From 72b97cb48649fcfc654c44dfe3b3de890c1cf213 Mon Sep 17 00:00:00 2001 From: Kevin Quaedvlieg Date: Tue, 12 May 2026 14:37:47 +0200 Subject: [PATCH 1/2] chore(security): fix CVEs (2026-05-12) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - [high] @babel/plugin-transform-modules-systemjs 7.29.0 → 7.29.4 (CVE-2026-44728) - [high] fast-uri 3.1.0 → 3.1.2 (CVE-2026-6321, CVE-2026-6322) - [medium] @angular/ssr 19.2.24 → 19.2.25 (CVE-2026-44437) - [medium] hono 4.12.15 → 4.12.18 (CVE-2026-44455, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459) - [medium] ip-address 10.1.0 → 10.2.0 (CVE-2026-42338) Co-Authored-By: Claude Sonnet 4.6 --- package-lock.json | 32 ++++++++++++++++---------------- package.json | 8 +++++++- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2af48e8..dac2c61 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "@angular/platform-browser-dynamic": "^19.2.21", "@angular/platform-server": "^19.2.21", "@angular/router": "^19.2.21", - "@angular/ssr": "^19.2.24", + "@angular/ssr": "^19.2.25", "express": "^4.22.1", "rxjs": "~7.8.2", "tslib": "^2.8.1", @@ -1485,9 +1485,9 @@ } }, "node_modules/@angular/ssr": { - "version": "19.2.24", - "resolved": "https://registry.npmjs.org/@angular/ssr/-/ssr-19.2.24.tgz", - "integrity": "sha512-GPbPK+9UmgQke+Apbza9aYpbg98nnsvhk9ukF6ylpLPO4qR3wF6X/vqpCEKt//G2rSdRkPUShaxQ/Rjs/aFvGg==", + "version": "19.2.25", + "resolved": "https://registry.npmjs.org/@angular/ssr/-/ssr-19.2.25.tgz", + "integrity": "sha512-zxUOl19BF0OPzXMT+2PUiXA9zv0It9Jbq3W/HqsZSJmnt7WubE1gWWXqW6ItzOVvQsaf3d5g6PeTTHoQsCtFqQ==", "license": "MIT", "dependencies": { "tslib": "^2.3.0" @@ -2531,9 +2531,9 @@ } }, "node_modules/@babel/plugin-transform-modules-systemjs": { - "version": "7.29.0", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.0.tgz", - "integrity": "sha512-PrujnVFbOdUpw4UHiVwKvKRLMMic8+eC0CuNlxjsyZUiBjhFdPsewdXCkveh2KqBA9/waD0W1b4hXSOBQJezpQ==", + "version": "7.29.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz", + "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==", "dev": true, "license": "MIT", "dependencies": { @@ -9252,9 +9252,9 @@ } }, "node_modules/fast-uri": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", - "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -9745,9 +9745,9 @@ } }, "node_modules/hono": { - "version": "4.12.15", - "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.15.tgz", - "integrity": "sha512-qM0jDhFEaCBb4TxoW7f53Qrpv9RBiayUHo0S52JudprkhvpjIrGoU1mnnr29Fvd1U335ZFPZQY1wlkqgfGXyLg==", + "version": "4.12.18", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.18.tgz", + "integrity": "sha512-RWzP96k/yv0PQfyXnWjs6zot20TqfpfsNXhOnev8d1InAxubW93L11/oNUc3tQqn2G0bSdAOBpX+2uDFHV7kdQ==", "dev": true, "license": "MIT", "engines": { @@ -10155,9 +10155,9 @@ } }, "node_modules/ip-address": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz", - "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==", + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz", + "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==", "dev": true, "license": "MIT", "engines": { diff --git a/package.json b/package.json index 493e62e..91a9a25 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "@angular/platform-browser-dynamic": "^19.2.21", "@angular/platform-server": "^19.2.21", "@angular/router": "^19.2.21", - "@angular/ssr": "^19.2.24", + "@angular/ssr": "^19.2.25", "express": "^4.22.1", "rxjs": "~7.8.2", "tslib": "^2.8.1", @@ -40,5 +40,11 @@ "karma-jasmine": "~5.1.0", "karma-jasmine-html-reporter": "~2.2.0", "typescript": "~5.8.3" + }, + "overrides": { + "@babel/plugin-transform-modules-systemjs": "^7.29.4", + "fast-uri": "^3.1.2", + "hono": "^4.12.18", + "ip-address": "^10.1.1" } } From 0153e3fda12f23690a2343e2be3dae7b8e4e1700 Mon Sep 17 00:00:00 2001 From: Kevin Quaedvlieg Date: Tue, 12 May 2026 15:32:25 +0200 Subject: [PATCH 2/2] chore(security): fix CVEs (2026-05-12) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - [high] @babel/plugin-transform-modules-systemjs 7.29.0 → 7.29.4 (override) - [high] fast-uri 3.1.0 → 3.1.2 (override) - [high] serialize-javascript 6.0.2 → 7.0.5 (override) - [medium] @angular/ssr 19.2.24 → 19.2.25 - [medium] hono 4.12.15 → 4.12.18 (override) - [medium] ip-address 10.1.0 → 10.1.1 (override) - [medium] postcss 8.5.2 → 8.5.14 (override) --- package-lock.json | 57 ++++++++--------------------------------------- package.json | 10 +++++---- 2 files changed, 15 insertions(+), 52 deletions(-) diff --git a/package-lock.json b/package-lock.json index dac2c61..b831aeb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12804,9 +12804,9 @@ } }, "node_modules/postcss": { - "version": "8.5.2", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.2.tgz", - "integrity": "sha512-MjOadfU3Ys9KYoX0AdkBlFEF1Vx37uCCeN4ZHnmwm9FfpbsGWMZeBLMmmpY+6Ocqod7mkdZ0DT31OlbsFrLlkA==", + "version": "8.5.14", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.14.tgz", + "integrity": "sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==", "dev": true, "funding": [ { @@ -12824,7 +12824,7 @@ ], "license": "MIT", "dependencies": { - "nanoid": "^3.3.8", + "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" }, @@ -13060,16 +13060,6 @@ ], "license": "MIT" }, - "node_modules/randombytes": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "safe-buffer": "^5.1.0" - } - }, "node_modules/range-parser": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", @@ -13726,13 +13716,13 @@ } }, "node_modules/serialize-javascript": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", - "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", + "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", "dev": true, "license": "BSD-3-Clause", - "dependencies": { - "randombytes": "^2.1.0" + "engines": { + "node": ">=20.0.0" } }, "node_modules/serve-index": { @@ -14897,35 +14887,6 @@ } } }, - "node_modules/vite/node_modules/postcss": { - "version": "8.5.10", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz", - "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/postcss" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "license": "MIT", - "dependencies": { - "nanoid": "^3.3.11", - "picocolors": "^1.1.1", - "source-map-js": "^1.2.1" - }, - "engines": { - "node": "^10 || ^12 || >=14" - } - }, "node_modules/void-elements": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/void-elements/-/void-elements-2.0.1.tgz", diff --git a/package.json b/package.json index 91a9a25..de3a044 100644 --- a/package.json +++ b/package.json @@ -42,9 +42,11 @@ "typescript": "~5.8.3" }, "overrides": { - "@babel/plugin-transform-modules-systemjs": "^7.29.4", - "fast-uri": "^3.1.2", - "hono": "^4.12.18", - "ip-address": "^10.1.1" + "@babel/plugin-transform-modules-systemjs": ">=7.29.4", + "fast-uri": ">=3.1.2", + "hono": ">=4.12.18", + "ip-address": ">=10.1.1", + "serialize-javascript": ">=7.0.5", + "postcss": ">=8.5.10" } }