From 9ac7aa5c1d4d7725c6135b400a65a18d253b0747 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 22 Apr 2026 16:05:28 -0400 Subject: [PATCH 1/4] fix: resolve open dependabot security alerts - dompurify -> 3.4.0 via resolution (medium, alerts #174, #175) - follow-redirects -> 1.16.0 via resolution (medium, alert #173) --- package.json | 4 +++- yarn.lock | 16 ++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index 02c1b77d..52a5ac57 100644 --- a/package.json +++ b/package.json @@ -90,6 +90,8 @@ "picomatch@^2.2.1": "2.3.2", "picomatch@^2.2.3": "2.3.2", "picomatch@^2.3.1": "2.3.2", - "picomatch@^4.0.2": "4.0.4" + "picomatch@^4.0.2": "4.0.4", + "dompurify": "3.4.0", + "follow-redirects": "1.16.0" } } diff --git a/yarn.lock b/yarn.lock index 81f8c25f..c9f13595 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6714,15 +6714,15 @@ __metadata: languageName: node linkType: hard -"dompurify@npm:^3.0.6": - version: 3.3.3 - resolution: "dompurify@npm:3.3.3" +"dompurify@npm:3.4.0": + version: 3.4.0 + resolution: "dompurify@npm:3.4.0" dependencies: "@types/trusted-types": "npm:^2.0.7" dependenciesMeta: "@types/trusted-types": optional: true - checksum: 10/4cc9c539ed7136d46c6577613b8e20871c2b6165db01dfbd2a3c11c75f9e339c496ac6519a1c3190115def8cadae3720bef0417fc43fa28802c7407bab174da9 + checksum: 10/ead40b78ec51cd451f2c74fada4233ee0afeafdbab54af2f4a4bd5d4d138ac04d0d85140e79f533803ecfd1c3758edc1176087039c1e7217824f9794a9d34d2c languageName: node linkType: hard @@ -7476,13 +7476,13 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11": - version: 1.15.11 - resolution: "follow-redirects@npm:1.15.11" +"follow-redirects@npm:1.16.0": + version: 1.16.0 + resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: debug: optional: true - checksum: 10/07372fd74b98c78cf4d417d68d41fdaa0be4dcacafffb9e67b1e3cf090bc4771515e65020651528faab238f10f9b9c0d9707d6c1574a6c0387c5de1042cde9ba + checksum: 10/3fbe3d80b3b544c22705d837aa5d4a0d07a740d913534a2620b0a004c610af4148e3b58723536dd099aaa1c9d3a155964bde9665d6e5cb331460809a1fc572fd languageName: node linkType: hard From 97b23a65327938cf345617a25994c138e8ecffd2 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Thu, 23 Apr 2026 10:04:22 -0400 Subject: [PATCH 2/4] fix: add uuid 14.0.0 resolution to address remaining dependabot alert #178 --- package.json | 3 ++- yarn.lock | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 52a5ac57..7fcfbd09 100644 --- a/package.json +++ b/package.json @@ -92,6 +92,7 @@ "picomatch@^2.3.1": "2.3.2", "picomatch@^4.0.2": "4.0.4", "dompurify": "3.4.0", - "follow-redirects": "1.16.0" + "follow-redirects": "1.16.0", + "uuid": "14.0.0" } } diff --git a/yarn.lock b/yarn.lock index c9f13595..0bfeff42 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14630,12 +14630,12 @@ __metadata: languageName: node linkType: hard -"uuid@npm:^8.3.2": - version: 8.3.2 - resolution: "uuid@npm:8.3.2" +"uuid@npm:14.0.0": + version: 14.0.0 + resolution: "uuid@npm:14.0.0" bin: - uuid: dist/bin/uuid - checksum: 10/9a5f7aa1d6f56dd1e8d5f2478f855f25c645e64e26e347a98e98d95781d5ed20062d6cca2eecb58ba7c84bc3910be95c0451ef4161906abaab44f9cb68ffbdd1 + uuid: dist-node/bin/uuid + checksum: 10/8ee9b98f9650e25555515f7a28d3c3ae9364e72f7bb19b9e08b681bc135338beba5509b2830f6ae1cfaba4d45401da0d16d4d109b977097bc3d6ba0c5583341b languageName: node linkType: hard From 9a6ef58ebf429202d5ba6bb05789b2a2b44f1aa1 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Thu, 23 Apr 2026 10:58:13 -0400 Subject: [PATCH 3/4] fix: use ^ range style for uuid resolution Match the version range style used by parent packages per dependency resolution best practices. --- package.json | 2 +- yarn.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 7fcfbd09..4a6d7ab2 100644 --- a/package.json +++ b/package.json @@ -93,6 +93,6 @@ "picomatch@^4.0.2": "4.0.4", "dompurify": "3.4.0", "follow-redirects": "1.16.0", - "uuid": "14.0.0" + "uuid": "^14.0.0" } } diff --git a/yarn.lock b/yarn.lock index 0bfeff42..fa3afb33 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14630,7 +14630,7 @@ __metadata: languageName: node linkType: hard -"uuid@npm:14.0.0": +"uuid@npm:^14.0.0": version: 14.0.0 resolution: "uuid@npm:14.0.0" bin: From 940fab57de0c04edb80fb9fcbe94aa2213b77cda Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Thu, 23 Apr 2026 12:21:43 -0400 Subject: [PATCH 4/4] fix: use ^ ranges for all resolutions --- package.json | 28 ++++++++++++------------- yarn.lock | 58 ++++++++++++++++++++++++++-------------------------- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/package.json b/package.json index 4a6d7ab2..05b08ca3 100644 --- a/package.json +++ b/package.json @@ -75,24 +75,24 @@ "resolutions": { "send@0.18.0": "^0.19.0", "serialize-javascript": "7.0.5", - "ajv@^8.0.0": "8.18.0", + "ajv@^8.0.0": "^8.18.0", "fast-xml-parser": "^5.5.7", "path-to-regexp": "0.1.13", - "brace-expansion@^1.1.7": "1.1.13", - "brace-expansion@^2.0.1": "2.0.3", - "brace-expansion@^2.0.2": "2.0.3", + "brace-expansion@^1.1.7": "^1.1.13", + "brace-expansion@^2.0.1": "^2.0.3", + "brace-expansion@^2.0.2": "^2.0.3", "axios": "1.15.0", "lodash": "4.18.1", - "yaml@^1.10.0": "1.10.3", - "yaml@^2.3.4": "2.8.3", - "yaml@^2.7.0": "2.8.3", - "picomatch@^2.0.4": "2.3.2", - "picomatch@^2.2.1": "2.3.2", - "picomatch@^2.2.3": "2.3.2", - "picomatch@^2.3.1": "2.3.2", - "picomatch@^4.0.2": "4.0.4", - "dompurify": "3.4.0", - "follow-redirects": "1.16.0", + "yaml@^1.10.0": "^1.10.3", + "yaml@^2.3.4": "^2.8.3", + "yaml@^2.7.0": "^2.8.3", + "picomatch@^2.0.4": "^2.3.2", + "picomatch@^2.2.1": "^2.3.2", + "picomatch@^2.2.3": "^2.3.2", + "picomatch@^2.3.1": "^2.3.2", + "picomatch@^4.0.2": "^4.0.4", + "dompurify": "^3.4.0", + "follow-redirects": "^1.16.0", "uuid": "^14.0.0" } } diff --git a/yarn.lock b/yarn.lock index fa3afb33..63012cee 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4879,18 +4879,6 @@ __metadata: languageName: node linkType: hard -"ajv@npm:8.18.0, ajv@npm:^8.9.0": - version: 8.18.0 - resolution: "ajv@npm:8.18.0" - dependencies: - fast-deep-equal: "npm:^3.1.3" - fast-uri: "npm:^3.0.1" - json-schema-traverse: "npm:^1.0.0" - require-from-string: "npm:^2.0.2" - checksum: 10/bfed9de827a2b27c6d4084324eda76a4e32bdde27410b3e9b81d06e6f8f5c78370fc6b93fe1d869f1939ff1d7c4ae8896960995acb8425e3e9288c8884247c48 - languageName: node - linkType: hard - "ajv@npm:^6.12.5": version: 6.12.6 resolution: "ajv@npm:6.12.6" @@ -4903,6 +4891,18 @@ __metadata: languageName: node linkType: hard +"ajv@npm:^8.18.0, ajv@npm:^8.9.0": + version: 8.18.0 + resolution: "ajv@npm:8.18.0" + dependencies: + fast-deep-equal: "npm:^3.1.3" + fast-uri: "npm:^3.0.1" + json-schema-traverse: "npm:^1.0.0" + require-from-string: "npm:^2.0.2" + checksum: 10/bfed9de827a2b27c6d4084324eda76a4e32bdde27410b3e9b81d06e6f8f5c78370fc6b93fe1d869f1939ff1d7c4ae8896960995acb8425e3e9288c8884247c48 + languageName: node + linkType: hard + "algoliasearch-helper@npm:^3.26.0": version: 3.28.0 resolution: "algoliasearch-helper@npm:3.28.0" @@ -5274,22 +5274,22 @@ __metadata: languageName: node linkType: hard -"brace-expansion@npm:1.1.13": - version: 1.1.13 - resolution: "brace-expansion@npm:1.1.13" +"brace-expansion@npm:^1.1.13": + version: 1.1.14 + resolution: "brace-expansion@npm:1.1.14" dependencies: balanced-match: "npm:^1.0.0" concat-map: "npm:0.0.1" - checksum: 10/b5f4329fdbe9d2e25fa250c8f866ebd054ba946179426e99b86dcccddabdb1d481f0e40ee5430032e62a7d0a6c2837605ace6783d015aa1d65d85ca72154d936 + checksum: 10/2de747a5891ea0d3a1946ea1ae26e056a47f7ea8d42a3009e1736ec3a31a5aa69a3c5da59d998426773553afe4c258e5b12d7953b534fa7f2cf12ce92eed4931 languageName: node linkType: hard -"brace-expansion@npm:2.0.3": - version: 2.0.3 - resolution: "brace-expansion@npm:2.0.3" +"brace-expansion@npm:^2.0.3": + version: 2.1.0 + resolution: "brace-expansion@npm:2.1.0" dependencies: balanced-match: "npm:^1.0.0" - checksum: 10/e9dd66caaf0784126e1654f1bc19adb28f3ef86f39f2226f833f7700ec727c141f6cd85eaa47bacf3426beda01c9fbc3a2f28174cf59330dc9b58ffaf9e09d96 + checksum: 10/c77a7a64aabf94b8d5913955adb4f36957917565374461355bb4276830c027a313d981f32410cea9e38f52573e7eb776d02fe05091c3a79a061958d97e4d2b43 languageName: node linkType: hard @@ -6714,15 +6714,15 @@ __metadata: languageName: node linkType: hard -"dompurify@npm:3.4.0": - version: 3.4.0 - resolution: "dompurify@npm:3.4.0" +"dompurify@npm:^3.4.0": + version: 3.4.1 + resolution: "dompurify@npm:3.4.1" dependencies: "@types/trusted-types": "npm:^2.0.7" dependenciesMeta: "@types/trusted-types": optional: true - checksum: 10/ead40b78ec51cd451f2c74fada4233ee0afeafdbab54af2f4a4bd5d4d138ac04d0d85140e79f533803ecfd1c3758edc1176087039c1e7217824f9794a9d34d2c + checksum: 10/dcaf945376eff2a61841b205501b163b2c8ae9afe7251e68276b561d9fcf943cefc67e2631fdeae080b52a8b37c96e6beb7e6ae80ad8a83692ff67965dd6b4db languageName: node linkType: hard @@ -7476,7 +7476,7 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:1.16.0": +"follow-redirects@npm:^1.16.0": version: 1.16.0 resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: @@ -10910,14 +10910,14 @@ __metadata: languageName: node linkType: hard -"picomatch@npm:2.3.2": +"picomatch@npm:^2.3.2": version: 2.3.2 resolution: "picomatch@npm:2.3.2" checksum: 10/b788ef8148a2415b9dec12f0bb350ae6a5830f8f1950e472abc2f5225494debf7d1b75eb031df0ceaea9e8ec3e7bad599e8dbf3c60d61b42be429ba41bff4426 languageName: node linkType: hard -"picomatch@npm:4.0.4": +"picomatch@npm:^4.0.4": version: 4.0.4 resolution: "picomatch@npm:4.0.4" checksum: 10/f6ef80a3590827ce20378ae110ac78209cc4f74d39236370f1780f957b7ee41c12acde0e4651b90f39983506fd2f5e449994716f516db2e9752924aff8de93ce @@ -15079,14 +15079,14 @@ __metadata: languageName: node linkType: hard -"yaml@npm:1.10.3": +"yaml@npm:^1.10.3": version: 1.10.3 resolution: "yaml@npm:1.10.3" checksum: 10/e2ef2feb92c708138f016c69777a0f1e45f6d3c5e7cbcda30807a98a37eda2e008bd4fa57352b043c65245a4c799d0c99d1f9b3425de40e70929e26d2ea38215 languageName: node linkType: hard -"yaml@npm:2.8.3": +"yaml@npm:^2.8.3": version: 2.8.3 resolution: "yaml@npm:2.8.3" bin: