From a9405684c72b9f6e74d5847f4a9e9bf583bcf24a Mon Sep 17 00:00:00 2001 From: D-K-P <8297864+D-K-P@users.noreply.github.com> Date: Tue, 27 Jan 2026 14:47:07 +0000 Subject: [PATCH 1/2] fix(security): upgrade CLI deps and add overrides for vulnerabilities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Upgrade @modelcontextprotocol/sdk 1.24.0 → 1.25.2 (CVE-2026-0621 ReDoS) - Upgrade tar 7.4.3 → 7.5.4+ (CVE-2026-23950 race condition) - Add pnpm overrides for transitive deps: - qs <6.14.0 → 6.14.0 (CVE-2025-15284 DoS) - systeminformation <5.27.14 → 5.27.14 (CVE-2025-68154 cmd injection) - lodash <4.17.23 → 4.17.23 (CVE-2025-13465 prototype pollution) Note: undici alert #536 dismissed as tolerable_risk (DoS via malicious server response; consumers only connect to trusted servers) --- package.json | 5 +- packages/cli-v3/package.json | 4 +- pnpm-lock.yaml | 145 +++++++++++++++++++---------------- 3 files changed, 84 insertions(+), 70 deletions(-) diff --git a/package.json b/package.json index 47be261645..2dfbc141d7 100644 --- a/package.json +++ b/package.json @@ -94,7 +94,10 @@ "axios@1.9.0": ">=1.12.0", "js-yaml@>=3.0.0 <3.14.2": "3.14.2", "js-yaml@>=4.0.0 <4.1.1": "4.1.1", - "jws@<3.2.3": "3.2.3" + "jws@<3.2.3": "3.2.3", + "qs@>=6.0.0 <6.14.0": "6.14.0", + "systeminformation@>=5.0.0 <5.27.14": "5.27.14", + "lodash@>=4.0.0 <4.17.23": "4.17.23" }, "onlyBuiltDependencies": [ "@depot/cli", diff --git a/packages/cli-v3/package.json b/packages/cli-v3/package.json index 9c10642253..838593006f 100644 --- a/packages/cli-v3/package.json +++ b/packages/cli-v3/package.json @@ -83,7 +83,7 @@ "dependencies": { "@clack/prompts": "0.11.0", "@depot/cli": "0.0.1-cli.2.80.0", - "@modelcontextprotocol/sdk": "^1.24.0", + "@modelcontextprotocol/sdk": "^1.25.2", "@opentelemetry/api": "1.9.0", "@opentelemetry/api-logs": "0.203.0", "@opentelemetry/exporter-trace-otlp-http": "0.203.0", @@ -138,7 +138,7 @@ "std-env": "^3.7.0", "strip-ansi": "^7.1.0", "supports-color": "^10.0.0", - "tar": "^7.4.3", + "tar": "^7.5.4", "tiny-invariant": "^1.2.0", "tinyexec": "^0.3.1", "tinyglobby": "^0.2.10", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 76f12a8774..faa000074d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -16,6 +16,9 @@ overrides: js-yaml@>=3.0.0 <3.14.2: 3.14.2 js-yaml@>=4.0.0 <4.1.1: 4.1.1 jws@<3.2.3: 3.2.3 + qs@>=6.0.0 <6.14.0: 6.14.0 + systeminformation@>=5.0.0 <5.27.14: 5.27.14 + lodash@>=4.0.0 <4.17.23: 4.17.23 patchedDependencies: '@changesets/assemble-release-plan@5.2.4': @@ -1088,7 +1091,7 @@ importers: version: 18.3.1 react-email: specifier: ^2.1.1 - version: 2.1.2(@opentelemetry/api@1.9.0)(@swc/helpers@0.5.15)(bufferutil@4.0.9)(eslint@8.31.0) + version: 2.1.2(@opentelemetry/api@1.9.0)(@swc/helpers@0.5.15)(eslint@8.31.0) resend: specifier: ^3.2.0 version: 3.2.0 @@ -1393,8 +1396,8 @@ importers: specifier: 0.0.1-cli.2.80.0 version: 0.0.1-cli.2.80.0 '@modelcontextprotocol/sdk': - specifier: ^1.24.0 - version: 1.24.2(supports-color@10.0.0)(zod@3.25.76) + specifier: ^1.25.2 + version: 1.25.2(hono@4.5.11)(supports-color@10.0.0)(zod@3.25.76) '@opentelemetry/api': specifier: 1.9.0 version: 1.9.0 @@ -1558,8 +1561,8 @@ importers: specifier: ^10.0.0 version: 10.0.0 tar: - specifier: ^7.4.3 - version: 7.4.3 + specifier: ^7.5.4 + version: 7.5.6 tiny-invariant: specifier: ^1.2.0 version: 1.3.1 @@ -5083,8 +5086,8 @@ packages: '@fastify/ajv-compiler@4.0.2': resolution: {integrity: sha512-Rkiu/8wIjpsf46Rr+Fitd3HRP+VsxUFDDeag0hs9L0ksfnwx2g7SPQQTFL0E8Qv+rfXzQOxBJnjUB9ITUDjfWQ==} - '@fastify/busboy@2.0.0': - resolution: {integrity: sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==} + '@fastify/busboy@2.1.1': + resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==} engines: {node: '>=14'} '@fastify/error@4.2.0': @@ -5234,6 +5237,12 @@ packages: peerDependencies: hono: ^4 + '@hono/node-server@1.19.9': + resolution: {integrity: sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==} + engines: {node: '>=18.14.1'} + peerDependencies: + hono: ^4 + '@hono/node-ws@1.0.4': resolution: {integrity: sha512-0j1TMp67U5ym0CIlvPKcKtD0f2ZjaS/EnhOxFLs3bVfV+/4WInBE7hVe2x/7PLEsNIUK9+jVL8lPd28rzTAcZg==} engines: {node: '>=18.14.1'} @@ -5683,8 +5692,8 @@ packages: '@microsoft/fetch-event-source@2.0.1': resolution: {integrity: sha512-W6CLUJ2eBMw3Rec70qrsEW0jOm/3twwJv21mrmj2yORiaVmVYGS4sSS5yUwvQc1ZlDLYGPnClVWmUUMagKNsfA==} - '@modelcontextprotocol/sdk@1.24.2': - resolution: {integrity: sha512-hS/kzSfchqzvUeJUsdiDHi84/kNhLIZaZ6coGQVwbYIelOBbcAwUohUfaQTLa1MvFOK/jbTnGFzraHSFwB7pjQ==} + '@modelcontextprotocol/sdk@1.25.2': + resolution: {integrity: sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==} engines: {node: '>=18'} peerDependencies: '@cfworker/json-schema': ^4.1.1 @@ -14790,6 +14799,9 @@ packages: json-schema-traverse@1.0.0: resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==} + json-schema-typed@8.0.2: + resolution: {integrity: sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==} + json-schema@0.4.0: resolution: {integrity: sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==} @@ -15179,8 +15191,8 @@ packages: lodash.uniq@4.5.0: resolution: {integrity: sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==} - lodash@4.17.21: - resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + lodash@4.17.23: + resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==} log-symbols@4.1.0: resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} @@ -15775,6 +15787,10 @@ packages: resolution: {integrity: sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg==} engines: {node: '>= 18'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mitt@3.0.1: resolution: {integrity: sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==} @@ -17251,22 +17267,10 @@ packages: peerDependencies: react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 - qs@6.11.0: - resolution: {integrity: sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==} - engines: {node: '>=0.6'} - - qs@6.13.0: - resolution: {integrity: sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==} - engines: {node: '>=0.6'} - qs@6.14.0: resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==} engines: {node: '>=0.6'} - qs@6.5.3: - resolution: {integrity: sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==} - engines: {node: '>=0.6'} - quansync@0.2.11: resolution: {integrity: sha512-AifT7QEbW9Nri4tAwR5M/uzpBuqfZf+zwaEM/QkzEjj7NBuFD2rBuy0K3dE+8wltbezDV7JMA0WfnCPYRSYbXA==} @@ -18555,8 +18559,8 @@ packages: resolution: {integrity: sha512-L1dapNV6vu2s/4Sputv8xGsCdAVlb5nRDMFU/E27D44l5U6cw1g0dGd45uLc+OXjNMmF4ntiMdCimzcjFKQI8Q==} engines: {node: ^14.18.0 || >=16.0.0} - systeminformation@5.23.8: - resolution: {integrity: sha512-Osd24mNKe6jr/YoXLLK3k8TMdzaxDffhpCxgkfgBHcapykIkd50HXThM3TCEuHO2pPuCsSx2ms/SunqhU5MmsQ==} + systeminformation@5.27.14: + resolution: {integrity: sha512-3DoNDYSZBLxBwaJtQGWNpq0fonga/VZ47HY1+7/G3YoIPaPz93Df6egSzzTKbEMmlzUpy3eQ0nR9REuYIycXGg==} engines: {node: '>=8.0.0'} os: [darwin, linux, win32, freebsd, openbsd, netbsd, sunos, android] hasBin: true @@ -18666,6 +18670,10 @@ packages: engines: {node: '>=18'} deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me + tar@7.5.6: + resolution: {integrity: sha512-xqUeu2JAIJpXyvskvU3uvQW8PAmHrtXp2KDuMJwQqW8Sqq0CaZBAQ+dKS3RBXVhU4wC5NjAdKrmh84241gO9cA==} + engines: {node: '>=18'} + tdigest@0.1.2: resolution: {integrity: sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==} @@ -19174,10 +19182,6 @@ packages: undici-types@6.20.0: resolution: {integrity: sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==} - undici@5.28.4: - resolution: {integrity: sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==} - engines: {node: '>=14.0'} - undici@5.29.0: resolution: {integrity: sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==} engines: {node: '>=14.0'} @@ -22688,7 +22692,7 @@ snapshots: dependencies: '@bufbuild/protobuf': 1.10.0 '@connectrpc/connect': 1.4.0(@bufbuild/protobuf@1.10.0) - undici: 5.28.4 + undici: 5.29.0 '@connectrpc/connect-web@2.0.0-rc.3(@bufbuild/protobuf@2.2.5)(@connectrpc/connect@2.0.0-rc.3(@bufbuild/protobuf@2.2.5))': dependencies: @@ -23294,7 +23298,7 @@ snapshots: ajv-formats: 3.0.1(ajv@8.17.1) fast-uri: 3.0.6 - '@fastify/busboy@2.0.0': {} + '@fastify/busboy@2.1.1': {} '@fastify/error@4.2.0': {} @@ -23479,6 +23483,10 @@ snapshots: dependencies: hono: 4.5.11 + '@hono/node-server@1.19.9(hono@4.5.11)': + dependencies: + hono: 4.5.11 + '@hono/node-ws@1.0.4(@hono/node-server@1.12.2(hono@4.5.11))(bufferutil@4.0.9)': dependencies: '@hono/node-server': 1.12.2(hono@4.5.11) @@ -23939,8 +23947,9 @@ snapshots: '@microsoft/fetch-event-source@2.0.1': {} - '@modelcontextprotocol/sdk@1.24.2(supports-color@10.0.0)(zod@3.25.76)': + '@modelcontextprotocol/sdk@1.25.2(hono@4.5.11)(supports-color@10.0.0)(zod@3.25.76)': dependencies: + '@hono/node-server': 1.19.9(hono@4.5.11) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5 @@ -23951,11 +23960,13 @@ snapshots: express: 5.0.1(supports-color@10.0.0) express-rate-limit: 7.5.0(express@5.0.1(supports-color@10.0.0)) jose: 6.1.3 + json-schema-typed: 8.0.2 pkce-challenge: 5.0.0 raw-body: 3.0.0 zod: 3.25.76 zod-to-json-schema: 3.25.0(zod@3.25.76) transitivePeerDependencies: + - hono - supports-color '@msgpack/msgpack@3.0.0-beta2': {} @@ -24490,7 +24501,7 @@ snapshots: '@opentelemetry/host-metrics@0.36.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - systeminformation: 5.23.8 + systeminformation: 5.27.14 '@opentelemetry/instrumentation-amqplib@0.46.1(@opentelemetry/api@1.9.0)': dependencies: @@ -28542,7 +28553,7 @@ snapshots: gunzip-maybe: 1.4.2 jsesc: 3.0.2 json5: 2.2.3 - lodash: 4.17.21 + lodash: 4.17.23 lodash.debounce: 4.0.8 minimatch: 9.0.5 node-fetch: 2.6.12(encoding@0.1.13) @@ -30230,7 +30241,7 @@ snapshots: chalk: 3.0.0 css.escape: 1.5.1 dom-accessibility-api: 0.6.3 - lodash: 4.17.21 + lodash: 4.17.23 redent: 3.0.0 '@tokenizer/token@0.3.0': {} @@ -31025,7 +31036,7 @@ snapshots: eval: 0.1.6 find-up: 5.0.0 javascript-stringify: 2.1.0 - lodash: 4.17.21 + lodash: 4.17.23 mlly: 1.7.4 outdent: 0.8.0 vite: 4.4.9(@types/node@22.13.9)(lightningcss@1.29.2)(terser@5.44.1) @@ -31551,7 +31562,7 @@ snapshots: graceful-fs: 4.2.11 is-stream: 2.0.1 lazystream: 1.0.1 - lodash: 4.17.21 + lodash: 4.17.23 normalize-path: 3.0.0 readable-stream: 4.7.0 @@ -31883,7 +31894,7 @@ snapshots: http-errors: 2.0.0 iconv-lite: 0.4.24 on-finished: 2.4.1 - qs: 6.13.0 + qs: 6.14.0 raw-body: 2.5.2 type-is: 1.6.18 unpipe: 1.0.0 @@ -34107,7 +34118,7 @@ snapshots: parseurl: 1.3.3 path-to-regexp: 0.1.10 proxy-addr: 2.0.7 - qs: 6.11.0 + qs: 6.14.0 range-parser: 1.2.1 safe-buffer: 5.2.1 send: 0.19.0 @@ -34143,7 +34154,7 @@ snapshots: once: 1.4.0 parseurl: 1.3.3 proxy-addr: 2.0.7 - qs: 6.13.0 + qs: 6.14.0 range-parser: 1.2.1 router: 2.1.0 safe-buffer: 5.2.1 @@ -35521,6 +35532,8 @@ snapshots: json-schema-traverse@1.0.0: {} + json-schema-typed@8.0.2: {} + json-schema@0.4.0: {} json-stable-stringify-without-jsonify@1.0.1: {} @@ -35864,7 +35877,7 @@ snapshots: lodash.uniq@4.5.0: {} - lodash@4.17.21: {} + lodash@4.17.23: {} log-symbols@4.1.0: dependencies: @@ -36849,6 +36862,10 @@ snapshots: minipass: 7.1.2 rimraf: 5.0.7 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mitt@3.0.1: {} mixme@0.5.4: {} @@ -37134,7 +37151,7 @@ snapshots: node-emoji@1.11.0: dependencies: - lodash: 4.17.21 + lodash: 4.17.23 node-emoji@2.1.3: dependencies: @@ -38413,20 +38430,10 @@ snapshots: dependencies: react: 18.2.0 - qs@6.11.0: - dependencies: - side-channel: 1.1.0 - - qs@6.13.0: - dependencies: - side-channel: 1.1.0 - qs@6.14.0: dependencies: side-channel: 1.1.0 - qs@6.5.3: {} - quansync@0.2.11: {} queue-microtask@1.2.3: {} @@ -38600,7 +38607,7 @@ snapshots: react: 19.1.0 scheduler: 0.26.0 - react-email@2.1.2(@opentelemetry/api@1.9.0)(@swc/helpers@0.5.15)(bufferutil@4.0.9)(eslint@8.31.0): + react-email@2.1.2(@opentelemetry/api@1.9.0)(@swc/helpers@0.5.15)(eslint@8.31.0): dependencies: '@babel/parser': 7.24.1 '@radix-ui/colors': 1.0.1 @@ -38637,8 +38644,8 @@ snapshots: react: 18.3.1 react-dom: 18.2.0(react@18.3.1) shelljs: 0.8.5 - socket.io: 4.7.3(bufferutil@4.0.9) - socket.io-client: 4.7.3(bufferutil@4.0.9) + socket.io: 4.7.3 + socket.io-client: 4.7.3 sonner: 1.3.1(react-dom@18.2.0(react@18.3.1))(react@18.3.1) source-map-js: 1.0.2 stacktrace-parser: 0.1.10 @@ -38985,7 +38992,7 @@ snapshots: dependencies: clsx: 2.1.1 eventemitter3: 4.0.7 - lodash: 4.17.21 + lodash: 4.17.23 react: 18.2.0 react-dom: 18.2.0(react@18.2.0) react-is: 18.3.1 @@ -39240,7 +39247,7 @@ snapshots: mime-types: 2.1.35 oauth-sign: 0.9.0 performance-now: 2.1.0 - qs: 6.5.3 + qs: 6.14.0 safe-buffer: 5.2.1 tough-cookie: 2.5.0 tunnel-agent: 0.6.0 @@ -39785,7 +39792,7 @@ snapshots: - supports-color - utf-8-validate - socket.io-client@4.7.3(bufferutil@4.0.9): + socket.io-client@4.7.3: dependencies: '@socket.io/component-emitter': 3.1.0 debug: 4.3.7(supports-color@10.0.0) @@ -39814,7 +39821,7 @@ snapshots: transitivePeerDependencies: - supports-color - socket.io@4.7.3(bufferutil@4.0.9): + socket.io@4.7.3: dependencies: accepts: 1.3.8 base64id: 2.0.0 @@ -40219,7 +40226,7 @@ snapshots: formidable: 3.5.1 methods: 1.1.2 mime: 2.6.0 - qs: 6.11.0 + qs: 6.14.0 transitivePeerDependencies: - supports-color @@ -40292,7 +40299,7 @@ snapshots: '@pkgr/utils': 2.3.1 tslib: 2.8.1 - systeminformation@5.23.8: {} + systeminformation@5.27.14: {} table@6.9.0: dependencies: @@ -40345,7 +40352,7 @@ snapshots: detective: 5.2.1 fs-extra: 8.1.0 html-tags: 3.3.1 - lodash: 4.17.21 + lodash: 4.17.23 node-emoji: 1.11.0 normalize.css: 8.0.1 object-hash: 2.2.0 @@ -40493,6 +40500,14 @@ snapshots: mkdirp: 3.0.1 yallist: 5.0.0 + tar@7.5.6: + dependencies: + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 + tdigest@0.1.2: dependencies: bintrees: 1.0.2 @@ -41001,13 +41016,9 @@ snapshots: undici-types@6.20.0: {} - undici@5.28.4: - dependencies: - '@fastify/busboy': 2.0.0 - undici@5.29.0: dependencies: - '@fastify/busboy': 2.0.0 + '@fastify/busboy': 2.1.1 unicode-emoji-modifier-base@1.0.0: {} From f0d02d79711ed17cf80c969fc366cf638f4936a7 Mon Sep 17 00:00:00 2001 From: nicktrn <55853254+nicktrn@users.noreply.github.com> Date: Tue, 27 Jan 2026 16:09:11 +0000 Subject: [PATCH 2/2] fix(security): update qs override to 6.14.1 for CVE-2025-15284 --- package.json | 2 +- pnpm-lock.yaml | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index 2dfbc141d7..61ec8c56fb 100644 --- a/package.json +++ b/package.json @@ -95,7 +95,7 @@ "js-yaml@>=3.0.0 <3.14.2": "3.14.2", "js-yaml@>=4.0.0 <4.1.1": "4.1.1", "jws@<3.2.3": "3.2.3", - "qs@>=6.0.0 <6.14.0": "6.14.0", + "qs@>=6.0.0 <6.14.1": "6.14.1", "systeminformation@>=5.0.0 <5.27.14": "5.27.14", "lodash@>=4.0.0 <4.17.23": "4.17.23" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index faa000074d..d73bef99fe 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -16,7 +16,7 @@ overrides: js-yaml@>=3.0.0 <3.14.2: 3.14.2 js-yaml@>=4.0.0 <4.1.1: 4.1.1 jws@<3.2.3: 3.2.3 - qs@>=6.0.0 <6.14.0: 6.14.0 + qs@>=6.0.0 <6.14.1: 6.14.1 systeminformation@>=5.0.0 <5.27.14: 5.27.14 lodash@>=4.0.0 <4.17.23: 4.17.23 @@ -17267,8 +17267,8 @@ packages: peerDependencies: react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 - qs@6.14.0: - resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==} + qs@6.14.1: + resolution: {integrity: sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==} engines: {node: '>=0.6'} quansync@0.2.11: @@ -31894,7 +31894,7 @@ snapshots: http-errors: 2.0.0 iconv-lite: 0.4.24 on-finished: 2.4.1 - qs: 6.14.0 + qs: 6.14.1 raw-body: 2.5.2 type-is: 1.6.18 unpipe: 1.0.0 @@ -31909,7 +31909,7 @@ snapshots: http-errors: 2.0.0 iconv-lite: 0.6.3 on-finished: 2.4.1 - qs: 6.14.0 + qs: 6.14.1 raw-body: 3.0.0 type-is: 2.0.0 transitivePeerDependencies: @@ -34118,7 +34118,7 @@ snapshots: parseurl: 1.3.3 path-to-regexp: 0.1.10 proxy-addr: 2.0.7 - qs: 6.14.0 + qs: 6.14.1 range-parser: 1.2.1 safe-buffer: 5.2.1 send: 0.19.0 @@ -34154,7 +34154,7 @@ snapshots: once: 1.4.0 parseurl: 1.3.3 proxy-addr: 2.0.7 - qs: 6.14.0 + qs: 6.14.1 range-parser: 1.2.1 router: 2.1.0 safe-buffer: 5.2.1 @@ -38430,7 +38430,7 @@ snapshots: dependencies: react: 18.2.0 - qs@6.14.0: + qs@6.14.1: dependencies: side-channel: 1.1.0 @@ -39247,7 +39247,7 @@ snapshots: mime-types: 2.1.35 oauth-sign: 0.9.0 performance-now: 2.1.0 - qs: 6.14.0 + qs: 6.14.1 safe-buffer: 5.2.1 tough-cookie: 2.5.0 tunnel-agent: 0.6.0 @@ -40226,7 +40226,7 @@ snapshots: formidable: 3.5.1 methods: 1.1.2 mime: 2.6.0 - qs: 6.14.0 + qs: 6.14.1 transitivePeerDependencies: - supports-color