diff --git a/package.json b/package.json index 981bd3559..4f3ad9561 100644 --- a/package.json +++ b/package.json @@ -120,6 +120,7 @@ "overrides.tar-fs": "https://github.com/graphql-hive/console/security/dependabot/290", "overrides.nodemailer@^6.0.0": "supertokens-node override for vulnerable version", "overrides.@types/nodemailer>@aws-sdk/client-sesv2": "@types/nodemailer depends on some AWS stuff that causes the 3.x.x version to stick around. We don't need that dependency. (https://github.com/graphql-hive/console/security/dependabot/436)", + "overrides.tar@6.x.x": "address https://github.com/graphql-hive/console/security/dependabot/443", "overrides": { "esbuild": "0.25.9", "csstype": "3.1.2", @@ -135,7 +136,8 @@ "tailwindcss": "3.4.17", "estree-util-value-to-estree": "^3.3.3", "nodemailer@^6.0.0": "^7.0.11", - "@types/nodemailer>@aws-sdk/client-sesv2": "-" + "@types/nodemailer>@aws-sdk/client-sesv2": "-", + "tar@6.x.x": "^7.5.3" }, "patchedDependencies": { "mjml-core@4.14.0": "patches/mjml-core@4.14.0.patch", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index dcb28e714..a93581ad1 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -20,6 +20,7 @@ overrides: estree-util-value-to-estree: ^3.3.3 nodemailer@^6.0.0: ^7.0.11 '@types/nodemailer>@aws-sdk/client-sesv2': '-' + tar@6.x.x: ^7.5.3 patchedDependencies: '@apollo/federation@0.38.1': @@ -5788,6 +5789,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@isaacs/string-locale-compare@1.1.0': resolution: {integrity: sha512-SQ7Kzhh9+D+ZW9MA0zkYv3VXhIDNx+LzM6EJ+/65I3QY+enU6Itte7E5XX7EWrqLW2FN4n06GWzBnPoC3th2aQ==} @@ -11041,9 +11046,9 @@ packages: chownr@1.1.4: resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==} - chownr@2.0.0: - resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} - engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} ci-info@3.8.0: resolution: {integrity: sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==} @@ -12766,10 +12771,6 @@ packages: resolution: {integrity: sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==} engines: {node: '>=10'} - fs-minipass@2.1.0: - resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==} - engines: {node: '>= 8'} - fs-minipass@3.0.0: resolution: {integrity: sha512-EUojgQaSPy6sxcqcZgQv6TVF6jiKvurji3AxhAivs/Ep4O1UpS8TusaxpybfFHZ2skRhLqzk6WR8nqNYIMMDeA==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -15001,10 +15002,18 @@ packages: resolution: {integrity: sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==} engines: {node: '>=16 || 14 >=14.17'} + minipass@7.1.2: + resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} + engines: {node: '>=16 || 14 >=14.17'} + minizlib@2.1.2: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mj-context-menu@0.6.1: resolution: {integrity: sha512-7NO5s6n10TIV96d4g2uDpG7ZDpIhMh0QNfGdJw/W47JswFcosz457wqz/b5sAKvl12sxINGFCn80NZHKwxQEXA==} @@ -17678,9 +17687,9 @@ packages: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} engines: {node: '>=6'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} + tar@7.5.4: + resolution: {integrity: sha512-AN04xbWGrSTDmVwlI4/GTlIIwMFk/XEv7uL8aa57zuvRy6s4hdBed+lVq2fAZ89XDa7Us3ANXcE3Tvqvja1kTA==} + engines: {node: '>=18'} tdigest@0.1.2: resolution: {integrity: sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==} @@ -18726,6 +18735,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml-eslint-parser@1.2.2: resolution: {integrity: sha512-pEwzfsKbTrB8G3xc/sN7aw1v6A6c/pKxLAkjclnAyo5g5qOh6eL9WGu0o3cSDQZKrTNk4KL4lQSwZW+nBkANEg==} engines: {node: ^14.17.0 || >=16.0.0} @@ -25808,6 +25821,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@isaacs/string-locale-compare@1.1.0': {} '@jest/schemas@29.6.3': @@ -32516,7 +32533,7 @@ snapshots: p-map: 4.0.0 promise-inflight: 1.0.1 ssri: 10.0.5 - tar: 6.2.1 + tar: 7.5.4 unique-filename: 3.0.0 transitivePeerDependencies: - bluebird @@ -32533,7 +32550,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.5 - tar: 6.2.1 + tar: 7.5.4 unique-filename: 3.0.0 cache-control-parser@2.0.6: {} @@ -32776,7 +32793,7 @@ snapshots: chownr@1.1.4: {} - chownr@2.0.0: {} + chownr@3.0.0: {} ci-info@3.8.0: {} @@ -34804,10 +34821,6 @@ snapshots: jsonfile: 6.1.0 universalify: 2.0.0 - fs-minipass@2.1.0: - dependencies: - minipass: 3.3.4 - fs-minipass@3.0.0: dependencies: minipass: 4.2.4 @@ -37679,11 +37692,17 @@ snapshots: minipass@7.0.4: {} + minipass@7.1.2: {} + minizlib@2.1.2: dependencies: minipass: 3.3.4 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mj-context-menu@0.6.1: {} mjml-accordion@4.14.0(encoding@0.1.13): @@ -38229,7 +38248,7 @@ snapshots: nopt: 7.2.0 proc-log: 3.0.0 semver: 7.7.2 - tar: 6.2.1 + tar: 7.5.4 which: 4.0.0 transitivePeerDependencies: - supports-color @@ -38635,7 +38654,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 2.2.2 ssri: 10.0.5 - tar: 6.2.1 + tar: 7.5.4 transitivePeerDependencies: - bluebird - supports-color @@ -40977,14 +40996,13 @@ snapshots: inherits: 2.0.4 readable-stream: 3.6.0 - tar@6.2.1: + tar@7.5.4: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 tdigest@0.1.2: dependencies: @@ -42173,6 +42191,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml-eslint-parser@1.2.2: dependencies: eslint-visitor-keys: 3.4.3