From 27d1d04e522ac44bcafbbb1e3125232255cde7a6 Mon Sep 17 00:00:00 2001 From: Laurin Date: Thu, 26 Mar 2026 00:47:54 +0100 Subject: [PATCH] chore: js vulnerabilities 2026-03-26 (#7912) --- .../external-composition/package.json | 2 +- packages/services/cdn-worker/package.json | 2 +- packages/services/commerce/package.json | 2 +- packages/services/policy/package.json | 2 +- packages/services/schema/package.json | 2 +- packages/services/server/package.json | 2 +- packages/services/service-common/package.json | 2 +- packages/services/tokens/package.json | 2 +- packages/web/app/package.json | 2 +- pnpm-lock.yaml | 106 +++++++++--------- 10 files changed, 59 insertions(+), 65 deletions(-) diff --git a/packages/libraries/external-composition/package.json b/packages/libraries/external-composition/package.json index c027f249d..f66c69343 100644 --- a/packages/libraries/external-composition/package.json +++ b/packages/libraries/external-composition/package.json @@ -63,7 +63,7 @@ "@apollo/composition": "2.13.2", "@types/node": "24.10.9", "esbuild": "0.25.9", - "fastify": "5.8.1", + "fastify": "5.8.3", "graphql": "16.9.0" }, "publishConfig": { diff --git a/packages/services/cdn-worker/package.json b/packages/services/cdn-worker/package.json index 86423d5ab..23429f8e4 100644 --- a/packages/services/cdn-worker/package.json +++ b/packages/services/cdn-worker/package.json @@ -23,7 +23,7 @@ "bcryptjs": "2.4.3", "dotenv": "16.4.7", "esbuild": "0.25.9", - "fastify": "5.8.1", + "fastify": "5.8.3", "graphql": "16.9.0", "itty-router": "4.2.2", "itty-router-extras": "0.4.6", diff --git a/packages/services/commerce/package.json b/packages/services/commerce/package.json index b62b2d83d..e6220e9e8 100644 --- a/packages/services/commerce/package.json +++ b/packages/services/commerce/package.json @@ -18,7 +18,7 @@ "@trpc/server": "10.45.3", "date-fns": "4.1.0", "dotenv": "16.4.7", - "fastify": "5.8.1", + "fastify": "5.8.3", "pino-pretty": "11.3.0", "reflect-metadata": "0.2.2", "stripe": "17.5.0", diff --git a/packages/services/policy/package.json b/packages/services/policy/package.json index 42bd147da..9a3077b51 100644 --- a/packages/services/policy/package.json +++ b/packages/services/policy/package.json @@ -18,7 +18,7 @@ "ajv": "8.18.0", "dotenv": "16.4.7", "eslint": "8.57.1", - "fastify": "5.8.1", + "fastify": "5.8.3", "graphql": "16.9.0", "pino-pretty": "11.3.0", "zod": "3.25.76", diff --git a/packages/services/schema/package.json b/packages/services/schema/package.json index 83aac3138..3da7da8b3 100644 --- a/packages/services/schema/package.json +++ b/packages/services/schema/package.json @@ -21,7 +21,7 @@ "@types/ioredis-mock": "8.2.5", "dotenv": "16.4.7", "fast-json-stable-stringify": "2.1.0", - "fastify": "5.8.1", + "fastify": "5.8.3", "fastq": "1.19.1", "got": "14.4.7", "graphql": "16.9.0", diff --git a/packages/services/server/package.json b/packages/services/server/package.json index e569a478b..15e0e1198 100644 --- a/packages/services/server/package.json +++ b/packages/services/server/package.json @@ -43,7 +43,7 @@ "@trpc/server": "10.45.3", "@whatwg-node/server": "0.10.17", "dotenv": "16.4.7", - "fastify": "5.8.1", + "fastify": "5.8.3", "got": "14.4.7", "graphql": "16.9.0", "graphql-yoga": "5.13.3", diff --git a/packages/services/service-common/package.json b/packages/services/service-common/package.json index de48f4f10..f624c73d8 100644 --- a/packages/services/service-common/package.json +++ b/packages/services/service-common/package.json @@ -29,7 +29,7 @@ "@sentry/node": "7.120.2", "@sentry/types": "7.120.2", "@sentry/utils": "7.120.2", - "fastify": "5.8.1", + "fastify": "5.8.3", "fastify-plugin": "5.1.0", "opentelemetry-instrumentation-fetch-node": "1.2.3", "p-retry": "6.2.1", diff --git a/packages/services/tokens/package.json b/packages/services/tokens/package.json index 857d115e3..7d72892ab 100644 --- a/packages/services/tokens/package.json +++ b/packages/services/tokens/package.json @@ -15,7 +15,7 @@ "@trpc/server": "10.45.3", "@types/ms": "0.7.34", "dotenv": "16.4.7", - "fastify": "5.8.1", + "fastify": "5.8.3", "ioredis": "5.8.2", "lru-cache": "11.0.2", "ms": "2.1.3", diff --git a/packages/web/app/package.json b/packages/web/app/package.json index fed9c2f0d..d5f0de61b 100644 --- a/packages/web/app/package.json +++ b/packages/web/app/package.json @@ -99,7 +99,7 @@ "dotenv": "16.4.7", "echarts": "5.6.0", "echarts-for-react": "3.0.2", - "fastify": "5.8.1", + "fastify": "5.8.3", "formik": "2.4.6", "framer-motion": "11.18.2", "graphiql": "4.0.0-alpha.5", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ea633e69c..407afb411 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -638,8 +638,8 @@ importers: specifier: 0.25.9 version: 0.25.9 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 graphql: specifier: 16.9.0 version: 16.9.0 @@ -1301,8 +1301,8 @@ importers: specifier: 0.25.9 version: 0.25.9 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 graphql: specifier: 16.9.0 version: 16.9.0 @@ -1352,8 +1352,8 @@ importers: specifier: 16.4.7 version: 16.4.7 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 pino-pretty: specifier: 11.3.0 version: 11.3.0 @@ -1443,8 +1443,8 @@ importers: specifier: 8.57.1 version: 8.57.1(patch_hash=08d9d41d21638cb74d0f9f34877a8839601a4e5a8263066ff23e7032addbcba0) fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 graphql: specifier: 16.9.0 version: 16.9.0 @@ -1497,8 +1497,8 @@ importers: specifier: 2.1.0 version: 2.1.0 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 fastq: specifier: 1.19.1 version: 1.19.1 @@ -1623,8 +1623,8 @@ importers: specifier: 16.4.7 version: 16.4.7 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 got: specifier: 14.4.7 version: 14.4.7(patch_hash=f7660444905ddadee251ff98241119fb54f5fec1e673a428192da361d5636299) @@ -1717,8 +1717,8 @@ importers: specifier: 7.120.2 version: 7.120.2 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 fastify-plugin: specifier: 5.1.0 version: 5.1.0 @@ -1816,8 +1816,8 @@ importers: specifier: 16.4.7 version: 16.4.7 fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 ioredis: specifier: 5.8.2 version: 5.8.2 @@ -2060,7 +2060,7 @@ importers: version: 9.0.0 '@fastify/vite': specifier: 8.4.1 - version: 8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.1)(vite@7.3.1(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0)) + version: 8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.3)(vite@7.3.1(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0)) '@graphiql/plugin-explorer': specifier: 4.0.0-alpha.2 version: 4.0.0-alpha.2(@graphiql/react@1.0.0-alpha.4(patch_hash=1018befc9149cbc43bc2bf8982d52090a580e68df34b46674234f4e58eb6d0a0)(@codemirror/language@6.10.2)(@types/node@25.5.0)(@types/react-dom@18.3.5(@types/react@18.3.18))(@types/react@18.3.18)(graphql-ws@5.16.1(graphql@16.9.0))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) @@ -2299,8 +2299,8 @@ importers: specifier: 3.0.2 version: 3.0.2(echarts@5.6.0)(react@18.3.1) fastify: - specifier: 5.8.1 - version: 5.8.1 + specifier: 5.8.3 + version: 5.8.3 formik: specifier: 2.4.6 version: 2.4.6(react@18.3.1) @@ -12671,8 +12671,8 @@ packages: fastify-plugin@5.1.0: resolution: {integrity: sha512-FAIDA8eovSt5qcDgcBvDuX/v0Cjz0ohGhENZ/wpc3y+oZCY2afZ9Baqql3g/lC+OHRnciQol4ww7tuthOb9idw==} - fastify@5.8.1: - resolution: {integrity: sha512-y0kicFvvn7CYWoPOVLOcvn4YyKQz03DIY7UxmyOy21/J8eXm09R+tmb+tVDBW5h+pja30cHI5dqUcSlvY86V2A==} + fastify@5.8.3: + resolution: {integrity: sha512-XJXpRQ41+rsJ/GLeP9vyDC+fBXilcTlEXokMSexkdEkla4uf7ZQNaI5xl3el+kW5TZQulqYxLr659ey/KX7XmQ==} fastq@1.19.1: resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==} @@ -15988,12 +15988,8 @@ packages: resolution: {integrity: sha512-I3EurrIQMlRc9IaAZnqRR044Phh2DXY+55o7uJ0V+hYZAcQYSuFWsc9q5PvyDHUSCe1Qxn/iBz+78s86zWnGag==} engines: {node: '>=10'} - picomatch@4.0.2: - resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==} - engines: {node: '>=12'} - - picomatch@4.0.3: - resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==} + picomatch@4.0.4: + resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==} engines: {node: '>=12'} pify@2.3.0: @@ -21314,7 +21310,7 @@ snapshots: graphql: 16.12.0 lodash.get: 4.4.2 ms: 2.1.3 - picomatch: 4.0.3 + picomatch: 4.0.4 tslib: 2.8.1 '@envelop/response-cache@6.1.2(@envelop/core@5.5.1)(graphql@16.9.0)': @@ -21686,12 +21682,12 @@ snapshots: fastq: 1.19.1 glob: 13.0.0 - '@fastify/vite@8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.1)(vite@7.3.1(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))': + '@fastify/vite@8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.3)(vite@7.3.1(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0))': dependencies: '@fastify/deepmerge': 3.2.0 '@fastify/middie': 9.3.1 '@fastify/static': 9.0.0 - fastify: 5.8.1 + fastify: 5.8.3 fastify-plugin: 5.1.0 fs-extra: 11.3.3 html-rewriter-wasm: 0.4.1 @@ -28648,10 +28644,10 @@ snapshots: '@rollup/pluginutils': 5.0.2(rollup@4.59.0) commondir: 1.0.1 estree-walker: 2.0.2 - fdir: 6.5.0(picomatch@4.0.3) + fdir: 6.5.0(picomatch@4.0.4) is-reference: 1.2.1 magic-string: 0.30.21 - picomatch: 4.0.3 + picomatch: 4.0.4 optionalDependencies: rollup: 4.59.0 @@ -28682,7 +28678,7 @@ snapshots: dependencies: '@types/estree': 1.0.8 estree-walker: 2.0.2 - picomatch: 4.0.3 + picomatch: 4.0.4 optionalDependencies: rollup: 4.59.0 @@ -33904,7 +33900,7 @@ snapshots: fastify-plugin@5.1.0: {} - fastify@5.8.1: + fastify@5.8.3: dependencies: '@fastify/ajv-compiler': 4.0.5 '@fastify/error': 4.2.0 @@ -33926,17 +33922,17 @@ snapshots: dependencies: reusify: 1.0.4 - fdir@6.4.2(picomatch@4.0.2): + fdir@6.4.2(picomatch@4.0.4): optionalDependencies: - picomatch: 4.0.2 + picomatch: 4.0.4 fdir@6.5.0(picomatch@3.0.1): optionalDependencies: picomatch: 3.0.1 - fdir@6.5.0(picomatch@4.0.3): + fdir@6.5.0(picomatch@4.0.4): optionalDependencies: - picomatch: 4.0.3 + picomatch: 4.0.4 fengari-interop@0.1.3(fengari@0.1.4): dependencies: @@ -38129,9 +38125,7 @@ snapshots: picomatch@3.0.1: {} - picomatch@4.0.2: {} - - picomatch@4.0.3: {} + picomatch@4.0.4: {} pify@2.3.0: {} @@ -39086,9 +39080,9 @@ snapshots: rolldown-vite@7.1.14(@types/node@24.10.9)(esbuild@0.25.9)(jiti@2.6.1)(less@4.2.0)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0): dependencies: '@oxc-project/runtime': 0.92.0 - fdir: 6.5.0(picomatch@4.0.3) + fdir: 6.5.0(picomatch@4.0.4) lightningcss: 1.30.2 - picomatch: 4.0.3 + picomatch: 4.0.4 postcss: 8.5.6 rolldown: 1.0.0-beta.41 tinyglobby: 0.2.15 @@ -40033,18 +40027,18 @@ snapshots: tinyglobby@0.2.10: dependencies: - fdir: 6.4.2(picomatch@4.0.2) - picomatch: 4.0.2 + fdir: 6.4.2(picomatch@4.0.4) + picomatch: 4.0.4 tinyglobby@0.2.12: dependencies: - fdir: 6.5.0(picomatch@4.0.3) - picomatch: 4.0.3 + fdir: 6.5.0(picomatch@4.0.4) + picomatch: 4.0.4 tinyglobby@0.2.15: dependencies: - fdir: 6.5.0(picomatch@4.0.3) - picomatch: 4.0.3 + fdir: 6.5.0(picomatch@4.0.4) + picomatch: 4.0.4 tinyrainbow@3.0.3: {} @@ -40540,7 +40534,7 @@ snapshots: dependencies: '@jridgewell/remapping': 2.3.5 acorn: 8.15.0 - picomatch: 4.0.3 + picomatch: 4.0.4 webpack-virtual-modules: 0.6.2 until-async@3.0.2: {} @@ -40844,8 +40838,8 @@ snapshots: vite@7.3.1(@types/node@24.10.9)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0): dependencies: esbuild: 0.25.9 - fdir: 6.5.0(picomatch@4.0.3) - picomatch: 4.0.3 + fdir: 6.5.0(picomatch@4.0.4) + picomatch: 4.0.4 postcss: 8.5.6 rollup: 4.59.0 tinyglobby: 0.2.15 @@ -40862,8 +40856,8 @@ snapshots: vite@7.3.1(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.5.0): dependencies: esbuild: 0.25.9 - fdir: 6.5.0(picomatch@4.0.3) - picomatch: 4.0.3 + fdir: 6.5.0(picomatch@4.0.4) + picomatch: 4.0.4 postcss: 8.5.6 rollup: 4.59.0 tinyglobby: 0.2.15 @@ -40891,7 +40885,7 @@ snapshots: expect-type: 1.2.2 magic-string: 0.30.21 pathe: 2.0.3 - picomatch: 4.0.3 + picomatch: 4.0.4 std-env: 3.10.0 tinybench: 2.9.0 tinyexec: 0.3.2 @@ -40930,7 +40924,7 @@ snapshots: expect-type: 1.2.2 magic-string: 0.30.21 pathe: 2.0.3 - picomatch: 4.0.3 + picomatch: 4.0.4 std-env: 3.10.0 tinybench: 2.9.0 tinyexec: 0.3.2