Skip to content

Commit fc3870e

Browse files
committed
fix: update js-cookie (CVE-2026-46625)
Refs: PT-2041
1 parent 37188aa commit fc3870e

2 files changed

Lines changed: 10 additions & 5 deletions

File tree

package.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,10 @@
6060
"Pinning to >=0.2.4 via @graphql-codegen/cli > inquirer > external-editor > tmp",
6161
"See https://www.npmjs.com/advisories/1109537",
6262
"NOTE: This can be removed when @graphql-codegen/cli no longer resolves vulnerable tmp versions"
63+
],
64+
"js-cookie": [
65+
"To fix security advisory requiring js-cookie >=3.0.7",
66+
"NOTE: This can be removed when transitive dependencies no longer resolve js-cookie 2.x"
6367
]
6468
}
6569
},
@@ -70,7 +74,8 @@
7074
"lodash": "^4.18.1",
7175
"**/@typescript-eslint/typescript-estree/minimatch": "^9.0.7",
7276
"**/@ardatan/relay-compiler/immutable": "^3.8.3",
73-
"tmp": ">=0.2.4"
77+
"tmp": ">=0.2.4",
78+
"js-cookie": "^3.0.7"
7479
},
7580
"dependencies": {
7681
"@apollo/client": "^3.13.5",

yarn.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8019,10 +8019,10 @@ jose@^5.0.0:
80198019
resolved "https://registry.yarnpkg.com/jose/-/jose-5.10.0.tgz#c37346a099d6467c401351a9a0c2161e0f52c4be"
80208020
integrity sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==
80218021

8022-
js-cookie@^2.2.1:
8023-
version "2.2.1"
8024-
resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-2.2.1.tgz#69e106dc5d5806894562902aa5baec3744e9b2b8"
8025-
integrity sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==
8022+
js-cookie@^2.2.1, js-cookie@^3.0.7:
8023+
version "3.0.7"
8024+
resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-3.0.7.tgz#0a53abfc459c8e89c85d7a38eb6cb68714965b8c"
8025+
integrity sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==
80268026

80278027
"js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
80288028
version "4.0.0"

0 commit comments

Comments
 (0)