompurify, eslint/plugin-kit, micromatch, nanoid, on-headers, ajv, yaml, tmp, tootallnate/once, tough-cookie, webpack, js-yaml, http-proxy-middleware, jspdf, immutable, and others - Update node-forge override from 1.3.2 to 1.4.0 - Update tar override to cover <=7.5.9 - Update rollup override to cover >=4.0.0 <4.59.0 - Update qs override to >=6.14.2 - Bump Angular catalog from ~19.2.18 to ~19.2.20 (security patch) - Bump Angular in demos from ~21.0.7 to ~21.2.4 (security patch) - Bump storybook from 10.1.x to 10.2.10 (security fix) - Reduces pnpm audit from 151 to 8 vulnerabilities - Remaining 8 are unfixable (no patched version) or risky overrides
1 parent 7d8f63d commit 828ff0a

File tree

5 files changed

+1762
-2968
lines changed

5 files changed

+1762
-2968
lines changed

apps/demos/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,9 @@
1919
"@angular/animations": "~21.0.0",
2020
"@angular/cli": "~21.0.5",
2121
"@angular/common": "~21.0.0",
22-
"@angular/compiler": "~21.0.7",
23-
"@angular/compiler-cli": "~21.0.7",
24-
"@angular/core": "~21.0.7",
22+
"@angular/compiler": "~21.2.4",
23+
"@angular/compiler-cli": "~21.2.4",
24+
"@angular/core": "~21.2.4",
2525
"@angular/forms": "~21.0.0",
2626
"@angular/platform-browser": "~21.0.0",
2727
"@angular/platform-browser-dynamic": "~21.0.0",

apps/react-storybook/package.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,17 +19,17 @@
1919
"openai": "4.73.1"
2020
},
2121
"devDependencies": {
22-
"@storybook/addon-docs": "10.1.9",
23-
"@storybook/addon-links": "10.1.9",
22+
"@storybook/addon-docs": "10.2.10",
23+
"@storybook/addon-links": "10.2.10",
2424
"@storybook/addon-webpack5-compiler-swc": "^4.0.2",
25-
"@storybook/react-webpack5": "10.1.9",
25+
"@storybook/react-webpack5": "10.2.10",
2626
"@types/react": "18.0.0",
2727
"@types/react-dom": "18.0.0",
2828
"http-server": "14.1.1",
2929
"prop-types": "15.8.1",
3030
"react": "18.0.0",
3131
"react-dom": "18.0.0",
32-
"storybook": "10.1.10",
32+
"storybook": "10.2.10",
3333
"typescript": "^5.9.3"
3434
}
3535
}

package.json

Lines changed: 51 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -64,22 +64,69 @@
6464
],
6565
"pnpm": {
6666
"overrides": {
67-
"@devexpress/callsite-record@^4.1.6": "4.1.6",
67+
"@devexpress/callsite-record@^4.1.6": "4.1.7",
68+
"basic-ftp@<5.2.0": "~5.2.0",
69+
"@isaacs/brace-expansion@<=5.0.0": "^5.0.1",
6870
"@modelcontextprotocol/sdk@>=1.10.0 <=1.25.3": "^1.26.0",
6971
"form-data@<2.5.4": "2.5.5",
7072
"form-data@>=4.0.0 <4.0.4": "^4.0.5",
7173
"pbkdf2@<=3.1.2": "^3.1.3",
7274
"sha.js@<=2.4.11": "^2.4.12",
7375
"rollup@<2.79.2": "^4.53.3",
76+
"rollup@>=4.0.0 <4.59.0": "^4.59.0",
7477
"json5@<1.0.2": "^2.2.3",
7578
"axios@<=1.13.4": "^1.13.5",
7679
"braces@<3.0.3": "^3.0.3",
7780
"semver@<5.7.2": "^5.7.2",
78-
"qs": ">=6.14.1",
81+
"qs": ">=6.14.2",
7982
"glob@>=10.2.0 <10.5.0": "^10.5.0",
80-
"node-forge@<1.3.2": "^1.3.2",
83+
"node-forge@<1.4.0": "1.4.0",
8184
"vite@>=6.0.0 <6.4.1": "^6.4.1",
82-
"tar@<7.5.8": "^7.5.8"
85+
"tar@<=7.5.9": "^7.5.10",
86+
"underscore@<=1.13.7": "^1.13.8",
87+
"hono@<4.12.4": "^4.12.4",
88+
"@hono/node-server@<1.19.10": "^1.19.10",
89+
"express-rate-limit@>=8.2.0 <8.2.2": "^8.2.2",
90+
"immutable@>=5.0.0 <5.1.5": "^5.1.5",
91+
"minimatch@<3.1.5": "3.1.5",
92+
"minimatch@>=9.0.0 <9.0.7": "9.0.9",
93+
"minimatch@>=10.0.0 <10.2.4": "10.2.4",
94+
"picomatch@>=2.0.0 <2.3.2": "2.3.2",
95+
"picomatch@>=4.0.0 <4.0.4": "4.0.4",
96+
"path-to-regexp@0.1.12": "0.1.13",
97+
"path-to-regexp@>=8.0.0 <8.4.0": "8.4.0",
98+
"serialize-javascript@<=7.0.2": "7.0.5",
99+
"flatted@<3.4.0": "^3.4.0",
100+
"undici@<7.24.0": "^7.24.0",
101+
"socket.io-parser@>=4.0.0 <4.2.6": "^4.2.6",
102+
"lodash@<4.18.1": "4.18.1",
103+
"lodash.template@<4.18.1": "4.18.1",
104+
"bn.js@<4.12.3": "4.12.3",
105+
"bn.js@>=5.0.0 <5.2.3": "5.2.3",
106+
"brace-expansion@<1.1.13": "1.1.13",
107+
"brace-expansion@>=2.0.0 <2.0.3": "2.0.3",
108+
"cookie@<0.7.0": "^0.7.0",
109+
"diff@>=4.0.0 <4.0.4": "4.0.4",
110+
"diff@>=5.0.0 <5.2.2": "5.2.2",
111+
"dompurify@<=3.3.1": "^3.3.2",
112+
"@eslint/plugin-kit@<0.3.4": "^0.3.4",
113+
"http-proxy-middleware@>=1.3.0 <2.0.9": "^2.0.9",
114+
"immutable@>=4.0.0-rc.1 <4.3.8": "^4.3.8",
115+
"jspdf@<=4.2.0": "^4.2.1",
116+
"js-yaml@>=4.0.0 <4.1.1": "^4.1.1",
117+
"micromatch@<4.0.8": "^4.0.8",
118+
"minimatch@>=4.0.0 <4.2.5": "4.2.5",
119+
"minimatch@>=5.0.0 <5.1.8": "5.1.8",
120+
"nanoid@<3.3.8": "^3.3.8",
121+
"on-headers@<1.1.0": "^1.1.0",
122+
"ajv@<6.14.0": "6.14.0",
123+
"ajv@>=7.0.0-alpha.0 <8.18.0": "^8.18.0",
124+
"yaml@>=1.0.0 <1.10.3": "1.10.3",
125+
"yaml@>=2.0.0 <2.8.3": "2.8.3",
126+
"tmp@<=0.2.3": "^0.2.4",
127+
"@tootallnate/once@<3.0.1": "^3.0.1",
128+
"tough-cookie@<4.1.3": "^4.1.3",
129+
"webpack@>=5.49.0 <=5.104.0": "^5.104.1"
83130
}
84131
},
85132
"packageManager": "pnpm@9.15.4"

0 commit comments

Comments
 (0)