mirror of
https://github.com/formbricks/formbricks.git
synced 2026-05-18 15:20:10 -05:00
Matti Nannt
80e1cc2411
Updates direct dependencies with known CVEs and adds/tightens pnpm overrides for transitive dependencies that cannot be updated directly. Direct updates: - next: 16.1.7 → 16.2.6 (middleware bypass, SSRF, DoS, XSS CVEs) - lodash: 4.17.23 → 4.18.1 (code injection via template CVE-2025-62616) - nodemailer: 8.0.2 → 8.0.7 (SMTP injection CVEs) - uuid: 13.0.0 → 13.0.2 (buffer bounds check CVE) - postcss: 8.5.8 → 8.5.14 (XSS via unescaped </style> CVE-2025-62695) - @opentelemetry suite: 0.213.0 → 0.217.0 / 2.6.0 → 2.7.1 Override additions/updates: - protobufjs@7: 7.5.8, protobufjs@8: 8.2.0 (GHSA-xq3m-2v4x-88gg arbitrary code execution) - @protobufjs/utf8: 1.1.1 (overlong UTF-8 CVE) - vite@7: 7.3.3, vite@8: 8.0.12 (GHSA-v2wj-q39q-566r fs.deny bypass, GHSA-p9ff-h696-f583 file read) - node-forge: 1.4.0 (multiple signature forgery / DoS CVEs) - defu: 6.1.7 (prototype pollution CVE-2025-62629) - brace-expansion@1/2/5: patched (ReDoS CVE-2025-67313) - picomatch@2/4: patched (ReDoS CVE-2025-60538/63394) - dompurify: 3.4.2 (XSS CVE-2025-26791) - ip-address: 10.1.1 (ReDoS CVE-2025-62629) - fast-uri: 3.1.2 (CVE-2025-48944/48945) - fast-xml-parser: 5.7.0 (multiple CVEs) - yaml: 2.8.3 (CVE-2025-63675) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
70 lines
2.3 KiB
JSON
70 lines
2.3 KiB
JSON
{
|
|
"name": "@formbricks/database",
|
|
"packageManager": "pnpm@10.32.1",
|
|
"private": true,
|
|
"version": "0.1.0",
|
|
"main": "./dist/index.cjs",
|
|
"types": "./dist/index.d.ts",
|
|
"type": "module",
|
|
"files": [
|
|
"dist",
|
|
"schema.prisma",
|
|
"migration"
|
|
],
|
|
"exports": {
|
|
".": {
|
|
"types": "./dist/index.d.ts",
|
|
"import": "./dist/index.js",
|
|
"require": "./dist/index.cjs"
|
|
},
|
|
"./types/*": {
|
|
"import": "./types/*.ts"
|
|
},
|
|
"./zod/*": {
|
|
"import": "./zod/*.ts"
|
|
},
|
|
"./seed/constants": {
|
|
"import": "./src/seed/constants.ts"
|
|
}
|
|
},
|
|
"scripts": {
|
|
"clean": "rimraf .turbo node_modules dist",
|
|
"build": "pnpm generate && vite build",
|
|
"dev": "vite build --watch",
|
|
"db:migrate:deploy": "env DATABASE_URL=\"${MIGRATE_DATABASE_URL:-$DATABASE_URL}\" node ./dist/scripts/apply-migrations.js",
|
|
"db:migrate:dev": "pnpm build && dotenv -e ../../.env -- sh -c \"pnpm prisma generate && node ./dist/scripts/apply-migrations.js\"",
|
|
"db:create-saml-database:deploy": "env SAML_DATABASE_URL=\"${SAML_DATABASE_URL}\" node ./dist/scripts/create-saml-database.js",
|
|
"db:create-saml-database:dev": "dotenv -e ../../.env -- node ./dist/scripts/create-saml-database.js",
|
|
"db:push": "prisma db push --accept-data-loss",
|
|
"db:seed": "dotenv -e ../../.env -- tsx src/seed.ts",
|
|
"db:seed:clear": "dotenv -e ../../.env -- tsx src/seed.ts --clear",
|
|
"db:setup": "pnpm db:migrate:dev && pnpm db:create-saml-database:dev",
|
|
"db:start": "pnpm db:setup",
|
|
"format": "prisma format",
|
|
"generate": "prisma generate",
|
|
"lint": "eslint ./src --fix",
|
|
"generate-data-migration": "tsx ./src/scripts/generate-data-migration.ts",
|
|
"create-migration": "dotenv -e ../../.env -- tsx ./src/scripts/create-migration.ts"
|
|
},
|
|
"dependencies": {
|
|
"@formbricks/logger": "workspace:*",
|
|
"@paralleldrive/cuid2": "2.3.1",
|
|
"@prisma/client": "6.19.2",
|
|
"bcryptjs": "3.0.3",
|
|
"uuid": "13.0.2",
|
|
"zod": "4.3.6",
|
|
"zod-openapi": "5.4.6"
|
|
},
|
|
"devDependencies": {
|
|
"@formbricks/config-typescript": "workspace:*",
|
|
"@formbricks/eslint-config": "workspace:*",
|
|
"dotenv-cli": "11.0.0",
|
|
"glob": "13.0.6",
|
|
"prisma": "6.19.2",
|
|
"prisma-json-types-generator": "3.6.2",
|
|
"tsx": "4.21.0",
|
|
"vite": "7.3.1",
|
|
"vite-plugin-dts": "4.5.4"
|
|
}
|
|
}
|