Elgato_dark/console
1
0
Fork 0
mirror of https://github.com/graphql-hive/console synced 2026-04-21 14:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

bump vulnerable dependencies (#7612)

Browse source
This commit is contained in:
Laurin Quast 2026-02-03 11:03:35 +01:00 committed by GitHub
parent 545349fbc7
commit 1272c1ca32
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 55 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/cyan-queens-create.md Normal file
View file

@ -0,0 +1,5 @@
---
'hive': patch
---
Address vulnerabilities in dependencies (CVE-2026-25224, CVE-2026-25223).

4
package.json
View file

@ -124,6 +124,7 @@
"overrides.diff@<8.0.3": "address https://github.com/graphql-hive/console/security/dependabot/438",
"overrides.lodash-es@4.x.x": "address https://github.com/graphql-hive/console/security/dependabot/453",
"overrides.lodash@4.x.x": "address https://github.com/graphql-hive/console/security/dependabot/455",
"overrides.fast-xml-parser@5.x.x": "address https://github.com/graphql-hive/console/security/dependabot/463",
"overrides": {
"esbuild": "0.25.9",
"csstype": "3.1.2",
@ -147,7 +148,8 @@
"diff@<8.0.3": "^8.0.3",
"lodash-es@4.x.x": "^4.17.23",
"lodash@4.x.x": "^4.17.23",
"seroval@<1.4.1": "^1.4.1"
"seroval@<1.4.1": "^1.4.1",
"fast-xml-parser@<5.3.4": "^5.3.4"
},
"patchedDependencies": {
"mjml-core@4.14.0": "patches/mjml-core@4.14.0.patch",

2
packages/libraries/external-composition/package.json
View file

@ -63,7 +63,7 @@
"@apollo/composition": "2.10.4",
"@types/node": "22.10.5",
"esbuild": "0.25.9",
"fastify": "5.7.1",
"fastify": "5.7.3",
"graphql": "16.9.0"
},
"publishConfig": {

2
packages/services/cdn-worker/package.json
View file

@ -23,7 +23,7 @@
"bcryptjs": "2.4.3",
"dotenv": "16.4.7",
"esbuild": "0.25.9",
"fastify": "5.7.1",
"fastify": "5.7.3",
"graphql": "16.9.0",
"itty-router": "4.2.2",
"itty-router-extras": "0.4.6",

2
packages/services/commerce/package.json
View file

@ -18,7 +18,7 @@
"@trpc/server": "10.45.3",
"date-fns": "4.1.0",
"dotenv": "16.4.7",
"fastify": "5.7.1",
"fastify": "5.7.3",
"pino-pretty": "11.3.0",
"reflect-metadata": "0.2.2",
"stripe": "17.5.0",

2
packages/services/policy/package.json
View file

@ -18,7 +18,7 @@
"ajv": "8.17.1",
"dotenv": "16.4.7",
"eslint": "8.57.1",
"fastify": "5.7.1",
"fastify": "5.7.3",
"graphql": "16.9.0",
"pino-pretty": "11.3.0",
"zod": "3.25.76",

2
packages/services/schema/package.json
View file

@ -21,7 +21,7 @@
"@types/ioredis-mock": "8.2.5",
"dotenv": "16.4.7",
"fast-json-stable-stringify": "2.1.0",
"fastify": "5.7.1",
"fastify": "5.7.3",
"fastq": "1.19.1",
"got": "14.4.7",
"graphql": "16.9.0",

2
packages/services/server/package.json
View file

@ -40,7 +40,7 @@
"@trpc/server": "10.45.3",
"@whatwg-node/server": "0.10.17",
"dotenv": "16.4.7",
"fastify": "5.7.1",
"fastify": "5.7.3",
"got": "14.4.7",
"graphql": "16.9.0",
"graphql-yoga": "5.13.3",

2
packages/services/service-common/package.json
View file

@ -25,7 +25,7 @@
"@sentry/node": "7.120.2",
"@sentry/types": "7.120.2",
"@sentry/utils": "7.120.2",
"fastify": "5.7.1",
"fastify": "5.7.3",
"fastify-plugin": "5.1.0",
"opentelemetry-instrumentation-fetch-node": "1.2.3",
"p-retry": "6.2.1",

2
packages/services/tokens/package.json
View file

@ -15,7 +15,7 @@
"@trpc/server": "10.45.3",
"@types/ms": "0.7.34",
"dotenv": "16.4.7",
"fastify": "5.7.1",
"fastify": "5.7.3",
"ioredis": "5.8.2",
"lru-cache": "11.0.2",
"ms": "2.1.3",

2
packages/web/app/package.json
View file

@ -104,7 +104,7 @@
"dotenv": "16.4.7",
"echarts": "5.6.0",
"echarts-for-react": "3.0.2",
"fastify": "5.7.1",
"fastify": "5.7.3",
"formik": "2.4.6",
"framer-motion": "11.18.2",
"graphiql": "4.0.0-alpha.5",

113
pnpm-lock.yaml
View file

@ -28,6 +28,7 @@ overrides:
lodash-es@4.x.x: ^4.17.23
lodash@4.x.x: ^4.17.23
seroval@<1.4.1: ^1.4.1
fast-xml-parser@<5.3.4: ^5.3.4
patchedDependencies:
'@apollo/federation@0.38.1':
@ -614,8 +615,8 @@ importers:
specifier: 0.25.9
version: 0.25.9
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
graphql:
specifier: 16.9.0
version: 16.9.0
@ -974,8 +975,8 @@ importers:
specifier: 0.25.9
version: 0.25.9
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
graphql:
specifier: 16.9.0
version: 16.9.0
@ -1025,8 +1026,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
pino-pretty:
specifier: 11.3.0
version: 11.3.0
@ -1116,8 +1117,8 @@ importers:
specifier: 8.57.1
version: 8.57.1(patch_hash=08d9d41d21638cb74d0f9f34877a8839601a4e5a8263066ff23e7032addbcba0)
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
graphql:
specifier: 16.9.0
version: 16.9.0
@ -1170,8 +1171,8 @@ importers:
specifier: 2.1.0
version: 2.1.0
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
fastq:
specifier: 1.19.1
version: 1.19.1
@ -1296,8 +1297,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
got:
specifier: 14.4.7
version: 14.4.7(patch_hash=f7660444905ddadee251ff98241119fb54f5fec1e673a428192da361d5636299)
@ -1390,8 +1391,8 @@ importers:
specifier: 7.120.2
version: 7.120.2
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
fastify-plugin:
specifier: 5.1.0
version: 5.1.0
@ -1489,8 +1490,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
ioredis:
specifier: 5.8.2
version: 5.8.2
@ -1706,7 +1707,7 @@ importers:
version: 9.0.0
'@fastify/vite':
specifier: 8.4.1
version: 8.4.1(fastify@5.7.1)(vite@7.3.1(@types/node@25.0.2)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.30.2)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))
version: 8.4.1(fastify@5.7.3)(vite@7.3.1(@types/node@25.0.2)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.30.2)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))
'@graphiql/plugin-explorer':
specifier: 4.0.0-alpha.2
version: 4.0.0-alpha.2(@graphiql/react@1.0.0-alpha.4(patch_hash=1018befc9149cbc43bc2bf8982d52090a580e68df34b46674234f4e58eb6d0a0)(@codemirror/language@6.10.2)(@types/node@25.0.2)(@types/react-dom@18.3.5(@types/react@18.3.18))(@types/react@18.3.18)(graphql-ws@5.16.1(graphql@16.9.0))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@ -1960,8 +1961,8 @@ importers:
specifier: 3.0.2
version: 3.0.2(echarts@5.6.0)(react@18.3.1)
fastify:
specifier: 5.7.1
version: 5.7.1
specifier: 5.7.3
version: 5.7.3
formik:
specifier: 2.4.6
version: 2.4.6(react@18.3.1)
@ -10533,14 +10534,6 @@ packages:
resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==}
engines: {node: '>=8'}
ajv-formats@2.1.1:
resolution: {integrity: sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==}
peerDependencies:
ajv: ^8.0.0
peerDependenciesMeta:
ajv:
optional: true
ajv-formats@3.0.1:
resolution: {integrity: sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==}
peerDependencies:
@ -12716,9 +12709,6 @@ packages:
resolution: {integrity: sha512-ar+hQ4+OIurUGjSJD1anvYSDcUflywhKjfxnsW4TBTD7+u0tJufv6DKRWoQk3vI6YBOWMoz0TQtfbe7dxbQmvA==}
engines: {node: '>= 10.0.0'}
fast-json-stringify@5.12.0:
resolution: {integrity: sha512-7Nnm9UPa7SfHRbHVA1kJQrGXCRzB7LMlAAqHXQFkEQqueJm1V8owm0FsE/2Do55/4CcdhwiLQERaKomOnKQkyA==}
fast-json-stringify@5.16.1:
resolution: {integrity: sha512-KAdnLvy1yu/XrRtP+LJnxbBGrhN+xXu+gt3EUvZhYGKCr3lFHq/7UFJHHFgmJKoqlh6B40bZLEv7w46B0mqn1g==}
@ -12753,12 +12743,8 @@ packages:
fast-url-parser@1.1.3:
resolution: {integrity: sha512-5jOCVXADYNuRkKFzNJ0dCCewsZiYo0dz8QNYljkOpFC6r2U4OBmKtvm/Tsuh4w1YYdDqDb31a8TVhBJ2OJKdqQ==}
fast-xml-parser@4.4.1:
resolution: {integrity: sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==}
hasBin: true
fast-xml-parser@5.2.5:
resolution: {integrity: sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==}
fast-xml-parser@5.3.4:
resolution: {integrity: sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==}
hasBin: true
fastest-levenshtein@1.0.16:
@ -12768,8 +12754,8 @@ packages:
fastify-plugin@5.1.0:
resolution: {integrity: sha512-FAIDA8eovSt5qcDgcBvDuX/v0Cjz0ohGhENZ/wpc3y+oZCY2afZ9Baqql3g/lC+OHRnciQol4ww7tuthOb9idw==}
fastify@5.7.1:
resolution: {integrity: sha512-ZW7S4fxlZhE+tYWVokFzjh+i56R+buYKNGhrVl6DtN8sxkyMEzpJnzvO8A/ZZrsg5w6X37u6I4EOQikYS5DXpA==}
fastify@5.7.3:
resolution: {integrity: sha512-QHzWSmTNUg9Ba8tNXzb92FTH77K+c8yeQPH80EeSIc9wyZj85jbPisMP0rwmyKv8oJwUFPe1UpN8HkNIXwCnUQ==}
fastq@1.19.1:
resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==}
@ -17871,9 +17857,6 @@ packages:
resolution: {integrity: sha512-kcyeAkDFjGsVl17FqnG7q/+xIjt0ZjOo9Dm+q8deAvs2Xe4iAHrhxyoP4etUVFc+/LZJANjIPVR+ZOnt9hr/Ug==}
engines: {node: '>=12.*'}
strnum@1.0.5:
resolution: {integrity: sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==}
strnum@2.1.1:
resolution: {integrity: sha512-7ZvoFTiCnGxBtDqJ//Cu6fWtZtc7Y3x+QOirG15wztbdngGSkht27o2pyGWrVy0b4WAy3jbKmnoK6g5VlVNUUw==}
@ -20131,7 +20114,7 @@ snapshots:
'@smithy/smithy-client': 4.0.0
'@smithy/types': 4.0.0
'@smithy/util-middleware': 4.0.0
fast-xml-parser: 4.4.1
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws-sdk/core@3.936.0':
@ -20970,13 +20953,13 @@ snapshots:
'@aws-sdk/xml-builder@3.930.0':
dependencies:
'@smithy/types': 4.11.0
fast-xml-parser: 5.2.5
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws-sdk/xml-builder@3.969.0':
dependencies:
'@smithy/types': 4.12.0
fast-xml-parser: 5.2.5
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws/lambda-invoke-store@0.2.1': {}
@ -21493,7 +21476,7 @@ snapshots:
outdent: 0.5.0
prettier: 2.8.8
resolve-from: 5.0.0
semver: 7.7.2
semver: 7.7.3
'@changesets/assemble-release-plan@6.0.9':
dependencies:
@ -21502,7 +21485,7 @@ snapshots:
'@changesets/should-skip-package': 0.1.2
'@changesets/types': 6.1.0
'@manypkg/get-packages': 1.1.3
semver: 7.7.2
semver: 7.7.3
'@changesets/changelog-git@0.2.1':
dependencies:
@ -21568,7 +21551,7 @@ snapshots:
'@changesets/types': 6.1.0
'@manypkg/get-packages': 1.1.3
picocolors: 1.1.1
semver: 7.7.2
semver: 7.7.3
'@changesets/get-github-info@0.6.0(encoding@0.1.13)':
dependencies:
@ -22366,12 +22349,12 @@ snapshots:
fastq: 1.19.1
glob: 13.0.0
'@fastify/vite@8.4.1(fastify@5.7.1)(vite@7.3.1(@types/node@25.0.2)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.30.2)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))':
'@fastify/vite@8.4.1(fastify@5.7.3)(vite@7.3.1(@types/node@25.0.2)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.30.2)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))':
dependencies:
'@fastify/deepmerge': 3.2.0
'@fastify/middie': 9.1.0
'@fastify/static': 9.0.0
fastify: 5.7.1
fastify: 5.7.3
fastify-plugin: 5.1.0
fs-extra: 11.3.3
html-rewriter-wasm: 0.4.1
@ -27578,7 +27561,7 @@ snapshots:
'@types/shimmer': 1.2.0
import-in-the-middle: 1.7.1
require-in-the-middle: 7.3.0
semver: 7.7.2
semver: 7.7.3
shimmer: 1.2.1
transitivePeerDependencies:
- supports-color
@ -30885,7 +30868,7 @@ snapshots:
jsdoc-type-pratt-parser: 4.1.0
process: 0.11.10
recast: 0.23.6
semver: 7.7.2
semver: 7.7.3
util: 0.12.5
ws: 8.18.0
optionalDependencies:
@ -32462,10 +32445,6 @@ snapshots:
clean-stack: 2.2.0
indent-string: 4.0.0
ajv-formats@2.1.1(ajv@8.17.1):
optionalDependencies:
ajv: 8.17.1
ajv-formats@3.0.1(ajv@8.17.1):
optionalDependencies:
ajv: 8.17.1
@ -35050,16 +35029,6 @@ snapshots:
rfdc: 1.4.1
string-similarity: 4.0.4
fast-json-stringify@5.12.0:
dependencies:
'@fastify/merge-json-schemas': 0.1.1
ajv: 8.17.1
ajv-formats: 2.1.1(ajv@8.17.1)
fast-deep-equal: 3.1.3
fast-uri: 2.3.0
json-schema-ref-resolver: 1.0.1
rfdc: 1.4.1
fast-json-stringify@5.16.1:
dependencies:
'@fastify/merge-json-schemas': 0.1.1
@ -35105,11 +35074,7 @@ snapshots:
dependencies:
punycode: 1.4.1
fast-xml-parser@4.4.1:
dependencies:
strnum: 1.0.5
fast-xml-parser@5.2.5:
fast-xml-parser@5.3.4:
dependencies:
strnum: 2.1.1
@ -35117,7 +35082,7 @@ snapshots:
fastify-plugin@5.1.0: {}
fastify@5.7.1:
fastify@5.7.3:
dependencies:
'@fastify/ajv-compiler': 4.0.5
'@fastify/error': 4.2.0
@ -35704,7 +35669,7 @@ snapshots:
chalk: 4.1.2
debug: 4.4.3(supports-color@8.1.1)
interpret: 3.1.1
semver: 7.7.2
semver: 7.7.3
tslib: 2.8.1
yargs: 17.7.2
transitivePeerDependencies:
@ -35817,7 +35782,7 @@ snapshots:
graphql-jit@0.8.6(graphql@16.9.0):
dependencies:
'@graphql-typed-document-node/core': 3.2.0(graphql@16.9.0)
fast-json-stringify: 5.12.0
fast-json-stringify: 5.16.1
generate-function: 2.3.1
graphql: 16.9.0
lodash.memoize: 4.1.2
@ -41480,8 +41445,6 @@ snapshots:
'@types/node': 22.10.5
qs: 6.13.0
strnum@1.0.5: {}
strnum@2.1.1: {}
style-mod@4.1.3: {}