Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
sfanahata
force-pushed
the
chore/security-overrides-transitive-deps
branch
from
dda36b3 to
3b378b8
Compare
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Missing minimatch override leaves ReDoS vulnerability unfixed
- Added minimatch ^9.0.7 override to package.json which upgraded vulnerable minimatch@9.0.3 to patched minimatch@9.0.9, fixing CVE-2026-27903, CVE-2026-27904, and CVE-2026-26996.
Or push these changes by commenting:
@cursor push 87ac47060c
Preview (87ac47060c)
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -171,7 +171,8 @@
"flatted": "^3.4.2",
"rollup": "^4.59.0",
"fast-xml-parser": "^5.5.7",
- "undici": "^6.24.0"
+ "undici": "^6.24.0",
+ "minimatch": "^9.0.7"
},
"onlyBuiltDependencies": [
"@parcel/watcher",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -13,6 +13,7 @@
rollup: ^4.59.0
fast-xml-parser: ^5.5.7
undici: ^6.24.0
+ minimatch: ^9.0.7
patchedDependencies:
remark-mdx-images@3.0.0:
@@ -4612,9 +4613,6 @@
bowser@2.14.1:
resolution: {integrity: sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==}
- brace-expansion@1.1.12:
- resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==}
-
brace-expansion@2.0.2:
resolution: {integrity: sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==}
@@ -4804,9 +4802,6 @@
commondir@1.0.1:
resolution: {integrity: sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==}
- concat-map@0.0.1:
- resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
-
concurrently@9.2.1:
resolution: {integrity: sha512-fsfrO0MxV64Znoy8/l1vVIjjHa29SZyyqPgQBwhiDcaW8wJc2W3XWVOGx4M3oJBnv/zdUZIIp1gDeS98GzP8Ng==}
engines: {node: '>=18'}
@@ -6837,13 +6832,6 @@
resolution: {integrity: sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==}
hasBin: true
- minimatch@3.1.5:
- resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
-
- minimatch@9.0.3:
- resolution: {integrity: sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==}
- engines: {node: '>=16 || 14 >=14.17'}
-
minimatch@9.0.9:
resolution: {integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==}
engines: {node: '>=16 || 14 >=14.17'}
@@ -9897,7 +9885,7 @@
ignore: 5.3.2
import-fresh: 3.3.1
js-yaml: 4.1.1
- minimatch: 3.1.5
+ minimatch: 9.0.9
strip-json-comments: 3.1.1
transitivePeerDependencies:
- supports-color
@@ -9957,7 +9945,7 @@
dependencies:
'@humanwhocodes/object-schema': 2.0.3
debug: 4.4.3
- minimatch: 3.1.5
+ minimatch: 9.0.9
transitivePeerDependencies:
- supports-color
@@ -13153,7 +13141,7 @@
debug: 4.4.3
globby: 11.1.0
is-glob: 4.0.3
- minimatch: 9.0.3
+ minimatch: 9.0.9
semver: 7.7.4
ts-api-utils: 1.4.3(typescript@5.9.3)
optionalDependencies:
@@ -13740,11 +13728,6 @@
bowser@2.14.1: {}
- brace-expansion@1.1.12:
- dependencies:
- balanced-match: 1.0.2
- concat-map: 0.0.1
-
brace-expansion@2.0.2:
dependencies:
balanced-match: 1.0.2
@@ -13923,8 +13906,6 @@
commondir@1.0.1: {}
- concat-map@0.0.1: {}
-
concurrently@9.2.1:
dependencies:
chalk: 4.1.2
@@ -14715,7 +14696,7 @@
hasown: 2.0.2
is-core-module: 2.16.1
is-glob: 4.0.3
- minimatch: 3.1.5
+ minimatch: 9.0.9
object.fromentries: 2.0.8
object.groupby: 1.0.3
object.values: 1.2.1
@@ -14744,7 +14725,7 @@
hasown: 2.0.2
is-core-module: 2.16.1
is-glob: 4.0.3
- minimatch: 3.1.5
+ minimatch: 9.0.9
object.fromentries: 2.0.8
object.groupby: 1.0.3
object.values: 1.2.1
@@ -14789,7 +14770,7 @@
hasown: 2.0.2
jsx-ast-utils: 3.3.5
language-tags: 1.0.9
- minimatch: 3.1.5
+ minimatch: 9.0.9
object.fromentries: 2.0.8
safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1
@@ -14820,7 +14801,7 @@
estraverse: 5.3.0
hasown: 2.0.2
jsx-ast-utils: 3.3.5
- minimatch: 3.1.5
+ minimatch: 9.0.9
object.entries: 1.1.9
object.fromentries: 2.0.8
object.values: 1.2.1
@@ -14902,7 +14883,7 @@
json-stable-stringify-without-jsonify: 1.0.1
levn: 0.4.1
lodash.merge: 4.6.2
- minimatch: 3.1.5
+ minimatch: 9.0.9
natural-compare: 1.4.0
optionator: 0.9.4
strip-ansi: 6.0.1
@@ -15235,7 +15216,7 @@
fs.realpath: 1.0.0
inflight: 1.0.6
inherits: 2.0.4
- minimatch: 3.1.5
+ minimatch: 9.0.9
once: 1.4.0
path-is-absolute: 1.0.1
@@ -16973,14 +16954,6 @@
mini-svg-data-uri@1.4.4: {}
- minimatch@3.1.5:
- dependencies:
- brace-expansion: 1.1.12
-
- minimatch@9.0.3:
- dependencies:
- brace-expansion: 2.0.2
-
minimatch@9.0.9:
dependencies:
brace-expansion: 2.0.2
@@ -18525,7 +18498,7 @@
dependencies:
'@istanbuljs/schema': 0.1.3
glob: 7.2.3
- minimatch: 3.1.5
+ minimatch: 9.0.9
text-table@0.2.0: {}This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
Contributor
|
Bugbot Autofix prepared a fix for the issue found in the latest run.
Or push these changes by commenting: Preview (e61f378f1b)diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -166,7 +166,16 @@
"overrides": {
"dompurify": "3.3.2",
"@types/dompurify": "3.0.5",
- "@types/node": "^22"
+ "@types/node": "^22",
+ "immutable": "^5.1.5",
+ "flatted": "^3.4.2",
+ "minimatch": "^9.0.7",
+ "eslint-plugin-import>minimatch": "^3.1.2",
+ "eslint-plugin-jsx-a11y>minimatch": "^3.1.2",
+ "eslint-plugin-react>minimatch": "^3.1.2",
+ "rollup": "^4.59.0",
+ "fast-xml-parser": "^5.5.7",
+ "undici": "^6.24.0"
},
"onlyBuiltDependencies": [
"@parcel/watcher",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -8,6 +8,15 @@
dompurify: 3.3.2
'@types/dompurify': 3.0.5
'@types/node': ^22
+ immutable: ^5.1.5
+ flatted: ^3.4.2
+ minimatch: ^9.0.7
+ eslint-plugin-import>minimatch: ^3.1.2
+ eslint-plugin-jsx-a11y>minimatch: ^3.1.2
+ eslint-plugin-react>minimatch: ^3.1.2
+ rollup: ^4.59.0
+ fast-xml-parser: ^5.5.7
+ undici: ^6.24.0
patchedDependencies:
remark-mdx-images@3.0.0:
@@ -1308,10 +1317,6 @@
'@fal-works/esbuild-plugin-global-externals@2.1.2':
resolution: {integrity: sha512-cEee/Z+I12mZcFJshKcCqC8tuX5hG3s+d+9nZ3LabqKF1vKdF41B92pJVCBggjAGORAeOzyyDDKrZwIkLffeOQ==}
- '@fastify/busboy@2.1.1':
- resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==}
- engines: {node: '>=14'}
-
'@floating-ui/core@1.7.4':
resolution: {integrity: sha512-C3HlIdsBxszvm5McXlB8PeOEWfBhcGBTZGkGlWc2U0KFY5IwG5OQEuQ8rq52DZmcHDlPLd+YFBK+cZcytwIFWg==}
@@ -3124,7 +3129,7 @@
resolution: {integrity: sha512-+tNWdlWKbpB3WgBN7ijjYkq9X5uhjmcvyjEght4NmH5fAU++zfQzAJ6wumLS+dNcvwEZhKx2Z+skY8m7v0wGSA==}
engines: {node: '>=16.0.0 || 14 >= 14.17'}
peerDependencies:
- rollup: ^2.68.0||^3.0.0||^4.0.0
+ rollup: ^4.59.0
peerDependenciesMeta:
rollup:
optional: true
@@ -3133,146 +3138,146 @@
resolution: {integrity: sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q==}
engines: {node: '>=14.0.0'}
peerDependencies:
- rollup: ^1.20.0||^2.0.0||^3.0.0||^4.0.0
+ rollup: ^4.59.0
peerDependenciesMeta:
rollup:
optional: true
- '@rollup/rollup-android-arm-eabi@4.57.1':
- resolution: {integrity: sha512-A6ehUVSiSaaliTxai040ZpZ2zTevHYbvu/lDoeAteHI8QnaosIzm4qwtezfRg1jOYaUmnzLX1AOD6Z+UJjtifg==}
+ '@rollup/rollup-android-arm-eabi@4.60.0':
+ resolution: {integrity: sha512-WOhNW9K8bR3kf4zLxbfg6Pxu2ybOUbB2AjMDHSQx86LIF4rH4Ft7vmMwNt0loO0eonglSNy4cpD3MKXXKQu0/A==}
cpu: [arm]
os: [android]
- '@rollup/rollup-android-arm64@4.57.1':
- resolution: {integrity: sha512-dQaAddCY9YgkFHZcFNS/606Exo8vcLHwArFZ7vxXq4rigo2bb494/xKMMwRRQW6ug7Js6yXmBZhSBRuBvCCQ3w==}
+ '@rollup/rollup-android-arm64@4.60.0':
+ resolution: {integrity: sha512-u6JHLll5QKRvjciE78bQXDmqRqNs5M/3GVqZeMwvmjaNODJih/WIrJlFVEihvV0MiYFmd+ZyPr9wxOVbPAG2Iw==}
cpu: [arm64]
os: [android]
- '@rollup/rollup-darwin-arm64@4.57.1':
- resolution: {integrity: sha512-crNPrwJOrRxagUYeMn/DZwqN88SDmwaJ8Cvi/TN1HnWBU7GwknckyosC2gd0IqYRsHDEnXf328o9/HC6OkPgOg==}
+ '@rollup/rollup-darwin-arm64@4.60.0':
+ resolution: {integrity: sha512-qEF7CsKKzSRc20Ciu2Zw1wRrBz4g56F7r/vRwY430UPp/nt1x21Q/fpJ9N5l47WWvJlkNCPJz3QRVw008fi7yA==}
cpu: [arm64]
os: [darwin]
- '@rollup/rollup-darwin-x64@4.57.1':
- resolution: {integrity: sha512-Ji8g8ChVbKrhFtig5QBV7iMaJrGtpHelkB3lsaKzadFBe58gmjfGXAOfI5FV0lYMH8wiqsxKQ1C9B0YTRXVy4w==}
+ '@rollup/rollup-darwin-x64@4.60.0':
+ resolution: {integrity: sha512-WADYozJ4QCnXCH4wPB+3FuGmDPoFseVCUrANmA5LWwGmC6FL14BWC7pcq+FstOZv3baGX65tZ378uT6WG8ynTw==}
cpu: [x64]
os: [darwin]
- '@rollup/rollup-freebsd-arm64@4.57.1':
- resolution: {integrity: sha512-R+/WwhsjmwodAcz65guCGFRkMb4gKWTcIeLy60JJQbXrJ97BOXHxnkPFrP+YwFlaS0m+uWJTstrUA9o+UchFug==}
+ '@rollup/rollup-freebsd-arm64@4.60.0':
+ resolution: {integrity: sha512-6b8wGHJlDrGeSE3aH5mGNHBjA0TTkxdoNHik5EkvPHCt351XnigA4pS7Wsj/Eo9Y8RBU6f35cjN9SYmCFBtzxw==}
cpu: [arm64]
os: [freebsd]
- '@rollup/rollup-freebsd-x64@4.57.1':
- resolution: {integrity: sha512-IEQTCHeiTOnAUC3IDQdzRAGj3jOAYNr9kBguI7MQAAZK3caezRrg0GxAb6Hchg4lxdZEI5Oq3iov/w/hnFWY9Q==}
+ '@rollup/rollup-freebsd-x64@4.60.0':
+ resolution: {integrity: sha512-h25Ga0t4jaylMB8M/JKAyrvvfxGRjnPQIR8lnCayyzEjEOx2EJIlIiMbhpWxDRKGKF8jbNH01NnN663dH638mA==}
cpu: [x64]
os: [freebsd]
- '@rollup/rollup-linux-arm-gnueabihf@4.57.1':
- resolution: {integrity: sha512-F8sWbhZ7tyuEfsmOxwc2giKDQzN3+kuBLPwwZGyVkLlKGdV1nvnNwYD0fKQ8+XS6hp9nY7B+ZeK01EBUE7aHaw==}
+ '@rollup/rollup-linux-arm-gnueabihf@4.60.0':
+ resolution: {integrity: sha512-RzeBwv0B3qtVBWtcuABtSuCzToo2IEAIQrcyB/b2zMvBWVbjo8bZDjACUpnaafaxhTw2W+imQbP2BD1usasK4g==}
cpu: [arm]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-arm-musleabihf@4.57.1':
- resolution: {integrity: sha512-rGfNUfn0GIeXtBP1wL5MnzSj98+PZe/AXaGBCRmT0ts80lU5CATYGxXukeTX39XBKsxzFpEeK+Mrp9faXOlmrw==}
+ '@rollup/rollup-linux-arm-musleabihf@4.60.0':
+ resolution: {integrity: sha512-Sf7zusNI2CIU1HLzuu9Tc5YGAHEZs5Lu7N1ssJG4Tkw6e0MEsN7NdjUDDfGNHy2IU+ENyWT+L2obgWiguWibWQ==}
cpu: [arm]
os: [linux]
libc: [musl]
- '@rollup/rollup-linux-arm64-gnu@4.57.1':
- resolution: {integrity: sha512-MMtej3YHWeg/0klK2Qodf3yrNzz6CGjo2UntLvk2RSPlhzgLvYEB3frRvbEF2wRKh1Z2fDIg9KRPe1fawv7C+g==}
+ '@rollup/rollup-linux-arm64-gnu@4.60.0':
+ resolution: {integrity: sha512-DX2x7CMcrJzsE91q7/O02IJQ5/aLkVtYFryqCjduJhUfGKG6yJV8hxaw8pZa93lLEpPTP/ohdN4wFz7yp/ry9A==}
cpu: [arm64]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-arm64-musl@4.57.1':
- resolution: {integrity: sha512-1a/qhaaOXhqXGpMFMET9VqwZakkljWHLmZOX48R0I/YLbhdxr1m4gtG1Hq7++VhVUmf+L3sTAf9op4JlhQ5u1Q==}
+ '@rollup/rollup-linux-arm64-musl@4.60.0':
+ resolution: {integrity: sha512-09EL+yFVbJZlhcQfShpswwRZ0Rg+z/CsSELFCnPt3iK+iqwGsI4zht3secj5vLEs957QvFFXnzAT0FFPIxSrkQ==}
cpu: [arm64]
os: [linux]
libc: [musl]
- '@rollup/rollup-linux-loong64-gnu@4.57.1':
- resolution: {integrity: sha512-QWO6RQTZ/cqYtJMtxhkRkidoNGXc7ERPbZN7dVW5SdURuLeVU7lwKMpo18XdcmpWYd0qsP1bwKPf7DNSUinhvA==}
+ '@rollup/rollup-linux-loong64-gnu@4.60.0':
+ resolution: {integrity: sha512-i9IcCMPr3EXm8EQg5jnja0Zyc1iFxJjZWlb4wr7U2Wx/GrddOuEafxRdMPRYVaXjgbhvqalp6np07hN1w9kAKw==}
cpu: [loong64]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-loong64-musl@4.57.1':
- resolution: {integrity: sha512-xpObYIf+8gprgWaPP32xiN5RVTi/s5FCR+XMXSKmhfoJjrpRAjCuuqQXyxUa/eJTdAE6eJ+KDKaoEqjZQxh3Gw==}
+ '@rollup/rollup-linux-loong64-musl@4.60.0':
+ resolution: {integrity: sha512-DGzdJK9kyJ+B78MCkWeGnpXJ91tK/iKA6HwHxF4TAlPIY7GXEvMe8hBFRgdrR9Ly4qebR/7gfUs9y2IoaVEyog==}
cpu: [loong64]
os: [linux]
libc: [musl]
- '@rollup/rollup-linux-ppc64-gnu@4.57.1':
- resolution: {integrity: sha512-4BrCgrpZo4hvzMDKRqEaW1zeecScDCR+2nZ86ATLhAoJ5FQ+lbHVD3ttKe74/c7tNT9c6F2viwB3ufwp01Oh2w==}
+ '@rollup/rollup-linux-ppc64-gnu@4.60.0':
+ resolution: {integrity: sha512-RwpnLsqC8qbS8z1H1AxBA1H6qknR4YpPR9w2XX0vo2Sz10miu57PkNcnHVaZkbqyw/kUWfKMI73jhmfi9BRMUQ==}
cpu: [ppc64]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-ppc64-musl@4.57.1':
- resolution: {integrity: sha512-NOlUuzesGauESAyEYFSe3QTUguL+lvrN1HtwEEsU2rOwdUDeTMJdO5dUYl/2hKf9jWydJrO9OL/XSSf65R5+Xw==}
+ '@rollup/rollup-linux-ppc64-musl@4.60.0':
+ resolution: {integrity: sha512-Z8pPf54Ly3aqtdWC3G4rFigZgNvd+qJlOE52fmko3KST9SoGfAdSRCwyoyG05q1HrrAblLbk1/PSIV+80/pxLg==}
cpu: [ppc64]
os: [linux]
libc: [musl]
- '@rollup/rollup-linux-riscv64-gnu@4.57.1':
- resolution: {integrity: sha512-ptA88htVp0AwUUqhVghwDIKlvJMD/fmL/wrQj99PRHFRAG6Z5nbWoWG4o81Nt9FT+IuqUQi+L31ZKAFeJ5Is+A==}
+ '@rollup/rollup-linux-riscv64-gnu@4.60.0':
+ resolution: {integrity: sha512-3a3qQustp3COCGvnP4SvrMHnPQ9d1vzCakQVRTliaz8cIp/wULGjiGpbcqrkv0WrHTEp8bQD/B3HBjzujVWLOA==}
cpu: [riscv64]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-riscv64-musl@4.57.1':
- resolution: {integrity: sha512-S51t7aMMTNdmAMPpBg7OOsTdn4tySRQvklmL3RpDRyknk87+Sp3xaumlatU+ppQ+5raY7sSTcC2beGgvhENfuw==}
+ '@rollup/rollup-linux-riscv64-musl@4.60.0':
+ resolution: {integrity: sha512-pjZDsVH/1VsghMJ2/kAaxt6dL0psT6ZexQVrijczOf+PeP2BUqTHYejk3l6TlPRydggINOeNRhvpLa0AYpCWSQ==}
cpu: [riscv64]
os: [linux]
libc: [musl]
- '@rollup/rollup-linux-s390x-gnu@4.57.1':
- resolution: {integrity: sha512-Bl00OFnVFkL82FHbEqy3k5CUCKH6OEJL54KCyx2oqsmZnFTR8IoNqBF+mjQVcRCT5sB6yOvK8A37LNm/kPJiZg==}
+ '@rollup/rollup-linux-s390x-gnu@4.60.0':
+ resolution: {integrity: sha512-3ObQs0BhvPgiUVZrN7gqCSvmFuMWvWvsjG5ayJ3Lraqv+2KhOsp+pUbigqbeWqueGIsnn+09HBw27rJ+gYK4VQ==}
cpu: [s390x]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-x64-gnu@4.57.1':
- resolution: {integrity: sha512-ABca4ceT4N+Tv/GtotnWAeXZUZuM/9AQyCyKYyKnpk4yoA7QIAuBt6Hkgpw8kActYlew2mvckXkvx0FfoInnLg==}
+ '@rollup/rollup-linux-x64-gnu@4.60.0':
+ resolution: {integrity: sha512-EtylprDtQPdS5rXvAayrNDYoJhIz1/vzN2fEubo3yLE7tfAw+948dO0g4M0vkTVFhKojnF+n6C8bDNe+gDRdTg==}
cpu: [x64]
os: [linux]
libc: [glibc]
- '@rollup/rollup-linux-x64-musl@4.57.1':
- resolution: {integrity: sha512-HFps0JeGtuOR2convgRRkHCekD7j+gdAuXM+/i6kGzQtFhlCtQkpwtNzkNj6QhCDp7DRJ7+qC/1Vg2jt5iSOFw==}
+ '@rollup/rollup-linux-x64-musl@4.60.0':
+ resolution: {integrity: sha512-k09oiRCi/bHU9UVFqD17r3eJR9bn03TyKraCrlz5ULFJGdJGi7VOmm9jl44vOJvRJ6P7WuBi/s2A97LxxHGIdw==}
cpu: [x64]
os: [linux]
libc: [musl]
- '@rollup/rollup-openbsd-x64@4.57.1':
- resolution: {integrity: sha512-H+hXEv9gdVQuDTgnqD+SQffoWoc0Of59AStSzTEj/feWTBAnSfSD3+Dql1ZruJQxmykT/JVY0dE8Ka7z0DH1hw==}
+ '@rollup/rollup-openbsd-x64@4.60.0':
+ resolution: {integrity: sha512-1o/0/pIhozoSaDJoDcec+IVLbnRtQmHwPV730+AOD29lHEEo4F5BEUB24H0OBdhbBBDwIOSuf7vgg0Ywxdfiiw==}
cpu: [x64]
os: [openbsd]
- '@rollup/rollup-openharmony-arm64@4.57.1':
- resolution: {integrity: sha512-4wYoDpNg6o/oPximyc/NG+mYUejZrCU2q+2w6YZqrAs2UcNUChIZXjtafAiiZSUc7On8v5NyNj34Kzj/Ltk6dQ==}
+ '@rollup/rollup-openharmony-arm64@4.60.0':
+ resolution: {integrity: sha512-pESDkos/PDzYwtyzB5p/UoNU/8fJo68vcXM9ZW2V0kjYayj1KaaUfi1NmTUTUpMn4UhU4gTuK8gIaFO4UGuMbA==}
cpu: [arm64]
os: [openharmony]
- '@rollup/rollup-win32-arm64-msvc@4.57.1':
- resolution: {integrity: sha512-O54mtsV/6LW3P8qdTcamQmuC990HDfR71lo44oZMZlXU4tzLrbvTii87Ni9opq60ds0YzuAlEr/GNwuNluZyMQ==}
+ '@rollup/rollup-win32-arm64-msvc@4.60.0':
+ resolution: {integrity: sha512-hj1wFStD7B1YBeYmvY+lWXZ7ey73YGPcViMShYikqKT1GtstIKQAtfUI6yrzPjAy/O7pO0VLXGmUVWXQMaYgTQ==}
cpu: [arm64]
os: [win32]
- '@rollup/rollup-win32-ia32-msvc@4.57.1':
- resolution: {integrity: sha512-P3dLS+IerxCT/7D2q2FYcRdWRl22dNbrbBEtxdWhXrfIMPP9lQhb5h4Du04mdl5Woq05jVCDPCMF7Ub0NAjIew==}
+ '@rollup/rollup-win32-ia32-msvc@4.60.0':
+ resolution: {integrity: sha512-SyaIPFoxmUPlNDq5EHkTbiKzmSEmq/gOYFI/3HHJ8iS/v1mbugVa7dXUzcJGQfoytp9DJFLhHH4U3/eTy2Bq4w==}
cpu: [ia32]
os: [win32]
- '@rollup/rollup-win32-x64-gnu@4.57.1':
- resolution: {integrity: sha512-VMBH2eOOaKGtIJYleXsi2B8CPVADrh+TyNxJ4mWPnKfLB/DBUmzW+5m1xUrcwWoMfSLagIRpjUFeW5CO5hyciQ==}
+ '@rollup/rollup-win32-x64-gnu@4.60.0':
+ resolution: {integrity: sha512-RdcryEfzZr+lAr5kRm2ucN9aVlCCa2QNq4hXelZxb8GG0NJSazq44Z3PCCc8wISRuCVnGs0lQJVX5Vp6fKA+IA==}
cpu: [x64]
os: [win32]
- '@rollup/rollup-win32-x64-msvc@4.57.1':
- resolution: {integrity: sha512-mxRFDdHIWRxg3UfIIAwCm6NzvxG0jDX/wBN6KsQFTvKFqqg9vTrWUE68qEjHt19A5wwx5X5aUi2zuZT7YR0jrA==}
+ '@rollup/rollup-win32-x64-msvc@4.60.0':
+ resolution: {integrity: sha512-PrsWNQ8BuE00O3Xsx3ALh2Df8fAj9+cvvX9AIA6o4KpATR98c9mud4XtDWVvsEuyia5U4tVSTKygawyJkjm60w==}
cpu: [x64]
os: [win32]
@@ -5610,14 +5615,10 @@
fast-xml-builder@1.1.4:
resolution: {integrity: sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==}
- fast-xml-parser@5.3.6:
- resolution: {integrity: sha512-QNI3sAvSvaOiaMl8FYU4trnEzCwiRr8XMWgAHzlrWpTSj+QaCSvOf1h82OEP1s4hiAXhnbXSyFWCf4ldZzZRVA==}
+ fast-xml-parser@5.5.9:
+ resolution: {integrity: sha512-jldvxr1MC6rtiZKgrFnDSvT8xuH+eJqxqOBThUVjYrxssYTo1avZLGql5l0a0BAERR01CadYzZ83kVEkbyDg+g==}
hasBin: true
- fast-xml-parser@5.5.6:
- resolution: {integrity: sha512-3+fdZyBRVg29n4rXP0joHthhcHdPUHaIC16cuyyd1iLsuaO6Vea36MPrxgAzbZna8lhvZeRL8Bc9GP56/J9xEw==}
- hasBin: true
-
fastq@1.20.1:
resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==}
@@ -5659,8 +5660,8 @@
resolution: {integrity: sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==}
engines: {node: ^10.12.0 || >=12.0.0}
- flatted@3.3.3:
- resolution: {integrity: sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==}
+ flatted@3.4.2:
+ resolution: {integrity: sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==}
for-each@0.3.5:
resolution: {integrity: sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg==}
@@ -6025,8 +6026,8 @@
engines: {node: '>=16.x'}
hasBin: true
- immutable@5.1.4:
- resolution: {integrity: sha512-p6u1bG3YSnINT5RQmx/yRZBpenIl30kVxkTLDyHLIMk0gict704Q9n+thfDI7lTRm9vXdDYutVzXhzcThxTnXA==}
+ immutable@5.1.5:
+ resolution: {integrity: sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==}
import-fresh@3.3.1:
resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==}
@@ -6840,17 +6841,13 @@
resolution: {integrity: sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==}
hasBin: true
- minimatch@3.1.2:
- resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
+ minimatch@3.1.5:
+ resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
- minimatch@9.0.3:
- resolution: {integrity: sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==}
+ minimatch@9.0.9:
+ resolution: {integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==}
engines: {node: '>=16 || 14 >=14.17'}
- minimatch@9.0.5:
- resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
- engines: {node: '>=16 || 14 >=14.17'}
-
minimist@1.2.8:
resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@@ -7083,8 +7080,8 @@
resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
engines: {node: '>=8'}
- path-expression-matcher@1.1.3:
- resolution: {integrity: sha512-qdVgY8KXmVdJZRSS1JdEPOKPdTiEK/pi0RkcT2sw1RhXxohdujUlJFPuS1TSkevZ9vzd3ZlL7ULl1MHGTApKzQ==}
+ path-expression-matcher@1.2.0:
+ resolution: {integrity: sha512-DwmPWeFn+tq7TiyJ2CxezCAirXjFxvaiD03npak3cRjlP9+OjTmSy1EpIrEbh+l6JgUundniloMLDQ/6VTdhLQ==}
engines: {node: '>=14.0.0'}
path-is-absolute@1.0.1:
@@ -7632,8 +7629,8 @@
robust-predicates@3.0.2:
resolution: {integrity: sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==}
- rollup@4.57.1:
- resolution: {integrity: sha512-oQL6lgK3e2QZeQ7gcgIkS2YZPg5slw37hYufJ3edKlfQSGGm8ICoxswK15ntSzF/a8+h7ekRy7k7oWc3BQ7y8A==}
+ rollup@4.60.0:
+ resolution: {integrity: sha512-yqjxruMGBQJ2gG4HtjZtAfXArHomazDHoFwFFmZZl0r7Pdo7qCIXKqKHZc8yeoMgzJJ+pO6pEEHa+V7uzWlrAQ==}
engines: {node: '>=18.0.0', npm: '>=8.0.0'}
hasBin: true
@@ -7907,12 +7904,9 @@
strip-literal@3.1.0:
resolution: {integrity: sha512-8r3mkIM/2+PpjHoOtiAW8Rg3jJLHaV7xPwG+YRGrv6FP0wwk/toTpATxWYOW0BKdWwl82VT2tFYi5DlROa0Mxg==}
- strnum@2.1.2:
- resolution: {integrity: sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==}
+ strnum@2.2.2:
+ resolution: {integrity: sha512-DnR90I+jtXNSTXWdwrEy9FakW7UX+qUZg28gj5fk2vxxl7uS/3bpI4fjFYVmdK9etptYBPNkpahuQnEwhwECqA==}
- strnum@2.2.1:
- resolution: {integrity: sha512-BwRvNd5/QoAtyW1na1y1LsJGQNvRlkde6Q/ipqqEaivoMdV+B1OMOTVdwR+N/cwVUcIt9PYyHmV8HyexCZSupg==}
-
stubs@3.0.0:
resolution: {integrity: sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw==}
@@ -8209,9 +8203,9 @@
undici-types@6.21.0:
resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
- undici@5.29.0:
- resolution: {integrity: sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==}
- engines: {node: '>=14.0'}
+ undici@6.24.1:
+ resolution: {integrity: sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==}
+ engines: {node: '>=18.17'}
unified@10.1.2:
resolution: {integrity: sha512-pUSWAi/RAnVy1Pif2kAoeWNBa3JVrx0MId2LASj8G+7AiHWoKZNTomq6LG326T68U7/e263X6fTdcXIy7XnF7Q==}
@@ -8726,12 +8720,12 @@
'@octokit/plugin-rest-endpoint-methods': 10.4.1(@octokit/core@5.2.2)
'@octokit/request': 8.4.1
'@octokit/request-error': 5.1.1
- undici: 5.29.0
+ undici: 6.24.1
'@actions/http-client@2.2.3':
dependencies:
tunnel: 0.0.6
- undici: 5.29.0
+ undici: 6.24.1
'@actions/io@1.1.3': {}
@@ -9283,7 +9277,7 @@
'@aws-sdk/xml-builder@3.972.13':
dependencies:
'@smithy/types': 4.13.1
- fast-xml-parser: 5.5.6
+ fast-xml-parser: 5.5.9
tslib: 2.8.1
'@aws/lambda-invoke-store@0.2.4': {}
@@ -9903,7 +9897,7 @@
ignore: 5.3.2
import-fresh: 3.3.1
js-yaml: 4.1.1
- minimatch: 3.1.2
+ minimatch: 9.0.9
strip-json-comments: 3.1.1
transitivePeerDependencies:
- supports-color
@@ -9912,8 +9906,6 @@
'@fal-works/esbuild-plugin-global-externals@2.1.2': {}
- '@fastify/busboy@2.1.1': {}
-
'@floating-ui/core@1.7.4':
dependencies:
'@floating-ui/utils': 0.2.10
@@ -9948,7 +9940,7 @@
abort-controller: 3.0.0
async-retry: 1.3.3
duplexify: 4.1.3
- fast-xml-parser: 5.3.6
+ fast-xml-parser: 5.5.9
gaxios: 6.7.1
google-auth-library: 9.15.1
html-entities: 2.6.0
@@ -9965,7 +9957,7 @@
dependencies:
'@humanwhocodes/object-schema': 2.0.3
debug: 4.4.3
- minimatch: 3.1.2
+ minimatch: 9.0.9
transitivePeerDependencies:
- supports-color
@@ -11931,9 +11923,9 @@
'@types/react': 18.3.12
'@types/react-dom': 18.3.1
- '@rollup/plugin-commonjs@28.0.1(rollup@4.57.1)':
+ '@rollup/plugin-commonjs@28.0.1(rollup@4.60.0)':
dependencies:
- '@rollup/pluginutils': 5.3.0(rollup@4.57.1)
+ '@rollup/pluginutils': 5.3.0(rollup@4.60.0)
commondir: 1.0.1
estree-walker: 2.0.2
fdir: 6.5.0(picomatch@4.0.3)
@@ -11941,89 +11933,89 @@
magic-string: 0.30.21
picomatch: 4.0.3
optionalDependencies:
- rollup: 4.57.1
+ rollup: 4.60.0
- '@rollup/pluginutils@5.3.0(rollup@4.57.1)':
+ '@rollup/pluginutils@5.3.0(rollup@4.60.0)':
dependencies:
'@types/estree': 1.0.8
estree-walker: 2.0.2
picomatch: 4.0.3
optionalDependencies:
- rollup: 4.57.1
+ rollup: 4.60.0
- '@rollup/rollup-android-arm-eabi@4.57.1':
+ '@rollup/rollup-android-arm-eabi@4.60.0':
optional: true
- '@rollup/rollup-android-arm64@4.57.1':
+ '@rollup/rollup-android-arm64@4.60.0':
optional: true
- '@rollup/rollup-darwin-arm64@4.57.1':
+ '@rollup/rollup-darwin-arm64@4.60.0':
optional: true
- '@rollup/rollup-darwin-x64@4.57.1':
+ '@rollup/rollup-darwin-x64@4.60.0':
optional: true
- '@rollup/rollup-freebsd-arm64@4.57.1':
+ '@rollup/rollup-freebsd-arm64@4.60.0':
optional: true
- '@rollup/rollup-freebsd-x64@4.57.1':
+ '@rollup/rollup-freebsd-x64@4.60.0':
optional: true
- '@rollup/rollup-linux-arm-gnueabihf@4.57.1':
+ '@rollup/rollup-linux-arm-gnueabihf@4.60.0':
optional: true
- '@rollup/rollup-linux-arm-musleabihf@4.57.1':
+ '@rollup/rollup-linux-arm-musleabihf@4.60.0':
optional: true
- '@rollup/rollup-linux-arm64-gnu@4.57.1':
+ '@rollup/rollup-linux-arm64-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-arm64-musl@4.57.1':
+ '@rollup/rollup-linux-arm64-musl@4.60.0':
optional: true
- '@rollup/rollup-linux-loong64-gnu@4.57.1':
+ '@rollup/rollup-linux-loong64-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-loong64-musl@4.57.1':
+ '@rollup/rollup-linux-loong64-musl@4.60.0':
optional: true
- '@rollup/rollup-linux-ppc64-gnu@4.57.1':
+ '@rollup/rollup-linux-ppc64-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-ppc64-musl@4.57.1':
+ '@rollup/rollup-linux-ppc64-musl@4.60.0':
optional: true
- '@rollup/rollup-linux-riscv64-gnu@4.57.1':
+ '@rollup/rollup-linux-riscv64-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-riscv64-musl@4.57.1':
+ '@rollup/rollup-linux-riscv64-musl@4.60.0':
optional: true
- '@rollup/rollup-linux-s390x-gnu@4.57.1':
+ '@rollup/rollup-linux-s390x-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-x64-gnu@4.57.1':
+ '@rollup/rollup-linux-x64-gnu@4.60.0':
optional: true
- '@rollup/rollup-linux-x64-musl@4.57.1':
+ '@rollup/rollup-linux-x64-musl@4.60.0':
optional: true
- '@rollup/rollup-openbsd-x64@4.57.1':
+ '@rollup/rollup-openbsd-x64@4.60.0':
optional: true
- '@rollup/rollup-openharmony-arm64@4.57.1':
+ '@rollup/rollup-openharmony-arm64@4.60.0':
optional: true
- '@rollup/rollup-win32-arm64-msvc@4.57.1':
+ '@rollup/rollup-win32-arm64-msvc@4.60.0':
optional: true
- '@rollup/rollup-win32-ia32-msvc@4.57.1':
+ '@rollup/rollup-win32-ia32-msvc@4.60.0':
optional: true
- '@rollup/rollup-win32-x64-gnu@4.57.1':
+ '@rollup/rollup-win32-x64-gnu@4.60.0':
optional: true
- '@rollup/rollup-win32-x64-msvc@4.57.1':
+ '@rollup/rollup-win32-x64-msvc@4.60.0':
optional: true
'@rtsao/scc@1.1.0': {}
@@ -12137,7 +12129,7 @@
dependencies:
'@opentelemetry/api': 1.9.0
'@opentelemetry/semantic-conventions': 1.39.0
- '@rollup/plugin-commonjs': 28.0.1(rollup@4.57.1)
+ '@rollup/plugin-commonjs': 28.0.1(rollup@4.60.0)
'@sentry-internal/browser-utils': 10.39.0
'@sentry/bundler-plugin-core': 4.9.1
'@sentry/core': 10.39.0
@@ -12147,7 +12139,7 @@
'@sentry/vercel-edge': 10.39.0
'@sentry/webpack-plugin': 4.9.1(webpack@5.105.2(esbuild@0.25.12))
next: 15.5.14(@babel/core@7.29.0)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)(sass@1.97.3)
- rollup: 4.57.1
+ rollup: 4.60.0
stacktrace-parser: 0.1.11
transitivePeerDependencies:
- '@opentelemetry/context-async-hooks'
@@ -12211,7 +12203,7 @@
'@sentry/node-core': 10.39.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0))(@opentelemetry/resources@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)
'@sentry/opentelemetry': 10.39.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.1(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)
import-in-the-middle: 2.0.6
- minimatch: 9.0.5
+ minimatch: 9.0.9
transitivePeerDependencies:
- supports-color
@@ -13161,7 +13153,7 @@
debug: 4.4.3
globby: 11.1.0
is-glob: 4.0.3
- minimatch: 9.0.3
+ minimatch: 9.0.9
semver: 7.7.4
ts-api-utils: 1.4.3(typescript@5.9.3)
optionalDependencies:
@@ -13176,7 +13168,7 @@
'@typescript-eslint/types': 8.56.0
'@typescript-eslint/visitor-keys': 8.56.0
debug: 4.4.3
- minimatch: 9.0.5
+ minimatch: 9.0.9
semver: 7.7.4
tinyglobby: 0.2.15
ts-api-utils: 2.4.0(typescript@5.9.3)
@@ -14723,7 +14715,7 @@
hasown: 2.0.2
is-core-module: 2.16.1
is-glob: 4.0.3
- minimatch: 3.1.2
+ minimatch: 3.1.5
object.fromentries: 2.0.8
object.groupby: 1.0.3
object.values: 1.2.1
@@ -14752,7 +14744,7 @@
hasown: 2.0.2
is-core-module: 2.16.1
is-glob: 4.0.3
- minimatch: 3.1.2
+ minimatch: 3.1.5
object.fromentries: 2.0.8
object.groupby: 1.0.3
object.values: 1.2.1
@@ -14797,7 +14789,7 @@
hasown: 2.0.2
jsx-ast-utils: 3.3.5
language-tags: 1.0.9
- minimatch: 3.1.2
+ minimatch: 3.1.5
object.fromentries: 2.0.8
safe-regex-test: 1.1.0
string.prototype.includes: 2.0.1
@@ -14828,7 +14820,7 @@
estraverse: 5.3.0
hasown: 2.0.2
jsx-ast-utils: 3.3.5
- minimatch: 3.1.2
+ minimatch: 3.1.5
object.entries: 1.1.9
object.fromentries: 2.0.8
object.values: 1.2.1
@@ -14910,7 +14902,7 @@
json-stable-stringify-without-jsonify: 1.0.1
levn: 0.4.1
lodash.merge: 4.6.2
- minimatch: 3.1.2
+ minimatch: 9.0.9
natural-compare: 1.4.0
optionator: 0.9.4
strip-ansi: 6.0.1
@@ -15039,17 +15031,13 @@
fast-xml-builder@1.1.4:
dependencies:
- path-expression-matcher: 1.1.3
+ path-expression-matcher: 1.2.0
- fast-xml-parser@5.3.6:
+ fast-xml-parser@5.5.9:
dependencies:
- strnum: 2.1.2
-
- fast-xml-parser@5.5.6:
- dependencies:
fast-xml-builder: 1.1.4
- path-expression-matcher: 1.1.3
- strnum: 2.2.1
+ path-expression-matcher: 1.2.0
+ strnum: 2.2.2
fastq@1.20.1:
dependencies:
@@ -15089,11 +15077,11 @@
flat-cache@3.2.0:
dependencies:
- flatted: 3.3.3
+ flatted: 3.4.2
keyv: 4.5.4
rimraf: 3.0.2
- flatted@3.3.3: {}
+ flatted@3.4.2: {}
for-each@0.3.5:
dependencies:
@@ -15237,7 +15225,7 @@
dependencies:
foreground-child: 3.3.1
jackspeak: 3.4.3
- minimatch: 9.0.5
+ minimatch: 9.0.9
minipass: 7.1.2
package-json-from-dist: 1.0.1
path-scurry: 1.11.1
@@ -15247,7 +15235,7 @@
fs.realpath: 1.0.0
inflight: 1.0.6
inherits: 2.0.4
- minimatch: 3.1.2
+ minimatch: 9.0.9
once: 1.4.0
path-is-absolute: 1.0.1
@@ -15644,7 +15632,7 @@
dependencies:
queue: 6.0.2
- immutable@5.1.4: {}
+ immutable@5.1.5: {}
import-fresh@3.3.1:
dependencies:
@@ -16985,18 +16973,14 @@
mini-svg-data-uri@1.4.4: {}
- minimatch@3.1.2:
+ minimatch@3.1.5:
dependencies:
brace-expansion: 1.1.12
- minimatch@9.0.3:
+ minimatch@9.0.9:
dependencies:
brace-expansion: 2.0.2
- minimatch@9.0.5:
- dependencies:
- brace-expansion: 2.0.2
-
minimist@1.2.8: {}
minipass@7.1.2: {}
@@ -17236,7 +17220,7 @@
path-exists@4.0.0: {}
- path-expression-matcher@1.1.3: {}
+ path-expression-matcher@1.2.0: {}
path-is-absolute@1.0.1: {}
@@ -18031,35 +18015,35 @@
robust-predicates@3.0.2: {}
- rollup@4.57.1:
+ rollup@4.60.0:
dependencies:
'@types/estree': 1.0.8
optionalDependencies:
- '@rollup/rollup-android-arm-eabi': 4.57.1
- '@rollup/rollup-android-arm64': 4.57.1
- '@rollup/rollup-darwin-arm64': 4.57.1
- '@rollup/rollup-darwin-x64': 4.57.1
- '@rollup/rollup-freebsd-arm64': 4.57.1
- '@rollup/rollup-freebsd-x64': 4.57.1
- '@rollup/rollup-linux-arm-gnueabihf': 4.57.1
- '@rollup/rollup-linux-arm-musleabihf': 4.57.1
- '@rollup/rollup-linux-arm64-gnu': 4.57.1
- '@rollup/rollup-linux-arm64-musl': 4.57.1
- '@rollup/rollup-linux-loong64-gnu': 4.57.1
- '@rollup/rollup-linux-loong64-musl': 4.57.1
- '@rollup/rollup-linux-ppc64-gnu': 4.57.1
- '@rollup/rollup-linux-ppc64-musl': 4.57.1
- '@rollup/rollup-linux-riscv64-gnu': 4.57.1
- '@rollup/rollup-linux-riscv64-musl': 4.57.1
- '@rollup/rollup-linux-s390x-gnu': 4.57.1
- '@rollup/rollup-linux-x64-gnu': 4.57.1
- '@rollup/rollup-linux-x64-musl': 4.57.1
- '@rollup/rollup-openbsd-x64': 4.57.1
- '@rollup/rollup-openharmony-arm64': 4.57.1
- '@rollup/rollup-win32-arm64-msvc': 4.57.1
- '@rollup/rollup-win32-ia32-msvc': 4.57.1
- '@rollup/rollup-win32-x64-gnu': 4.57.1
- '@rollup/rollup-win32-x64-msvc': 4.57.1
+ '@rollup/rollup-android-arm-eabi': 4.60.0
+ '@rollup/rollup-android-arm64': 4.60.0
+ '@rollup/rollup-darwin-arm64': 4.60.0
+ '@rollup/rollup-darwin-x64': 4.60.0
+ '@rollup/rollup-freebsd-arm64': 4.60.0
+ '@rollup/rollup-freebsd-x64': 4.60.0
+ '@rollup/rollup-linux-arm-gnueabihf': 4.60.0
+ '@rollup/rollup-linux-arm-musleabihf': 4.60.0
+ '@rollup/rollup-linux-arm64-gnu': 4.60.0
+ '@rollup/rollup-linux-arm64-musl': 4.60.0
+ '@rollup/rollup-linux-loong64-gnu': 4.60.0
+ '@rollup/rollup-linux-loong64-musl': 4.60.0
+ '@rollup/rollup-linux-ppc64-gnu': 4.60.0
+ '@rollup/rollup-linux-ppc64-musl': 4.60.0
+ '@rollup/rollup-linux-riscv64-gnu': 4.60.0
+ '@rollup/rollup-linux-riscv64-musl': 4.60.0
+ '@rollup/rollup-linux-s390x-gnu': 4.60.0
+ '@rollup/rollup-linux-x64-gnu': 4.60.0
+ '@rollup/rollup-linux-x64-musl': 4.60.0
+ '@rollup/rollup-openbsd-x64': 4.60.0
+ '@rollup/rollup-openharmony-arm64': 4.60.0
+ '@rollup/rollup-win32-arm64-msvc': 4.60.0
+ '@rollup/rollup-win32-ia32-msvc': 4.60.0
... diff truncated: showing 800 of 855 linesThis Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard. |
sergical
approved these changes
Mar 24, 2026
…ilities Add overrides for: - immutable ^5.1.5 (CVE-2026-29063 - prototype pollution) - flatted ^3.4.2 (CVE-2026-33228, CVE-2026-32141 - prototype pollution + DoS) - rollup ^4.59.0 (CVE-2026-27606 - arbitrary file write) - fast-xml-parser ^5.5.7 (CVE-2026-33036, CVE-2026-33349 - entity expansion bypass) - undici ^6.24.0 (CVE-2026-1526, CVE-2026-2229, CVE-2026-1527, CVE-2026-1525 - WebSocket/CRLF issues) Note: minimatch override removed due to risk of breaking ESLint plugins that depend on minimatch v3 API (v9 removed default export, changed brace-expansion). minimatch vulnerabilities will be addressed in ESLint 9 migration. These are all transitive dependencies pulled in by ESLint, AWS SDK, Vite, and other packages. The overrides force newer patched versions to be used.
sfanahata
force-pushed
the
chore/security-overrides-transitive-deps
branch
from
3b378b8 to
d7e2139
Compare
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "immutable": "^5.1.5", | ||
| "flatted": "^3.4.2", | ||
| "rollup": "^4.59.0", | ||
| "fast-xml-parser": "^5.5.7", |
Contributor
There was a problem hiding this comment.
fast-xml-parser override not removed despite being deferred
Medium Severity
The fast-xml-parser override was explicitly noted in the PR discussion as "Moved out of this PR to a separate one due to complexity," yet it remains in package.json and pnpm-lock.yaml. This override forces @google-cloud/storage@7.19.0 from fast-xml-parser@5.3.6 to 5.5.9, which introduces new transitive dependencies (fast-xml-builder, path-expression-matcher) and may cause compatibility issues that warranted the separate PR in the first place.
Additional Locations (1)
Contributor
Author
There was a problem hiding this comment.
This is incorrect. It's reviewing some holdover of when minimatch was a part of this PR.
sfanahata
added a commit
that referenced
this pull request
Mar 24, 2026
## Summary - Refreshes pnpm-lock.yaml to pick up latest transitive dependency resolutions - Ensures overrides from previous PRs are fully applied in the lockfile ## Related PRs - #17095 - Added pnpm overrides for transitive vulnerabilities - #17096 - Updated sass to 1.98.0 - #17097 - Updated @aws-sdk/client-s3 to 3.1015.0 - #17098 - Removed unused remark-prism ## Testing - `pnpm install` completes successfully - `pnpm build` passes - `pnpm test` passes Co-authored-by: Shannon Anahata <shannonanahata@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds pnpm overrides to force patched versions of transitive dependencies that have known security vulnerabilities.
Changes
New overrides added:
immutableflattedrollupfast-xml-parserundiciIntentionally NOT included:
minimatchWhy overrides?
These are all transitive dependencies - we don't control them directly in
package.json. They're pulled in by:Using
pnpm.overridesforces the patched versions to be used regardless of what the parent packages specify.Testing
pnpm installsucceedspnpm lint:eslintpasses (0 errors, only pre-existing warnings)pnpm test:cipasses (149 tests)Fixes