Merge branch 'chore/remove-unused-crypto-polyfills' into 'master'

NikolayS · NikolayS · commit 2bcc4faf7370 · 2026-04-04T05:56:24.000-07:00
fix(ui): remove unused crypto/stream polyfills (CVE-2025-14505) Closes #270 See merge request postgres-ai/database-lab!1124
diff --git a/ui/package.json b/ui/package.json
@@ -27,20 +27,14 @@
       "semver@<5.7.2": ">=5.7.2",
       "semver@>=6.0.0 <6.3.1": ">=6.3.1",
       "minimatch@<3.1.4": ">=3.1.4 <4.0.0",
-      "bn.js@<5.2.3": "5.2.3",
       "json5@<1.0.2": ">=1.0.2",
       "json5@>=2.0.0 <2.2.2": ">=2.2.2",
       "ip@<1.1.9": ">=1.1.9",
-      "browserify-sign@>=2.6.0 <=4.2.1": ">=4.2.2",
       "@cypress/request@<=2.88.12": ">=3.0.0",
       "follow-redirects@<=1.15.5": ">=1.15.6",
       "@babel/traverse@<7.23.2": ">=7.23.2",
-      "elliptic@>=4.0.0 <=6.5.6": ">=6.5.7",
-      "elliptic@>=2.0.0 <=6.5.6": ">=6.5.7",
-      "elliptic@>=5.2.1 <=6.5.6": ">=6.5.7",
       "dompurify@<2.5.4": ">=2.5.4",
       "nanoid@<3.3.8": "3.3.8",
-      "elliptic@<=6.6.0": ">=6.6.1",
       "cookie@<0.7.0": ">=0.7.0",
       "@babel/runtime-corejs3@<7.26.10": ">=7.26.10",
       "@babel/runtime@<7.26.10": ">=7.26.10",
@@ -49,16 +43,11 @@
       "path-to-regexp@<0.1.12": ">=0.1.12",
       "brace-expansion@>=1.0.0 <1.1.13": "1.1.13",
       "brace-expansion@>=2.0.0 <2.0.3": "2.0.3",
-      "pbkdf2@<=3.1.2": ">=3.1.3",
-      "pbkdf2@>=3.0.10 <=3.1.2": ">=3.1.3",
-      "elliptic@<6.6.0": ">=6.6.0",
       "prismjs@<1.30.0": ">=1.30.0",
       "form-data@>=3.0.0 <3.0.4": ">=3.0.4",
       "form-data@<2.5.4": ">=2.5.4",
       "on-headers@<1.1.0": ">=1.1.0",
       "tmp@<=0.2.3": ">=0.2.4",
-      "sha.js@<=2.4.11": ">=2.4.12",
-      "cipher-base@<=1.0.4": ">=1.0.5",
       "lodash@<=4.17.22": ">=4.17.23",
       "lodash-es@<=4.17.22": ">=4.17.23",
       "flatted@<3.4.2": ">=3.4.2",
diff --git a/ui/packages/ce/package.json b/ui/packages/ce/package.json
@@ -24,7 +24,6 @@
     "classnames": "^2.3.1",
     "clsx": "^2.1.1",
     "copy-to-clipboard": "^3.3.1",
-    "crypto-browserify": "^3.12.0",
     "cypress": "^14.5.4",
     "date-fns": "^2.22.1",
     "formik": "^2.2.9",
@@ -38,7 +37,6 @@
     "react-router": "^5.1.2",
     "react-router-dom": "^5.1.2",
     "react-syntax-highlighter": "^15.5.0",
-    "stream-browserify": "^3.0.0",
     "typescript": "^4.4.4",
     "use-timer": "^2.0.1",
     "whatwg-fetch": "^3.6.2",
diff --git a/ui/packages/ce/vite.config.ts b/ui/packages/ce/vite.config.ts
@@ -72,12 +72,7 @@ export default defineConfig({
       },
     },
   },
-  resolve: {
-    alias: {
-      crypto: 'crypto-browserify',
-      stream: 'stream-browserify',
-    },
-  },
+  resolve: {},
   css: {
     preprocessorOptions: {
       scss: {
diff --git a/ui/packages/shared/package.json b/ui/packages/shared/package.json
@@ -27,7 +27,6 @@
     "classnames": "^2.3.1",
     "clsx": "^2.1.1",
     "copy-to-clipboard": "^3.3.1",
-    "crypto-browserify": "^3.12.0",
     "date-fns": "^2.22.1",
     "formik": "^2.2.9",
     "get-user-locale": "^1.4.0",
@@ -41,7 +40,6 @@
     "react-router": "^5.1.2",
     "react-router-dom": "^5.1.2",
     "react-syntax-highlighter": "^15.5.0",
-    "stream-browserify": "^3.0.0",
     "typescript": "^4.8.3",
     "use-timer": "^2.0.1",
     "whatwg-fetch": "^3.6.2",
diff --git a/ui/pnpm-lock.yaml b/ui/pnpm-lock.yaml
