From a349299e389fe0ef7802c61ee5d787d107787c38 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:33:50 -0300 Subject: [PATCH 01/11] Fix CVE: bump next to 16.2.3 (security vulnerabilities) Co-Authored-By: Claude Sonnet 4.6 --- package.json | 2 +- pnpm-lock.yaml | 96 +++++++++++++++++++++++++------------------------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/package.json b/package.json index 7ab4857..379520d 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "lint": "next lint" }, "dependencies": { - "next": "^16.1.5", + "next": "^16.2.3", "nextra": "^4.4.0", "nextra-theme-docs": "^4.4.0", "react": "^19.1.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index bbe515d..badd162 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -15,14 +15,14 @@ importers: .: dependencies: next: - specifier: ^16.1.5 - version: 16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + specifier: ^16.2.3 + version: 16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0) nextra: specifier: ^4.4.0 - version: 4.4.0(acorn@8.14.1)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3) + version: 4.4.0(acorn@8.14.1)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3) nextra-theme-docs: specifier: ^4.4.0 - version: 4.4.0(@types/react@19.1.3)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(nextra@4.4.0(acorn@8.14.1)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(use-sync-external-store@1.5.0(react@19.1.0)) + version: 4.4.0(@types/react@19.1.3)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(nextra@4.4.0(acorn@8.14.1)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(use-sync-external-store@1.5.0(react@19.1.0)) react: specifier: ^19.1.0 version: 19.1.0 @@ -384,53 +384,53 @@ packages: resolution: {integrity: sha512-jMxvwzkKzd3cXo2EB9GM2ic0eYo2rP/BS6gJt6HnWbsDO1O8GSD4k7o2Cpr2YERtMpGF/MGcDfsfj2EbQPtrXw==} engines: {node: '>= 10'} - '@next/env@16.1.5': - resolution: {integrity: sha512-CRSCPJiSZoi4Pn69RYBDI9R7YK2g59vLexPQFXY0eyw+ILevIenCywzg+DqmlBik9zszEnw2HLFOUlLAcJbL7g==} + '@next/env@16.2.4': + resolution: {integrity: sha512-dKkkOzOSwFYe5RX6y26fZgkSpVAlIOJKQHIiydQcrWH6y/97+RceSOAdjZ14Qa3zLduVUy0TXcn+EiM6t4rPgw==} - '@next/swc-darwin-arm64@16.1.5': - resolution: {integrity: sha512-eK7Wdm3Hjy/SCL7TevlH0C9chrpeOYWx2iR7guJDaz4zEQKWcS1IMVfMb9UKBFMg1XgzcPTYPIp1Vcpukkjg6Q==} + '@next/swc-darwin-arm64@16.2.4': + resolution: {integrity: sha512-OXTFFox5EKN1Ym08vfrz+OXxmCcEjT4SFMbNRsWZE99dMqt2Kcusl5MqPXcW232RYkMLQTy0hqgAMEsfEd/l2A==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] - '@next/swc-darwin-x64@16.1.5': - resolution: {integrity: sha512-foQscSHD1dCuxBmGkbIr6ScAUF6pRoDZP6czajyvmXPAOFNnQUJu2Os1SGELODjKp/ULa4fulnBWoHV3XdPLfA==} + '@next/swc-darwin-x64@16.2.4': + resolution: {integrity: sha512-XhpVnUfmYWvD3YrXu55XdcAkQtOnvaI6wtQa8fuF5fGoKoxIUZ0kWPtcOfqJEWngFF/lOS9l3+O9CcownhiQxQ==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] - '@next/swc-linux-arm64-gnu@16.1.5': - resolution: {integrity: sha512-qNIb42o3C02ccIeSeKjacF3HXotGsxh/FMk/rSRmCzOVMtoWH88odn2uZqF8RLsSUWHcAqTgYmPD3pZ03L9ZAA==} + '@next/swc-linux-arm64-gnu@16.2.4': + resolution: {integrity: sha512-Mx/tjlNA3G8kg14QvuGAJ4xBwPk1tUHq56JxZ8CXnZwz1Etz714soCEzGQQzVMz4bEnGPowzkV6Xrp6wAkEWOQ==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-arm64-musl@16.1.5': - resolution: {integrity: sha512-U+kBxGUY1xMAzDTXmuVMfhaWUZQAwzRaHJ/I6ihtR5SbTVUEaDRiEU9YMjy1obBWpdOBuk1bcm+tsmifYSygfw==} + '@next/swc-linux-arm64-musl@16.2.4': + resolution: {integrity: sha512-iVMMp14514u7Nup2umQS03nT/bN9HurK8ufylC3FZNykrwjtx7V1A7+4kvhbDSCeonTVqV3Txnv0Lu+m2oDXNg==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-x64-gnu@16.1.5': - resolution: {integrity: sha512-gq2UtoCpN7Ke/7tKaU7i/1L7eFLfhMbXjNghSv0MVGF1dmuoaPeEVDvkDuO/9LVa44h5gqpWeJ4mRRznjDv7LA==} + '@next/swc-linux-x64-gnu@16.2.4': + resolution: {integrity: sha512-EZOvm1aQWgnI/N/xcWOlnS3RQBk0VtVav5Zo7n4p0A7UKyTDx047k8opDbXgBpHl4CulRqRfbw3QrX2w5UOXMQ==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-linux-x64-musl@16.1.5': - resolution: {integrity: sha512-bQWSE729PbXT6mMklWLf8dotislPle2L70E9q6iwETYEOt092GDn0c+TTNj26AjmeceSsC4ndyGsK5nKqHYXjQ==} + '@next/swc-linux-x64-musl@16.2.4': + resolution: {integrity: sha512-h9FxsngCm9cTBf71AR4fGznDEDx1hS7+kSEiIRjq5kO1oXWm07DxVGZjCvk0SGx7TSjlUqhI8oOyz7NfwAdPoA==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-win32-arm64-msvc@16.1.5': - resolution: {integrity: sha512-LZli0anutkIllMtTAWZlDqdfvjWX/ch8AFK5WgkNTvaqwlouiD1oHM+WW8RXMiL0+vAkAJyAGEzPPjO+hnrSNQ==} + '@next/swc-win32-arm64-msvc@16.2.4': + resolution: {integrity: sha512-3NdJV5OXMSOeJYijX+bjaLge3mJBlh4ybydbT4GFoB/2hAojWHtMhl3CYlYoMrjPuodp0nzFVi4Tj2+WaMg+Ow==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] - '@next/swc-win32-x64-msvc@16.1.5': - resolution: {integrity: sha512-7is37HJTNQGhjPpQbkKjKEboHYQnCgpVt/4rBrrln0D9nderNxZ8ZWs8w1fAtzUx7wEyYjQ+/13myFgFj6K2Ng==} + '@next/swc-win32-x64-msvc@16.2.4': + resolution: {integrity: sha512-kMVGgsqhO5YTYODD9IPGGhA6iprWidQckK3LmPeW08PIFENRmgfb4MjXHO+p//d+ts2rpjvK5gXWzXSMrPl9cw==} engines: {node: '>= 10'} cpu: [x64] os: [win32] @@ -1659,8 +1659,8 @@ packages: react: ^16.8 || ^17 || ^18 || ^19 || ^19.0.0-rc react-dom: ^16.8 || ^17 || ^18 || ^19 || ^19.0.0-rc - next@16.1.5: - resolution: {integrity: sha512-f+wE+NSbiQgh3DSAlTaw2FwY5yGdVViAtp8TotNQj4kk4Q8Bh1sC/aL9aH+Rg1YAVn18OYXsRDT7U/079jgP7w==} + next@16.2.4: + resolution: {integrity: sha512-kPvz56wF5frc+FxlHI5qnklCzbq53HTwORaWBGdT0vNoKh1Aya9XC8aPauH4NJxqtzbWsS5mAbctm4cr+EkQ2Q==} engines: {node: '>=20.9.0'} hasBin: true peerDependencies: @@ -2493,30 +2493,30 @@ snapshots: '@napi-rs/simple-git-win32-arm64-msvc': 0.1.19 '@napi-rs/simple-git-win32-x64-msvc': 0.1.19 - '@next/env@16.1.5': {} + '@next/env@16.2.4': {} - '@next/swc-darwin-arm64@16.1.5': + '@next/swc-darwin-arm64@16.2.4': optional: true - '@next/swc-darwin-x64@16.1.5': + '@next/swc-darwin-x64@16.2.4': optional: true - '@next/swc-linux-arm64-gnu@16.1.5': + '@next/swc-linux-arm64-gnu@16.2.4': optional: true - '@next/swc-linux-arm64-musl@16.1.5': + '@next/swc-linux-arm64-musl@16.2.4': optional: true - '@next/swc-linux-x64-gnu@16.1.5': + '@next/swc-linux-x64-gnu@16.2.4': optional: true - '@next/swc-linux-x64-musl@16.1.5': + '@next/swc-linux-x64-musl@16.2.4': optional: true - '@next/swc-win32-arm64-msvc@16.1.5': + '@next/swc-win32-arm64-msvc@16.2.4': optional: true - '@next/swc-win32-x64-msvc@16.1.5': + '@next/swc-win32-x64-msvc@16.2.4': optional: true '@nodelib/fs.scandir@2.1.5': @@ -4164,9 +4164,9 @@ snapshots: react: 19.1.0 react-dom: 19.1.0(react@19.1.0) - next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0): + next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0): dependencies: - '@next/env': 16.1.5 + '@next/env': 16.2.4 '@swc/helpers': 0.5.15 baseline-browser-mapping: 2.9.19 caniuse-lite: 1.0.30001766 @@ -4175,26 +4175,26 @@ snapshots: react-dom: 19.1.0(react@19.1.0) styled-jsx: 5.1.6(react@19.1.0) optionalDependencies: - '@next/swc-darwin-arm64': 16.1.5 - '@next/swc-darwin-x64': 16.1.5 - '@next/swc-linux-arm64-gnu': 16.1.5 - '@next/swc-linux-arm64-musl': 16.1.5 - '@next/swc-linux-x64-gnu': 16.1.5 - '@next/swc-linux-x64-musl': 16.1.5 - '@next/swc-win32-arm64-msvc': 16.1.5 - '@next/swc-win32-x64-msvc': 16.1.5 + '@next/swc-darwin-arm64': 16.2.4 + '@next/swc-darwin-x64': 16.2.4 + '@next/swc-linux-arm64-gnu': 16.2.4 + '@next/swc-linux-arm64-musl': 16.2.4 + '@next/swc-linux-x64-gnu': 16.2.4 + '@next/swc-linux-x64-musl': 16.2.4 + '@next/swc-win32-arm64-msvc': 16.2.4 + '@next/swc-win32-x64-msvc': 16.2.4 sharp: 0.34.5 transitivePeerDependencies: - '@babel/core' - babel-plugin-macros - nextra-theme-docs@4.4.0(@types/react@19.1.3)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(nextra@4.4.0(acorn@8.14.1)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(use-sync-external-store@1.5.0(react@19.1.0)): + nextra-theme-docs@4.4.0(@types/react@19.1.3)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(nextra@4.4.0(acorn@8.14.1)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(use-sync-external-store@1.5.0(react@19.1.0)): dependencies: '@headlessui/react': 2.2.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0) clsx: 2.1.1 - next: 16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0) next-themes: 0.4.6(react-dom@19.1.0(react@19.1.0))(react@19.1.0) - nextra: 4.4.0(acorn@8.14.1)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3) + nextra: 4.4.0(acorn@8.14.1)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3) react: 19.1.0 react-compiler-runtime: 19.1.0-rc.3(react@19.1.0) react-dom: 19.1.0(react@19.1.0) @@ -4206,7 +4206,7 @@ snapshots: - immer - use-sync-external-store - nextra@4.4.0(acorn@8.14.1)(next@16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3): + nextra@4.4.0(acorn@8.14.1)(next@16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(typescript@5.8.3): dependencies: '@formatjs/intl-localematcher': 0.6.1 '@headlessui/react': 2.2.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0) @@ -4227,7 +4227,7 @@ snapshots: mdast-util-gfm: 3.1.0 mdast-util-to-hast: 13.2.0 negotiator: 1.0.0 - next: 16.1.5(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0) react: 19.1.0 react-compiler-runtime: 19.1.0-rc.3(react@19.1.0) react-dom: 19.1.0(react@19.1.0) From 09d43d3baddd9aae761257243be3d54c2b1d49ca Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:05 -0300 Subject: [PATCH 02/11] Fix CVE: pin dompurify to 3.4.0 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 9 +++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 379520d..b7febdc 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,8 @@ "mermaid@*": "11.10.0", "@theguild/remark-mermaid>mermaid": "11.10.0", "nextra>mermaid": "11.10.0", - "nextra-theme-docs>mermaid": "11.10.0" + "nextra-theme-docs>mermaid": "11.10.0", + "dompurify": "3.4.0" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index badd162..516ccfa 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,6 +9,7 @@ overrides: '@theguild/remark-mermaid>mermaid': 11.10.0 nextra>mermaid: 11.10.0 nextra-theme-docs>mermaid: 11.10.0 + dompurify: 3.4.0 importers: @@ -1095,8 +1096,8 @@ packages: devlop@1.1.0: resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} - dompurify@3.2.5: - resolution: {integrity: sha512-mLPd29uoRe9HpvwP2TxClGQBzGXeEC/we/q+bFlmPPmj2p2Ugl3r6ATu/UU1v77DXNcehiBg9zsr1dREyA/dJQ==} + dompurify@3.4.0: + resolution: {integrity: sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==} enhanced-resolve@5.18.1: resolution: {integrity: sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg==} @@ -3215,7 +3216,7 @@ snapshots: dependencies: dequal: 2.0.3 - dompurify@3.2.5: + dompurify@3.4.0: optionalDependencies: '@types/trusted-types': 2.0.7 @@ -3830,7 +3831,7 @@ snapshots: d3-sankey: 0.12.3 dagre-d3-es: 7.0.11 dayjs: 1.11.13 - dompurify: 3.2.5 + dompurify: 3.4.0 katex: 0.16.22 khroma: 2.1.0 lodash-es: 4.17.21 From e694c2b0b74f17b038d81a2a6df91034ac70cca6 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:14 -0300 Subject: [PATCH 03/11] Fix CVE: pin picomatch to 2.3.2 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 9 +++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index b7febdc..9bf7dfd 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,8 @@ "@theguild/remark-mermaid>mermaid": "11.10.0", "nextra>mermaid": "11.10.0", "nextra-theme-docs>mermaid": "11.10.0", - "dompurify": "3.4.0" + "dompurify": "3.4.0", + "picomatch": "2.3.2" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 516ccfa..1b9c9cf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,6 +10,7 @@ overrides: nextra>mermaid: 11.10.0 nextra-theme-docs>mermaid: 11.10.0 dompurify: 3.4.0 + picomatch: 2.3.2 importers: @@ -1753,8 +1754,8 @@ packages: picocolors@1.1.1: resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==} - picomatch@2.3.1: - resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} + picomatch@2.3.2: + resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==} engines: {node: '>=8.6'} pkg-types@1.3.1: @@ -4129,7 +4130,7 @@ snapshots: micromatch@4.0.8: dependencies: braces: 3.0.3 - picomatch: 2.3.1 + picomatch: 2.3.2 mimic-fn@4.0.0: {} @@ -4317,7 +4318,7 @@ snapshots: picocolors@1.1.1: {} - picomatch@2.3.1: {} + picomatch@2.3.2: {} pkg-types@1.3.1: dependencies: From be3d3f601c88b08899884ed53fb9e751f1b2da67 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:23 -0300 Subject: [PATCH 04/11] Fix CVE: pin lodash-es to 4.18.0 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 9bf7dfd..20c5333 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,8 @@ "nextra>mermaid": "11.10.0", "nextra-theme-docs>mermaid": "11.10.0", "dompurify": "3.4.0", - "picomatch": "2.3.2" + "picomatch": "2.3.2", + "lodash-es": "4.18.0" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1b9c9cf..5a7b73d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -11,6 +11,7 @@ overrides: nextra-theme-docs>mermaid: 11.10.0 dompurify: 3.4.0 picomatch: 2.3.2 + lodash-es: 4.18.0 importers: @@ -1409,8 +1410,9 @@ packages: resolution: {integrity: sha512-WunYko2W1NcdfAFpuLUoucsgULmgDBRkdxHxWQ7mK0cQqwPiy8E1enjuRBrhLtZkB5iScJ1XIPdhVEFK8aOLSg==} engines: {node: '>=14'} - lodash-es@4.17.21: - resolution: {integrity: sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==} + lodash-es@4.18.0: + resolution: {integrity: sha512-koAgswPPA+UTaPN64Etp+PGP+WT6oqOS2NMi5yDkMaiGw9qY4VxQbQF0mtKMyr4BlTznWyzePV5UpECTJQmSUA==} + deprecated: Bad release. Please use lodash-es@4.17.23 instead. longest-streak@3.1.0: resolution: {integrity: sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==} @@ -2206,12 +2208,12 @@ snapshots: dependencies: '@chevrotain/gast': 11.0.3 '@chevrotain/types': 11.0.3 - lodash-es: 4.17.21 + lodash-es: 4.18.0 '@chevrotain/gast@11.0.3': dependencies: '@chevrotain/types': 11.0.3 - lodash-es: 4.17.21 + lodash-es: 4.18.0 '@chevrotain/regexp-to-ast@11.0.3': {} @@ -2952,7 +2954,7 @@ snapshots: chevrotain-allstar@0.3.1(chevrotain@11.0.3): dependencies: chevrotain: 11.0.3 - lodash-es: 4.17.21 + lodash-es: 4.18.0 chevrotain@11.0.3: dependencies: @@ -2961,7 +2963,7 @@ snapshots: '@chevrotain/regexp-to-ast': 11.0.3 '@chevrotain/types': 11.0.3 '@chevrotain/utils': 11.0.3 - lodash-es: 4.17.21 + lodash-es: 4.18.0 chownr@3.0.0: {} @@ -3191,7 +3193,7 @@ snapshots: dagre-d3-es@7.0.11: dependencies: d3: 7.9.0 - lodash-es: 4.17.21 + lodash-es: 4.18.0 dayjs@1.11.13: {} @@ -3608,7 +3610,7 @@ snapshots: pkg-types: 2.1.0 quansync: 0.2.10 - lodash-es@4.17.21: {} + lodash-es@4.18.0: {} longest-streak@3.1.0: {} @@ -3835,7 +3837,7 @@ snapshots: dompurify: 3.4.0 katex: 0.16.22 khroma: 2.1.0 - lodash-es: 4.17.21 + lodash-es: 4.18.0 marked: 16.2.1 roughjs: 4.6.6 stylis: 4.3.6 From 5b97d3ab6ff815d3d180ebca848298eca37271d4 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:33 -0300 Subject: [PATCH 05/11] Fix CVE: pin @xmldom/xmldom to 0.9.9 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 20c5333..8126d95 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,8 @@ "nextra-theme-docs>mermaid": "11.10.0", "dompurify": "3.4.0", "picomatch": "2.3.2", - "lodash-es": "4.18.0" + "lodash-es": "4.18.0", + "@xmldom/xmldom": "0.9.9" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5a7b73d..1c6c87a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -12,6 +12,7 @@ overrides: dompurify: 3.4.0 picomatch: 2.3.2 lodash-es: 4.18.0 + '@xmldom/xmldom': 0.9.9 importers: @@ -778,9 +779,10 @@ packages: '@ungap/structured-clone@1.3.0': resolution: {integrity: sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==} - '@xmldom/xmldom@0.9.8': - resolution: {integrity: sha512-p96FSY54r+WJ50FIOsCOjyj/wavs8921hG5+kVMmZgKcvIKxMXHTrjNJvRgWa/zuX3B6t2lijLNFaOyuxUH+2A==} + '@xmldom/xmldom@0.9.9': + resolution: {integrity: sha512-qycIHAucxy/LXAYIjmLmtQ8q9GPnMbnjG1KXhWm9o5sCr6pOYDATkMPiTNa6/v8eELyqOQ2FsEqeoFYmgv/gJg==} engines: {node: '>=14.6'} + deprecated: this version has critical issues, please update to the latest version '@zod/core@0.9.0': resolution: {integrity: sha512-bVfPiV2kDUkAJ4ArvV4MHcPZA8y3xOX6/SjzSy2kX2ACopbaaAP4wk6hd/byRmfi9MLNai+4SFJMmcATdOyclg==} @@ -2908,7 +2910,7 @@ snapshots: '@ungap/structured-clone@1.3.0': {} - '@xmldom/xmldom@0.9.8': {} + '@xmldom/xmldom@0.9.9': {} '@zod/core@0.9.0': {} @@ -4648,7 +4650,7 @@ snapshots: speech-rule-engine@4.1.2: dependencies: - '@xmldom/xmldom': 0.9.8 + '@xmldom/xmldom': 0.9.9 commander: 13.1.0 wicked-good-xpath: 1.3.0 From c7fec6f3639ef8ee8c243d6b044fc01a8910e58c Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:42 -0300 Subject: [PATCH 06/11] Fix CVE: pin yaml to 2.8.3 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 11 ++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 8126d95..9b66dd3 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,8 @@ "dompurify": "3.4.0", "picomatch": "2.3.2", "lodash-es": "4.18.0", - "@xmldom/xmldom": "0.9.9" + "@xmldom/xmldom": "0.9.9", + "yaml": "2.8.3" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1c6c87a..6fe5807 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -13,6 +13,7 @@ overrides: picomatch: 2.3.2 lodash-es: 4.18.0 '@xmldom/xmldom': 0.9.9 + yaml: 2.8.3 importers: @@ -2159,9 +2160,9 @@ packages: resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} engines: {node: '>=18'} - yaml@2.7.1: - resolution: {integrity: sha512-10ULxpnOCQXxJvBgxsn9ptjq6uviG/htZKk9veJGhlqn3w/DxQ631zFF+nlQXLwmImeS5amR2dl2U8sg6U9jsQ==} - engines: {node: '>= 14'} + yaml@2.8.3: + resolution: {integrity: sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==} + engines: {node: '>= 14.6'} hasBin: true zod@4.0.0-beta.20250424T163858: @@ -4254,7 +4255,7 @@ snapshots: unist-util-remove: 4.0.0 unist-util-visit: 5.0.0 unist-util-visit-children: 3.0.0 - yaml: 2.7.1 + yaml: 2.8.3 zod: 4.0.0-beta.20250424T163858 transitivePeerDependencies: - acorn @@ -4859,7 +4860,7 @@ snapshots: yallist@5.0.0: {} - yaml@2.7.1: {} + yaml@2.8.3: {} zod@4.0.0-beta.20250424T163858: dependencies: From 2be114eb1c231e6a33b0de522e3397df29586192 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:34:51 -0300 Subject: [PATCH 07/11] Fix CVE: pin tar to 7.5.11 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 26 +++++++++----------------- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index 9b66dd3..a380cbe 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,8 @@ "picomatch": "2.3.2", "lodash-es": "4.18.0", "@xmldom/xmldom": "0.9.9", - "yaml": "2.8.3" + "yaml": "2.8.3", + "tar": "7.5.11" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6fe5807..5c4169f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -14,6 +14,7 @@ overrides: lodash-es: 4.18.0 '@xmldom/xmldom': 0.9.9 yaml: 2.8.3 + tar: 7.5.11 importers: @@ -1633,18 +1634,13 @@ packages: resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} - minizlib@3.0.2: - resolution: {integrity: sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA==} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} engines: {node: '>= 18'} mj-context-menu@0.6.1: resolution: {integrity: sha512-7NO5s6n10TIV96d4g2uDpG7ZDpIhMh0QNfGdJw/W47JswFcosz457wqz/b5sAKvl12sxINGFCn80NZHKwxQEXA==} - mkdirp@3.0.1: - resolution: {integrity: sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==} - engines: {node: '>=10'} - hasBin: true - mlly@1.7.4: resolution: {integrity: sha512-qmdSIPC4bDJXgZTCR7XosJiNKySV7O215tsPtDN9iEO/7q/76b/ijtgRu/+epFXSJhijtTCCGp3DWS549P3xKw==} @@ -2011,10 +2007,9 @@ packages: resolution: {integrity: sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==} engines: {node: '>=6'} - tar@7.4.3: - resolution: {integrity: sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==} + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} engines: {node: '>=18'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me tinyexec@1.0.1: resolution: {integrity: sha512-5uC6DDlmeqiOwCPmK9jMSdOuZTh8bU39Ys6yidB+UTt5hfZUPGAypSgFRiEp+jbi9qH40BLDvy85jIU88wKSqw==} @@ -2686,7 +2681,7 @@ snapshots: '@tailwindcss/oxide@4.1.6': dependencies: detect-libc: 2.0.4 - tar: 7.4.3 + tar: 7.5.11 optionalDependencies: '@tailwindcss/oxide-android-arm64': 4.1.6 '@tailwindcss/oxide-darwin-arm64': 4.1.6 @@ -4145,14 +4140,12 @@ snapshots: minipass@7.1.2: {} - minizlib@3.0.2: + minizlib@3.1.0: dependencies: minipass: 7.1.2 mj-context-menu@0.6.1: {} - mkdirp@3.0.1: {} - mlly@1.7.4: dependencies: acorn: 8.14.1 @@ -4685,13 +4678,12 @@ snapshots: tapable@2.2.1: {} - tar@7.4.3: + tar@7.5.11: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 minipass: 7.1.2 - minizlib: 3.0.2 - mkdirp: 3.0.1 + minizlib: 3.1.0 yallist: 5.0.0 tinyexec@1.0.1: {} From 24ae79f68eea2905f12c49b07cdaa065471a317c Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:35:00 -0300 Subject: [PATCH 08/11] Fix CVE: pin minimatch to 10.2.3 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 41 +++++++++++++++++++++-------------------- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index a380cbe..48561aa 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,8 @@ "lodash-es": "4.18.0", "@xmldom/xmldom": "0.9.9", "yaml": "2.8.3", - "tar": "7.5.11" + "tar": "7.5.11", + "minimatch": "10.2.3" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5c4169f..7b89abd 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -15,6 +15,7 @@ overrides: '@xmldom/xmldom': 0.9.9 yaml: 2.8.3 tar: 7.5.11 + minimatch: 10.2.3 importers: @@ -266,14 +267,6 @@ packages: cpu: [x64] os: [win32] - '@isaacs/balanced-match@4.0.1': - resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} - engines: {node: 20 || >=22} - - '@isaacs/brace-expansion@5.0.0': - resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} - engines: {node: 20 || >=22} - '@isaacs/fs-minipass@4.0.1': resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} engines: {node: '>=18.0.0'} @@ -812,6 +805,10 @@ packages: bail@2.0.2: resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==} + balanced-match@4.0.4: + resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==} + engines: {node: 18 || 20 || >=22} + baseline-browser-mapping@2.9.19: resolution: {integrity: sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg==} hasBin: true @@ -821,6 +818,10 @@ packages: peerDependencies: react: '>=16.8' + brace-expansion@5.0.5: + resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==} + engines: {node: 18 || 20 || >=22} + braces@3.0.3: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} @@ -1626,9 +1627,9 @@ packages: resolution: {integrity: sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==} engines: {node: '>=12'} - minimatch@10.0.3: - resolution: {integrity: sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==} - engines: {node: 20 || >=22} + minimatch@10.2.3: + resolution: {integrity: sha512-Rwi3pnapEqirPSbWbrZaa6N3nmqq4Xer/2XooiOKyV3q12ML06f7MOuc5DVH8ONZIFhwIYQ3yzPH4nt7iWHaTg==} + engines: {node: 18 || 20 || >=22} minipass@7.1.2: resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} @@ -2375,12 +2376,6 @@ snapshots: '@img/sharp-win32-x64@0.34.5': optional: true - '@isaacs/balanced-match@4.0.1': {} - - '@isaacs/brace-expansion@5.0.0': - dependencies: - '@isaacs/balanced-match': 4.0.1 - '@isaacs/fs-minipass@4.0.1': dependencies: minipass: 7.1.2 @@ -2728,7 +2723,7 @@ snapshots: '@ts-morph/common@0.27.0': dependencies: fast-glob: 3.3.3 - minimatch: 10.0.3 + minimatch: 10.2.3 path-browserify: 1.0.1 '@types/d3-array@3.2.1': {} @@ -2924,6 +2919,8 @@ snapshots: bail@2.0.2: {} + balanced-match@4.0.4: {} + baseline-browser-mapping@2.9.19: {} better-react-mathjax@2.3.0(react@19.1.0): @@ -2931,6 +2928,10 @@ snapshots: mathjax-full: 3.2.2 react: 19.1.0 + brace-expansion@5.0.5: + dependencies: + balanced-match: 4.0.4 + braces@3.0.3: dependencies: fill-range: 7.1.1 @@ -4134,9 +4135,9 @@ snapshots: mimic-fn@4.0.0: {} - minimatch@10.0.3: + minimatch@10.2.3: dependencies: - '@isaacs/brace-expansion': 5.0.0 + brace-expansion: 5.0.5 minipass@7.1.2: {} From a8ec2412920a5b77537731b0ca9cc145d370a410 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:35:10 -0300 Subject: [PATCH 09/11] Fix CVE: pin @isaacs/brace-expansion to 5.0.1 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 48561aa..0c76709 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,8 @@ "@xmldom/xmldom": "0.9.9", "yaml": "2.8.3", "tar": "7.5.11", - "minimatch": "10.2.3" + "minimatch": "10.2.3", + "@isaacs/brace-expansion": "5.0.1" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 7b89abd..c2b036a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -16,6 +16,7 @@ overrides: yaml: 2.8.3 tar: 7.5.11 minimatch: 10.2.3 + '@isaacs/brace-expansion': 5.0.1 importers: From 37d9a7818475551d19bd72fec4ca435100134845 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:35:19 -0300 Subject: [PATCH 10/11] Fix CVE: pin mdast-util-to-hast to 13.2.1 via pnpm override Co-Authored-By: Claude Sonnet 4.6 --- package.json | 3 ++- pnpm-lock.yaml | 15 ++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 0c76709..00eb0c9 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,8 @@ "yaml": "2.8.3", "tar": "7.5.11", "minimatch": "10.2.3", - "@isaacs/brace-expansion": "5.0.1" + "@isaacs/brace-expansion": "5.0.1", + "mdast-util-to-hast": "13.2.1" } } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c2b036a..d7b0148 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -17,6 +17,7 @@ overrides: tar: 7.5.11 minimatch: 10.2.3 '@isaacs/brace-expansion': 5.0.1 + mdast-util-to-hast: 13.2.1 importers: @@ -1487,8 +1488,8 @@ packages: mdast-util-phrasing@4.1.0: resolution: {integrity: sha512-TqICwyvJJpBwvGAMZjj4J2n0X8QWp21b9l0o7eXyVJ25YNWYbJDVIyD1bZXE6WtV6RmKJVYmQAKWa0zWOABz2w==} - mdast-util-to-hast@13.2.0: - resolution: {integrity: sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==} + mdast-util-to-hast@13.2.1: + resolution: {integrity: sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==} mdast-util-to-markdown@2.1.2: resolution: {integrity: sha512-xj68wMTvGXVOKonmog6LwyJKrYXZPvlwabaryTjLh9LuvovB/KAH+kvi8Gjj+7rJjsFi23nkUxRQv1KqSroMqA==} @@ -3388,7 +3389,7 @@ snapshots: hast-util-from-parse5: 8.0.3 hast-util-to-parse5: 8.0.0 html-void-elements: 3.0.0 - mdast-util-to-hast: 13.2.0 + mdast-util-to-hast: 13.2.1 parse5: 7.3.0 unist-util-position: 5.0.0 unist-util-visit: 5.0.0 @@ -3425,7 +3426,7 @@ snapshots: comma-separated-tokens: 2.0.3 hast-util-whitespace: 3.0.0 html-void-elements: 3.0.0 - mdast-util-to-hast: 13.2.0 + mdast-util-to-hast: 13.2.1 property-information: 7.1.0 space-separated-tokens: 2.0.2 stringify-entities: 4.0.4 @@ -3789,7 +3790,7 @@ snapshots: '@types/mdast': 4.0.4 unist-util-is: 6.0.0 - mdast-util-to-hast@13.2.0: + mdast-util-to-hast@13.2.1: dependencies: '@types/hast': 3.0.4 '@types/mdast': 4.0.4 @@ -4227,7 +4228,7 @@ snapshots: katex: 0.16.22 mdast-util-from-markdown: 2.0.2 mdast-util-gfm: 3.1.0 - mdast-util-to-hast: 13.2.0 + mdast-util-to-hast: 13.2.1 negotiator: 1.0.0 next: 16.2.4(react-dom@19.1.0(react@19.1.0))(react@19.1.0) react: 19.1.0 @@ -4513,7 +4514,7 @@ snapshots: dependencies: '@types/hast': 3.0.4 '@types/mdast': 4.0.4 - mdast-util-to-hast: 13.2.0 + mdast-util-to-hast: 13.2.1 unified: 11.0.5 vfile: 6.0.3 From 60c1f1fd9251c230e4f23e5db6336fdca29d87b2 Mon Sep 17 00:00:00 2001 From: Francisco Gindre Date: Mon, 20 Apr 2026 17:45:20 -0300 Subject: [PATCH 11/11] Update tsconfig.json for Next.js 16.2.4 compatibility Next.js auto-applied mandatory changes on first run: - jsx changed from "preserve" to "react-jsx" (React automatic runtime) - Added ".next/dev/types/**/*.ts" to include paths Co-Authored-By: Claude Sonnet 4.6 --- tsconfig.json | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/tsconfig.json b/tsconfig.json index fb86185..262667c 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,7 +1,11 @@ { "compilerOptions": { "target": "ES2017", - "lib": ["dom", "dom.iterable", "esnext"], + "lib": [ + "dom", + "dom.iterable", + "esnext" + ], "allowJs": true, "skipLibCheck": true, "strict": true, @@ -11,7 +15,7 @@ "moduleResolution": "bundler", "resolveJsonModule": true, "isolatedModules": true, - "jsx": "preserve", + "jsx": "react-jsx", "incremental": true, "plugins": [ { @@ -19,9 +23,21 @@ } ], "paths": { - "@/*": ["./*"] + "@/*": [ + "./*" + ] } }, - "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts", "next.config.js", "app/layout.jsx"], - "exclude": ["node_modules"] + "include": [ + "next-env.d.ts", + "**/*.ts", + "**/*.tsx", + ".next/types/**/*.ts", + "next.config.js", + "app/layout.jsx", + ".next/dev/types/**/*.ts" + ], + "exclude": [ + "node_modules" + ] }