build(deps): add security resolutions for vulnerable npm packages (#1740)

## Summary Addresses npm security vulnerabilities in transitive dependencies. Prefer direct dependency upgrades over broad resolutions where possible. ## Changes **Direct upgrade:** - **`@slack/webhook`**: `^6.1.0` → `^7.0.0` — v7 natively uses axios v1, eliminating the axios@0.21.4 SSRF/redirect vulnerabilities. Only breaking change in v7 is dropping Node <18 (we're on Node 22). **Resolutions for transitive deps with no direct upgrade path:** - **`fast-xml-parser`**: `^4.4.0` — fixes prototype pollution (High) - **`systeminformation`**: `^5.24.0` — fixes command injection (High) ## Removed/Not Done - `axios` resolution removed — covered by the `@slack/webhook` upgrade instead - `tar` resolution removed — was a v6→v7 major jump on build-only tools (`cacache`, `node-gyp`); not present in the production image - `glob` resolution removed — was breaking test coverage tooling (`test-exclude@6` depends on glob@^7) ## Related Follow-up to #1731 which addressed base image vulnerabilities (Node, Go, ClickHouse).
2026-04-21 13:37:15 +00:00 · 2026-02-25 18:14:24 -08:00 · 2026-02-25 18:14:24 -08:00 · ef66cba8cd
commit ef66cba8cd
parent 733d612649
9 changed files with 246 additions and 98 deletions
--- a/.vex/openssl-mongodb.vex.json
+++ b/.vex/openssl-mongodb.vex.json
@ -0,0 +1,150 @@
 {
  "@context": "https://openvex.dev/ns/v0.2.0",
  "@id": "https://github.com/hyperdxio/hyperdx/blob/main/.vex/openssl-mongodb.vex.json",
  "author": "HyperDX Team",
  "role": "Supplier",
  "timestamp": "2026-02-17T00:00:00Z",
  "version": 1,
  "statements": [
    {
      "vulnerability": { "name": "CVE-2021-3711" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. OpenSSL certificate-parsing vulnerabilities are not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2021-3712" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. OpenSSL certificate-parsing vulnerabilities are not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2021-4044" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. OpenSSL vulnerabilities are not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2022-0778" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. Certificate processing from untrusted sources does not occur, making this infinite-loop vulnerability unexploitable."
    },
    {
      "vulnerability": { "name": "CVE-2022-1473" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This memory leak vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2022-3358" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. Custom cipher usage from untrusted sources does not occur in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2022-3602" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This buffer overflow vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2022-3786" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This buffer overflow vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2022-3996" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. The double-locking issue is not triggerable via external input in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2023-0286" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. External GeneralName certificate parsing does not occur in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2023-0464" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. Untrusted X.509 certificate chains with policy constraints are not processed in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2023-5363" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. Untrusted key/IV inputs from external sources are not processed in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2024-4741" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This use-after-free vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2024-5535" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. The SSL_select_next_proto vulnerability requires attacker-controlled input not present in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2024-6119" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode. OCSP responses from external sources are not processed in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2025-9230" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This OpenSSL vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2025-15467" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This OpenSSL vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2025-69419" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This OpenSSL vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2025-69420" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This OpenSSL vulnerability is not exploitable in this deployment."
    },
    {
      "vulnerability": { "name": "CVE-2025-69421" },
      "products": [{ "@id": "pkg:oci/clickstack" }],
      "status": "not_affected",
      "justification": "inline_mitigations_already_exist",
      "impact_statement": "MongoDB is deployed in localhost-only mode and does not process external TLS certificates. This OpenSSL vulnerability is not exploitable in this deployment."
    }
  ]
 }
--- a/12
+++ b/12
@ -203,7 +203,7 @@ release-local:
 		echo "Tag ${LOCAL_IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} already exists. Skipping push."; \
 	else \
 		echo "Tag ${LOCAL_IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} does not exist. Building and pushing..."; \
-		docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+		docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 			--build-context clickhouse=./docker/clickhouse \
 			--build-context otel-collector=./docker/otel-collector \
 			--build-context hyperdx=./docker/hyperdx \
@ -230,7 +230,7 @@ release-all-in-one:
 		echo "Tag ${ALL_IN_ONE_IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} already exists. Skipping push."; \
 	else \
 		echo "Tag ${ALL_IN_ONE_IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} does not exist. Building and pushing..."; \
-		docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+		docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 			--build-context clickhouse=./docker/clickhouse \
 			--build-context otel-collector=./docker/otel-collector \
 			--build-context hyperdx=./docker/hyperdx \
@ -257,7 +257,7 @@ release-app:
 		echo "Tag ${IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} already exists. Skipping push."; \
 	else \
 		echo "Tag ${IMAGE_NAME_DOCKERHUB}:${IMAGE_VERSION}${IMAGE_VERSION_SUB_TAG} does not exist. Building and pushing..."; \
-		docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+		docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 			--build-context hyperdx=./docker/hyperdx \
 			--build-context api=./packages/api \
 			--build-context app=./packages/app \
@ -286,7 +286,7 @@ release-otel-collector-nightly:
 .PHONY: release-app-nightly
 release-app-nightly:
 	@echo "Building and pushing nightly tag ${IMAGE_NAME_DOCKERHUB}:${IMAGE_NIGHTLY_TAG}..."; \
-	docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+	docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 		--build-context hyperdx=./docker/hyperdx \
 		--build-context api=./packages/api \
 		--build-context app=./packages/app \
@ -301,7 +301,7 @@ release-app-nightly:
 .PHONY: release-local-nightly
 release-local-nightly:
 	@echo "Building and pushing nightly tag ${LOCAL_IMAGE_NAME_DOCKERHUB}:${IMAGE_NIGHTLY_TAG}..."; \
-	docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+	docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 		--build-context clickhouse=./docker/clickhouse \
 		--build-context otel-collector=./docker/otel-collector \
 		--build-context hyperdx=./docker/hyperdx \
@ -319,7 +319,7 @@ release-local-nightly:
 .PHONY: release-all-in-one-nightly
 release-all-in-one-nightly:
 	@echo "Building and pushing nightly tag ${ALL_IN_ONE_IMAGE_NAME_DOCKERHUB}:${IMAGE_NIGHTLY_TAG}..."; \
-	docker buildx build --squash . -f ./docker/hyperdx/Dockerfile \
+	docker buildx build --squash --sbom=true --provenance=true . -f ./docker/hyperdx/Dockerfile \
 		--build-context clickhouse=./docker/clickhouse \
 		--build-context otel-collector=./docker/otel-collector \
 		--build-context hyperdx=./docker/hyperdx \
--- a/docker/hyperdx/Dockerfile
+++ b/docker/hyperdx/Dockerfile
@ -76,8 +76,10 @@ ARG CODE_VERSION
 ENV CODE_VERSION=$CODE_VERSION
 ENV NODE_ENV=production
-# Install libs used for the start script
+# Remove package managers from production image (not needed at runtime)
-RUN npm install -g concurrently@9.1.0
+RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/lib/node_modules/corepack \
    /usr/local/bin/npm /usr/local/bin/npx /usr/local/bin/corepack \
    /usr/local/bin/yarn /usr/local/bin/yarnpkg
 USER node
@ -118,9 +120,6 @@ COPY --from=node_base --link /usr/local/lib /usr/local/lib
 COPY --from=node_base /usr/lib /usr/lib
 COPY --from=node_base /usr/local/include /usr/local/include
 # Install libs used for the start script
 RUN npm install -g concurrently@9.1.0
 # Set up Clickhouse
 COPY --from=clickhouse ./local/*.xml /etc/clickhouse-server
 COPY --from=hyperdx ./clickhouseConfig.xml /etc/clickhouse-server/config.xml
@ -146,19 +145,27 @@ COPY --from=migrate-builder /migrate /usr/local/bin/migrate
 RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositories && \
  echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories && \
  apk update && \
-  apk add --no-cache mongodb yaml-cpp=0.6.2-r2 curl ca-certificates && \
+  apk add --no-cache mongodb yaml-cpp=0.6.2-r2 ca-certificates && \
  apk add --no-cache --upgrade curl busybox && \
  addgroup -S -g ${USER_GID} otel && \
  adduser  -S -u ${USER_UID} -G otel otel && \
  mkdir -p /data/db && \
  install -d -m 0777 -o ${USER_UID} -g ${USER_GID} /etc/otel/supervisor-data && \
-  rm -rf /var/cache/apk/*
+  rm -rf /var/cache/apk/* && \
  rm -rf /usr/local/lib/node_modules/npm /usr/local/lib/node_modules/corepack \
    /usr/local/bin/npm /usr/local/bin/npx /usr/local/bin/corepack \
    /usr/local/bin/yarn /usr/local/bin/yarnpkg
 ENV NODE_ENV=production
-# Set up App (copy from prod stage)
+# Set up App
 COPY --from=prod /app /app
 COPY --from=hyperdx ./entry.local.base.sh /etc/local/entry.base.sh
 # Copy VEX exception files for Docker Scout vulnerability suppression
 # Reference via: docker scout cves --vex-location /etc/vex/ <image>
 COPY .vex/*.vex.json /etc/vex/
 WORKDIR /app
 # Add hosts entry in entrypoint script instead of here
--- a/docker/hyperdx/entry.local.base.sh
+++ b/docker/hyperdx/entry.local.base.sh
@ -67,7 +67,7 @@ echo "ClickHouse is ready!"
 /otel-entrypoint.sh /usr/local/bin/opampsupervisor > /var/log/otel-collector.log 2>&1 &
 # Start HyperDX app
-concurrently \
+./node_modules/.bin/concurrently \
  "--kill-others-on-fail" \
  "--names=API,APP,ALERT-TASK" \
  "PORT=${HYPERDX_API_PORT:-8000} HYPERDX_APP_PORT=${HYPERDX_APP_PORT:-8080} node -r ./node_modules/@hyperdx/node-opentelemetry/build/src/tracing ./packages/api/build/index.js" \
--- a/docker/hyperdx/entry.prod.sh
+++ b/docker/hyperdx/entry.prod.sh
@ -13,7 +13,7 @@ echo "Visit the HyperDX UI at $FRONTEND_URL"
 echo ""
 # Use concurrently to run both the API and App servers
-concurrently \
+./node_modules/.bin/concurrently \
  "--kill-others-on-fail" \
  "--names=API,APP,ALERT-TASK" \
  "PORT=${HYPERDX_API_PORT:-8000} HYPERDX_APP_PORT=${HYPERDX_APP_PORT:-8080} node -r ./node_modules/@hyperdx/node-opentelemetry/build/src/tracing ./packages/api/build/index.js" \
--- a/package.json
+++ b/package.json
@ -75,6 +75,8 @@
    "cookie": "^0.7.0",
    "brace-expansion": "^2.0.2",
    "diff": "^5.2.2",
-    "on-headers": "^1.1.0"
+    "on-headers": "^1.1.0",
    "fast-xml-parser": "^4.4.0",
    "systeminformation": "^5.24.0"
  }
 }
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -15,12 +15,13 @@
    "@opentelemetry/api": "^1.8.0",
    "@opentelemetry/host-metrics": "^0.35.5",
    "@opentelemetry/sdk-metrics": "^1.30.1",
-    "@slack/webhook": "^6.1.0",
+    "@slack/webhook": "^7.0.0",
    "@types/node": "^22.15.18",
    "ai": "5.0.59",
    "aws4": "^1.13.2",
    "chrono-node": "^2.9.0",
    "compression": "^1.7.4",
    "concurrently": "^9.1.2",
    "connect-mongo": "^4.6.0",
    "cors": "^2.8.5",
    "cron": "^4.3.1",
--- a/packages/app/tests/e2e/components/ChartEditorComponent.ts
+++ b/packages/app/tests/e2e/components/ChartEditorComponent.ts
@ -86,6 +86,7 @@ export class ChartEditorComponent {
    // need to wait for the recharts graph to render
    await this.page
      .locator('.recharts-responsive-container')
      .first()
      .waitFor({ state: 'visible', timeout: 10000 });
  }
--- a/yarn.lock
+++ b/yarn.lock
@ -4233,7 +4233,7 @@ __metadata:
    "@opentelemetry/api": "npm:^1.8.0"
    "@opentelemetry/host-metrics": "npm:^0.35.5"
    "@opentelemetry/sdk-metrics": "npm:^1.30.1"
-    "@slack/webhook": "npm:^6.1.0"
+    "@slack/webhook": "npm:^7.0.0"
    "@types/aws4": "npm:^1"
    "@types/compression": "npm:^1.7.3"
    "@types/cors": "npm:^2.8.14"
@ -4253,6 +4253,7 @@ __metadata:
    aws4: "npm:^1.13.2"
    chrono-node: "npm:^2.9.0"
    compression: "npm:^1.7.4"
    concurrently: "npm:^9.1.2"
    connect-mongo: "npm:^4.6.0"
    cors: "npm:^2.8.5"
    cron: "npm:^4.3.1"
@ -8027,21 +8028,21 @@ __metadata:
  languageName: node
  linkType: hard
-"@slack/types@npm:^1.2.1":
+"@slack/types@npm:^2.9.0":
-  version: 1.10.0
+  version: 2.20.0
-  resolution: "@slack/types@npm:1.10.0"
+  resolution: "@slack/types@npm:2.20.0"
-  checksum: 10c0/786565b85c67d547dfbb581d8a0d78de34a8e118cbd5d96c522a0397d690282f576a3d048c2eed3736227e99ab0bec200896293af4051bbbe470cc5237e7e1c8
+  checksum: 10c0/61187bf849eb23d00e0fefeee4525b5dc6e17fb961eb9a12a519ba12ae05cd13cd40e93cb2ce5288c981d9f166dc694816f50d8e71d12d98942a789c83626d25
  languageName: node
  linkType: hard
-"@slack/webhook@npm:^6.1.0":
+"@slack/webhook@npm:^7.0.0":
-  version: 6.1.0
+  version: 7.0.7
-  resolution: "@slack/webhook@npm:6.1.0"
+  resolution: "@slack/webhook@npm:7.0.7"
  dependencies:
-    "@slack/types": "npm:^1.2.1"
+    "@slack/types": "npm:^2.9.0"
-    "@types/node": "npm:>=12.0.0"
+    "@types/node": "npm:>=18.0.0"
-    axios: "npm:^0.21.4"
+    axios: "npm:^1.13.5"
-  checksum: 10c0/46a2ce96cf80730ae76c406dd12e55a057a4243c26e0afb9ecd6bdda3a48be96356dfb5e179402078c2c694c1c5086f2ed5534ac271e4127d35c3062fa0eff23
+  checksum: 10c0/df355ffbc4f99c00a18d6bca8269be9fa70e39d43b51768c94194fc7475ea13c79e9b7ad6b3ffb2acd2873e67690c662eda724b12bfd2fe51b34215811d762b3
  languageName: node
  linkType: hard
@ -9169,13 +9170,6 @@ __metadata:
  languageName: node
  linkType: hard
 "@types/node@npm:>=12.0.0":
  version: 20.6.0
  resolution: "@types/node@npm:20.6.0"
  checksum: 10c0/0979a218f1862a80ddb7a8ba70498798a72e4861394244657c47bd64ed0c87baa4e0c8ce693bab23e58ec272913438b341de98768dc737491c58e6faff19d955
  languageName: node
  linkType: hard
 "@types/node@npm:>=12.12.47":
  version: 20.2.1
  resolution: "@types/node@npm:20.2.1"
@ -9190,6 +9184,15 @@ __metadata:
  languageName: node
  linkType: hard
 "@types/node@npm:>=18.0.0":
  version: 25.2.3
  resolution: "@types/node@npm:25.2.3"
  dependencies:
    undici-types: "npm:~7.16.0"
  checksum: 10c0/925833029ce0bb4a72c36f90b93287184d3511aeb0fa60a994ae94b5430c22f9be6693d67d210df79267cb54c6f6978caaefb149d99ab5f83af5827ba7cb9822
  languageName: node
  linkType: hard
 "@types/node@npm:^12.7.1":
  version: 12.20.55
  resolution: "@types/node@npm:12.20.55"
@ -10857,23 +10860,14 @@ __metadata:
  languageName: node
  linkType: hard
-"axios@npm:^0.21.4":
+"axios@npm:^1.13.5, axios@npm:^1.8.3":
-  version: 0.21.4
+  version: 1.13.5
-  resolution: "axios@npm:0.21.4"
+  resolution: "axios@npm:1.13.5"
  dependencies:
-    follow-redirects: "npm:^1.14.0"
+    follow-redirects: "npm:^1.15.11"
-  checksum: 10c0/fbcff55ec68f71f02d3773d467db2fcecdf04e749826c82c2427a232f9eba63242150a05f15af9ef15818352b814257541155de0281f8fb2b7e8a5b79f7f2142
+    form-data: "npm:^4.0.5"
  languageName: node
  linkType: hard
 "axios@npm:^1.8.3":
  version: 1.11.0
  resolution: "axios@npm:1.11.0"
  dependencies:
    follow-redirects: "npm:^1.15.6"
    form-data: "npm:^4.0.4"
    proxy-from-env: "npm:^1.1.0"
-  checksum: 10c0/5de273d33d43058610e4d252f0963cc4f10714da0bfe872e8ef2cbc23c2c999acc300fd357b6bce0fc84a2ca9bd45740fa6bb28199ce2c1266c8b1a393f2b36e
+  checksum: 10c0/abf468c34f2d145f3dc7dbc0f1be67e520630624307bda69a41bbe8d386bd672d87b4405c4ee77f9ff54b235ab02f96a9968fb00e75b13ce64706e352a3068fd
  languageName: node
  linkType: hard
@ -14933,14 +14927,14 @@ __metadata:
  languageName: node
  linkType: hard
-"fast-xml-parser@npm:4.1.2":
+"fast-xml-parser@npm:^4.4.0":
-  version: 4.1.2
+  version: 4.5.3
-  resolution: "fast-xml-parser@npm:4.1.2"
+  resolution: "fast-xml-parser@npm:4.5.3"
  dependencies:
-    strnum: "npm:^1.0.5"
+    strnum: "npm:^1.1.1"
  bin:
    fxparser: src/cli/cli.js
-  checksum: 10c0/fdc599b28d6ff64ee3727209387cfbcfaa2c696bc8dca5e218876a6098b8df52c56fa899cc33b3ffc5ffa36de2ebbb308fe6794930b217e80dd5985fcab432bd
+  checksum: 10c0/bf9ccadacfadc95f6e3f0e7882a380a7f219cf0a6f96575149f02cb62bf44c3b7f0daee75b8ff3847bcfd7fbcb201e402c71045936c265cf6d94b141ec4e9327
  languageName: node
  linkType: hard
@ -15208,7 +15202,7 @@ __metadata:
  languageName: node
  linkType: hard
-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.6":
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11":
  version: 1.15.11
  resolution: "follow-redirects@npm:1.15.11"
  peerDependenciesMeta:
@ -15218,16 +15212,6 @@ __metadata:
  languageName: node
  linkType: hard
 "follow-redirects@npm:^1.14.0":
  version: 1.15.6
  resolution: "follow-redirects@npm:1.15.6"
  peerDependenciesMeta:
    debug:
      optional: true
  checksum: 10c0/9ff767f0d7be6aa6870c82ac79cf0368cd73e01bbc00e9eb1c2a16fbb198ec105e3c9b6628bb98e9f3ac66fe29a957b9645bcb9a490bb7aa0d35f908b6b85071
  languageName: node
  linkType: hard
 "for-each@npm:^0.3.3, for-each@npm:^0.3.5":
  version: 0.3.5
  resolution: "for-each@npm:0.3.5"
@ -15270,7 +15254,7 @@ __metadata:
  languageName: node
  linkType: hard
-"form-data@npm:^4.0.0, form-data@npm:^4.0.4":
+"form-data@npm:^4.0.0":
  version: 4.0.4
  resolution: "form-data@npm:4.0.4"
  dependencies:
@ -15283,6 +15267,19 @@ __metadata:
  languageName: node
  linkType: hard
 "form-data@npm:^4.0.5":
  version: 4.0.5
  resolution: "form-data@npm:4.0.5"
  dependencies:
    asynckit: "npm:^0.4.0"
    combined-stream: "npm:^1.0.8"
    es-set-tostringtag: "npm:^2.1.0"
    hasown: "npm:^2.0.2"
    mime-types: "npm:^2.1.12"
  checksum: 10c0/dd6b767ee0bbd6d84039db12a0fa5a2028160ffbfaba1800695713b46ae974a5f6e08b3356c3195137f8530dcd9dfcb5d5ae1eeff53d0db1e5aad863b619ce3b
  languageName: node
  linkType: hard
 "formdata-polyfill@npm:^4.0.10":
  version: 4.0.10
  resolution: "formdata-polyfill@npm:4.0.10"
@ -15699,8 +15696,8 @@ __metadata:
  linkType: hard
 "glob@npm:^10.2.2, glob@npm:^10.3.10":
-  version: 10.4.5
+  version: 10.5.0
-  resolution: "glob@npm:10.4.5"
+  resolution: "glob@npm:10.5.0"
  dependencies:
    foreground-child: "npm:^3.1.0"
    jackspeak: "npm:^3.1.2"
@ -15710,7 +15707,7 @@ __metadata:
    path-scurry: "npm:^1.11.1"
  bin:
    glob: dist/esm/bin.mjs
-  checksum: 10c0/19a9759ea77b8e3ca0a43c2f07ecddc2ad46216b786bb8f993c445aee80d345925a21e5280c7b7c6c59e860a0154b84e4b2b60321fea92cd3c56b4a7489f160e
+  checksum: 10c0/100705eddbde6323e7b35e1d1ac28bcb58322095bd8e63a7d0bef1a2cdafe0d0f7922a981b2b48369a4f8c1b077be5c171804534c3509dfe950dde15fbe6d828
  languageName: node
  linkType: hard
@ -19190,13 +19187,6 @@ __metadata:
  languageName: node
  linkType: hard
 "lru-cache@npm:^9.1.1 || ^10.0.0":
  version: 10.0.1
  resolution: "lru-cache@npm:10.0.1"
  checksum: 10c0/982dabfb227b9a2daf56d712ae0e72e01115a28c0a2068cd71277bca04568f3417bbf741c6c7941abc5c620fd8059e34f15607f90ebccbfa0a17533322d27a8e
  languageName: node
  linkType: hard
 "luxon@npm:~3.7.0":
  version: 3.7.2
  resolution: "luxon@npm:3.7.2"
@ -21338,7 +21328,7 @@ __metadata:
  languageName: node
  linkType: hard
-"path-scurry@npm:^1.11.1":
+"path-scurry@npm:^1.11.1, path-scurry@npm:^1.6.1":
  version: 1.11.1
  resolution: "path-scurry@npm:1.11.1"
  dependencies:
@ -21348,16 +21338,6 @@ __metadata:
  languageName: node
  linkType: hard
 "path-scurry@npm:^1.6.1":
  version: 1.10.1
  resolution: "path-scurry@npm:1.10.1"
  dependencies:
    lru-cache: "npm:^9.1.1 || ^10.0.0"
    minipass: "npm:^5.0.0 || ^6.0.2 || ^7.0.0"
  checksum: 10c0/e5dc78a7348d25eec61ab166317e9e9c7b46818aa2c2b9006c507a6ff48c672d011292d9662527213e558f5652ce0afcc788663a061d8b59ab495681840c0c1e
  languageName: node
  linkType: hard
 "path-to-regexp@npm:^6.2.0":
  version: 6.2.2
  resolution: "path-to-regexp@npm:6.2.2"
@ -24800,10 +24780,10 @@ __metadata:
  languageName: node
  linkType: hard
-"strnum@npm:^1.0.5":
+"strnum@npm:^1.1.1":
-  version: 1.0.5
+  version: 1.1.2
-  resolution: "strnum@npm:1.0.5"
+  resolution: "strnum@npm:1.1.2"
-  checksum: 10c0/64fb8cc2effbd585a6821faa73ad97d4b553c8927e49086a162ffd2cc818787643390b89d567460a8e74300148d11ac052e21c921ef2049f2987f4b1b89a7ff1
+  checksum: 10c0/a0fce2498fa3c64ce64a40dada41beb91cabe3caefa910e467dc0518ef2ebd7e4d10f8c2202a6104f1410254cae245066c0e94e2521fb4061a5cb41831952392
  languageName: node
  linkType: hard
@ -25215,12 +25195,12 @@ __metadata:
  languageName: node
  linkType: hard
-"systeminformation@npm:5.23.8":
+"systeminformation@npm:^5.24.0":
-  version: 5.23.8
+  version: 5.30.7
-  resolution: "systeminformation@npm:5.23.8"
+  resolution: "systeminformation@npm:5.30.7"
  bin:
    systeminformation: lib/cli.js
-  checksum: 10c0/d4d750d82345081a6a12200ec8f559ff65a8c28d9797d4368c246682ee02131ee08a4227e4401b6680839f0f0e1a72758071fd84eae2f0584a89e948d583703f
+  checksum: 10c0/62588fabe62ec258d56055e609a075fe1eb1da2f090adc8c53e025ad8947d6eb9d3d2889646973fafba9528e06958decbb1def2b989af0363a952c5aff65fbae
  conditions: (os=darwin | os=linux | os=win32 | os=freebsd | os=openbsd | os=netbsd | os=sunos | os=android)
  languageName: node
  linkType: hard
@ -26128,6 +26108,13 @@ __metadata:
  languageName: node
  linkType: hard
 "undici-types@npm:~7.16.0":
  version: 7.16.0
  resolution: "undici-types@npm:7.16.0"
  checksum: 10c0/3033e2f2b5c9f1504bdc5934646cb54e37ecaca0f9249c983f7b1fc2e87c6d18399ebb05dc7fd5419e02b2e915f734d872a65da2e3eeed1813951c427d33cc9a
  languageName: node
  linkType: hard
 "unicode-canonical-property-names-ecmascript@npm:^2.0.0":
  version: 2.0.0
  resolution: "unicode-canonical-property-names-ecmascript@npm:2.0.0"