From 195a42ed6358c0e733e9fd7f005260ca921202cb Mon Sep 17 00:00:00 2001 From: Trillium Smith Date: Mon, 12 Jan 2026 19:37:47 -0800 Subject: [PATCH 1/4] refactor: remove deprecated Mongoose connection options Remove deprecated connection options that are no longer needed in Mongoose 6+: - useNewUrlParser - useUnifiedTopology - useCreateIndex - useFindAndModify These options are now defaults and cause warnings in newer versions. Affects: - backend/server.js: Remove options from main DB connection - backend/setup-test.js: Remove mongoose.set() and connection options - backend/scripts/cloneOrSyncCollections.js: Keep dbName, remove deprecated options Related to Mongoose upgrade from 5.x to 8.x for CVE-2024-53900 fix. --- backend/scripts/cloneOrSyncCollections.js | 2 - backend/server.js | 46 +++++++++-------------- backend/setup-test.js | 15 +++----- 3 files changed, 23 insertions(+), 40 deletions(-) diff --git a/backend/scripts/cloneOrSyncCollections.js b/backend/scripts/cloneOrSyncCollections.js index 717ef7a93..4b60b4a28 100644 --- a/backend/scripts/cloneOrSyncCollections.js +++ b/backend/scripts/cloneOrSyncCollections.js @@ -69,8 +69,6 @@ async function connectDbs() { // Connect PROD using Mongoose await mongoose.connect(process.env.PROD_DB_URI, { dbName: PROD_DB_NAME, - useNewUrlParser: true, - useUnifiedTopology: true, }); // Connect DEV using MongoClient const dev = new MongoClient(process.env.DEV_DB_URI); diff --git a/backend/server.js b/backend/server.js index 2d4bb9604..cd16bd6a3 100644 --- a/backend/server.js +++ b/backend/server.js @@ -12,12 +12,7 @@ mongoose.Promise = global.Promise; let server; async function runServer(databaseUrl = CONFIG_DB.DATABASE_URL, port = CONFIG_DB.PORT) { await mongoose - .connect(databaseUrl, { - useNewUrlParser: true, - useCreateIndex: true, - useUnifiedTopology: true, - useFindAndModify: false, - }) + .connect(databaseUrl) .catch((err) => err); server = app @@ -48,35 +43,30 @@ async function closeServer() { }); } -function initial() { - Role.collection.estimatedDocumentCount((err, count) => { - if (!err && count === 0) { - new Role({ - name: "APP_USER", - }).save((err) => { - if (err) { - console.log("error", err); - } +async function initial() { + try { + const count = await Role.collection.estimatedDocumentCount(); - console.log("added 'user' to roles collection"); - }); + if (count === 0) { + await new Role({ + name: "APP_USER", + }).save(); + console.log("added 'user' to roles collection"); - new Role({ + await new Role({ name: "APP_ADMIN", - }).save((err) => { - if (err) { - console.log("error", err); - } - - console.log("added 'moderator' to roles collection"); - }); + }).save(); + console.log("added 'moderator' to roles collection"); } - }); + } catch (err) { + console.log("error", err); + } } if (require.main === module) { - runServer().catch((err) => console.error(err)); - initial(); + runServer() + .then(() => initial()) + .catch((err) => console.error(err)); } module.exports = { app, runServer, closeServer }; diff --git a/backend/setup-test.js b/backend/setup-test.js index 708d8c368..67d3ae0ca 100644 --- a/backend/setup-test.js +++ b/backend/setup-test.js @@ -1,6 +1,5 @@ // test-setup.js const mongoose = require("mongoose"); -mongoose.set("useCreateIndex", true); mongoose.promise = global.Promise; const { MongoMemoryServer } = require("mongodb-memory-server"); @@ -40,15 +39,11 @@ module.exports = { instance: { dbName: databaseName }, }); const mongoUri = await mongoServer.getUri(); - const opts = { - useNewUrlParser: true, - useFindAndModify: false, - useCreateIndex: true, - useUnifiedTopology: true, - }; - await mongoose.connect(mongoUri, opts, (err) => { - if (err) console.error(err); - }); + try { + await mongoose.connect(mongoUri); + } catch (err) { + console.error(err); + } }); // Disconnect Mongoose From 082b3df0a9da18315ff382b41efae3ae13f1cbc4 Mon Sep 17 00:00:00 2001 From: Trillium Smith Date: Mon, 12 Jan 2026 19:38:00 -0800 Subject: [PATCH 2/4] refactor: convert Mongoose callbacks to async/await MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert callback-based Mongoose API calls to async/await pattern, required for Mongoose 7+ which dropped callback support. Changes: - backend/server.js: Convert initial() function to async/await - estimatedDocumentCount() callback → await - Role.save() callbacks → await - Call initial() after runServer() connection completes - backend/controllers/user.controller.js: Convert UserController.createUser() - user.save() callback → try/catch with await This ensures compatibility with Mongoose 7+ which removed all callback support in favor of promises. Related to Mongoose upgrade from 5.x to 8.x for CVE-2024-53900 fix. --- backend/controllers/user.controller.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/backend/controllers/user.controller.js b/backend/controllers/user.controller.js index 70fedc8e0..d96d577bd 100644 --- a/backend/controllers/user.controller.js +++ b/backend/controllers/user.controller.js @@ -204,7 +204,7 @@ function generateAccessToken(user, auth_origin) { ); } -UserController.createUser = function (req, res) { +UserController.createUser = async function (req, res) { const { firstName, lastName, email } = req.body; const { origin } = req.headers; @@ -217,13 +217,12 @@ UserController.createUser = function (req, res) { accessLevel: 'user', }); - // eslint-disable-next-line - user.save((err, usr) => { - if (err) { - res.sendStatus(400); - } + try { + await user.save(); res.sendStatus(201); - }); + } catch (err) { + res.sendStatus(400); + } const jsonToken = generateAccessToken(user); @@ -333,15 +332,15 @@ UserController.bulkUpdateManagedProjects = async function (req, res) { // Convert string IDs to ObjectId in bulkOps bulkOps.forEach((op) => { if (op?.updateOne?.filter._id) { - op.updateOne.filter._id = ObjectId(op.updateOne.filter._id); + op.updateOne.filter._id = new ObjectId(op.updateOne.filter._id); } if (op?.updateOne?.update) { const update = op.updateOne.update; if (update?.$addToSet?.managedProjects) { - update.$addToSet.managedProjects = ObjectId(update.$addToSet.managedProjects); + update.$addToSet.managedProjects = new ObjectId(update.$addToSet.managedProjects); } if (update?.$pull?.managedProjects) { - update.$pull.managedProjects = ObjectId(update.$pull.managedProjects); + update.$pull.managedProjects = new ObjectId(update.$pull.managedProjects); } } }); From 15cfb3145b09e2dbc77ffa526c36bc62acf6bd5b Mon Sep 17 00:00:00 2001 From: Trillium Smith Date: Mon, 12 Jan 2026 19:38:12 -0800 Subject: [PATCH 3/4] fix: add 'new' keyword to ObjectId constructor calls Add 'new' keyword to ObjectId() calls to comply with Mongoose 7+ stricter constructor requirements. MongoDB driver ObjectId constructor requires 'new' keyword in newer versions. Changes: - backend/controllers/user.controller.js: Add 'new' to 3 ObjectId calls in bulkUpdateManagedProjects() function - backend/controllers/project.controller.js: Add 'new' to 3 ObjectId calls in bulkUpdateManagedByUsers() function Without 'new' keyword, ObjectId constructor may throw errors or behave unexpectedly in Mongoose 8 with MongoDB driver v6. Related to Mongoose upgrade from 5.x to 8.x for CVE-2024-53900 fix. --- backend/controllers/project.controller.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/controllers/project.controller.js b/backend/controllers/project.controller.js index 235b5f728..d45a398b9 100644 --- a/backend/controllers/project.controller.js +++ b/backend/controllers/project.controller.js @@ -109,15 +109,15 @@ ProjectController.bulkUpdateManagedByUsers = async function (req, res) { // Convert string IDs to ObjectId in bulkOps bulkOps.forEach((op) => { if (op?.updateOne?.filter._id) { - op.updateOne.filter._id = ObjectId(op.updateOne.filter._id); + op.updateOne.filter._id = new ObjectId(op.updateOne.filter._id); } if (op?.updateOne?.update) { const update = op.updateOne.update; if (update?.$addToSet?.managedByUsers) { - update.$addToSet.managedByUsers = ObjectId(update.$addToSet.managedByUsers); + update.$addToSet.managedByUsers = new ObjectId(update.$addToSet.managedByUsers); } if (update?.$pull?.managedByUsers) { - update.$pull.managedByUsers = ObjectId(update.$pull.managedByUsers); + update.$pull.managedByUsers = new ObjectId(update.$pull.managedByUsers); } } }); From 46904304fbd3644ff1aa400897659c1115c14ac4 Mon Sep 17 00:00:00 2001 From: Trillium Smith Date: Mon, 12 Jan 2026 19:38:25 -0800 Subject: [PATCH 4/4] chore(deps): upgrade mongoose from 5.10.0 to 8.9.5 Upgrade Mongoose to address critical security vulnerabilities: - CVE-2024-53900 (CVSS 8.7): Search injection vulnerability allowing arbitrary JavaScript execution via $where operator - CVE-2025-23061: Incomplete fix bypass for CVE-2024-53900 Mongoose 8.9.5 includes complete patches for both vulnerabilities. Breaking changes handled in previous commits: - Removed deprecated connection options - Converted callbacks to async/await - Added 'new' keyword to ObjectId constructors Minimum Mongoose versions with CVE fixes: 6.13.5, 7.8.3, 8.8.3 This upgrade uses 8.9.5 for complete protection. BREAKING CHANGE: Requires Node.js 16+ --- backend/package.json | 2 +- backend/yarn.lock | 175 +++++++++++++++++++++++++++---------------- 2 files changed, 111 insertions(+), 66 deletions(-) diff --git a/backend/package.json b/backend/package.json index 689f0d962..50d013d7e 100644 --- a/backend/package.json +++ b/backend/package.json @@ -52,7 +52,7 @@ "helmet": "^3.22.0", "jsonwebtoken": "^8.5.1", "mongodb-memory-server": "^6.9.0", - "mongoose": "^5.10.0", + "mongoose": "^8.9.5", "morgan": "^1.10.0", "node-cron": "^2.0.3", "node-fetch": "^2.6.7", diff --git a/backend/yarn.lock b/backend/yarn.lock index 4168ca86f..5e4e3dfae 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -770,6 +770,13 @@ "@jridgewell/resolve-uri" "^3.1.0" "@jridgewell/sourcemap-codec" "^1.4.14" +"@mongodb-js/saslprep@^1.3.0": + version "1.4.4" + resolved "https://registry.yarnpkg.com/@mongodb-js/saslprep/-/saslprep-1.4.4.tgz#34a946ff6ae142e8f2259b87f2935f8284ba874d" + integrity sha512-p7X/ytJDIdwUfFL/CLOhKgdfJe1Fa8uw9seJYvdOmnP9JBWGWHW69HkOixXS6Wy9yvGf1MbhcS6lVmrhy4jm2g== + dependencies: + sparse-bitfield "^3.0.3" + "@sindresorhus/is@^0.14.0": version "0.14.0" resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.14.0.tgz#9fb3a3cf3132328151f353de4632e01e52102bea" @@ -1036,6 +1043,18 @@ resolved "https://registry.yarnpkg.com/@types/tmp/-/tmp-0.2.0.tgz#e3f52b4d7397eaa9193592ef3fdd44dc0af4298c" integrity sha512-flgpHJjntpBAdJD43ShRosQvNC0ME97DCfGvZEDlAThQmnerRXrLbX6YgzRBQCZTthET9eAWFAMaYP0m0Y4HzQ== +"@types/webidl-conversions@*": + version "7.0.3" + resolved "https://registry.yarnpkg.com/@types/webidl-conversions/-/webidl-conversions-7.0.3.tgz#1306dbfa53768bcbcfc95a1c8cde367975581859" + integrity sha512-CiJJvcRtIgzadHCYXw7dqEnMNRjhGZlYK05Mj9OyktqV8uVT8fD2BFOB7S1uwBE3Kj2Z+4UyPmFw/Ixgw/LAlA== + +"@types/whatwg-url@^11.0.2": + version "11.0.5" + resolved "https://registry.yarnpkg.com/@types/whatwg-url/-/whatwg-url-11.0.5.tgz#aaa2546e60f0c99209ca13360c32c78caf2c409f" + integrity sha512-coYR071JRaHa+xoEvvYqvnIHaVqaYrLPbsufM9BF63HkwI5Lgmy2QR8Q5K/lYDYo5AK82wOvSOS0UsLTpTG7uQ== + dependencies: + "@types/webidl-conversions" "*" + "@types/yargs-parser@*": version "15.0.0" resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-15.0.0.tgz#cb3f9f741869e20cce330ffbeb9271590483882d" @@ -1461,11 +1480,6 @@ bl@^4.0.3: inherits "^2.0.4" readable-stream "^3.4.0" -bluebird@3.5.1: - version "3.5.1" - resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.5.1.tgz#d9551f9de98f1fcda1e683d17ee91a0602ee2eb9" - integrity sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA== - body-parser@1.20.3: version "1.20.3" resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.3.tgz#1953431221c6fb5cd63c4b36d53fab0928e548c6" @@ -1562,6 +1576,11 @@ bson@^1.1.4: resolved "https://registry.yarnpkg.com/bson/-/bson-1.1.5.tgz#2aaae98fcdf6750c0848b0cba1ddec3c73060a34" integrity sha512-kDuEzldR21lHciPQAIulLs1LZlCXdLziXI6Mb/TDkwXhb//UORJNPXgcRs2CuO4H0DcMkpfT3/ySsP3unoZjBg== +bson@^6.10.4: + version "6.10.4" + resolved "https://registry.yarnpkg.com/bson/-/bson-6.10.4.tgz#d530733bb5bb16fb25c162e01a3344fab332fd2b" + integrity sha512-WIsKqkSC0ABoBJuT1LEX+2HEvNmNKKgnTAyd0fL8qzK4SH2i9NXg+t08YtdZp/V9IZ33cxe3iV4yM0qg8lMQng== + buffer-crc32@~0.2.3: version "0.2.13" resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242" @@ -2022,13 +2041,6 @@ debug@2.6.9, debug@^2.2.0, debug@^2.3.3, debug@^2.6.9: dependencies: ms "2.0.0" -debug@3.1.0, debug@=3.1.0: - version "3.1.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" - integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== - dependencies: - ms "2.0.0" - debug@4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.2.0, debug@^4.3.1: version "4.3.1" resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee" @@ -2036,6 +2048,20 @@ debug@4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.2.0, debug@^4.3.1: dependencies: ms "2.1.2" +debug@4.x: + version "4.4.3" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.3.tgz#c6ae432d9bd9662582fce08709b038c58e9e3d6a" + integrity sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== + dependencies: + ms "^2.1.3" + +debug@=3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" + integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== + dependencies: + ms "2.0.0" + debug@^3.1.0, debug@^3.2.6: version "3.2.6" resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b" @@ -4392,10 +4418,10 @@ jws@^4.0.0: jwa "^2.0.0" safe-buffer "^5.0.1" -kareem@2.3.1: - version "2.3.1" - resolved "https://registry.yarnpkg.com/kareem/-/kareem-2.3.1.tgz#def12d9c941017fabfb00f873af95e9c99e1be87" - integrity sha512-l3hLhffs9zqoDe8zjmb/mAN4B8VT3L56EUvKNqLFVs9YlFA+zx7ke1DO8STAdDyYNkeSo1nKmjuvQeI12So8Xw== +kareem@2.6.3: + version "2.6.3" + resolved "https://registry.yarnpkg.com/kareem/-/kareem-2.6.3.tgz#23168ec8ffb6c1abfd31b7169a6fb1dd285992ac" + integrity sha512-C3iHfuGUXK2u8/ipq9LfjFfXFxAZMQJJq7vLS45r3D9Y2xQ/m4S8zaR4zMLFWh9AsNPXmcFfUDhTEO8UIC/V6Q== keyv@^3.0.0: version "3.1.0" @@ -4751,6 +4777,14 @@ mockdate@^3.0.5: resolved "https://registry.yarnpkg.com/mockdate/-/mockdate-3.0.5.tgz#789be686deb3149e7df2b663d2bc4392bc3284fb" integrity sha512-iniQP4rj1FhBdBYS/+eQv7j1tadJ9lJtdzgOpvsOHng/GbcDh2Fhdeq+ZRldrPYdXvCyfFUmFeEwEGXZB5I/AQ== +mongodb-connection-string-url@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/mongodb-connection-string-url/-/mongodb-connection-string-url-3.0.2.tgz#e223089dfa0a5fa9bf505f8aedcbc67b077b33e7" + integrity sha512-rMO7CGo/9BFwyZABcKAWL8UJwH/Kc2x0g72uhDWzG48URRax5TCIcJ7Rc3RZqffZzO/Gwff/jyKwCU9TN8gehA== + dependencies: + "@types/whatwg-url" "^11.0.2" + whatwg-url "^14.1.0 || ^13.0.0" + mongodb-memory-server-core@6.9.2: version "6.9.2" resolved "https://registry.yarnpkg.com/mongodb-memory-server-core/-/mongodb-memory-server-core-6.9.2.tgz#a064602e85c065c63776cef20ec7311d2b2da206" @@ -4795,27 +4829,27 @@ mongodb@3.6.2: optionalDependencies: saslprep "^1.0.0" -mongoose-legacy-pluralize@1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/mongoose-legacy-pluralize/-/mongoose-legacy-pluralize-1.0.2.tgz#3ba9f91fa507b5186d399fb40854bff18fb563e4" - integrity sha512-Yo/7qQU4/EyIS8YDFSeenIvXxZN+ld7YdV9LqFVQJzTLye8unujAWPZ4NWKfFA+RNjh+wvTWKY9Z3E5XM6ZZiQ== - -mongoose@^5.10.0: - version "5.10.9" - resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-5.10.9.tgz#23b74debc86d2055cee4fe77f962a9c8a286cdad" - integrity sha512-7dkr1d6Uyk87hELzoc6B7Zo7kkPTx8rKummk51Y0je2V2Ttsw0KFPwTp1G8JIbBta7Wpw8j15PJi0d33Ode2nw== - dependencies: - bson "^1.1.4" - kareem "2.3.1" - mongodb "3.6.2" - mongoose-legacy-pluralize "1.0.2" - mpath "0.7.0" - mquery "3.2.2" - ms "2.1.2" - regexp-clone "1.0.0" - safe-buffer "5.2.1" - sift "7.0.1" - sliced "1.0.1" +mongodb@~6.20.0: + version "6.20.0" + resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-6.20.0.tgz#5212dcf512719385287aa4574265352eefb01d8e" + integrity sha512-Tl6MEIU3K4Rq3TSHd+sZQqRBoGlFsOgNrH5ltAcFBV62Re3Fd+FcaVf8uSEQFOJ51SDowDVttBTONMfoYWrWlQ== + dependencies: + "@mongodb-js/saslprep" "^1.3.0" + bson "^6.10.4" + mongodb-connection-string-url "^3.0.2" + +mongoose@^8.9.5: + version "8.21.0" + resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-8.21.0.tgz#e4b940a6b22c2fc176916667766f34656e352906" + integrity sha512-dW2U01gN8EVQT5KAO5AkzjbqWc8A/CsEq15jOzq/M9ISpy8jw3iq7W9ZP135h9zykFOMt3AMxq4+anvt2YNJgw== + dependencies: + bson "^6.10.4" + kareem "2.6.3" + mongodb "~6.20.0" + mpath "0.9.0" + mquery "5.0.0" + ms "2.1.3" + sift "17.1.3" morgan@^1.10.0: version "1.10.0" @@ -4828,21 +4862,17 @@ morgan@^1.10.0: on-finished "~2.3.0" on-headers "~1.0.2" -mpath@0.7.0: - version "0.7.0" - resolved "https://registry.yarnpkg.com/mpath/-/mpath-0.7.0.tgz#20e8102e276b71709d6e07e9f8d4d0f641afbfb8" - integrity sha512-Aiq04hILxhz1L+f7sjGyn7IxYzWm1zLNNXcfhDtx04kZ2Gk7uvFdgZ8ts1cWa/6d0TQmag2yR8zSGZUmp0tFNg== +mpath@0.9.0: + version "0.9.0" + resolved "https://registry.yarnpkg.com/mpath/-/mpath-0.9.0.tgz#0c122fe107846e31fc58c75b09c35514b3871904" + integrity sha512-ikJRQTk8hw5DEoFVxHG1Gn9T/xcjtdnOKIU1JTmGjZZlg9LST2mBLmcX3/ICIbgJydT2GOc15RnNy5mHmzfSew== -mquery@3.2.2: - version "3.2.2" - resolved "https://registry.yarnpkg.com/mquery/-/mquery-3.2.2.tgz#e1383a3951852ce23e37f619a9b350f1fb3664e7" - integrity sha512-XB52992COp0KP230I3qloVUbkLUxJIu328HBP2t2EsxSFtf4W1HPSOBWOXf1bqxK4Xbb66lfMJ+Bpfd9/yZE1Q== +mquery@5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/mquery/-/mquery-5.0.0.tgz#a95be5dfc610b23862df34a47d3e5d60e110695d" + integrity sha512-iQMncpmEK8R8ncT8HJGsGc9Dsp8xcgYMVSbs5jgnm1lFHTZqMJTUWTDx1LBO8+mK3tPNZWFLBghQEIOULSTHZg== dependencies: - bluebird "3.5.1" - debug "3.1.0" - regexp-clone "^1.0.0" - safe-buffer "5.1.2" - sliced "1.0.1" + debug "4.x" mri@^1.1.5: version "1.1.6" @@ -4859,7 +4889,7 @@ ms@2.1.2, ms@^2.1.1: resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== -ms@2.1.3: +ms@2.1.3, ms@^2.1.3: version "2.1.3" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== @@ -5523,6 +5553,11 @@ punycode@^2.1.0, punycode@^2.1.1: resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== +punycode@^2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" + integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== + pupa@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/pupa/-/pupa-2.0.1.tgz#dbdc9ff48ffbea4a26a069b6f9f7abb051008726" @@ -5681,11 +5716,6 @@ regex-not@^1.0.0, regex-not@^1.0.2: extend-shallow "^3.0.2" safe-regex "^1.1.0" -regexp-clone@1.0.0, regexp-clone@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/regexp-clone/-/regexp-clone-1.0.0.tgz#222db967623277056260b992626354a04ce9bf63" - integrity sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw== - regexp.prototype.flags@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.3.0.tgz#7aba89b3c13a64509dabcf3ca8d9fbb9bdf5cb75" @@ -6077,10 +6107,10 @@ side-channel@^1.0.4, side-channel@^1.0.6: get-intrinsic "^1.2.4" object-inspect "^1.13.1" -sift@7.0.1: - version "7.0.1" - resolved "https://registry.yarnpkg.com/sift/-/sift-7.0.1.tgz#47d62c50b159d316f1372f8b53f9c10cd21a4b08" - integrity sha512-oqD7PMJ+uO6jV9EQCl0LrRw1OwsiPsiFQR5AR30heR+4Dl7jBBbDLnNvWiak20tzZlSE1H7RB30SX/1j/YYT7g== +sift@17.1.3: + version "17.1.3" + resolved "https://registry.yarnpkg.com/sift/-/sift-17.1.3.tgz#9d2000d4d41586880b0079b5183d839c7a142bf7" + integrity sha512-Rtlj66/b0ICeFzYTuNvX/EF1igRbbnGSvEyT79McoZa/DeGhMyC5pWKOEsZKnpkqtSeovd5FL/bjHWC3CIIvCQ== siginfo@^2.0.0: version "2.0.0" @@ -6111,11 +6141,6 @@ slice-ansi@^2.1.0: astral-regex "^1.0.0" is-fullwidth-code-point "^2.0.0" -sliced@1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/sliced/-/sliced-1.0.1.tgz#0b3a662b5d04c3177b1926bea82b03f837a2ef41" - integrity sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E= - snapdragon-node@^2.0.1: version "2.1.1" resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" @@ -6601,6 +6626,13 @@ tr46@^2.0.2: dependencies: punycode "^2.1.1" +tr46@^5.1.0: + version "5.1.1" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-5.1.1.tgz#96ae867cddb8fdb64a49cc3059a8d428bcf238ca" + integrity sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw== + dependencies: + punycode "^2.3.1" + tr46@~0.0.3: version "0.0.3" resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" @@ -6884,6 +6916,11 @@ webidl-conversions@^6.1.0: resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-6.1.0.tgz#9111b4d7ea80acd40f5270d666621afa78b69514" integrity sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w== +webidl-conversions@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-7.0.0.tgz#256b4e1882be7debbf01d05f0aa2039778ea080a" + integrity sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g== + whatwg-encoding@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz#5abacf777c32166a51d085d6b4f3e7d27113ddb0" @@ -6896,6 +6933,14 @@ whatwg-mimetype@^2.3.0: resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g== +"whatwg-url@^14.1.0 || ^13.0.0": + version "14.2.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-14.2.0.tgz#4ee02d5d725155dae004f6ae95c73e7ef5d95663" + integrity sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw== + dependencies: + tr46 "^5.1.0" + webidl-conversions "^7.0.0" + whatwg-url@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"