From 1a764c070b3a2f27847af81c37ba01ff60c46b6a Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2026 02:43:20 +0000 Subject: [PATCH 1/3] fix(security): update i18next from 23.4.6 to 24.1.2 --- with-crossmint/pnpm-lock.yaml | 163 +++++------------------------ with-crossmint/pnpm-workspace.yaml | 2 +- 2 files changed, 30 insertions(+), 135 deletions(-) diff --git a/with-crossmint/pnpm-lock.yaml b/with-crossmint/pnpm-lock.yaml index d42a36a..761251a 100644 --- a/with-crossmint/pnpm-lock.yaml +++ b/with-crossmint/pnpm-lock.yaml @@ -9,6 +9,7 @@ overrides: axios@>=1.0.0 <1.16.1: 1.16.1 '@react-native-community/cli@>=1.0.0 <17.0.1': 17.0.1 '@react-native-community/cli-server-api@>=1.0.0 <17.0.1': 17.0.1 + i18next@<=24.1.2: 24.1.2 importers: @@ -16,7 +17,7 @@ importers: dependencies: '@crossmint/client-sdk-react-ui': specifier: 4.2.0 - version: 4.2.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6) + version: 4.2.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6) '@formo/analytics': specifier: ^1.32.0 version: 1.32.0(@types/react@19.2.14)(react@19.2.6)(typescript@5.9.3)(viem@2.33.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4)) @@ -3316,8 +3317,13 @@ packages: hyphenate-style-name@1.1.0: resolution: {integrity: sha512-WDC/ui2VVRrz3jOVi+XtjqkDjiVjTtFaAGiW37k6b+ohyQ5wYDOGkvCZa8+H0nx3gyvv0+BST9xuOgIyGQ00gw==} - i18next@23.4.6: - resolution: {integrity: sha512-jBE8bui969Ygv7TVYp0pwDZB7+he0qsU+nz7EcfdqSh+QvKjEfl9YPRQd/KrGiMhTYFGkeuPaeITenKK/bSFDg==} + i18next@24.1.2: + resolution: {integrity: sha512-th/075GW0Ub1gYDMHLiZXMGSfGv1aP1VqjT3fma/12hNHCNlH8oJMftvlDzycT/R+KoULWk+xLU8H1JRwV85qw==} + peerDependencies: + typescript: ^5 + peerDependenciesMeta: + typescript: + optional: true iconv-lite@0.4.24: resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==} @@ -4341,7 +4347,7 @@ packages: react-i18next@13.5.0: resolution: {integrity: sha512-CFJ5NDGJ2MUyBohEHxljOq/39NQ972rh1ajnadG9BjTk+UXbHLq4z5DKEbEQBDoIhUmmbuS/fIMJKo6VOax1HA==} peerDependencies: - i18next: '>= 23.2.3' + i18next: 24.1.2 react: '>= 16.8.0' react-dom: '*' react-native: '*' @@ -6241,7 +6247,7 @@ snapshots: - utf-8-validate - zod - '@crossmint/client-sdk-react-ui@4.2.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)': + '@crossmint/client-sdk-react-ui@4.2.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)': dependencies: '@basis-theory/react-agentic': 1.8.0(react-dom@19.2.6(react@19.2.6))(react@19.2.6) '@crossmint/client-sdk-auth': 1.3.10(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4) @@ -6253,7 +6259,7 @@ snapshots: '@crossmint/common-sdk-base': 0.10.0(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4) '@crossmint/wallets-sdk': 1.1.0(@solana/web3.js@1.98.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6))(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4) '@dynamic-labs/ethereum': 4.28.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)(viem@2.33.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4))(zod@3.22.4) - '@dynamic-labs/sdk-react-core': 4.28.0(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6) + '@dynamic-labs/sdk-react-core': 4.28.0(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3) '@dynamic-labs/solana': 4.28.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)(viem@2.33.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4))(zod@3.22.4) '@dynamic-labs/sui': 4.28.0(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)(viem@2.33.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)(zod@3.22.4)) '@emotion/react': 11.14.0(@types/react@19.2.14)(react@19.2.6) @@ -6609,7 +6615,7 @@ snapshots: '@dynamic-labs/sdk-api-core@0.0.964': {} - '@dynamic-labs/sdk-react-core@4.28.0(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6)': + '@dynamic-labs/sdk-react-core@4.28.0(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6)(typescript@5.9.3)': dependencies: '@dynamic-labs-sdk/client': 0.0.1-alpha.24 '@dynamic-labs/assert-package-version': 4.28.0 @@ -6629,17 +6635,18 @@ snapshots: country-list: 2.3.0 eventemitter3: 5.0.1 formik: 2.2.9(react@19.2.6) - i18next: 23.4.6 + i18next: 24.1.2(typescript@5.9.3) qrcode: 1.5.1 react: 19.2.6 react-dom: 19.2.6(react@19.2.6) react-focus-lock: 2.13.6(@types/react@19.2.14)(react@19.2.6) - react-i18next: 13.5.0(i18next@23.4.6)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6) + react-i18next: 13.5.0(i18next@24.1.2(typescript@5.9.3))(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6) react-international-phone: 4.5.0(react@19.2.6) yup: 0.32.11 transitivePeerDependencies: - '@types/react' - react-native + - typescript '@dynamic-labs/solana-core@4.28.0(bufferutil@4.1.0)(fastestsmallesttextencoderdecoder@1.0.22)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)': dependencies: @@ -7688,17 +7695,6 @@ snapshots: transitivePeerDependencies: - typescript - '@react-native-community/cli-config@17.0.1(typescript@5.9.3)': - dependencies: - '@react-native-community/cli-tools': 17.0.1 - chalk: 4.1.2 - cosmiconfig: 9.0.1(typescript@5.9.3) - deepmerge: 4.3.1 - fast-glob: 3.3.3 - joi: 17.13.3 - transitivePeerDependencies: - - typescript - '@react-native-community/cli-doctor@17.0.1(typescript@5.0.4)': dependencies: '@react-native-community/cli-config': 17.0.1(typescript@5.0.4) @@ -7719,26 +7715,6 @@ snapshots: transitivePeerDependencies: - typescript - '@react-native-community/cli-doctor@17.0.1(typescript@5.9.3)': - dependencies: - '@react-native-community/cli-config': 17.0.1(typescript@5.9.3) - '@react-native-community/cli-platform-android': 17.0.1 - '@react-native-community/cli-platform-apple': 17.0.1 - '@react-native-community/cli-platform-ios': 17.0.1 - '@react-native-community/cli-tools': 17.0.1 - chalk: 4.1.2 - command-exists: 1.2.9 - deepmerge: 4.3.1 - envinfo: 7.21.0 - execa: 5.1.1 - node-stream-zip: 1.15.0 - ora: 5.4.1 - semver: 7.8.0 - wcwidth: 1.0.1 - yaml: 2.9.0 - transitivePeerDependencies: - - typescript - '@react-native-community/cli-platform-android@13.6.4': dependencies: '@react-native-community/cli-tools': 13.6.4 @@ -7860,29 +7836,6 @@ snapshots: - typescript - utf-8-validate - '@react-native-community/cli@17.0.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6)': - dependencies: - '@react-native-community/cli-clean': 17.0.1 - '@react-native-community/cli-config': 17.0.1(typescript@5.9.3) - '@react-native-community/cli-doctor': 17.0.1(typescript@5.9.3) - '@react-native-community/cli-server-api': 17.0.1(bufferutil@4.1.0)(utf-8-validate@6.0.6) - '@react-native-community/cli-tools': 17.0.1 - '@react-native-community/cli-types': 17.0.1 - chalk: 4.1.2 - commander: 9.5.0 - deepmerge: 4.3.1 - execa: 5.1.1 - find-up: 5.0.0 - fs-extra: 8.1.0 - graceful-fs: 4.2.11 - prompts: 2.4.2 - semver: 7.8.0 - transitivePeerDependencies: - - bufferutil - - supports-color - - typescript - - utf-8-validate - '@react-native/assets-registry@0.74.81': {} '@react-native/babel-plugin-codegen@0.74.81(@babel/preset-env@7.29.5(@babel/core@7.29.0))': @@ -8015,7 +7968,7 @@ snapshots: '@react-native/normalize-colors@0.74.81': {} - '@react-native/virtualized-lists@0.74.81(@types/react@19.2.14)(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6)': + '@react-native/virtualized-lists@0.74.81(@types/react@19.2.14)(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6)': dependencies: invariant: 2.2.4 nullthrows: 1.1.1 @@ -8582,9 +8535,9 @@ snapshots: '@turnkey/encoding': 0.4.0 bs58: 5.0.0 bs58check: 3.0.1 - react-native: 0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6) - react-native-get-random-values: 1.11.0(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)) - react-native-quick-base64: 2.1.2(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6) + react-native: 0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6) + react-native-get-random-values: 1.11.0(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6)) + react-native-quick-base64: 2.1.2(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6) typescript: 5.0.4 transitivePeerDependencies: - '@babel/core' @@ -9808,15 +9761,6 @@ snapshots: optionalDependencies: typescript: 5.0.4 - cosmiconfig@9.0.1(typescript@5.9.3): - dependencies: - env-paths: 2.2.1 - import-fresh: 3.3.1 - js-yaml: 4.1.1 - parse-json: 5.2.0 - optionalDependencies: - typescript: 5.9.3 - country-list@2.3.0: {} crc-32@1.2.2: {} @@ -10363,9 +10307,11 @@ snapshots: hyphenate-style-name@1.1.0: {} - i18next@23.4.6: + i18next@24.1.2(typescript@5.9.3): dependencies: '@babel/runtime': 7.29.2 + optionalDependencies: + typescript: 5.9.3 iconv-lite@0.4.24: dependencies: @@ -11536,11 +11482,11 @@ snapshots: optionalDependencies: '@types/react': 19.2.14 - react-i18next@13.5.0(i18next@23.4.6)(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6): + react-i18next@13.5.0(i18next@24.1.2(typescript@5.9.3))(react-dom@19.2.6(react@19.2.6))(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6): dependencies: '@babel/runtime': 7.29.2 html-parse-stringify: 3.0.1 - i18next: 23.4.6 + i18next: 24.1.2(typescript@5.9.3) react: 19.2.6 optionalDependencies: react-dom: 19.2.6(react@19.2.6) @@ -11571,72 +11517,21 @@ snapshots: theming: 3.3.0(react@19.2.6) tiny-warning: 1.0.3 - react-native-get-random-values@1.11.0(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6)): + react-native-get-random-values@1.11.0(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6)): dependencies: fast-base64-decode: 1.0.0 react-native: 0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6) - react-native-quick-base64@2.1.2(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6): + react-native-quick-base64@2.1.2(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6): dependencies: base64-js: 1.5.1 react: 19.2.6 react-native: 0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6) - react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6): - dependencies: - '@jest/create-cache-key-function': 29.7.0 - '@react-native-community/cli': 17.0.1(bufferutil@4.1.0)(typescript@5.0.4)(utf-8-validate@6.0.6) - '@react-native-community/cli-platform-android': 13.6.4 - '@react-native-community/cli-platform-ios': 13.6.4 - '@react-native/assets-registry': 0.74.81 - '@react-native/codegen': 0.74.81(@babel/preset-env@7.29.5(@babel/core@7.29.0)) - '@react-native/community-cli-plugin': 0.74.81(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(bufferutil@4.1.0)(utf-8-validate@6.0.6) - '@react-native/gradle-plugin': 0.74.81 - '@react-native/js-polyfills': 0.74.81 - '@react-native/normalize-colors': 0.74.81 - '@react-native/virtualized-lists': 0.74.81(@types/react@19.2.14)(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6) - abort-controller: 3.0.0 - anser: 1.4.10 - ansi-regex: 5.0.1 - base64-js: 1.5.1 - chalk: 4.1.2 - event-target-shim: 5.0.1 - flow-enums-runtime: 0.0.6 - invariant: 2.2.4 - jest-environment-node: 29.7.0 - jsc-android: 250231.0.0 - memoize-one: 5.2.1 - metro-runtime: 0.80.12 - metro-source-map: 0.80.12 - mkdirp: 0.5.6 - nullthrows: 1.1.1 - pretty-format: 26.6.2 - promise: 8.3.0 - react: 19.2.6 - react-devtools-core: 5.3.2(bufferutil@4.1.0)(utf-8-validate@6.0.6) - react-refresh: 0.14.2 - react-shallow-renderer: 16.15.0(react@19.2.6) - regenerator-runtime: 0.13.11 - scheduler: 0.24.0-canary-efb381bbf-20230505 - stacktrace-parser: 0.1.11 - whatwg-fetch: 3.6.20 - ws: 6.2.3(bufferutil@4.1.0)(utf-8-validate@6.0.6) - yargs: 17.7.2 - optionalDependencies: - '@types/react': 19.2.14 - transitivePeerDependencies: - - '@babel/core' - - '@babel/preset-env' - - bufferutil - - encoding - - supports-color - - typescript - - utf-8-validate - react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6): dependencies: '@jest/create-cache-key-function': 29.7.0 - '@react-native-community/cli': 17.0.1(bufferutil@4.1.0)(typescript@5.9.3)(utf-8-validate@6.0.6) + '@react-native-community/cli': 17.0.1(bufferutil@4.1.0)(typescript@5.0.4)(utf-8-validate@6.0.6) '@react-native-community/cli-platform-android': 13.6.4 '@react-native-community/cli-platform-ios': 13.6.4 '@react-native/assets-registry': 0.74.81 @@ -11645,7 +11540,7 @@ snapshots: '@react-native/gradle-plugin': 0.74.81 '@react-native/js-polyfills': 0.74.81 '@react-native/normalize-colors': 0.74.81 - '@react-native/virtualized-lists': 0.74.81(@types/react@19.2.14)(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.9.3)(utf-8-validate@6.0.6))(react@19.2.6) + '@react-native/virtualized-lists': 0.74.81(@types/react@19.2.14)(react-native@0.74.0(@babel/core@7.29.0)(@babel/preset-env@7.29.5(@babel/core@7.29.0))(@types/react@19.2.14)(bufferutil@4.1.0)(react@19.2.6)(typescript@5.0.4)(utf-8-validate@6.0.6))(react@19.2.6) abort-controller: 3.0.0 anser: 1.4.10 ansi-regex: 5.0.1 diff --git a/with-crossmint/pnpm-workspace.yaml b/with-crossmint/pnpm-workspace.yaml index 183db4c..b5d9736 100644 --- a/with-crossmint/pnpm-workspace.yaml +++ b/with-crossmint/pnpm-workspace.yaml @@ -17,9 +17,9 @@ overrides: 'axios@>=1.0.0 <1.16.1': 1.16.1 '@react-native-community/cli@>=1.0.0 <17.0.1': 17.0.1 '@react-native-community/cli-server-api@>=1.0.0 <17.0.1': 17.0.1 + i18next@<=24.1.2: 24.1.2 # Block git/http/file-protocol subdependencies (pnpm 11 default; set explicitly). blockExoticSubdeps: true - # pnpm 11 blocks dependency build scripts by default (strictDepBuilds). # Allow the build scripts these trusted deps need. allowBuilds: From f199b69c731ef7f3db7e7731736e0889446c405f Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 16 Jun 2026 02:50:10 +0000 Subject: [PATCH 2/3] fix(security): update shell-quote from 1.8.3 to 1.8.4 Forces the patched shell-quote (>=1.8.4) for the GHSA-w7jw-789q-3m8p critical advisory, pulled in transitively via @crossmint/client-sdk-react-ui. Resolves the failing critical-gated pnpm audit for with-crossmint. --- with-crossmint/pnpm-lock.yaml | 13 +++++++------ with-crossmint/pnpm-workspace.yaml | 1 + 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/with-crossmint/pnpm-lock.yaml b/with-crossmint/pnpm-lock.yaml index 761251a..466ac26 100644 --- a/with-crossmint/pnpm-lock.yaml +++ b/with-crossmint/pnpm-lock.yaml @@ -10,6 +10,7 @@ overrides: '@react-native-community/cli@>=1.0.0 <17.0.1': 17.0.1 '@react-native-community/cli-server-api@>=1.0.0 <17.0.1': 17.0.1 i18next@<=24.1.2: 24.1.2 + shell-quote@>=1.1.0 <=1.8.3: 1.8.4 importers: @@ -4592,8 +4593,8 @@ packages: resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==} engines: {node: '>=8'} - shell-quote@1.8.3: - resolution: {integrity: sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==} + shell-quote@1.8.4: + resolution: {integrity: sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==} engines: {node: '>= 0.4'} side-channel-list@1.0.1: @@ -7791,7 +7792,7 @@ snapshots: open: 6.4.0 ora: 5.4.1 semver: 7.8.0 - shell-quote: 1.8.3 + shell-quote: 1.8.4 sudo-prompt: 9.2.1 transitivePeerDependencies: - encoding @@ -10686,7 +10687,7 @@ snapshots: launch-editor@2.13.2: dependencies: picocolors: 1.1.1 - shell-quote: 1.8.3 + shell-quote: 1.8.4 leven@3.1.0: {} @@ -11455,7 +11456,7 @@ snapshots: react-devtools-core@5.3.2(bufferutil@4.1.0)(utf-8-validate@6.0.6): dependencies: - shell-quote: 1.8.3 + shell-quote: 1.8.4 ws: 7.5.10(bufferutil@4.1.0)(utf-8-validate@6.0.6) transitivePeerDependencies: - bufferutil @@ -11842,7 +11843,7 @@ snapshots: shebang-regex@3.0.0: {} - shell-quote@1.8.3: {} + shell-quote@1.8.4: {} side-channel-list@1.0.1: dependencies: diff --git a/with-crossmint/pnpm-workspace.yaml b/with-crossmint/pnpm-workspace.yaml index b5d9736..e88288a 100644 --- a/with-crossmint/pnpm-workspace.yaml +++ b/with-crossmint/pnpm-workspace.yaml @@ -18,6 +18,7 @@ overrides: '@react-native-community/cli@>=1.0.0 <17.0.1': 17.0.1 '@react-native-community/cli-server-api@>=1.0.0 <17.0.1': 17.0.1 i18next@<=24.1.2: 24.1.2 + 'shell-quote@>=1.1.0 <=1.8.3': 1.8.4 # Block git/http/file-protocol subdependencies (pnpm 11 default; set explicitly). blockExoticSubdeps: true # pnpm 11 blocks dependency build scripts by default (strictDepBuilds). From 93568cab2d176b6b347e56ba8241f191fd6cfc94 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 16 Jun 2026 03:08:31 +0000 Subject: [PATCH 3/3] fix(security): update @angular/* to 21.2.17 and force ws>=8.21.0 in with-angular Completes the Dependabot @angular/common 21.2.13->21.2.17 bump (PR #34), which failed CI because it bumped @angular/common alone: @angular/core and the other framework packages stayed on 21.2.13, leaving the high-severity advisories unresolved and creating a peer-dependency mismatch (@angular/common@21.2.17 requires @angular/core@21.2.17). - Bump all @angular/* framework packages (common, compiler, core, forms, platform-browser, router, compiler-cli) to ^21.2.17 in lockstep. This clears the high advisories GHSA-rgjc-h3x7-9mwg, GHSA-39pv-4j6c-2g6v, GHSA-48r7-hpm6-gfxm, GHSA-p3vc-36g9-x9gr and GHSA-q6f4-qqrg-jv6x, all of which are only patched in >=21.2.17. - Exempt the @angular framework packages from the 7-day minimumReleaseAge gate: 21.2.17 is the sole patched release and is still inside the window, so the gate would otherwise block the fix. - Force ws>=8.21.0 via overrides to clear GHSA-96hv-2xvq-fx4p (memory exhaustion DoS) pulled in transitively through viem, the remaining high that kept the with-angular audit red. @angular/build and @angular/cli stay at 21.2.11 (no 21.2.17 exists; their ^21.0.0 peer ranges accept the bumped framework). Verified: pnpm audit --prod --audit-level=high reports no vulnerabilities, frozen-lockfile install is consistent, and ng build succeeds. --- with-angular/package.json | 14 +-- with-angular/pnpm-lock.yaml | 165 ++++++++++++++++--------------- with-angular/pnpm-workspace.yaml | 15 +++ 3 files changed, 106 insertions(+), 88 deletions(-) diff --git a/with-angular/package.json b/with-angular/package.json index 4ecd1dd..74dd204 100644 --- a/with-angular/package.json +++ b/with-angular/package.json @@ -12,12 +12,12 @@ "test": "ng test" }, "dependencies": { - "@angular/common": "^21.2.0", - "@angular/compiler": "^21.2.0", - "@angular/core": "^21.2.0", - "@angular/forms": "^21.2.0", - "@angular/platform-browser": "^21.2.0", - "@angular/router": "^21.2.0", + "@angular/common": "^21.2.17", + "@angular/compiler": "^21.2.17", + "@angular/core": "^21.2.17", + "@angular/forms": "^21.2.17", + "@angular/platform-browser": "^21.2.17", + "@angular/router": "^21.2.17", "@formo/analytics": "^1.32.0", "buffer": "^6.0.3", "rxjs": "~7.8.0", @@ -27,7 +27,7 @@ "devDependencies": { "@angular/build": "^21.2.11", "@angular/cli": "^21.2.11", - "@angular/compiler-cli": "^21.2.0", + "@angular/compiler-cli": "^21.2.17", "@ngx-env/builder": "^21.0.1", "jsdom": "^28.0.0", "prettier": "^3.8.1", diff --git a/with-angular/pnpm-lock.yaml b/with-angular/pnpm-lock.yaml index e5473b8..a2c857a 100644 --- a/with-angular/pnpm-lock.yaml +++ b/with-angular/pnpm-lock.yaml @@ -4,28 +4,31 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + ws@>=8.0.0 <8.21.0: 8.21.0 + importers: .: dependencies: '@angular/common': - specifier: ^21.2.0 - version: 21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2) + specifier: ^21.2.17 + version: 21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2) '@angular/compiler': - specifier: ^21.2.0 - version: 21.2.13 + specifier: ^21.2.17 + version: 21.2.17 '@angular/core': - specifier: ^21.2.0 - version: 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) + specifier: ^21.2.17 + version: 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) '@angular/forms': - specifier: ^21.2.0 - version: 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(rxjs@7.8.2) + specifier: ^21.2.17 + version: 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(rxjs@7.8.2) '@angular/platform-browser': - specifier: ^21.2.0 - version: 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)) + specifier: ^21.2.17 + version: 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)) '@angular/router': - specifier: ^21.2.0 - version: 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(rxjs@7.8.2) + specifier: ^21.2.17 + version: 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(rxjs@7.8.2) '@formo/analytics': specifier: ^1.32.0 version: 1.32.0(typescript@5.9.3)(viem@2.49.3(typescript@5.9.3)(zod@4.3.6)) @@ -44,16 +47,16 @@ importers: devDependencies: '@angular/build': specifier: ^21.2.11 - version: 21.2.11(@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3))(@angular/compiler@21.2.13)(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))) + version: 21.2.11(@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3))(@angular/compiler@21.2.17)(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))) '@angular/cli': specifier: ^21.2.11 version: 21.2.11(@types/node@25.8.0)(chokidar@5.0.0) '@angular/compiler-cli': - specifier: ^21.2.0 - version: 21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3) + specifier: ^21.2.17 + version: 21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3) '@ngx-env/builder': specifier: ^21.0.1 - version: 21.0.1(@angular/build@21.2.11(@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3))(@angular/compiler@21.2.13)(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))))(webpack@5.106.2(postcss@8.5.14)) + version: 21.0.1(@angular/build@21.2.11(@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3))(@angular/compiler@21.2.17)(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))))(webpack@5.106.2(postcss@8.5.14)) jsdom: specifier: ^28.0.0 version: 28.1.0(@noble/hashes@1.8.0) @@ -204,33 +207,33 @@ packages: engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0, npm: ^6.11.0 || ^7.5.6 || >=8.0.0, yarn: '>= 1.13.0'} hasBin: true - '@angular/common@21.2.13': - resolution: {integrity: sha512-fNvRmGAX0zbsLX/kJjgb6l8HAuGTpfYRNc06taTCIvED2RsRpfwrh79IxYlPBspr+hpFbHa0/kxU6Q5I8V0jKQ==} + '@angular/common@21.2.17': + resolution: {integrity: sha512-hqAQxRfi5ldFE42suAXRcY+JCANrUh7fuSQ/DtZ7L896id5BT/exuv6dWNBC1PyAfQmRbpD5Pt6/pd+tNLyhDQ==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} peerDependencies: - '@angular/core': 21.2.13 + '@angular/core': 21.2.17 rxjs: ^6.5.3 || ^7.4.0 - '@angular/compiler-cli@21.2.13': - resolution: {integrity: sha512-ueETJy2ZcXZ4a0aLEr+oPMw26f8Hn903WC4QN0MCH+sLB9Zustpzydqtmzo5mdSzwuoLoxcesYJTZFmpwD1xIQ==} + '@angular/compiler-cli@21.2.17': + resolution: {integrity: sha512-KithZ3b0HBFH0NbUcswBcjpN9y09vLbarMD7qmGWTnGUBk4W8cn4sbT8zJyv9CRKg9ZcuUBeJYKUfUPn/u/5OQ==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} hasBin: true peerDependencies: - '@angular/compiler': 21.2.13 + '@angular/compiler': 21.2.17 typescript: '>=5.9 <6.1' peerDependenciesMeta: typescript: optional: true - '@angular/compiler@21.2.13': - resolution: {integrity: sha512-0OZk5ujHgowRme3iXJ1Ce1OI3eTDcGovBARBiyJT0E8kt9Y0TdQdGaYMRrNN1UzDv4hk8f1d/xVeF0BpMTvqPQ==} + '@angular/compiler@21.2.17': + resolution: {integrity: sha512-p+NdjYiwAz9Zmu2yul0LlMXaFjMISVVa24+/MVMoKFeQeI82QE8jDywPlnOSHQHvdCcQVpS7saeEriZzX3JuBQ==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} - '@angular/core@21.2.13': - resolution: {integrity: sha512-23tS4oNL8nvkHcI4l9rbruQs2WS4yqQmBVQxWakqS9cmRpArLGgveR+hKNU5tPXm5EAi8oLO34/Zy7z70jUpCg==} + '@angular/core@21.2.17': + resolution: {integrity: sha512-wYHpwIdnUnjQFOJJNqRcGx7LS3u64jT+R9L0TnMR/ViBM9dQgGYImlSikkftg2yrFCNo5aKRxhG2LLskQurVdg==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} peerDependencies: - '@angular/compiler': 21.2.13 + '@angular/compiler': 21.2.17 rxjs: ^6.5.3 || ^7.4.0 zone.js: ~0.15.0 || ~0.16.0 peerDependenciesMeta: @@ -239,33 +242,33 @@ packages: zone.js: optional: true - '@angular/forms@21.2.13': - resolution: {integrity: sha512-efAKdL8eVRlGvcJWrUFcYyRE/togWfopUTw2D5TIkDAndnmmRaWA70wD4n/E1FFV5UdxSBxoyEYE0qVlPiewtQ==} + '@angular/forms@21.2.17': + resolution: {integrity: sha512-WKu8XeRSNZo+a+aDDZ3M5OtReF7KYqR/PmZ2l1lSf6N5EEAmc+Ky4aqbRhTL/mTSfHrO4+TDJ4C5A2tFmuwIeA==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} peerDependencies: - '@angular/common': 21.2.13 - '@angular/core': 21.2.13 - '@angular/platform-browser': 21.2.13 + '@angular/common': 21.2.17 + '@angular/core': 21.2.17 + '@angular/platform-browser': 21.2.17 rxjs: ^6.5.3 || ^7.4.0 - '@angular/platform-browser@21.2.13': - resolution: {integrity: sha512-96rcwLHsklqAYRuS2SEBOUdQS5PLkuUIEEIjpYu4rxU2PVvOMapJEImM/QBxrbwjnCgRbj/CivkgfjiR0R0wSA==} + '@angular/platform-browser@21.2.17': + resolution: {integrity: sha512-ROdSliejY37g1EphYmweYdm5cHM8HY3X4tbWt4ubxmhTyYgfN3nxrxfGQ/n7Mz5tDY9VXVLIGDgjLOGYOo4uTQ==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} peerDependencies: - '@angular/animations': 21.2.13 - '@angular/common': 21.2.13 - '@angular/core': 21.2.13 + '@angular/animations': 21.2.17 + '@angular/common': 21.2.17 + '@angular/core': 21.2.17 peerDependenciesMeta: '@angular/animations': optional: true - '@angular/router@21.2.13': - resolution: {integrity: sha512-/JXtdhUH/rDGiJmUNrrbs52Aji4sygVCz5HIBujrnj3cjreKam7n98Ufkh0aZvAKybdGd5A8srNUFePzAvfExQ==} + '@angular/router@21.2.17': + resolution: {integrity: sha512-RSCtK5ppAV6y6wfRLHSK2a9Wc/vm8j0wsC+/j9PH9yQmppWFVXDWsg5E39MKOIpnoYVx2+hI6eak6+wYtZTe1A==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} peerDependencies: - '@angular/common': 21.2.13 - '@angular/core': 21.2.13 - '@angular/platform-browser': 21.2.13 + '@angular/common': 21.2.17 + '@angular/core': 21.2.17 + '@angular/platform-browser': 21.2.17 rxjs: ^6.5.3 || ^7.4.0 '@asamuzakjp/css-color@5.1.11': @@ -2174,7 +2177,7 @@ packages: isows@1.0.7: resolution: {integrity: sha512-I1fSfDCZL5P0v33sVqeTDSpcstAg/N+wF5HS033mogOVIp4B+oHC7oOCsA3axAbBSGTJ8QubbNmnIRN/h8U7hg==} peerDependencies: - ws: '*' + ws: 8.21.0 istanbul-lib-coverage@3.2.2: resolution: {integrity: sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==} @@ -3108,8 +3111,8 @@ packages: wrappy@1.0.2: resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - ws@8.18.3: - resolution: {integrity: sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==} + ws@8.21.0: + resolution: {integrity: sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==} engines: {node: '>=10.0.0'} peerDependencies: bufferutil: ^4.0.1 @@ -3292,12 +3295,12 @@ snapshots: transitivePeerDependencies: - chokidar - '@angular/build@21.2.11(@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3))(@angular/compiler@21.2.13)(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1)))': + '@angular/build@21.2.11(@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3))(@angular/compiler@21.2.17)(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1)))': dependencies: '@ampproject/remapping': 2.3.0 '@angular-devkit/architect': 0.2102.11(chokidar@5.0.0) - '@angular/compiler': 21.2.13 - '@angular/compiler-cli': 21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3) + '@angular/compiler': 21.2.17 + '@angular/compiler-cli': 21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3) '@babel/core': 7.29.0 '@babel/helper-annotate-as-pure': 7.27.3 '@babel/helper-split-export-declaration': 7.24.7 @@ -3326,8 +3329,8 @@ snapshots: vite: 7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1) watchpack: 2.5.1 optionalDependencies: - '@angular/core': 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) - '@angular/platform-browser': 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)) + '@angular/core': 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) + '@angular/platform-browser': 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)) lmdb: 3.5.1 postcss: 8.5.14 vitest: 4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1)) @@ -3372,15 +3375,15 @@ snapshots: - chokidar - supports-color - '@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2)': + '@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2)': dependencies: - '@angular/core': 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) + '@angular/core': 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) rxjs: 7.8.2 tslib: 2.8.1 - '@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3)': + '@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3)': dependencies: - '@angular/compiler': 21.2.13 + '@angular/compiler': 21.2.17 '@babel/core': 7.29.0 '@jridgewell/sourcemap-codec': 1.5.5 chokidar: 5.0.0 @@ -3394,37 +3397,37 @@ snapshots: transitivePeerDependencies: - supports-color - '@angular/compiler@21.2.13': + '@angular/compiler@21.2.17': dependencies: tslib: 2.8.1 - '@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)': + '@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)': dependencies: rxjs: 7.8.2 tslib: 2.8.1 optionalDependencies: - '@angular/compiler': 21.2.13 + '@angular/compiler': 21.2.17 - '@angular/forms@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(rxjs@7.8.2)': + '@angular/forms@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(rxjs@7.8.2)': dependencies: - '@angular/common': 21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2) - '@angular/core': 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) - '@angular/platform-browser': 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)) + '@angular/common': 21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2) + '@angular/core': 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) + '@angular/platform-browser': 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)) '@standard-schema/spec': 1.1.0 rxjs: 7.8.2 tslib: 2.8.1 - '@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))': + '@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))': dependencies: - '@angular/common': 21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2) - '@angular/core': 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) + '@angular/common': 21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2) + '@angular/core': 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) tslib: 2.8.1 - '@angular/router@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(rxjs@7.8.2)': + '@angular/router@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(rxjs@7.8.2)': dependencies: - '@angular/common': 21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2) - '@angular/core': 21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2) - '@angular/platform-browser': 21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)) + '@angular/common': 21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2) + '@angular/core': 21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2) + '@angular/platform-browser': 21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)) rxjs: 7.8.2 tslib: 2.8.1 @@ -4027,9 +4030,9 @@ snapshots: '@tybys/wasm-util': 0.10.2 optional: true - '@ngx-env/builder@21.0.1(@angular/build@21.2.11(@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3))(@angular/compiler@21.2.13)(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))))(webpack@5.106.2(postcss@8.5.14))': + '@ngx-env/builder@21.0.1(@angular/build@21.2.11(@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3))(@angular/compiler@21.2.17)(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))))(webpack@5.106.2(postcss@8.5.14))': dependencies: - '@angular/build': 21.2.11(@angular/compiler-cli@21.2.13(@angular/compiler@21.2.13)(typescript@5.9.3))(@angular/compiler@21.2.13)(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(@angular/platform-browser@21.2.13(@angular/common@21.2.13(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.13(@angular/compiler@21.2.13)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))) + '@angular/build': 21.2.11(@angular/compiler-cli@21.2.17(@angular/compiler@21.2.17)(typescript@5.9.3))(@angular/compiler@21.2.17)(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(@angular/platform-browser@21.2.17(@angular/common@21.2.17(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2))(rxjs@7.8.2))(@angular/core@21.2.17(@angular/compiler@21.2.17)(rxjs@7.8.2)))(@emnapi/core@1.10.0)(@emnapi/runtime@1.10.0)(@types/node@25.8.0)(chokidar@5.0.0)(postcss@8.5.14)(terser@5.47.1)(tslib@2.8.1)(typescript@5.9.3)(vitest@4.1.6(@types/node@25.8.0)(jsdom@28.1.0(@noble/hashes@1.8.0))(vite@7.3.2(@types/node@25.8.0)(sass@1.97.3)(terser@5.47.1))) glob: 10.5.0 optionalDependencies: '@dotenv-run/webpack': 1.5.2(webpack@5.106.2(postcss@8.5.14)) @@ -4060,7 +4063,7 @@ snapshots: '@npmcli/fs@5.0.0': dependencies: - semver: 7.7.4 + semver: 7.8.0 '@npmcli/git@7.0.2': dependencies: @@ -4070,7 +4073,7 @@ snapshots: lru-cache: 11.3.6 npm-pick-manifest: 11.0.3 proc-log: 6.1.0 - semver: 7.7.4 + semver: 7.8.0 which: 6.0.1 '@npmcli/installed-package-contents@4.0.0': @@ -4087,7 +4090,7 @@ snapshots: hosted-git-info: 9.0.3 json-parse-even-better-errors: 5.0.0 proc-log: 6.1.0 - semver: 7.7.4 + semver: 7.8.0 spdx-expression-parse: 4.0.0 '@npmcli/promise-spawn@9.0.1': @@ -5210,9 +5213,9 @@ snapshots: isexe@4.0.0: {} - isows@1.0.7(ws@8.18.3): + isows@1.0.7(ws@8.21.0): dependencies: - ws: 8.18.3 + ws: 8.21.0 istanbul-lib-coverage@3.2.2: {} @@ -5474,7 +5477,7 @@ snapshots: graceful-fs: 4.2.11 nopt: 9.0.0 proc-log: 6.1.0 - semver: 7.7.4 + semver: 7.8.0 tar: 7.5.15 tinyglobby: 0.2.16 undici: 6.25.0 @@ -5492,7 +5495,7 @@ snapshots: npm-install-checks@8.0.0: dependencies: - semver: 7.7.4 + semver: 7.8.0 npm-normalize-package-bin@5.0.0: {} @@ -5513,7 +5516,7 @@ snapshots: npm-install-checks: 8.0.0 npm-normalize-package-bin: 5.0.0 npm-package-arg: 13.0.2 - semver: 7.7.4 + semver: 7.8.0 npm-registry-fetch@19.1.1: dependencies: @@ -6097,9 +6100,9 @@ snapshots: '@scure/bip32': 1.7.0 '@scure/bip39': 1.6.0 abitype: 1.2.3(typescript@5.9.3)(zod@4.3.6) - isows: 1.0.7(ws@8.18.3) + isows: 1.0.7(ws@8.21.0) ox: 0.14.20(typescript@5.9.3)(zod@4.3.6) - ws: 8.18.3 + ws: 8.21.0 optionalDependencies: typescript: 5.9.3 transitivePeerDependencies: @@ -6256,7 +6259,7 @@ snapshots: wrappy@1.0.2: {} - ws@8.18.3: {} + ws@8.21.0: {} xml-name-validator@5.0.0: {} diff --git a/with-angular/pnpm-workspace.yaml b/with-angular/pnpm-workspace.yaml index dc92a8c..1c48837 100644 --- a/with-angular/pnpm-workspace.yaml +++ b/with-angular/pnpm-workspace.yaml @@ -7,6 +7,21 @@ minimumReleaseAgeExclude: - "@formo/analytics" - "tldts" - "tldts-core" + # Angular ships security patches (21.2.17 fixes GHSA-rgjc-h3x7-9mwg, + # GHSA-39pv-4j6c-2g6v and related high advisories) that must be adopted + # before the 7-day gate elapses; exempt the framework packages so the + # only patched release can be installed in lockstep. + - "@angular/common" + - "@angular/compiler" + - "@angular/compiler-cli" + - "@angular/core" + - "@angular/forms" + - "@angular/platform-browser" + - "@angular/router" +# Security: force patched transitive versions (CVE remediation). +overrides: + # ws <8.21.0: memory-exhaustion DoS (GHSA-96hv-2xvq-fx4p), pulled in via viem. + 'ws@>=8.0.0 <8.21.0': 8.21.0 # Block git/http/file-protocol subdependencies (pnpm 11 default; set explicitly). blockExoticSubdeps: true