mirror of
https://github.com/formbricks/formbricks.git
synced 2026-03-09 11:19:24 -05:00
fix: overrides packages for CVE fixes (#7442)
This commit is contained in:
Anshuman Pandey
@@ -86,18 +86,19 @@
|
||||
"uuid": "11.1.0",
|
||||
"node-forge": ">=1.3.2",
|
||||
"tar-fs": "2.1.4",
|
||||
"tar": ">=7.5.7",
|
||||
"tar": ">=7.5.11",
|
||||
"minimatch@~9.0": "9.0.9",
|
||||
"typeorm": ">=0.3.26",
|
||||
"systeminformation": "5.27.14",
|
||||
"qs": ">=6.14.1",
|
||||
"preact": ">=10.26.10",
|
||||
"fast-xml-parser": "5.3.5",
|
||||
"fast-xml-parser": "5.4.2",
|
||||
"diff": ">=8.0.3",
|
||||
"@isaacs/brace-expansion": ">=5.0.1",
|
||||
"@microsoft/api-extractor": ">=7.57.6"
|
||||
},
|
||||
"comments": {
|
||||
"overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | tar (Dependabot #249/#264) - awaiting @boxyhq/saml-jackson/sqlite3 dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | systeminformation (Dependabot #241) - awaiting @opentelemetry/host-metrics update | qs (Dependabot #245) - awaiting googleapis-common and stripe updates | preact (Dependabot #247) - awaiting next-auth update | fast-xml-parser (Dependabot #270) - awaiting @boxyhq/saml-jackson update | diff (Dependabot #269) - awaiting @microsoft/api-extractor update | @isaacs/brace-expansion (Dependabot #271) - awaiting upstream updates | @microsoft/api-extractor - overridden until vite-plugin-dts lock resolution catches up"
|
||||
"overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | tar (CVE-2026-23745/23950/24842/26960) - awaiting @boxyhq/saml-jackson/sqlite3 dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | systeminformation (Dependabot #241) - awaiting @opentelemetry/host-metrics update | qs (Dependabot #245) - awaiting googleapis-common and stripe updates | preact (Dependabot #247) - awaiting next-auth update | fast-xml-parser (CVE-2026-25896/26278) - awaiting @boxyhq/saml-jackson update | diff (Dependabot #269) - awaiting @microsoft/api-extractor update | @isaacs/brace-expansion (Dependabot #271) - awaiting upstream updates | @microsoft/api-extractor - overridden until vite-plugin-dts lock resolution catches up | minimatch (CVE-2026-26996/27903/27904) - awaiting upstream updates"
|
||||
},
|
||||
"patchedDependencies": {
|
||||
"next-auth@4.24.13": "patches/next-auth@4.24.13.patch"
|
||||
|
||||
66
pnpm-lock.yaml
generated
66
pnpm-lock.yaml
generated
@@ -9,12 +9,13 @@ overrides:
|
||||
uuid: 11.1.0
|
||||
node-forge: '>=1.3.2'
|
||||
tar-fs: 2.1.4
|
||||
tar: '>=7.5.7'
|
||||
tar: '>=7.5.11'
|
||||
minimatch@~9.0: 9.0.9
|
||||
typeorm: '>=0.3.26'
|
||||
systeminformation: 5.27.14
|
||||
qs: '>=6.14.1'
|
||||
preact: '>=10.26.10'
|
||||
fast-xml-parser: 5.3.5
|
||||
fast-xml-parser: 5.4.2
|
||||
diff: '>=8.0.3'
|
||||
'@isaacs/brace-expansion': '>=5.0.1'
|
||||
'@microsoft/api-extractor': '>=7.57.6'
|
||||
@@ -7701,8 +7702,11 @@ packages:
|
||||
fast-uri@3.1.0:
|
||||
resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
|
||||
|
||||
fast-xml-parser@5.3.5:
|
||||
resolution: {integrity: sha512-JeaA2Vm9ffQKp9VjvfzObuMCjUYAp5WDYhRYL5LrBPY/jUDlUtOvDfot0vKSkB9tuX885BDHjtw4fZadD95wnA==}
|
||||
fast-xml-builder@1.0.0:
|
||||
resolution: {integrity: sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==}
|
||||
|
||||
fast-xml-parser@5.4.2:
|
||||
resolution: {integrity: sha512-pw/6pIl4k0CSpElPEJhDppLzaixDEuWui2CUQQBH/ECDf7+y6YwA4Gf7Tyb0Rfe4DIMuZipYj4AEL0nACKglvQ==}
|
||||
hasBin: true
|
||||
|
||||
fastest-stable-stringify@2.0.2:
|
||||
@@ -8910,16 +8914,9 @@ packages:
|
||||
resolution: {integrity: sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==}
|
||||
engines: {node: 18 || 20 || >=22}
|
||||
|
||||
minimatch@3.1.2:
|
||||
resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
|
||||
|
||||
minimatch@3.1.5:
|
||||
resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
|
||||
|
||||
minimatch@9.0.5:
|
||||
resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
|
||||
engines: {node: '>=16 || 14 >=14.17'}
|
||||
|
||||
minimatch@9.0.9:
|
||||
resolution: {integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==}
|
||||
engines: {node: '>=16 || 14 >=14.17'}
|
||||
@@ -10617,8 +10614,8 @@ packages:
|
||||
resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==}
|
||||
engines: {node: '>=6'}
|
||||
|
||||
tar@7.5.7:
|
||||
resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==}
|
||||
tar@7.5.11:
|
||||
resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==}
|
||||
engines: {node: '>=18'}
|
||||
|
||||
tarn@3.0.2:
|
||||
@@ -11727,7 +11724,7 @@ snapshots:
|
||||
'@smithy/smithy-client': 4.11.2
|
||||
'@smithy/types': 4.12.0
|
||||
'@smithy/util-middleware': 4.2.8
|
||||
fast-xml-parser: 5.3.5
|
||||
fast-xml-parser: 5.4.2
|
||||
tslib: 2.8.1
|
||||
|
||||
'@aws-sdk/core@3.973.17':
|
||||
@@ -12355,7 +12352,7 @@ snapshots:
|
||||
'@aws-sdk/xml-builder@3.972.9':
|
||||
dependencies:
|
||||
'@smithy/types': 4.13.0
|
||||
fast-xml-parser: 5.3.5
|
||||
fast-xml-parser: 5.4.2
|
||||
tslib: 2.8.1
|
||||
|
||||
'@aws/lambda-invoke-store@0.2.2': {}
|
||||
@@ -12442,7 +12439,7 @@ snapshots:
|
||||
|
||||
'@azure/core-xml@1.5.0':
|
||||
dependencies:
|
||||
fast-xml-parser: 5.3.5
|
||||
fast-xml-parser: 5.4.2
|
||||
tslib: 2.8.1
|
||||
|
||||
'@azure/identity@4.13.0':
|
||||
@@ -13252,7 +13249,7 @@ snapshots:
|
||||
ignore: 5.3.2
|
||||
import-fresh: 3.3.1
|
||||
js-yaml: 4.1.1
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
strip-json-comments: 3.1.1
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
@@ -13374,7 +13371,7 @@ snapshots:
|
||||
dependencies:
|
||||
'@humanwhocodes/object-schema': 2.0.3
|
||||
debug: 4.4.3
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
||||
@@ -18041,7 +18038,7 @@ snapshots:
|
||||
'@vue/compiler-vue2': 2.7.16
|
||||
'@vue/shared': 3.5.26
|
||||
alien-signals: 0.4.14
|
||||
minimatch: 9.0.5
|
||||
minimatch: 9.0.9
|
||||
muggle-string: 0.4.1
|
||||
path-browserify: 1.0.1
|
||||
optionalDependencies:
|
||||
@@ -18563,7 +18560,7 @@ snapshots:
|
||||
promise-inflight: 1.0.1
|
||||
rimraf: 3.0.2
|
||||
ssri: 8.0.1
|
||||
tar: 7.5.7
|
||||
tar: 7.5.11
|
||||
unique-filename: 1.1.1
|
||||
transitivePeerDependencies:
|
||||
- bluebird
|
||||
@@ -19458,7 +19455,7 @@ snapshots:
|
||||
hasown: 2.0.2
|
||||
is-core-module: 2.16.1
|
||||
is-glob: 4.0.3
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
object.fromentries: 2.0.8
|
||||
object.groupby: 1.0.3
|
||||
object.values: 1.2.1
|
||||
@@ -19487,7 +19484,7 @@ snapshots:
|
||||
hasown: 2.0.2
|
||||
is-core-module: 2.16.1
|
||||
is-glob: 4.0.3
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
object.fromentries: 2.0.8
|
||||
object.groupby: 1.0.3
|
||||
object.values: 1.2.1
|
||||
@@ -19525,7 +19522,7 @@ snapshots:
|
||||
hasown: 2.0.2
|
||||
jsx-ast-utils: 3.3.5
|
||||
language-tags: 1.0.9
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
object.fromentries: 2.0.8
|
||||
safe-regex-test: 1.1.0
|
||||
string.prototype.includes: 2.0.1
|
||||
@@ -19565,7 +19562,7 @@ snapshots:
|
||||
estraverse: 5.3.0
|
||||
hasown: 2.0.2
|
||||
jsx-ast-utils: 3.3.5
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
object.entries: 1.1.9
|
||||
object.fromentries: 2.0.8
|
||||
object.values: 1.2.1
|
||||
@@ -19689,7 +19686,7 @@ snapshots:
|
||||
json-stable-stringify-without-jsonify: 1.0.1
|
||||
levn: 0.4.1
|
||||
lodash.merge: 4.6.2
|
||||
minimatch: 3.1.2
|
||||
minimatch: 3.1.5
|
||||
natural-compare: 1.4.0
|
||||
optionator: 0.9.4
|
||||
strip-ansi: 6.0.1
|
||||
@@ -19773,8 +19770,11 @@ snapshots:
|
||||
|
||||
fast-uri@3.1.0: {}
|
||||
|
||||
fast-xml-parser@5.3.5:
|
||||
fast-xml-builder@1.0.0: {}
|
||||
|
||||
fast-xml-parser@5.4.2:
|
||||
dependencies:
|
||||
fast-xml-builder: 1.0.0
|
||||
strnum: 2.1.2
|
||||
|
||||
fastest-stable-stringify@2.0.2: {}
|
||||
@@ -21043,18 +21043,10 @@ snapshots:
|
||||
dependencies:
|
||||
brace-expansion: 5.0.4
|
||||
|
||||
minimatch@3.1.2:
|
||||
dependencies:
|
||||
brace-expansion: 1.1.12
|
||||
|
||||
minimatch@3.1.5:
|
||||
dependencies:
|
||||
brace-expansion: 1.1.12
|
||||
|
||||
minimatch@9.0.5:
|
||||
dependencies:
|
||||
brace-expansion: 2.0.2
|
||||
|
||||
minimatch@9.0.9:
|
||||
dependencies:
|
||||
brace-expansion: 2.0.2
|
||||
@@ -21317,7 +21309,7 @@ snapshots:
|
||||
npmlog: 6.0.2
|
||||
rimraf: 3.0.2
|
||||
semver: 7.7.3
|
||||
tar: 7.5.7
|
||||
tar: 7.5.11
|
||||
which: 2.0.2
|
||||
transitivePeerDependencies:
|
||||
- bluebird
|
||||
@@ -22744,7 +22736,7 @@ snapshots:
|
||||
bindings: 1.5.0
|
||||
node-addon-api: 7.1.1
|
||||
prebuild-install: 7.1.3
|
||||
tar: 7.5.7
|
||||
tar: 7.5.11
|
||||
optionalDependencies:
|
||||
node-gyp: 8.4.1
|
||||
transitivePeerDependencies:
|
||||
@@ -23019,7 +23011,7 @@ snapshots:
|
||||
inherits: 2.0.4
|
||||
readable-stream: 3.6.2
|
||||
|
||||
tar@7.5.7:
|
||||
tar@7.5.11:
|
||||
dependencies:
|
||||
'@isaacs/fs-minipass': 4.0.1
|
||||
chownr: 3.0.0
|
||||
|
||||
Reference in New Issue
Block a user