adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump deps to clear 21 Dependabot alerts (runtime + build-chain)

Browse Source 
Bump uuid 9 -> 11.1.1 (only browser-shipped runtime alert) and align the
Babel family to ^7.26.10 (resolves to 7.29.7) to clear the Babel build-chain
advisories within the 7.x major. Add/refresh yarn resolutions for the
remaining vulnerable build-time transitives: serialize-javascript ^7.0.5,
minimatch ^9.0.7, brace-expansion ^2.0.3, semver ^7.5.2, yaml ^2.8.3,
ws ^8.20.1, @babel/helpers and @babel/runtime ^7.26.10.

Clears 21 of 24 open alerts (11 of 12 highs). Left intentionally:
- vue 2.7.16 (#8): transitive of @eid-easy/eideasy-widget; forcing vue 3
  would break the widget. Low severity, lazy-loaded.
- glob (#20): advisory is the glob CLI -c/--cmd flag; sucrase uses glob as a
  library, never the CLI. Blanket resolution would break rimraf's glob 7.
- ajv 8.12.0 (#25): eslint pins ajv 6 (incompatible major); a global
  resolution would break linting. Build-only medium.

Lockfile resolves cleanly; resolved versions verified against patched
targets; API smoke tests pass for uuid v4 export, serialize-javascript,
minimatch CJS interop, semver, and yaml.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
pull/687/head
Wabo 2 weeks ago
parent 4cf91ff44a
commit cf7ce0b7e6
2 changed files with 903 additions and 868 deletions
Show Stats Download Patch File Download Diff File

21
package.json
Unescape View File

@ -2,10 +2,10 @@
"name": "wabosign", "name": "wabosign",
"private": true, "private": true,
"dependencies": { "dependencies": {
"@babel/core": "7.21.8", "@babel/core": "^7.26.10",
"@babel/plugin-transform-runtime": "7.21.4", "@babel/plugin-transform-runtime": "^7.26.10",
"@babel/preset-env": "7.21.5", "@babel/preset-env": "^7.26.10",
"@babel/runtime": "7.21.5", "@babel/runtime": "^7.26.10",
"@braintree/sanitize-url": "^7.1.1", "@braintree/sanitize-url": "^7.1.1",
"@codemirror/lang-html": "^6.4.9", "@codemirror/lang-html": "^6.4.9",
"@eid-easy/eideasy-widget": "^2.171.0", "@eid-easy/eideasy-widget": "^2.171.0",
@ -56,7 +56,7 @@
"style-loader": "^4.0.0", "style-loader": "^4.0.0",
"tailwindcss": "^3.4.17", "tailwindcss": "^3.4.17",
"terser-webpack-plugin": "5.3.16", "terser-webpack-plugin": "5.3.16",
"uuid": "^9.0.0", "uuid": "^11.1.1",
"vue": "^3.3.2", "vue": "^3.3.2",
"vue-loader": "^17.1.1", "vue-loader": "^17.1.1",
"webpack": "5.104.1", "webpack": "5.104.1",
@ -96,10 +96,17 @@
"micromatch": "^4.0.8", "micromatch": "^4.0.8",
"qs": "^6.15.2", "qs": "^6.15.2",
"lodash": "^4.18.0", "lodash": "^4.18.0",
"serialize-javascript": "^6.0.2", "serialize-javascript": "^7.0.5",
"postcss": "^8.5.10", "postcss": "^8.5.10",
"rollbar": "^2.26.5", "rollbar": "^2.26.5",
"webpack-dev-server": "^5.2.4" "webpack-dev-server": "^5.2.4",
"minimatch": "^9.0.7",
"brace-expansion": "^2.0.3",
"semver": "^7.5.2",
"yaml": "^2.8.3",
"ws": "^8.20.1",
"@babel/helpers": "^7.26.10",
"@babel/runtime": "^7.26.10"
}, },
"devDependencies": { "devDependencies": {
"@babel/eslint-parser": "^7.21.8", "@babel/eslint-parser": "^7.21.8",

1750
yarn.lock
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save