From 33ebbf0bfffe74ba085218c27fdc95e5a16d0ff7 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Thu, 2 Jul 2026 09:34:06 -0400 Subject: [PATCH 1/2] chore: resolve open dependabot security alerts - js-yaml 4.1.0 -> 4.3.0 (medium, alert #220) - webpack-dev-server 5.2.4 -> 5.2.5 (medium, alert #219) - http-proxy-middleware 2.0.9 -> 2.0.10 (medium, alert #218) - dompurify 3.4.6 -> 3.4.11 (medium/low, alerts #217, #216, #215, #214, #212) - form-data 4.0.5 -> 4.0.6 (high, alert #211) - tar 7.5.11 -> 7.5.19 (medium, alert #210) - launch-editor 2.13.1 -> 2.14.1 (medium, alert #209) - @babel/core 7.28.3 -> 7.29.7 (low, alert #207) - ws 7.5.10 -> 7.5.11 (high, alert #206) --- .gitignore | 1 + package.json | 11 ++- yarn.lock | 208 +++++++++++++++++++++++++-------------------------- 3 files changed, 114 insertions(+), 106 deletions(-) diff --git a/.gitignore b/.gitignore index b3ad9e33..b46a1368 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,4 @@ website/i18n/**/* package-lock.json .vercel .env +.worktrees/ diff --git a/package.json b/package.json index 3998778e..1ec0cdcb 100644 --- a/package.json +++ b/package.json @@ -78,9 +78,18 @@ "fast-xml-parser": "^5.7.0", "fast-xml-builder": "^1.1.7", "uuid": "^11.1.1", + "ws@^7.3.1": "^7.5.11", "ws@^8.18.0": "^8.21.0", "postcss": "^8.5.12", "shell-quote": "^1.8.4", - "joi": "^17.13.4" + "joi": "^17.13.4", + "js-yaml": "^4.2.0", + "dompurify": "^3.4.11", + "form-data": "^4.0.6", + "tar": "^7.5.16", + "launch-editor": "^2.14.1", + "@babel/core": "^7.29.6", + "http-proxy-middleware": "^2.0.10", + "webpack-dev-server": "^5.2.5" } } diff --git a/yarn.lock b/yarn.lock index 62de8a55..d4712042 100644 --- a/yarn.lock +++ b/yarn.lock @@ -204,16 +204,6 @@ __metadata: languageName: node linkType: hard -"@ampproject/remapping@npm:^2.2.0": - version: 2.3.0 - resolution: "@ampproject/remapping@npm:2.3.0" - dependencies: - "@jridgewell/gen-mapping": "npm:^0.3.5" - "@jridgewell/trace-mapping": "npm:^0.3.24" - checksum: 10/f3451525379c68a73eb0a1e65247fbf28c0cccd126d93af21c75fceff77773d43c0d4a2d51978fb131aff25b5f2cb41a9fe48cc296e61ae65e679c4f6918b0ab - languageName: node - linkType: hard - "@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.27.1": version: 7.27.1 resolution: "@babel/code-frame@npm:7.27.1" @@ -243,26 +233,33 @@ __metadata: languageName: node linkType: hard -"@babel/core@npm:^7.21.3, @babel/core@npm:^7.25.9": - version: 7.28.3 - resolution: "@babel/core@npm:7.28.3" +"@babel/compat-data@npm:^7.29.7": + version: 7.29.7 + resolution: "@babel/compat-data@npm:7.29.7" + checksum: 10/ad2272714087f68970977f6e2b53597a8503fc9c3028c4a91686474bd77a707dd00903cdde4b73788972016d1bad4dc3fa4e5ff38e1ed8f1c3bde1095352973a + languageName: node + linkType: hard + +"@babel/core@npm:^7.29.6": + version: 7.29.7 + resolution: "@babel/core@npm:7.29.7" dependencies: - "@ampproject/remapping": "npm:^2.2.0" - "@babel/code-frame": "npm:^7.27.1" - "@babel/generator": "npm:^7.28.3" - "@babel/helper-compilation-targets": "npm:^7.27.2" - "@babel/helper-module-transforms": "npm:^7.28.3" - "@babel/helpers": "npm:^7.28.3" - "@babel/parser": "npm:^7.28.3" - "@babel/template": "npm:^7.27.2" - "@babel/traverse": "npm:^7.28.3" - "@babel/types": "npm:^7.28.2" + "@babel/code-frame": "npm:^7.29.7" + "@babel/generator": "npm:^7.29.7" + "@babel/helper-compilation-targets": "npm:^7.29.7" + "@babel/helper-module-transforms": "npm:^7.29.7" + "@babel/helpers": "npm:^7.29.7" + "@babel/parser": "npm:^7.29.7" + "@babel/template": "npm:^7.29.7" + "@babel/traverse": "npm:^7.29.7" + "@babel/types": "npm:^7.29.7" + "@jridgewell/remapping": "npm:^2.3.5" convert-source-map: "npm:^2.0.0" debug: "npm:^4.1.0" gensync: "npm:^1.0.0-beta.2" json5: "npm:^2.2.3" semver: "npm:^6.3.1" - checksum: 10/0faded84edcfd80f9a5ccc35abd46267360bba23ac295291becc8b8f9c95220f1914491b83b15e297201b19af78bbaf2ad48c2dc9d86b92f3f16a06938de8c72 + checksum: 10/38e71cf81db790b0bb2a3a0c8140c2b1c87576b61dc6be676de4fab8c3be871af590a739e8c489fe8e8f9a8e5899fa11e35e59e9e09d40b259c6a675f2f98928 languageName: node linkType: hard @@ -314,6 +311,19 @@ __metadata: languageName: node linkType: hard +"@babel/helper-compilation-targets@npm:^7.29.7": + version: 7.29.7 + resolution: "@babel/helper-compilation-targets@npm:7.29.7" + dependencies: + "@babel/compat-data": "npm:^7.29.7" + "@babel/helper-validator-option": "npm:^7.29.7" + browserslist: "npm:^4.24.0" + lru-cache: "npm:^5.1.1" + semver: "npm:^6.3.1" + checksum: 10/af9ed4299ad5cfbe48432a964f37cbbfc200bbeb0f8ba9cbc86448503fa929382d5161d32096274752230c9feb919c9ef595559498833da656fc6a8e24a62383 + languageName: node + linkType: hard + "@babel/helper-create-class-features-plugin@npm:^7.27.1, @babel/helper-create-class-features-plugin@npm:^7.28.3": version: 7.28.3 resolution: "@babel/helper-create-class-features-plugin@npm:7.28.3" @@ -403,7 +413,7 @@ __metadata: languageName: node linkType: hard -"@babel/helper-module-transforms@npm:^7.27.1, @babel/helper-module-transforms@npm:^7.28.3": +"@babel/helper-module-transforms@npm:^7.27.1": version: 7.28.3 resolution: "@babel/helper-module-transforms@npm:7.28.3" dependencies: @@ -523,6 +533,13 @@ __metadata: languageName: node linkType: hard +"@babel/helper-validator-option@npm:^7.29.7": + version: 7.29.7 + resolution: "@babel/helper-validator-option@npm:7.29.7" + checksum: 10/aeb6aa966f59300d3cc2fea7c68e1dfd7ad011fc10e535c8e2b2de3094b27c859428dc7220f16420350f8b1cde99da120b673be04bcb0c2f37b56258c96bed58 + languageName: node + linkType: hard + "@babel/helper-wrap-function@npm:^7.27.1": version: 7.28.3 resolution: "@babel/helper-wrap-function@npm:7.28.3" @@ -534,13 +551,13 @@ __metadata: languageName: node linkType: hard -"@babel/helpers@npm:^7.28.3": - version: 7.28.3 - resolution: "@babel/helpers@npm:7.28.3" +"@babel/helpers@npm:^7.29.7": + version: 7.29.7 + resolution: "@babel/helpers@npm:7.29.7" dependencies: - "@babel/template": "npm:^7.27.2" - "@babel/types": "npm:^7.28.2" - checksum: 10/6d39031bf07a001c731e5e23e024b3d5e4885a140ce7d46e17f10f0d819f8bdb974204b3aa7127e95b63a009abf0df0d81573ceeac6a8f9a3b28bde3d2e16dd1 + "@babel/template": "npm:^7.29.7" + "@babel/types": "npm:^7.29.7" + checksum: 10/b4d1ef12c19e896585c009ba29677839097ff04f8b11a2430d335c3fb6bd667b4f9e96a3b185a083fdde6b1137eabbbf2600c32425cb69cefc81d81d5cfe425d languageName: node linkType: hard @@ -3387,6 +3404,16 @@ __metadata: languageName: node linkType: hard +"@jridgewell/remapping@npm:^2.3.5": + version: 2.3.5 + resolution: "@jridgewell/remapping@npm:2.3.5" + dependencies: + "@jridgewell/gen-mapping": "npm:^0.3.5" + "@jridgewell/trace-mapping": "npm:^0.3.24" + checksum: 10/c2bb01856e65b506d439455f28aceacf130d6c023d1d4e3b48705e88def3571753e1a887daa04b078b562316c92d26ce36408a60534bceca3f830aec88a339ad + languageName: node + linkType: hard + "@jridgewell/resolve-uri@npm:^3.1.0": version: 3.1.2 resolution: "@jridgewell/resolve-uri@npm:3.1.2" @@ -5167,15 +5194,6 @@ __metadata: languageName: node linkType: hard -"argparse@npm:^1.0.7": - version: 1.0.10 - resolution: "argparse@npm:1.0.10" - dependencies: - sprintf-js: "npm:~1.0.2" - checksum: 10/c6a621343a553ff3779390bb5ee9c2263d6643ebcd7843227bdde6cc7adbed796eb5540ca98db19e3fd7b4714e1faa51551f8849b268bb62df27ddb15cbcd91e - languageName: node - linkType: hard - "argparse@npm:^2.0.1": version: 2.0.1 resolution: "argparse@npm:2.0.1" @@ -6865,15 +6883,15 @@ __metadata: languageName: node linkType: hard -"dompurify@npm:^3.0.6": - version: 3.4.6 - resolution: "dompurify@npm:3.4.6" +"dompurify@npm:^3.4.11": + version: 3.4.11 + resolution: "dompurify@npm:3.4.11" dependencies: "@types/trusted-types": "npm:^2.0.7" dependenciesMeta: "@types/trusted-types": optional: true - checksum: 10/950bfadc9ad6ee5706ccdfde09313c9c8f6a299206f77ccb621b1355947443753163031770cbb46236f1b6910e57e6710c34970b13c8a9e0fd7c93fac77c4815 + checksum: 10/d0473e1a22ed9cc23d86ef426717bce866913d1a725512a9478985bd917b272e0faba5f1d6ad8b2e37f3f4219206c4385162d7c984cfedcd23396e1e6ae0bc5e languageName: node linkType: hard @@ -7201,16 +7219,6 @@ __metadata: languageName: node linkType: hard -"esprima@npm:^4.0.0": - version: 4.0.1 - resolution: "esprima@npm:4.0.1" - bin: - esparse: ./bin/esparse.js - esvalidate: ./bin/esvalidate.js - checksum: 10/f1d3c622ad992421362294f7acf866aa9409fbad4eb2e8fa230bd33944ce371d32279667b242d8b8907ec2b6ad7353a717f3c0e60e748873a34a7905174bc0eb - languageName: node - linkType: hard - "esrecurse@npm:^4.3.0": version: 4.3.0 resolution: "esrecurse@npm:4.3.0" @@ -7664,16 +7672,16 @@ __metadata: languageName: node linkType: hard -"form-data@npm:^4.0.5": - version: 4.0.5 - resolution: "form-data@npm:4.0.5" +"form-data@npm:^4.0.6": + version: 4.0.6 + resolution: "form-data@npm:4.0.6" dependencies: asynckit: "npm:^0.4.0" combined-stream: "npm:^1.0.8" es-set-tostringtag: "npm:^2.1.0" - hasown: "npm:^2.0.2" - mime-types: "npm:^2.1.12" - checksum: 10/52ecd6e927c8c4e215e68a7ad5e0f7c1031397439672fd9741654b4a94722c4182e74cc815b225dcb5be3f4180f36428f67c6dd39eaa98af0dcfdd26c00c19cd + hasown: "npm:^2.0.4" + mime-types: "npm:^2.1.35" + checksum: 10/de6614c8537c92fa5fa3ee7e827758f98f5a9c033f348b7de81855ef36e5cb867e75d9f405d9483ab8d724a4a20d4e79926a299fa8dbba38f530eb659f0884e4 languageName: node linkType: hard @@ -8016,6 +8024,15 @@ __metadata: languageName: node linkType: hard +"hasown@npm:^2.0.4": + version: 2.0.4 + resolution: "hasown@npm:2.0.4" + dependencies: + function-bind: "npm:^1.1.2" + checksum: 10/13823863ae48161068b4c51606a3128451c66f14545a5169d667fe9fca168dcd38c27570c7a299e32ef844b8da3d55def7fe88602f8970d4311fb543ee88001a + languageName: node + linkType: hard + "hast-util-from-parse5@npm:^8.0.0, hast-util-from-parse5@npm:^8.0.1": version: 8.0.3 resolution: "hast-util-from-parse5@npm:8.0.3" @@ -8346,9 +8363,9 @@ __metadata: languageName: node linkType: hard -"http-proxy-middleware@npm:^2.0.9": - version: 2.0.9 - resolution: "http-proxy-middleware@npm:2.0.9" +"http-proxy-middleware@npm:^2.0.10": + version: 2.0.10 + resolution: "http-proxy-middleware@npm:2.0.10" dependencies: "@types/http-proxy": "npm:^1.17.8" http-proxy: "npm:^1.18.1" @@ -8360,7 +8377,7 @@ __metadata: peerDependenciesMeta: "@types/express": optional: true - checksum: 10/4ece416a91d52e96f8136c5f4abfbf7ac2f39becbad21fa8b158a12d7e7d8f808287ff1ae342b903fd1f15f2249dee87fabc09e1f0e73106b83331c496d67660 + checksum: 10/efa8b5d4dec112fba5f6741df33a926818f87156f44dee425e653284c20844f3a9f2af88042a7d4ef297161479e1549302dea693bce23123fa2da07420fa2214 languageName: node linkType: hard @@ -8949,26 +8966,14 @@ __metadata: languageName: node linkType: hard -"js-yaml@npm:^3.13.1": - version: 3.14.2 - resolution: "js-yaml@npm:3.14.2" - dependencies: - argparse: "npm:^1.0.7" - esprima: "npm:^4.0.0" - bin: - js-yaml: bin/js-yaml.js - checksum: 10/172e0b6007b0bf0fc8d2469c94424f7dd765c64a047d2b790831fecef2204a4054eabf4d911eb73ab8c9a3256ab8ba1ee8d655b789bf24bf059c772acc2075a1 - languageName: node - linkType: hard - -"js-yaml@npm:^4.1.0": - version: 4.1.0 - resolution: "js-yaml@npm:4.1.0" +"js-yaml@npm:^4.2.0": + version: 4.3.0 + resolution: "js-yaml@npm:4.3.0" dependencies: argparse: "npm:^2.0.1" bin: js-yaml: bin/js-yaml.js - checksum: 10/c138a34a3fd0d08ebaf71273ad4465569a483b8a639e0b118ff65698d257c2791d3199e3f303631f2cb98213fa7b5f5d6a4621fd0fff819421b990d30d967140 + checksum: 10/2bcec3a8118d7f744badeb04e14366578d234a736f353d41fe35d2305e4ce2409a8e041d277f07cd6bbc8aaa12128d650a68ce43247072519bede20962d2126f languageName: node linkType: hard @@ -9081,13 +9086,13 @@ __metadata: languageName: node linkType: hard -"launch-editor@npm:^2.6.1": - version: 2.13.1 - resolution: "launch-editor@npm:2.13.1" +"launch-editor@npm:^2.14.1": + version: 2.14.1 + resolution: "launch-editor@npm:2.14.1" dependencies: picocolors: "npm:^1.1.1" - shell-quote: "npm:^1.8.3" - checksum: 10/641aafaad6bafe5d33a13d89eff29082b032c1c5c1aa19fb9fa3b54ffcf26a3419f461a7583f6450bd5b11863b061b60049e38c2d5135492bf46f2ed3a2cbc0e + shell-quote: "npm:^1.8.4" + checksum: 10/335d12ca437280e77070657531c251b6c91c62bc653f70ab66ddd2a6e50131b1b043480411c5b93d54955a0a6eb8ec01e9a5b5cfe2d887341d878d19394a126b languageName: node linkType: hard @@ -10168,7 +10173,7 @@ __metadata: languageName: node linkType: hard -"mime-types@npm:^2.1.12, mime-types@npm:^2.1.27, mime-types@npm:~2.1.17, mime-types@npm:~2.1.24, mime-types@npm:~2.1.34": +"mime-types@npm:^2.1.27, mime-types@npm:^2.1.35, mime-types@npm:~2.1.17, mime-types@npm:~2.1.24, mime-types@npm:~2.1.34": version: 2.1.35 resolution: "mime-types@npm:2.1.35" dependencies: @@ -13849,13 +13854,6 @@ __metadata: languageName: node linkType: hard -"sprintf-js@npm:~1.0.2": - version: 1.0.3 - resolution: "sprintf-js@npm:1.0.3" - checksum: 10/c34828732ab8509c2741e5fd1af6b767c3daf2c642f267788f933a65b1614943c282e74c4284f4fa749c264b18ee016a0d37a3e5b73aee446da46277d3a85daa - languageName: node - linkType: hard - "srcset@npm:^4.0.0": version: 4.0.0 resolution: "srcset@npm:4.0.0" @@ -14208,16 +14206,16 @@ __metadata: languageName: node linkType: hard -"tar@npm:^7.4.3": - version: 7.5.11 - resolution: "tar@npm:7.5.11" +"tar@npm:^7.5.16": + version: 7.5.19 + resolution: "tar@npm:7.5.19" dependencies: "@isaacs/fs-minipass": "npm:^4.0.0" chownr: "npm:^3.0.0" minipass: "npm:^7.1.2" minizlib: "npm:^3.1.0" yallist: "npm:^5.0.0" - checksum: 10/fb2e77ee858a73936c68e066f4a602d428d6f812e6da0cc1e14a41f99498e4f7fd3535e355fa15157240a5538aa416026cfa6306bb0d1d1c1abf314b1f878e9a + checksum: 10/0b06a0917fe68a4dff361e147db30fd67ae2ee85ab2863d62046a6ccef46f0d1906eed20f92277a436300eaaa0e3cd31d8763d7f02fa389f41d7966e58388db8 languageName: node linkType: hard @@ -14933,9 +14931,9 @@ __metadata: languageName: node linkType: hard -"webpack-dev-server@npm:^5.2.2": - version: 5.2.4 - resolution: "webpack-dev-server@npm:5.2.4" +"webpack-dev-server@npm:^5.2.5": + version: 5.2.5 + resolution: "webpack-dev-server@npm:5.2.5" dependencies: "@types/bonjour": "npm:^3.5.13" "@types/connect-history-api-fallback": "npm:^1.5.4" @@ -14974,7 +14972,7 @@ __metadata: optional: true bin: webpack-dev-server: bin/webpack-dev-server.js - checksum: 10/5e5382f8cc7a73e2957542de0c755769548cbca8e7c6d17ed6b526364f11af35025be74f03827afa6723ccbdcc93730b0a0a59882d332fb3c6694a6d290c41e7 + checksum: 10/2bd8e03615c32ecac53e783e2be5670ccac051d051ef4ed7fe944df8fd8745b508c8ebc63bfecfdccd23c2200ca4c373b22ea2da76ce4e1c0a6f58d900c11ecb languageName: node linkType: hard @@ -15163,9 +15161,9 @@ __metadata: languageName: node linkType: hard -"ws@npm:^7.3.1": - version: 7.5.10 - resolution: "ws@npm:7.5.10" +"ws@npm:^7.5.11": + version: 7.5.11 + resolution: "ws@npm:7.5.11" peerDependencies: bufferutil: ^4.0.1 utf-8-validate: ^5.0.2 @@ -15174,7 +15172,7 @@ __metadata: optional: true utf-8-validate: optional: true - checksum: 10/9c796b84ba80ffc2c2adcdfc9c8e9a219ba99caa435c9a8d45f9ac593bba325563b3f83edc5eb067cc6d21b9a6bf2c930adf76dd40af5f58a5ca6859e81858f0 + checksum: 10/486141e4a01bb75883f9ba39317309c2427e24db1cb75e340fad6e5886b65c03d994a34209f0e4ba06dd6cb9ec95dd1b6a09c52c05eed9a34d6376f4fbbf617c languageName: node linkType: hard From 04a5e5f592688a631353848fb69d9f3829f46379 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Thu, 2 Jul 2026 09:40:09 -0400 Subject: [PATCH 2/2] fix: scope js-yaml resolution to ^4.x to avoid breaking gray-matter --- package.json | 2 +- yarn.lock | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 1ec0cdcb..8f7808ab 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,7 @@ "postcss": "^8.5.12", "shell-quote": "^1.8.4", "joi": "^17.13.4", - "js-yaml": "^4.2.0", + "js-yaml@^4.1.0": "^4.2.0", "dompurify": "^3.4.11", "form-data": "^4.0.6", "tar": "^7.5.16", diff --git a/yarn.lock b/yarn.lock index d4712042..2d55b6ff 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5194,6 +5194,15 @@ __metadata: languageName: node linkType: hard +"argparse@npm:^1.0.7": + version: 1.0.10 + resolution: "argparse@npm:1.0.10" + dependencies: + sprintf-js: "npm:~1.0.2" + checksum: 10/c6a621343a553ff3779390bb5ee9c2263d6643ebcd7843227bdde6cc7adbed796eb5540ca98db19e3fd7b4714e1faa51551f8849b268bb62df27ddb15cbcd91e + languageName: node + linkType: hard + "argparse@npm:^2.0.1": version: 2.0.1 resolution: "argparse@npm:2.0.1" @@ -7219,6 +7228,16 @@ __metadata: languageName: node linkType: hard +"esprima@npm:^4.0.0": + version: 4.0.1 + resolution: "esprima@npm:4.0.1" + bin: + esparse: ./bin/esparse.js + esvalidate: ./bin/esvalidate.js + checksum: 10/f1d3c622ad992421362294f7acf866aa9409fbad4eb2e8fa230bd33944ce371d32279667b242d8b8907ec2b6ad7353a717f3c0e60e748873a34a7905174bc0eb + languageName: node + linkType: hard + "esrecurse@npm:^4.3.0": version: 4.3.0 resolution: "esrecurse@npm:4.3.0" @@ -8966,6 +8985,18 @@ __metadata: languageName: node linkType: hard +"js-yaml@npm:^3.13.1": + version: 3.15.0 + resolution: "js-yaml@npm:3.15.0" + dependencies: + argparse: "npm:^1.0.7" + esprima: "npm:^4.0.0" + bin: + js-yaml: bin/js-yaml.js + checksum: 10/2fdf3a1453ed93a8e06d6ca8054c0bec145cf40ab51f305d1071736a03668b95e40f47cfd0239d7d50019b4780a18cdaca3c935def935594c9876964c49f1185 + languageName: node + linkType: hard + "js-yaml@npm:^4.2.0": version: 4.3.0 resolution: "js-yaml@npm:4.3.0" @@ -13854,6 +13885,13 @@ __metadata: languageName: node linkType: hard +"sprintf-js@npm:~1.0.2": + version: 1.0.3 + resolution: "sprintf-js@npm:1.0.3" + checksum: 10/c34828732ab8509c2741e5fd1af6b767c3daf2c642f267788f933a65b1614943c282e74c4284f4fa749c264b18ee016a0d37a3e5b73aee446da46277d3a85daa + languageName: node + linkType: hard + "srcset@npm:^4.0.0": version: 4.0.0 resolution: "srcset@npm:4.0.0"