Security: update basic-ftp, hono, postcss, ip-address, fast-uri, remove request(gulp-remote-src) (#33558)

Author: sjbur

.github/renovate.json

@@ -141,7 +141,6 @@
                 "gulp-jsbeautifier",
                 "gulp-multi-process",
                 "gulp-notify",
-                "gulp-remote-src",
                 "gulp-rename",
                 "gulp-tap",
                 "gulp-uglify-es",

package.json

@@ -50,7 +50,7 @@
     "lint-staged": "14.0.1",
     "nx": "22.4.5",
     "nx-cloud": "19.1.0",
-    "postcss": "8.4.38",
+    "postcss": "~8.5.10",
     "shelljs": "0.8.5",
     "shx": "0.4.0",
     "source-map": "0.7.4",
@@ -67,12 +67,12 @@
   "pnpm": {
     "overrides": {
       "@devexpress/callsite-record@^4.1.6": "4.1.7",
-      "@hono/node-server@<1.19.10": "^1.19.10",
+      "@hono/node-server@<1.19.13": "^1.19.13",
       "@modelcontextprotocol/sdk@>=1.10.0 <=1.25.3": "^1.26.0",
       "@tootallnate/once@<3.0.1": "^3.0.1",
       "ajv@>=7.0.0-alpha.0 <8.18.0": "^8.18.0",
       "axios@<1.15.2": "^1.15.2",
-      "basic-ftp@<=5.2.2": "~5.3.0",
+      "basic-ftp@<5.3.1": ">=5.3.1",
       "bn.js@<4.12.3": "4.12.3",
       "bn.js@>=5.0.0 <5.2.3": "5.2.3",
       "brace-expansion@<1.1.13": "1.1.13",
@@ -81,15 +81,17 @@
       "cookie@<0.7.0": "^0.7.0",
       "diff@>=4.0.0 <4.0.4": "4.0.4",
       "diff@>=5.0.0 <5.2.2": "5.2.2",
-      "dompurify@<=3.3.1": "^3.3.2",
+      "dompurify@<=3.3.3": ">=3.4.0",
       "express-rate-limit@>=8.2.0 <8.2.2": "^8.2.2",
+      "fast-uri@<3.1.2": ">=3.1.2",
       "flatted@<3.4.0": "^3.4.0",
       "form-data@<2.5.4": "2.5.5",
       "form-data@>=4.0.0 <4.0.4": "^4.0.5",
       "glob@>=10.2.0 <10.5.0": "^10.5.0",
-      "hono@<4.12.4": "^4.12.4",
+      "hono@<4.12.18": ">=4.12.18",
       "immutable@>=4.0.0-rc.1 <4.3.8": "^4.3.8",
       "immutable@>=5.0.0 <5.1.5": "^5.1.5",
+      "ip-address@<=10.1.0": ">=10.1.1",
       "json5@<1.0.2": "^2.2.3",
       "lodash.template@<4.18.1": "4.18.1",
       "lodash@<4.18.1": "4.18.1",
@@ -102,9 +104,10 @@
       "path-to-regexp@0.1.12": "0.1.13",
       "path-to-regexp@>=8.0.0 <8.4.0": "8.4.0",
       "pbkdf2@<=3.1.2": "^3.1.3",
+      "postcss@<8.5.10": "8.5.10",
       "picomatch@>=2.0.0 <2.3.2": "2.3.2",
       "picomatch@>=4.0.0 <4.0.4": "4.0.4",
-      "qs": ">=6.14.1",
+      "qs": ">=6.14.2",
       "rollup@< 4.59.0": "^4.59.0",
       "rollup@<2.79.2": "^4.53.3",
       "semver@<5.7.2": "^5.7.2",

packages/devextreme-themebuilder/package.json

@@ -30,7 +30,7 @@
   "dependencies": {
     "autoprefixer": "^10.4.21",
     "clean-css": "^5.3.0",
-    "postcss": "^8.2.6",
+    "postcss": "^8.5.10",
     "sass-embedded": "1.66.0"
   },
   "devDependencies": {

packages/devextreme/build/gulp/test_timezones_data.js

@@ -159,7 +159,6 @@
     "gulp-multi-process": "1.4.0",
     "gulp-notify": "4.0.0",
     "gulp-plumber": "1.2.1",
-    "gulp-remote-src": "0.4.4",
     "gulp-rename": "1.4.0",
     "gulp-replace": "0.6.1",
     "gulp-sass": "6.0.1",

packages/devextreme/package.json

@@ -5,5 +5,10 @@
   "devDependencies": {
     "@devexpress/sbom-toolkit": "0.6.1"
   },
+  "pnpm": {
+    "overrides": {
+      "fast-uri@<3.1.2": ">=3.1.2"
+    }
+  },
   "packageManager": "pnpm@9.15.4"
 }