chore(deps): bump brace-expansion + ws overrides to clear audit
CI / scan (pull_request) Successful in 3m22s
CI / commits (pull_request) Successful in 3m52s
CI / check (pull_request) Successful in 5m41s
CI / a11y (pull_request) Successful in 2m46s
Docs site / build (pull_request) Successful in 3m57s
CI / perf (pull_request) Successful in 8m57s
CI / scan (pull_request) Successful in 3m22s
CI / commits (pull_request) Successful in 3m52s
CI / check (pull_request) Successful in 5m41s
CI / a11y (pull_request) Successful in 2m46s
Docs site / build (pull_request) Successful in 3m57s
CI / perf (pull_request) Successful in 8m57s
Two new GHSA advisories surfaced in pnpm audit: - brace-expansion >=5.0.0 <5.0.6 — DoS via large numeric range (GHSA-jxxr-4gwj-5jf2). The existing override floor was 5.0.5; bump to 5.0.6. - ws >=8.0.0 <8.20.1 — uninitialized memory disclosure (GHSA-58qx-3vcg-4xpx). Reached via @nx/angular > @nx/module-federation > @module-federation/enhanced > @module-federation/dts-plugin > ws@8.18.0. Pinning the override to the 8.x range only — lighthouse's transitive ws@7.5.10 sits outside the advisory. Both fixes are pure pnpm.overrides bumps; remove them once Nx's upstream chain catches up.
This commit is contained in:
Generated
+8
-29
@@ -7,13 +7,14 @@ settings:
|
||||
overrides:
|
||||
axios@<1.15.2: '>=1.15.2'
|
||||
'@angular-devkit/core>ajv@<8.18.0': '>=8.18.0'
|
||||
brace-expansion@<5.0.5: '>=5.0.5'
|
||||
brace-expansion@<5.0.6: '>=5.0.6'
|
||||
esbuild@<0.25.0: '>=0.25.0'
|
||||
follow-redirects@<1.16.0: '>=1.16.0'
|
||||
ip-address@<10.1.1: '>=10.1.1'
|
||||
protobufjs@<8.0.2: '>=8.0.2'
|
||||
tmp@<0.2.4: '>=0.2.4'
|
||||
vitepress>vite: '>=6.4.2 <7'
|
||||
ws@>=8.0.0 <8.20.1: '>=8.20.1'
|
||||
yaml@<2.8.3: '>=2.8.3'
|
||||
'@types/express': ^5.0.6
|
||||
|
||||
@@ -5768,10 +5769,6 @@ packages:
|
||||
boolbase@1.0.0:
|
||||
resolution: {integrity: sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==}
|
||||
|
||||
brace-expansion@5.0.5:
|
||||
resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
|
||||
engines: {node: 18 || 20 || >=22}
|
||||
|
||||
brace-expansion@5.0.6:
|
||||
resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
|
||||
engines: {node: 18 || 20 || >=22}
|
||||
@@ -7762,7 +7759,7 @@ packages:
|
||||
isomorphic-ws@5.0.0:
|
||||
resolution: {integrity: sha512-muId7Zzn9ywDsyXgTIafTry2sV3nySZeUDe6YedVd1Hvuuep5AsIlqK+XefWpYTyJG5e503F2xIuT2lcU6rCSw==}
|
||||
peerDependencies:
|
||||
ws: '*'
|
||||
ws: '>=8.20.1'
|
||||
|
||||
istanbul-lib-coverage@3.2.2:
|
||||
resolution: {integrity: sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==}
|
||||
@@ -11166,18 +11163,6 @@ packages:
|
||||
utf-8-validate:
|
||||
optional: true
|
||||
|
||||
ws@8.18.0:
|
||||
resolution: {integrity: sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==}
|
||||
engines: {node: '>=10.0.0'}
|
||||
peerDependencies:
|
||||
bufferutil: ^4.0.1
|
||||
utf-8-validate: '>=5.0.2'
|
||||
peerDependenciesMeta:
|
||||
bufferutil:
|
||||
optional: true
|
||||
utf-8-validate:
|
||||
optional: true
|
||||
|
||||
ws@8.20.1:
|
||||
resolution: {integrity: sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==}
|
||||
engines: {node: '>=10.0.0'}
|
||||
@@ -13785,11 +13770,11 @@ snapshots:
|
||||
'@module-federation/third-party-dts-extractor': 2.4.0
|
||||
adm-zip: 0.5.10
|
||||
ansi-colors: 4.1.3
|
||||
isomorphic-ws: 5.0.0(ws@8.18.0)
|
||||
isomorphic-ws: 5.0.0(ws@8.20.1)
|
||||
node-schedule: 2.1.1
|
||||
typescript: 5.9.3
|
||||
undici: 7.24.7
|
||||
ws: 8.18.0
|
||||
ws: 8.20.1
|
||||
transitivePeerDependencies:
|
||||
- bufferutil
|
||||
- node-fetch
|
||||
@@ -17479,10 +17464,6 @@ snapshots:
|
||||
|
||||
boolbase@1.0.0: {}
|
||||
|
||||
brace-expansion@5.0.5:
|
||||
dependencies:
|
||||
balanced-match: 4.0.3
|
||||
|
||||
brace-expansion@5.0.6:
|
||||
dependencies:
|
||||
balanced-match: 4.0.4
|
||||
@@ -19606,9 +19587,9 @@ snapshots:
|
||||
transitivePeerDependencies:
|
||||
- encoding
|
||||
|
||||
isomorphic-ws@5.0.0(ws@8.18.0):
|
||||
isomorphic-ws@5.0.0(ws@8.20.1):
|
||||
dependencies:
|
||||
ws: 8.18.0
|
||||
ws: 8.20.1
|
||||
|
||||
istanbul-lib-coverage@3.2.2: {}
|
||||
|
||||
@@ -20869,7 +20850,7 @@ snapshots:
|
||||
balanced-match: 4.0.3
|
||||
base64-js: 1.5.1
|
||||
bl: 4.1.0
|
||||
brace-expansion: 5.0.5
|
||||
brace-expansion: 5.0.6
|
||||
buffer: 5.7.1
|
||||
call-bind-apply-helpers: 1.0.2
|
||||
chalk: 4.1.2
|
||||
@@ -23533,8 +23514,6 @@ snapshots:
|
||||
|
||||
ws@7.5.10: {}
|
||||
|
||||
ws@8.18.0: {}
|
||||
|
||||
ws@8.20.1: {}
|
||||
|
||||
wsl-utils@0.1.0:
|
||||
|
||||
Reference in New Issue
Block a user