fix(deps): resolve dependabot security alerts

Update vulnerable transitive dependencies:
- @xmldom/xmldom 0.8.10 → 0.8.12 (XML injection via CDATA serialization)
- path-to-regexp 8.3.0 → 8.4.1 (ReDoS and DoS via sequential optional groups)
- brace-expansion 5.0.2 → 5.0.5 (zero-step sequence hang/memory exhaustion)
This commit is contained in:
kolaente 2026-04-01 14:32:42 +02:00 committed by kolaente
parent 59ebfa3b2c
commit 01bc76d1c6
1 changed files with 58 additions and 19 deletions

View File

@ -135,6 +135,9 @@ packages:
'@types/debug@4.1.12':
resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
'@types/debug@4.1.13':
resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==}
'@types/fs-extra@9.0.13':
resolution: {integrity: sha512-nEnwB++1u5lVDM2UI4c1+5R+FYaKfaAzS4OococimjVm3nQw3TuzH5UNsocrcTBbhnerblyHj4A49qXbIiZdpA==}
@ -147,6 +150,9 @@ packages:
'@types/ms@0.7.34':
resolution: {integrity: sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==}
'@types/ms@2.1.0':
resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
'@types/node@24.10.9':
resolution: {integrity: sha512-ne4A0IpG3+2ETuREInjPNhUGis1SFjv1d5asp8MzEAGtOZeTeHVDOYqOgqfhvseqg/iXty2hjBf1zAOb7RNiNw==}
@ -162,8 +168,8 @@ packages:
'@types/yauzl@2.10.3':
resolution: {integrity: sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==}
'@xmldom/xmldom@0.8.10':
resolution: {integrity: sha512-2WALfTl4xo2SkGCYRt6rDTFfk9R1czmBvUQy12gK2KuRKIpWEhcbbzy8EZXtz/jkRqHX8bFEc6FC1HjX4TUWYw==}
'@xmldom/xmldom@0.8.12':
resolution: {integrity: sha512-9k/gHF6n/pAi/9tqr3m3aqkuiNosYTurLLUtc7xQ9sxB/wm7WPygCv8GYa6mS0fLJEHhqMC1ATYhz++U/lRHqg==}
engines: {node: '>=10.0.0'}
abbrev@3.0.1:
@ -287,8 +293,8 @@ packages:
resolution: {integrity: sha512-d0II/GO9uf9lfUHH2BQsjxzRJZBdsjgsBiW4BvhWk/3qoKwQFjIDVN19PfX8F2D/r9PCMTtLWjYVCFrpeYUzsw==}
deprecated: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
brace-expansion@5.0.3:
resolution: {integrity: sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==}
brace-expansion@5.0.5:
resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
engines: {node: 18 || 20 || >=22}
buffer-crc32@0.2.13:
@ -1010,6 +1016,10 @@ packages:
resolution: {integrity: sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
engines: {node: 18 || 20 || >=22}
minimatch@10.2.5:
resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
engines: {node: 18 || 20 || >=22}
minimist@1.2.8:
resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
@ -1141,8 +1151,8 @@ packages:
resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
engines: {node: '>=16 || 14 >=14.18'}
path-to-regexp@8.3.0:
resolution: {integrity: sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==}
path-to-regexp@8.4.1:
resolution: {integrity: sha512-fvU78fIjZ+SBM9YwCknCvKOUKkLVqtWDVctl0s7xIqfmfb38t2TT4ZU2gHm+Z8xGwgW+QWEU3oQSAzIbo89Ggw==}
pe-library@0.4.1:
resolution: {integrity: sha512-eRWB5LBz7PpDu4PUlwT0PhnQfTQJlDDdPa35urV4Osrm0t0AqQFGn+UIkU3klZvwJ8KPO3VbBFsXquA6p6kqZw==}
@ -1264,6 +1274,9 @@ packages:
sanitize-filename@1.6.3:
resolution: {integrity: sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==}
sanitize-filename@1.6.4:
resolution: {integrity: sha512-9ZyI08PsvdQl2r/bBIGubpVdR3RR9sY6RDiWFPreA21C/EFlQhmgo20UZlNjZMMZNubusLhAQozkA0Od5J21Eg==}
sax@1.4.4:
resolution: {integrity: sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==}
engines: {node: '>=11.0.0'}
@ -1414,6 +1427,10 @@ packages:
resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==}
engines: {node: '>=18'}
tar@7.5.13:
resolution: {integrity: sha512-tOG/7GyXpFevhXVh8jOPJrmtRpOTsYqUIkVdVooZYJS/z8WhfQUX8RJILmeuJNinGAMSu1veBr4asSHFt5/hng==}
engines: {node: '>=18'}
temp-file@3.4.0:
resolution: {integrity: sha512-C5tjlC/HCtVUOi3KWVokd4vHVViOmGjtLwIh4MuzPo/nMYTV/p1urt3RnMz2IWXDdKEGJH3k5+KPxtqRsUYGtg==}
@ -1664,7 +1681,7 @@ snapshots:
debug: 4.4.3
dir-compare: 3.3.0
fs-extra: 9.1.0
minimatch: 10.2.4
minimatch: 10.2.5
plist: 3.1.0
transitivePeerDependencies:
- supports-color
@ -1747,6 +1764,10 @@ snapshots:
dependencies:
'@types/ms': 0.7.34
'@types/debug@4.1.13':
dependencies:
'@types/ms': 2.1.0
'@types/fs-extra@9.0.13':
dependencies:
'@types/node': 24.10.9
@ -1759,6 +1780,8 @@ snapshots:
'@types/ms@0.7.34': {}
'@types/ms@2.1.0': {}
'@types/node@24.10.9':
dependencies:
undici-types: 7.16.0
@ -1781,7 +1804,7 @@ snapshots:
'@types/node': 24.10.9
optional: true
'@xmldom/xmldom@0.8.10': {}
'@xmldom/xmldom@0.8.12': {}
abbrev@3.0.1: {}
@ -1848,11 +1871,11 @@ snapshots:
isbinaryfile: 5.0.7
js-yaml: 4.1.1
lazy-val: 1.0.5
minimatch: 10.2.4
minimatch: 10.2.5
read-config-file: 6.3.2
sanitize-filename: 1.6.3
sanitize-filename: 1.6.4
semver: 7.7.4
tar: 7.5.11
tar: 7.5.13
temp-file: 3.4.0
transitivePeerDependencies:
- supports-color
@ -1985,7 +2008,7 @@ snapshots:
boolean@3.2.0:
optional: true
brace-expansion@5.0.3:
brace-expansion@5.0.5:
dependencies:
balanced-match: 4.0.4
@ -2017,7 +2040,7 @@ snapshots:
builder-util@24.13.1:
dependencies:
7zip-bin: 5.2.0
'@types/debug': 4.1.12
'@types/debug': 4.1.13
app-builder-bin: 4.0.0
bluebird-lst: 1.0.9
builder-util-runtime: 9.2.4
@ -2229,7 +2252,7 @@ snapshots:
dir-compare@3.3.0:
dependencies:
buffer-equal: 1.0.1
minimatch: 10.2.4
minimatch: 10.2.5
dir-compare@4.2.0:
dependencies:
@ -2847,7 +2870,11 @@ snapshots:
minimatch@10.2.4:
dependencies:
brace-expansion: 5.0.3
brace-expansion: 5.0.5
minimatch@10.2.5:
dependencies:
brace-expansion: 5.0.5
minimist@1.2.8: {}
@ -2977,7 +3004,7 @@ snapshots:
lru-cache: 10.4.3
minipass: 7.1.2
path-to-regexp@8.3.0: {}
path-to-regexp@8.4.1: {}
pe-library@0.4.1: {}
@ -2987,7 +3014,7 @@ snapshots:
plist@3.1.0:
dependencies:
'@xmldom/xmldom': 0.8.10
'@xmldom/xmldom': 0.8.12
base64-js: 1.5.1
xmlbuilder: 15.1.1
@ -3068,7 +3095,7 @@ snapshots:
readdir-glob@1.1.3:
dependencies:
minimatch: 10.2.4
minimatch: 10.2.5
require-directory@2.1.1: {}
@ -3105,7 +3132,7 @@ snapshots:
depd: 2.0.0
is-promise: 4.0.0
parseurl: 1.3.3
path-to-regexp: 8.3.0
path-to-regexp: 8.4.1
transitivePeerDependencies:
- supports-color
@ -3119,6 +3146,10 @@ snapshots:
dependencies:
truncate-utf8-bytes: 1.0.2
sanitize-filename@1.6.4:
dependencies:
truncate-utf8-bytes: 1.0.2
sax@1.4.4: {}
sax@1.6.0: {}
@ -3300,6 +3331,14 @@ snapshots:
minizlib: 3.1.0
yallist: 5.0.0
tar@7.5.13:
dependencies:
'@isaacs/fs-minipass': 4.0.1
chownr: 3.0.0
minipass: 7.1.3
minizlib: 3.1.0
yallist: 5.0.0
temp-file@3.4.0:
dependencies:
async-exit-hook: 2.0.1