From 555705cf3f6d8d937fb134e3e44ccfc2f4dceffa Mon Sep 17 00:00:00 2001 From: Elizabeth Craig Date: Tue, 7 Apr 2026 17:04:25 -0700 Subject: [PATCH] Dep security updates --- docs/yarn.lock | 201 +++++++++++++++++++++++++------------------------ package.json | 6 +- yarn.lock | 17 ++--- 3 files changed, 111 insertions(+), 113 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index 9c36ecb7..543e98de 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -60,7 +60,7 @@ __metadata: languageName: node linkType: hard -"@emnapi/core@npm:^1.7.1": +"@emnapi/core@npm:1.9.1": version: 1.9.1 resolution: "@emnapi/core@npm:1.9.1" dependencies: @@ -70,7 +70,7 @@ __metadata: languageName: node linkType: hard -"@emnapi/runtime@npm:^1.7.1": +"@emnapi/runtime@npm:1.9.1": version: 1.9.1 resolution: "@emnapi/runtime@npm:1.9.1" dependencies: @@ -489,14 +489,15 @@ __metadata: languageName: unknown linkType: soft -"@napi-rs/wasm-runtime@npm:^1.1.1": - version: 1.1.1 - resolution: "@napi-rs/wasm-runtime@npm:1.1.1" +"@napi-rs/wasm-runtime@npm:^1.1.2": + version: 1.1.2 + resolution: "@napi-rs/wasm-runtime@npm:1.1.2" dependencies: - "@emnapi/core": "npm:^1.7.1" - "@emnapi/runtime": "npm:^1.7.1" "@tybys/wasm-util": "npm:^0.10.1" - checksum: 10c0/04d57b67e80736e41fe44674a011878db0a8ad893f4d44abb9d3608debb7c174224cba2796ed5b0c1d367368159f3ca6be45f1c59222f70e32ddc880f803d447 + peerDependencies: + "@emnapi/core": ^1.7.1 + "@emnapi/runtime": ^1.7.1 + checksum: 10c0/725c30ec9c480a8d0c1a6a4ce31dc6c830365d485e23ad560e143d1cb9db89a0c95fbb5b9d53c07121729817a3683db6f1ab65d7e4f38fa7482a11b15ef6c6fd languageName: node linkType: hard @@ -529,10 +530,10 @@ __metadata: languageName: node linkType: hard -"@oxc-project/types@npm:=0.122.0": - version: 0.122.0 - resolution: "@oxc-project/types@npm:0.122.0" - checksum: 10c0/2c64dd0db949426fd0c86d4f61eded5902e7b7b166356a825bd3a248aeaa29a495f78918f66ab78e99644b67bd7556096e2a8123cec74ca4141c604f424f4f74 +"@oxc-project/types@npm:=0.123.0": + version: 0.123.0 + resolution: "@oxc-project/types@npm:0.123.0" + checksum: 10c0/7f71f9fa38796e6e5431390c213ec9626a3972feec07b513c513828bbfba5f6d908b04e8c679ae2b30b49cc1dee2dc0b2f1012f38ed1cb9e54bfeba09119f36d languageName: node linkType: hard @@ -680,117 +681,119 @@ __metadata: languageName: node linkType: hard -"@rolldown/binding-android-arm64@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-android-arm64@npm:1.0.0-rc.11" +"@rolldown/binding-android-arm64@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-android-arm64@npm:1.0.0-rc.13" conditions: os=android & cpu=arm64 languageName: node linkType: hard -"@rolldown/binding-darwin-arm64@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-darwin-arm64@npm:1.0.0-rc.11" +"@rolldown/binding-darwin-arm64@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-darwin-arm64@npm:1.0.0-rc.13" conditions: os=darwin & cpu=arm64 languageName: node linkType: hard -"@rolldown/binding-darwin-x64@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-darwin-x64@npm:1.0.0-rc.11" +"@rolldown/binding-darwin-x64@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-darwin-x64@npm:1.0.0-rc.13" conditions: os=darwin & cpu=x64 languageName: node linkType: hard -"@rolldown/binding-freebsd-x64@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-freebsd-x64@npm:1.0.0-rc.11" +"@rolldown/binding-freebsd-x64@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-freebsd-x64@npm:1.0.0-rc.13" conditions: os=freebsd & cpu=x64 languageName: node linkType: hard -"@rolldown/binding-linux-arm-gnueabihf@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-arm-gnueabihf@npm:1.0.0-rc.11" +"@rolldown/binding-linux-arm-gnueabihf@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-arm-gnueabihf@npm:1.0.0-rc.13" conditions: os=linux & cpu=arm languageName: node linkType: hard -"@rolldown/binding-linux-arm64-gnu@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-arm64-gnu@npm:1.0.0-rc.11" +"@rolldown/binding-linux-arm64-gnu@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-arm64-gnu@npm:1.0.0-rc.13" conditions: os=linux & cpu=arm64 & libc=glibc languageName: node linkType: hard -"@rolldown/binding-linux-arm64-musl@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-arm64-musl@npm:1.0.0-rc.11" +"@rolldown/binding-linux-arm64-musl@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-arm64-musl@npm:1.0.0-rc.13" conditions: os=linux & cpu=arm64 & libc=musl languageName: node linkType: hard -"@rolldown/binding-linux-ppc64-gnu@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-ppc64-gnu@npm:1.0.0-rc.11" +"@rolldown/binding-linux-ppc64-gnu@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-ppc64-gnu@npm:1.0.0-rc.13" conditions: os=linux & cpu=ppc64 & libc=glibc languageName: node linkType: hard -"@rolldown/binding-linux-s390x-gnu@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-s390x-gnu@npm:1.0.0-rc.11" +"@rolldown/binding-linux-s390x-gnu@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-s390x-gnu@npm:1.0.0-rc.13" conditions: os=linux & cpu=s390x & libc=glibc languageName: node linkType: hard -"@rolldown/binding-linux-x64-gnu@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-x64-gnu@npm:1.0.0-rc.11" +"@rolldown/binding-linux-x64-gnu@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-x64-gnu@npm:1.0.0-rc.13" conditions: os=linux & cpu=x64 & libc=glibc languageName: node linkType: hard -"@rolldown/binding-linux-x64-musl@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-linux-x64-musl@npm:1.0.0-rc.11" +"@rolldown/binding-linux-x64-musl@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-linux-x64-musl@npm:1.0.0-rc.13" conditions: os=linux & cpu=x64 & libc=musl languageName: node linkType: hard -"@rolldown/binding-openharmony-arm64@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-openharmony-arm64@npm:1.0.0-rc.11" +"@rolldown/binding-openharmony-arm64@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-openharmony-arm64@npm:1.0.0-rc.13" conditions: os=openharmony & cpu=arm64 languageName: node linkType: hard -"@rolldown/binding-wasm32-wasi@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-wasm32-wasi@npm:1.0.0-rc.11" +"@rolldown/binding-wasm32-wasi@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-wasm32-wasi@npm:1.0.0-rc.13" dependencies: - "@napi-rs/wasm-runtime": "npm:^1.1.1" + "@emnapi/core": "npm:1.9.1" + "@emnapi/runtime": "npm:1.9.1" + "@napi-rs/wasm-runtime": "npm:^1.1.2" conditions: cpu=wasm32 languageName: node linkType: hard -"@rolldown/binding-win32-arm64-msvc@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-win32-arm64-msvc@npm:1.0.0-rc.11" +"@rolldown/binding-win32-arm64-msvc@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-win32-arm64-msvc@npm:1.0.0-rc.13" conditions: os=win32 & cpu=arm64 languageName: node linkType: hard -"@rolldown/binding-win32-x64-msvc@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/binding-win32-x64-msvc@npm:1.0.0-rc.11" +"@rolldown/binding-win32-x64-msvc@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/binding-win32-x64-msvc@npm:1.0.0-rc.13" conditions: os=win32 & cpu=x64 languageName: node linkType: hard -"@rolldown/pluginutils@npm:1.0.0-rc.11": - version: 1.0.0-rc.11 - resolution: "@rolldown/pluginutils@npm:1.0.0-rc.11" - checksum: 10c0/ed20f15c0d78bb3e82f1cb1924ed4b489c026e76cc28ed861609101c75790effa1e2e0fed37ee1b22ceec83aee8ab59098a0d5d3d1b62baa1b44753f88a5e4c6 +"@rolldown/pluginutils@npm:1.0.0-rc.13": + version: 1.0.0-rc.13 + resolution: "@rolldown/pluginutils@npm:1.0.0-rc.13" + checksum: 10c0/5ba268706b43ca0c05eed50b16a077cc014453077f70f9cdc652180561c85b0477cf073053c166016a33182021e320335832e36d9bf51b8c79799c6433018d95 languageName: node linkType: hard @@ -1682,12 +1685,12 @@ __metadata: languageName: node linkType: hard -"brace-expansion@npm:^5.0.2": - version: 5.0.4 - resolution: "brace-expansion@npm:5.0.4" +"brace-expansion@npm:^5.0.5": + version: 5.0.5 + resolution: "brace-expansion@npm:5.0.5" dependencies: balanced-match: "npm:^4.0.2" - checksum: 10c0/359cbcfa80b2eb914ca1f3440e92313fbfe7919ee6b274c35db55bec555aded69dac5ee78f102cec90c35f98c20fa43d10936d0cd9978158823c249257e1643a + checksum: 10c0/4d238e14ed4f5cc9c07285550a41cef23121ca08ba99fa9eb5b55b580dcb6bf868b8210aa10526bdc9f8dc97f33ca2a7259039c4cc131a93042beddb424c48e3 languageName: node linkType: hard @@ -2881,11 +2884,11 @@ __metadata: linkType: hard "minimatch@npm:^10.2.2": - version: 10.2.4 - resolution: "minimatch@npm:10.2.4" + version: 10.2.5 + resolution: "minimatch@npm:10.2.5" dependencies: - brace-expansion: "npm:^5.0.2" - checksum: 10c0/35f3dfb7b99b51efd46afd378486889f590e7efb10e0f6a10ba6800428cf65c9a8dedb74427d0570b318d749b543dc4e85f06d46d2858bc8cac7e1eb49a95945 + brace-expansion: "npm:^5.0.5" + checksum: 10c0/6bb058bd6324104b9ec2f763476a35386d05079c1f5fe4fbf1f324a25237cd4534d6813ecd71f48208f4e635c1221899bef94c3c89f7df55698fe373aaae20fd languageName: node linkType: hard @@ -3154,7 +3157,7 @@ __metadata: languageName: node linkType: hard -"picomatch@npm:^4.0.3": +"picomatch@npm:^4.0.3, picomatch@npm:^4.0.4": version: 4.0.4 resolution: "picomatch@npm:4.0.4" checksum: 10c0/e2c6023372cc7b5764719a5ffb9da0f8e781212fa7ca4bd0562db929df8e117460f00dff3cb7509dacfc06b86de924b247f504d0ce1806a37fac4633081466b0 @@ -3315,27 +3318,27 @@ __metadata: languageName: node linkType: hard -"rolldown@npm:1.0.0-rc.11, rolldown@npm:^1.0.0-rc.6": - version: 1.0.0-rc.11 - resolution: "rolldown@npm:1.0.0-rc.11" - dependencies: - "@oxc-project/types": "npm:=0.122.0" - "@rolldown/binding-android-arm64": "npm:1.0.0-rc.11" - "@rolldown/binding-darwin-arm64": "npm:1.0.0-rc.11" - "@rolldown/binding-darwin-x64": "npm:1.0.0-rc.11" - "@rolldown/binding-freebsd-x64": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-arm-gnueabihf": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-arm64-gnu": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-arm64-musl": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-ppc64-gnu": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-s390x-gnu": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-x64-gnu": "npm:1.0.0-rc.11" - "@rolldown/binding-linux-x64-musl": "npm:1.0.0-rc.11" - "@rolldown/binding-openharmony-arm64": "npm:1.0.0-rc.11" - "@rolldown/binding-wasm32-wasi": "npm:1.0.0-rc.11" - "@rolldown/binding-win32-arm64-msvc": "npm:1.0.0-rc.11" - "@rolldown/binding-win32-x64-msvc": "npm:1.0.0-rc.11" - "@rolldown/pluginutils": "npm:1.0.0-rc.11" +"rolldown@npm:1.0.0-rc.13, rolldown@npm:^1.0.0-rc.6": + version: 1.0.0-rc.13 + resolution: "rolldown@npm:1.0.0-rc.13" + dependencies: + "@oxc-project/types": "npm:=0.123.0" + "@rolldown/binding-android-arm64": "npm:1.0.0-rc.13" + "@rolldown/binding-darwin-arm64": "npm:1.0.0-rc.13" + "@rolldown/binding-darwin-x64": "npm:1.0.0-rc.13" + "@rolldown/binding-freebsd-x64": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-arm-gnueabihf": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-arm64-gnu": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-arm64-musl": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-ppc64-gnu": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-s390x-gnu": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-x64-gnu": "npm:1.0.0-rc.13" + "@rolldown/binding-linux-x64-musl": "npm:1.0.0-rc.13" + "@rolldown/binding-openharmony-arm64": "npm:1.0.0-rc.13" + "@rolldown/binding-wasm32-wasi": "npm:1.0.0-rc.13" + "@rolldown/binding-win32-arm64-msvc": "npm:1.0.0-rc.13" + "@rolldown/binding-win32-x64-msvc": "npm:1.0.0-rc.13" + "@rolldown/pluginutils": "npm:1.0.0-rc.13" dependenciesMeta: "@rolldown/binding-android-arm64": optional: true @@ -3369,7 +3372,7 @@ __metadata: optional: true bin: rolldown: bin/cli.mjs - checksum: 10c0/f92457aa26dac614bbaa92079d05c6a4819054468b46b2f46f68bae4bf42dc2c840a4d89be4ffa2a5821a63cd46157fa167a93e1f0b6671f89c16e3da8e2dbf3 + checksum: 10c0/fc091b7df634c0b181a28914da708376e009092c67e98f1b062f216066f790d69c6b2adc6cb044741cbe4a93d944d222e599578019da090cb66d7bd91f3730a3 languageName: node linkType: hard @@ -4053,19 +4056,19 @@ __metadata: linkType: hard "vite@npm:^8.0.0-beta.16": - version: 8.0.2 - resolution: "vite@npm:8.0.2" + version: 8.0.7 + resolution: "vite@npm:8.0.7" dependencies: fsevents: "npm:~2.3.3" lightningcss: "npm:^1.32.0" - picomatch: "npm:^4.0.3" + picomatch: "npm:^4.0.4" postcss: "npm:^8.5.8" - rolldown: "npm:1.0.0-rc.11" + rolldown: "npm:1.0.0-rc.13" tinyglobby: "npm:^0.2.15" peerDependencies: "@types/node": ^20.19.0 || >=22.12.0 "@vitejs/devtools": ^0.1.0 - esbuild: ^0.27.0 + esbuild: ^0.27.0 || ^0.28.0 jiti: ">=1.21.0" less: ^4.0.0 sass: ^1.70.0 @@ -4105,7 +4108,7 @@ __metadata: optional: true bin: vite: bin/vite.js - checksum: 10c0/b271a3c3f8100bab45ee16583cb046aa028f943205b56065b09d3f1851ed8e7068fc6a76e9dc01beca805e8bb1e53f229c4c1c623be87ef1acb00fc002a29cf6 + checksum: 10c0/88f8ec4e86275f32e88ae98df3bfda7e25f12e33e06b868b1abeee57740c9f043c9feaa3e5e993a903d6949e5cece358f7a527e6c19d9670d7401fded6d2f201 languageName: node linkType: hard diff --git a/package.json b/package.json index 766d60e5..1d842653 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,8 @@ "es5-ext": "0.10.53", "kind-of": "^6.0.3", "**/@types/glob/@types/minimatch": "^3.0.0", - "**/@types/minimatch/minimatch": "^3.0.0", + "**/syncpack/minimatch": "^6.2.3", + "**/@microsoft/api-extractor/minimatch": "^3.1.5", "**/@types/chokidar/chokidar": "^3.0.0", "@types/node": "^14.0.0" }, @@ -61,7 +62,8 @@ }, "resolutions": { "**/@types/glob/@types/minimatch": "pin to installed minimatch version, not *", - "**/@types/minimatch/minimatch": "pin to version matching other minimatch deps, not *", + "**/syncpack/minimatch": "unpin to fix security issue", + "**/@microsoft/api-extractor/minimatch": "unpin to fix security issue", "**/@types/chokidar/chokidar": "pin to version matching other chokidar deps, not *" } }, diff --git a/yarn.lock b/yarn.lock index 4cbe7823..bd18603c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2907,14 +2907,14 @@ mimic-fn@^2.1.0: resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b" integrity sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg== -minimatch@6.2.0: - version "6.2.0" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-6.2.0.tgz#2b70fd13294178c69c04dfc05aebdb97a4e79e42" - integrity sha512-sauLxniAmvnhhRjFwPNnJKaPFYyddAgbYdeUpHULtCT/GhzdCx/MDNy+Y40lBxTQUrMzDE8e0S43Z5uqfO0REg== +minimatch@6.2.0, minimatch@^6.2.3: + version "6.2.3" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-6.2.3.tgz#f5c78246aa2c546afa4c7e19294e41e5e9b8f023" + integrity sha512-5rvZbDy5y2k40rre/0OBbYnl03en25XPU3gOVO7532beGMjAipq88VdS9OeLOZNrD+Tb0lDhBJHZ7Gcd8qKlPg== dependencies: brace-expansion "^2.0.1" -minimatch@^3.0.0, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: +minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2, minimatch@^3.1.5, minimatch@~3.0.3: version "3.1.5" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e" integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w== @@ -2928,13 +2928,6 @@ minimatch@^5.0.1: dependencies: brace-expansion "^2.0.1" -minimatch@~3.0.3: - version "3.0.8" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.8.tgz#5e6a59bd11e2ab0de1cfb843eb2d82e546c321c1" - integrity sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q== - dependencies: - brace-expansion "^1.1.7" - mock-fs@^5.2.0: version "5.5.0" resolved "https://registry.yarnpkg.com/mock-fs/-/mock-fs-5.5.0.tgz#94a46d299aaa588e735a201cbe823c876e91f385"