Elgato_dark/console
1
0
Fork 0
mirror of https://github.com/graphql-hive/console synced 2026-04-21 06:37:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: vulnerabilities 2026-04-16 (#7988)

Browse source
This commit is contained in:
Laurin 2026-04-16 11:04:18 +02:00 committed by GitHub
parent fe06ddec5a
commit d7e7025624
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 49 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/breezy-signs-fly.md Normal file
View file

@ -0,0 +1,5 @@
---
'hive': patch
---
Address vulnerability [GHSA-247c-9743-5963](https://github.com/advisories/GHSA-247c-9743-5963).

5
.changeset/pretty-peaches-stick.md Normal file
View file

@ -0,0 +1,5 @@
---
'hive': patch
---
Address vulnerability [GHSA-39q2-94rc-95cp](https://github.com/advisories/GHSA-39q2-94rc-95cp).

2
package.json
View file

@ -125,7 +125,6 @@
"overrides.fast-xml-parser@5.x.x": "address https://github.com/graphql-hive/console/security/dependabot/576",
"overrides.minimatch@10.x.x": "address https://github.com/graphql-hive/console/security/dependabot/505",
"overrides.qs@<6.14.2": "address https://github.com/graphql-hive/console/security/dependabot/499",
"overrides.dompurify@3.x.x": "address https://github.com/graphql-hive/console/security/dependabot/536",
"overrides.ajv@8.x.x": "address https://github.com/graphql-hive/console/security/dependabot/507",
"overrides.yauzl@2.x.x": "address https://github.com/graphql-hive/console/security/dependabot/542",
"overrides.path-to-regexp@0.x.x": "address https://github.com/graphql-hive/console/security/dependabot/619",
@ -161,7 +160,6 @@
"minimatch@3.x.x": "^3.1.3",
"minimatch@4.x.x": "^4.2.4",
"qs@<6.14.2": "^6.14.2",
"dompurify@3.x.x": "^3.3.2",
"ajv@8.x.x": "^8.18.0",
"yauzl@2.x.x": "^3.2.1",
"glob@10.x.x": "^10.5.0",

2
packages/libraries/external-composition/package.json
View file

@ -63,7 +63,7 @@
"@apollo/composition": "2.13.2",
"@types/node": "24.12.2",
"esbuild": "0.25.9",
"fastify": "5.8.3",
"fastify": "5.8.5",
"graphql": "16.9.0"
},
"publishConfig": {

2
packages/services/cdn-worker/package.json
View file

@ -23,7 +23,7 @@
"bcryptjs": "2.4.3",
"dotenv": "16.4.7",
"esbuild": "0.25.9",
"fastify": "5.8.3",
"fastify": "5.8.5",
"graphql": "16.9.0",
"itty-router": "4.2.2",
"itty-router-extras": "0.4.6",

2
packages/services/commerce/package.json
View file

@ -19,7 +19,7 @@
"@trpc/server": "10.45.3",
"date-fns": "4.1.0",
"dotenv": "16.4.7",
"fastify": "5.8.3",
"fastify": "5.8.5",
"pino-pretty": "11.3.0",
"reflect-metadata": "0.2.2",
"stripe": "17.5.0",

2
packages/services/policy/package.json
View file

@ -18,7 +18,7 @@
"ajv": "8.18.0",
"dotenv": "16.4.7",
"eslint": "8.57.1",
"fastify": "5.8.3",
"fastify": "5.8.5",
"graphql": "16.9.0",
"pino-pretty": "11.3.0",
"zod": "3.25.76",

2
packages/services/schema/package.json
View file

@ -21,7 +21,7 @@
"@types/ioredis-mock": "8.2.5",
"dotenv": "16.4.7",
"fast-json-stable-stringify": "2.1.0",
"fastify": "5.8.3",
"fastify": "5.8.5",
"fastq": "1.19.1",
"got": "14.4.7",
"graphql": "16.9.0",

2
packages/services/server/package.json
View file

@ -44,7 +44,7 @@
"@trpc/server": "10.45.3",
"@whatwg-node/server": "0.10.17",
"dotenv": "16.4.7",
"fastify": "5.8.3",
"fastify": "5.8.5",
"got": "14.4.7",
"graphql": "16.9.0",
"graphql-yoga": "5.13.3",

2
packages/services/service-common/package.json
View file

@ -29,7 +29,7 @@
"@sentry/node": "7.120.2",
"@sentry/types": "7.120.2",
"@sentry/utils": "7.120.2",
"fastify": "5.8.3",
"fastify": "5.8.5",
"fastify-plugin": "5.1.0",
"opentelemetry-instrumentation-fetch-node": "1.2.3",
"p-retry": "6.2.1",

2
packages/services/tokens/package.json
View file

@ -19,7 +19,7 @@
"@trpc/server": "10.45.3",
"@types/ms": "0.7.34",
"dotenv": "16.4.7",
"fastify": "5.8.3",
"fastify": "5.8.5",
"ioredis": "5.8.2",
"lru-cache": "11.0.2",
"ms": "2.1.3",

4
packages/web/app/package.json
View file

@ -96,11 +96,11 @@
"crypto-js": "^4.2.0",
"date-fns": "4.1.0",
"date-fns-tz": "3.2.0",
"dompurify": "3.3.2",
"dompurify": "3.4.0",
"dotenv": "16.4.7",
"echarts": "5.6.0",
"echarts-for-react": "3.0.2",
"fastify": "5.8.3",
"fastify": "5.8.5",
"formik": "2.4.6",
"framer-motion": "11.18.2",
"graphiql": "4.0.0-alpha.5",

60
pnpm-lock.yaml
View file

@ -36,7 +36,6 @@ overrides:
minimatch@3.x.x: ^3.1.3
minimatch@4.x.x: ^4.2.4
qs@<6.14.2: ^6.14.2
dompurify@3.x.x: ^3.3.2
ajv@8.x.x: ^8.18.0
yauzl@2.x.x: ^3.2.1
glob@10.x.x: ^10.5.0
@ -664,8 +663,8 @@ importers:
specifier: 0.25.9
version: 0.25.9
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
graphql:
specifier: 16.9.0
version: 16.9.0
@ -1331,8 +1330,8 @@ importers:
specifier: 0.25.9
version: 0.25.9
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
graphql:
specifier: 16.9.0
version: 16.9.0
@ -1385,8 +1384,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
pino-pretty:
specifier: 11.3.0
version: 11.3.0
@ -1476,8 +1475,8 @@ importers:
specifier: 8.57.1
version: 8.57.1(patch_hash=08d9d41d21638cb74d0f9f34877a8839601a4e5a8263066ff23e7032addbcba0)
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
graphql:
specifier: 16.9.0
version: 16.9.0
@ -1530,8 +1529,8 @@ importers:
specifier: 2.1.0
version: 2.1.0
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
fastq:
specifier: 1.19.1
version: 1.19.1
@ -1659,8 +1658,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
got:
specifier: 14.4.7
version: 14.4.7(patch_hash=f7660444905ddadee251ff98241119fb54f5fec1e673a428192da361d5636299)
@ -1753,8 +1752,8 @@ importers:
specifier: 7.120.2
version: 7.120.2
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
fastify-plugin:
specifier: 5.1.0
version: 5.1.0
@ -1846,8 +1845,8 @@ importers:
specifier: 16.4.7
version: 16.4.7
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
ioredis:
specifier: 5.8.2
version: 5.8.2
@ -2093,7 +2092,7 @@ importers:
version: 9.0.0
'@fastify/vite':
specifier: 8.4.1
version: 8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.3)(vite@7.3.2(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.8.3))
version: 8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.5)(vite@7.3.2(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.8.3))
'@graphiql/plugin-explorer':
specifier: 4.0.0-alpha.2
version: 4.0.0-alpha.2(@graphiql/react@1.0.0-alpha.4(patch_hash=1018befc9149cbc43bc2bf8982d52090a580e68df34b46674234f4e58eb6d0a0)(@codemirror/language@6.10.2)(@types/node@25.5.0)(@types/react-dom@18.3.5(@types/react@18.3.18))(@types/react@18.3.18)(graphql-ws@5.16.1(graphql@16.9.0))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(graphql@16.9.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@ -2323,8 +2322,8 @@ importers:
specifier: 3.2.0
version: 3.2.0(date-fns@4.1.0)
dompurify:
specifier: ^3.3.2
version: 3.3.2
specifier: 3.4.0
version: 3.4.0
dotenv:
specifier: 16.4.7
version: 16.4.7
@ -2335,8 +2334,8 @@ importers:
specifier: 3.0.2
version: 3.0.2(echarts@5.6.0)(react@18.3.1)
fastify:
specifier: 5.8.3
version: 5.8.3
specifier: 5.8.5
version: 5.8.5
formik:
specifier: 2.4.6
version: 2.4.6(react@18.3.1)
@ -12289,9 +12288,8 @@ packages:
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
engines: {node: '>= 4'}
dompurify@3.3.2:
resolution: {integrity: sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==}
engines: {node: '>=20'}
dompurify@3.4.0:
resolution: {integrity: sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==}
domutils@2.8.0:
resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==}
@ -12940,8 +12938,8 @@ packages:
fastify-plugin@5.1.0:
resolution: {integrity: sha512-FAIDA8eovSt5qcDgcBvDuX/v0Cjz0ohGhENZ/wpc3y+oZCY2afZ9Baqql3g/lC+OHRnciQol4ww7tuthOb9idw==}
fastify@5.8.3:
resolution: {integrity: sha512-XJXpRQ41+rsJ/GLeP9vyDC+fBXilcTlEXokMSexkdEkla4uf7ZQNaI5xl3el+kW5TZQulqYxLr659ey/KX7XmQ==}
fastify@5.8.5:
resolution: {integrity: sha512-Yqptv59pQzPgQUSIm87hMqHJmdkb1+GPxdE6vW6FRyVE9G86mt7rOghitiU4JHRaTyDUk9pfeKmDeu70lAwM4Q==}
fastq@1.19.1:
resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==}
@ -22058,12 +22056,12 @@ snapshots:
fastq: 1.19.1
glob: 13.0.0
'@fastify/vite@8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.3)(vite@7.3.2(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.8.3))':
'@fastify/vite@8.4.1(patch_hash=e8a5462aec0a3469c38194575103f133a08f9b9e5031545d44661a12b80e4b0a)(fastify@5.8.5)(vite@7.3.2(@types/node@25.5.0)(jiti@2.6.1)(less@4.2.0)(lightningcss@1.31.1)(terser@5.37.0)(tsx@4.19.2)(yaml@2.8.3))':
dependencies:
'@fastify/deepmerge': 3.2.0
'@fastify/middie': 9.3.1
'@fastify/static': 9.0.0
fastify: 5.8.3
fastify: 5.8.5
fastify-plugin: 5.1.0
fs-extra: 11.3.3
html-rewriter-wasm: 0.4.1
@ -33565,7 +33563,7 @@ snapshots:
dependencies:
domelementtype: 2.3.0
dompurify@3.3.2:
dompurify@3.4.0:
optionalDependencies:
'@types/trusted-types': 2.0.7
@ -34522,7 +34520,7 @@ snapshots:
fastify-plugin@5.1.0: {}
fastify@5.8.3:
fastify@5.8.5:
dependencies:
'@fastify/ajv-compiler': 4.0.5
'@fastify/error': 4.2.0