From 3ab5d4f6703c477ef98678d287a034054d2e2d68 Mon Sep 17 00:00:00 2001 From: frameworks-volunteer <266408623+frameworks-volunteer@users.noreply.github.com> Date: Wed, 27 May 2026 08:01:22 -0300 Subject: [PATCH] fix(security): weekly dependabot security updates --- package.json | 17 ++++++- pnpm-lock.yaml | 129 ++++++++++++++++++++++++------------------------- 2 files changed, 77 insertions(+), 69 deletions(-) diff --git a/package.json b/package.json index e783807f..3d092500 100644 --- a/package.json +++ b/package.json @@ -32,9 +32,22 @@ ], "overrides": { "lodash-es": ">=4.18.1", - "yaml": ">=2.8.4", + "yaml": ">=2.9.0", "fast-xml-parser": ">=5.7.0", - "hono": ">=4.12.18" + "hono": ">=4.12.23", + "@hono/node-server": ">=1.19.14", + "flatted": ">=3.4.2", + "smol-toml": ">=1.6.1", + "brace-expansion": ">=2.1.1", + "picomatch": ">=4.0.4", + "dompurify": ">=3.4.6", + "vite": ">=7.3.3", + "follow-redirects": ">=1.16.0", + "axios": ">=1.15.0", + "postcss": ">=8.5.15", + "mermaid": ">=11.15.0", + "uuid": ">=13.0.1", + "tmp": ">=0.2.6" } }, "packageManager": "pnpm@10.15.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index dc9d5113..9624b053 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -6,9 +6,22 @@ settings: overrides: lodash-es: '>=4.18.1' - yaml: '>=2.8.4' + yaml: '>=2.9.0' fast-xml-parser: '>=5.7.0' - hono: '>=4.12.18' + hono: '>=4.12.23' + '@hono/node-server': '>=1.19.14' + flatted: '>=3.4.2' + smol-toml: '>=1.6.1' + brace-expansion: '>=2.1.1' + picomatch: '>=4.0.4' + dompurify: '>=3.4.6' + vite: '>=7.3.3' + follow-redirects: '>=1.16.0' + axios: '>=1.15.0' + postcss: '>=8.5.15' + mermaid: '>=11.15.0' + uuid: '>=13.0.1' + tmp: '>=0.2.6' importers: @@ -21,7 +34,7 @@ importers: specifier: 3.1053.0 version: 3.1053.0(@aws-sdk/client-s3@3.1053.0) axios: - specifier: 1.16.1 + specifier: '>=1.15.0' version: 1.16.1 exceljs: specifier: ^4.4.0 @@ -33,7 +46,7 @@ importers: specifier: ^2.0.2 version: 2.0.2 mermaid: - specifier: ^11.15.0 + specifier: '>=11.15.0' version: 11.15.0 minisearch: specifier: ^7.2.0 @@ -54,7 +67,7 @@ importers: specifier: ^0.34.5 version: 0.34.5 uuid: - specifier: ^14.0.0 + specifier: '>=13.0.1' version: 14.0.0 devDependencies: '@types/react': @@ -906,7 +919,7 @@ packages: resolution: {integrity: sha512-GwtvgtXxnWsucXvbQXkRgqksiH2Qed37H9xHZocE5sA3N8O8O8/8FA3uclQXxXVzc9XBZuEOMK7+r02FmSpHtw==} engines: {node: '>=18.14.1'} peerDependencies: - hono: '>=4.12.18' + hono: '>=4.12.23' '@iconify/types@2.0.0': resolution: {integrity: sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==} @@ -2219,7 +2232,7 @@ packages: '@tailwindcss/vite@4.1.15': resolution: {integrity: sha512-B6s60MZRTUil+xKoZoGe6i0Iar5VuW+pmcGlda2FX+guDuQ1G1sjiIy1W0frneVpeL/ZjZ4KEgWZHNrIm++2qA==} peerDependencies: - vite: ^5.2.0 || ^6 || ^7 + vite: '>=7.3.3' '@tybys/wasm-util@0.10.2': resolution: {integrity: sha512-RoBvJ2X0wuKlWFIjrwffGw1IqZHKQqzIchKaadZZfnNpsAYp2mM0h36JtPCjNDAHGgYez/15uMBpfGwchhiMgg==} @@ -2417,13 +2430,13 @@ packages: '@vanilla-extract/vite-plugin@5.2.2': resolution: {integrity: sha512-AUyB4fDR2b/Mo0lcXhhlf6RxnDPYwFMyKKopalJ4BwQNKYzZSoTwHJ1PLPO9SKhpz7lzXc0Z18GHQZOewzl3YA==} peerDependencies: - vite: ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0 + vite: '>=7.3.3' '@vitejs/plugin-react@5.2.0': resolution: {integrity: sha512-YmKkfhOAi3wsB1PhJq5Scj3GXMn3WvtQ/JC0xoopuHoXSdmtdStOpFrYaT1kie2YgFBcIe64ROzMYRjCrYOdYw==} engines: {node: ^20.19.0 || >=22.12.0} peerDependencies: - vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0 + vite: '>=7.3.3' acorn-jsx@5.3.2: resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==} @@ -2480,7 +2493,7 @@ packages: engines: {node: ^10 || ^12 || >=14} hasBin: true peerDependencies: - postcss: ^8.1.0 + postcss: '>=8.5.15' axios@1.16.1: resolution: {integrity: sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==} @@ -2488,8 +2501,9 @@ packages: bail@2.0.2: resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==} - balanced-match@1.0.2: - resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} + balanced-match@4.0.4: + resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==} + engines: {node: 18 || 20 || >=22} base64-js@1.5.1: resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==} @@ -2524,11 +2538,9 @@ packages: bowser@2.14.1: resolution: {integrity: sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==} - brace-expansion@1.1.13: - resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==} - - brace-expansion@2.0.3: - resolution: {integrity: sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==} + brace-expansion@5.0.6: + resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==} + engines: {node: 18 || 20 || >=22} browserslist@4.28.2: resolution: {integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==} @@ -2661,9 +2673,6 @@ packages: resolution: {integrity: sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==} engines: {node: '>= 0.8.0'} - concat-map@0.0.1: - resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} - confbox@0.1.8: resolution: {integrity: sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==} @@ -2989,8 +2998,8 @@ packages: resolution: {integrity: sha512-9S6m9Sukh1cZNknO1CWAr2QAWsbKLafQiyM5gZ7VgXHeuaoUwffKN4q6NC4A/Mf9iiPlOXQEKW/Mv/mh9/3YFA==} hasBin: true - dompurify@3.4.5: - resolution: {integrity: sha512-OrwIBKsdNSVEeubdJ1HBv/wNENRM9ytAVCv7YXt//A3vPdVMNuACRqK9mXCGCBW2ln7BT/A4X0jXHo2Gu89miA==} + dompurify@3.4.6: + resolution: {integrity: sha512-+7gzEI8trIIQkVCvQ3ucGtNfH3nOmDgVTzc62rAAOlMxLth78pwpPoZCPc7CyRzAQF89MqcfPdEWkDwnjgqktg==} dunder-proto@1.0.1: resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==} @@ -3174,7 +3183,7 @@ packages: resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==} engines: {node: '>=12.0.0'} peerDependencies: - picomatch: ^3 || ^4 + picomatch: '>=4.0.4' peerDependenciesMeta: picomatch: optional: true @@ -3365,8 +3374,8 @@ packages: hastscript@9.0.1: resolution: {integrity: sha512-g7df9rMFX/SPi34tyGCyUBREQoKkapwdY/T04Qn9TDWfHhAYt4/I0gMVirzK5wEzeUqIjEB+LXC/ypb7Aqno5w==} - hono@4.12.19: - resolution: {integrity: sha512-xa3eYXYXx68XTT4hZ7dRzsXBhaq85ToSrlUJNoR0gwz/1Ap/CNwX47wfvV7pc/xWhjKVVkLT7zBJy8chhNguqQ==} + hono@4.12.23: + resolution: {integrity: sha512-eIaZ9qDgu7XV0pxOCrg7/WhnQ6Ivm22UcxhXx/A3dcbqbbYgBEkc6e/J/s7j2tS96zoB0S9VBdLwQNCWwUo4LA==} engines: {node: '>=16.9.0'} html-void-elements@3.0.0: @@ -4152,8 +4161,8 @@ packages: postcss-value-parser@4.2.0: resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==} - postcss@8.5.14: - resolution: {integrity: sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==} + postcss@8.5.15: + resolution: {integrity: sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==} engines: {node: ^10 || ^12 || >=14} process-nextick-args@2.0.1: @@ -4537,8 +4546,8 @@ packages: resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==} engines: {node: '>=12.0.0'} - tmp@0.2.5: - resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==} + tmp@0.2.6: + resolution: {integrity: sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==} engines: {node: '>=14.14'} toidentifier@1.0.1: @@ -4673,11 +4682,6 @@ packages: resolution: {integrity: sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==} hasBin: true - uuid@8.3.2: - resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==} - deprecated: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028). - hasBin: true - vary@1.1.2: resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==} engines: {node: '>= 0.8'} @@ -4714,7 +4718,7 @@ packages: sugarss: ^5.0.0 terser: ^5.16.0 tsx: ^4.8.1 - yaml: '>=2.8.4' + yaml: '>=2.9.0' peerDependenciesMeta: '@types/node': optional: true @@ -4755,7 +4759,7 @@ packages: sugarss: ^5.0.0 terser: ^5.16.0 tsx: ^4.8.1 - yaml: '>=2.8.4' + yaml: '>=2.9.0' peerDependenciesMeta: '@types/node': optional: true @@ -5711,9 +5715,9 @@ snapshots: '@fortawesome/fontawesome-free@6.7.2': {} - '@hono/node-server@1.19.14(hono@4.12.19)': + '@hono/node-server@1.19.14(hono@4.12.23)': dependencies: - hono: 4.12.19 + hono: 4.12.23 '@iconify/types@2.0.0': {} @@ -7372,13 +7376,13 @@ snapshots: asynckit@0.4.0: {} - autoprefixer@10.5.0(postcss@8.5.14): + autoprefixer@10.5.0(postcss@8.5.15): dependencies: browserslist: 4.28.2 caniuse-lite: 1.0.30001793 fraction.js: 5.3.4 picocolors: 1.1.1 - postcss: 8.5.14 + postcss: 8.5.15 postcss-value-parser: 4.2.0 axios@1.16.1: @@ -7393,7 +7397,7 @@ snapshots: bail@2.0.2: {} - balanced-match@1.0.2: {} + balanced-match@4.0.4: {} base64-js@1.5.1: {} @@ -7426,14 +7430,9 @@ snapshots: bowser@2.14.1: {} - brace-expansion@1.1.13: + brace-expansion@5.0.6: dependencies: - balanced-match: 1.0.2 - concat-map: 0.0.1 - - brace-expansion@2.0.3: - dependencies: - balanced-match: 1.0.2 + balanced-match: 4.0.4 browserslist@4.28.2: dependencies: @@ -7556,8 +7555,6 @@ snapshots: transitivePeerDependencies: - supports-color - concat-map@0.0.1: {} - confbox@0.1.8: {} convert-source-map@2.0.0: {} @@ -7926,7 +7923,7 @@ snapshots: direction@2.0.1: {} - dompurify@3.4.5: + dompurify@3.4.6: optionalDependencies: '@types/trusted-types': 2.0.7 @@ -8122,9 +8119,9 @@ snapshots: jszip: 3.10.1 readable-stream: 3.6.2 saxes: 5.0.1 - tmp: 0.2.5 + tmp: 0.2.6 unzipper: 0.10.14 - uuid: 8.3.2 + uuid: 14.0.0 execa@5.1.1: dependencies: @@ -8471,7 +8468,7 @@ snapshots: property-information: 7.1.0 space-separated-tokens: 2.0.2 - hono@4.12.19: {} + hono@4.12.23: {} html-void-elements@3.0.0: {} @@ -8979,7 +8976,7 @@ snapshots: d3-sankey: 0.12.3 dagre-d3-es: 7.0.14 dayjs: 1.11.20 - dompurify: 3.4.5 + dompurify: 3.4.6 es-toolkit: 1.46.1 katex: 0.16.47 khroma: 2.1.0 @@ -9286,11 +9283,11 @@ snapshots: minimatch@3.1.5: dependencies: - brace-expansion: 1.1.13 + brace-expansion: 5.0.6 minimatch@5.1.9: dependencies: - brace-expansion: 2.0.3 + brace-expansion: 5.0.6 minimist@1.2.8: {} @@ -9460,7 +9457,7 @@ snapshots: postcss-value-parser@4.2.0: {} - postcss@8.5.14: + postcss@8.5.15: dependencies: nanoid: 3.3.12 picocolors: 1.1.1 @@ -10043,7 +10040,7 @@ snapshots: fdir: 6.5.0(picomatch@4.0.4) picomatch: 4.0.4 - tmp@0.2.5: {} + tmp@0.2.6: {} toidentifier@1.0.1: {} @@ -10191,8 +10188,6 @@ snapshots: uuid@14.0.0: {} - uuid@8.3.2: {} - vary@1.1.2: {} vfile-location@5.0.3: @@ -10241,7 +10236,7 @@ snapshots: esbuild: 0.27.7 fdir: 6.5.0(picomatch@4.0.4) picomatch: 4.0.4 - postcss: 8.5.14 + postcss: 8.5.15 rollup: 4.60.4 tinyglobby: 0.2.16 optionalDependencies: @@ -10255,7 +10250,7 @@ snapshots: dependencies: lightningcss: 1.32.0 picomatch: 4.0.4 - postcss: 8.5.14 + postcss: 8.5.15 rolldown: 1.0.1 tinyglobby: 0.2.16 optionalDependencies: @@ -10268,7 +10263,7 @@ snapshots: vocs@1.4.1(@types/node@25.9.0)(@types/react-dom@19.2.3(@types/react@19.2.15))(@types/react@19.2.15)(esbuild@0.28.0)(jiti@2.7.0)(lightningcss@1.32.0)(react-dom@19.2.6(react@19.2.6))(react-router-dom@7.15.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6))(react@19.2.6)(rollup@4.60.4)(typescript@5.9.3): dependencies: '@floating-ui/react': 0.27.19(react-dom@19.2.6(react@19.2.6))(react@19.2.6) - '@hono/node-server': 1.19.14(hono@4.12.19) + '@hono/node-server': 1.19.14(hono@4.12.23) '@mdx-js/mdx': 3.1.1 '@mdx-js/react': 3.1.1(@types/react@19.2.15)(react@19.2.6) '@mdx-js/rollup': 3.1.1(rollup@4.60.4) @@ -10289,7 +10284,7 @@ snapshots: '@vanilla-extract/dynamic': 2.1.5 '@vanilla-extract/vite-plugin': 5.2.2(@types/node@25.9.0)(esbuild@0.28.0)(jiti@2.7.0)(lightningcss@1.32.0)(vite@7.3.3(@types/node@25.9.0)(jiti@2.7.0)(lightningcss@1.32.0)(yaml@2.9.0))(yaml@2.9.0) '@vitejs/plugin-react': 5.2.0(vite@7.3.3(@types/node@25.9.0)(jiti@2.7.0)(lightningcss@1.32.0)(yaml@2.9.0)) - autoprefixer: 10.5.0(postcss@8.5.14) + autoprefixer: 10.5.0(postcss@8.5.15) cac: 6.7.14 chroma-js: 3.2.0 clsx: 2.1.1 @@ -10298,7 +10293,7 @@ snapshots: cross-spawn: 7.0.6 fs-extra: 11.3.5 hastscript: 8.0.0 - hono: 4.12.19 + hono: 4.12.23 mark.js: 8.11.1 mdast-util-directive: 3.1.0 mdast-util-from-markdown: 2.0.3 @@ -10314,7 +10309,7 @@ snapshots: p-limit: 5.0.0 picomatch: 4.0.4 playwright: 1.60.0 - postcss: 8.5.14 + postcss: 8.5.15 radix-ui: 1.4.3(@types/react-dom@19.2.3(@types/react@19.2.15))(@types/react@19.2.15)(react-dom@19.2.6(react@19.2.6))(react@19.2.6) react: 19.2.6 react-dom: 19.2.6(react@19.2.6)