From 7579ac5529034ae07eb7e30d01756fd89fa93aac Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 10 Jun 2026 09:35:45 -0400 Subject: [PATCH 1/2] chore: resolve open dependabot security alerts - uuid 8.3.2 -> 11.1.1 (medium, alert #202, CVE-2026-41907) - ws 8.19.0 -> 8.21.0 (medium, alert #201, CVE-2026-45736) - postcss 8.4.49 -> 8.5.12 (medium, alert #180, CVE-2026-41305) --- package.json | 5 ++++- yarn.lock | 49 +++++++++---------------------------------------- 2 files changed, 13 insertions(+), 41 deletions(-) diff --git a/package.json b/package.json index f8046bca..8ad05491 100644 --- a/package.json +++ b/package.json @@ -76,6 +76,9 @@ "serialize-javascript": "7.0.5", "qs": "^6.15.2", "fast-xml-parser": "^5.7.0", - "fast-xml-builder": "^1.1.7" + "fast-xml-builder": "^1.1.7", + "uuid": "^11.1.1", + "ws@^8.18.0": "^8.20.1", + "postcss": "^8.5.10" } } diff --git a/yarn.lock b/yarn.lock index ef6c14f8..ea054bc6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10448,15 +10448,6 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:^3.3.12, nanoid@npm:^3.3.7": - version: 3.3.12 - resolution: "nanoid@npm:3.3.12" - bin: - nanoid: bin/nanoid.cjs - checksum: 10/6eec280694e2088d18fb802b1e3bfc4578e27b665b7ecfbe36c7356612fea2f814277056e671e2a1529dff551588a652efdc0bfa39f8a3185bc2247be311872e - languageName: node - linkType: hard - "negotiator@npm:0.6.3": version: 0.6.3 resolution: "negotiator@npm:0.6.3" @@ -12367,28 +12358,6 @@ __metadata: languageName: node linkType: hard -"postcss@npm:8.4.49": - version: 8.4.49 - resolution: "postcss@npm:8.4.49" - dependencies: - nanoid: "npm:^3.3.7" - picocolors: "npm:^1.1.1" - source-map-js: "npm:^1.2.1" - checksum: 10/28fe1005b1339870e0a5006375ba5ac1213fd69800f79e7db09c398e074421ba6e162898e94f64942fed554037fd292db3811d87835d25ab5ef7f3c9daacb6ca - languageName: node - linkType: hard - -"postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.33, postcss@npm:^8.4.45, postcss@npm:^8.4.47, postcss@npm:^8.5.4": - version: 8.5.15 - resolution: "postcss@npm:8.5.15" - dependencies: - nanoid: "npm:^3.3.12" - picocolors: "npm:^1.1.1" - source-map-js: "npm:^1.2.1" - checksum: 10/d02ad19eb1e0fa53a1229ee6d53807eb88f903f2b9a8cac66993367f3ac7dd3b97238c783a54ccbf4145f82f6ca9a5cbd58f089846285d759c8a3259fbea8318 - languageName: node - linkType: hard - "postcss@npm:^8.5.10": version: 8.5.12 resolution: "postcss@npm:8.5.12" @@ -14837,12 +14806,12 @@ __metadata: languageName: node linkType: hard -"uuid@npm:^8.3.2": - version: 8.3.2 - resolution: "uuid@npm:8.3.2" +"uuid@npm:^11.1.1": + version: 11.1.1 + resolution: "uuid@npm:11.1.1" bin: - uuid: dist/bin/uuid - checksum: 10/9a5f7aa1d6f56dd1e8d5f2478f855f25c645e64e26e347a98e98d95781d5ed20062d6cca2eecb58ba7c84bc3910be95c0451ef4161906abaab44f9cb68ffbdd1 + uuid: dist/esm/bin/uuid + checksum: 10/16411d3dc12a08d6691616c09a75e66a7f900ba1beef6628a76fe0602f82fae2ee537b564d0b7bc95c24f58d059ca9b58c75a1e806118efb50e17822ff00ddd2 languageName: node linkType: hard @@ -15209,9 +15178,9 @@ __metadata: languageName: node linkType: hard -"ws@npm:^8.18.0": - version: 8.19.0 - resolution: "ws@npm:8.19.0" +"ws@npm:^8.20.1": + version: 8.21.0 + resolution: "ws@npm:8.21.0" peerDependencies: bufferutil: ^4.0.1 utf-8-validate: ">=5.0.2" @@ -15220,7 +15189,7 @@ __metadata: optional: true utf-8-validate: optional: true - checksum: 10/26e4901e93abaf73af9f26a93707c95b4845e91a7a347ec8c569e6e9be7f9df066f6c2b817b2d685544e208207898a750b78461e6e8d810c11a370771450c31b + checksum: 10/088411956432c8f876158409d5a285cb9ad1382f593391f51d3a599bd0a5b277f876609ebd00fc3596321c4a4c9064d6fffe1ebad960e8ea7fd9ae25324f35c2 languageName: node linkType: hard From fe6fd9df4d697eaa206700284e79f1f7ceaddc85 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 10 Jun 2026 09:42:11 -0400 Subject: [PATCH 2/2] chore: pin ws and postcss resolutions to fixed versions --- package.json | 4 ++-- yarn.lock | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index 8ad05491..f3a09156 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ "fast-xml-parser": "^5.7.0", "fast-xml-builder": "^1.1.7", "uuid": "^11.1.1", - "ws@^8.18.0": "^8.20.1", - "postcss": "^8.5.10" + "ws@^8.18.0": "^8.21.0", + "postcss": "^8.5.12" } } diff --git a/yarn.lock b/yarn.lock index ea054bc6..092552c1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10439,12 +10439,12 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:^3.3.11": - version: 3.3.11 - resolution: "nanoid@npm:3.3.11" +"nanoid@npm:^3.3.12": + version: 3.3.12 + resolution: "nanoid@npm:3.3.12" bin: nanoid: bin/nanoid.cjs - checksum: 10/73b5afe5975a307aaa3c95dfe3334c52cdf9ae71518176895229b8d65ab0d1c0417dd081426134eb7571c055720428ea5d57c645138161e7d10df80815527c48 + checksum: 10/6eec280694e2088d18fb802b1e3bfc4578e27b665b7ecfbe36c7356612fea2f814277056e671e2a1529dff551588a652efdc0bfa39f8a3185bc2247be311872e languageName: node linkType: hard @@ -12358,14 +12358,14 @@ __metadata: languageName: node linkType: hard -"postcss@npm:^8.5.10": - version: 8.5.12 - resolution: "postcss@npm:8.5.12" +"postcss@npm:^8.5.12": + version: 8.5.15 + resolution: "postcss@npm:8.5.15" dependencies: - nanoid: "npm:^3.3.11" + nanoid: "npm:^3.3.12" picocolors: "npm:^1.1.1" source-map-js: "npm:^1.2.1" - checksum: 10/ec6b79b68c363eca3c8ffceb134a4ab637274aee6ac0857614bf7c18d40ce4ce5f9036edec57b7e0be99895724d2599d0ec7328dbd7f407204e7548697b322f1 + checksum: 10/d02ad19eb1e0fa53a1229ee6d53807eb88f903f2b9a8cac66993367f3ac7dd3b97238c783a54ccbf4145f82f6ca9a5cbd58f089846285d759c8a3259fbea8318 languageName: node linkType: hard @@ -15178,7 +15178,7 @@ __metadata: languageName: node linkType: hard -"ws@npm:^8.20.1": +"ws@npm:^8.21.0": version: 8.21.0 resolution: "ws@npm:8.21.0" peerDependencies: