Skip to content

Commit 9fb62e6

Browse files
Merge pull request #2677 from cfpb/security-severe-and-high
Security updates for high and critical vulnerabilities. ## Changes - updates jspdf to 4.0.0 - updates glob to 11.1.0 - updates tar to at least 7.5.6 - bump ansi-html to 0.0.9 - updates qs to at least 6.14.1 - qs is used by vite-plugin-node-polyfills (which has been updated) - but we'd need to move to the next major version of cypress to update its qs dependency. I made a ticket for it over in GHE #5410 ## Testing 1. Does it look good on staging? Yes! 2. Are tests passing? Yep! ## Screenshot #### On staging as `v3.3.11-rc2` <img width="832" height="728" alt="Screenshot 2026-01-26 at 8 00 41 AM" src="https://github.com/user-attachments/assets/e63311f0-7189-4c8f-be41-547e85746ddc" />
2 parents f73b8e9 + a608146 commit 9fb62e6

File tree

2 files changed

+60
-164
lines changed

2 files changed

+60
-164
lines changed

package.json

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@
4747
"highcharts": "10.3.3",
4848
"highcharts-react-official": "3.2.1",
4949
"html-to-image": "1.11.11",
50-
"jspdf": "3.0.2",
50+
"jspdf": "4.0.0",
5151
"jwt-decode": "^3.1.2",
5252
"keycloak-js": "25.0.6",
5353
"mapbox-gl": "1.13.3",
@@ -114,12 +114,12 @@
114114
"react-icons": "^4.4.0",
115115
"serialize-javascript": "5.0.1",
116116
"vite": "5.4.19",
117-
"vite-plugin-node-polyfills": "0.22.0",
117+
"vite-plugin-node-polyfills": "0.25.0",
118118
"vite-plugin-svgr": "^4.1.0",
119119
"vitest": "^3.2.4"
120120
},
121121
"resolutions": {
122-
"ansi-html": "0.0.8",
122+
"ansi-html": "0.0.9",
123123
"browserslist": ">=4.17.6",
124124
"ejs": "3.1.10",
125125
"glob-parent": "5.1.2",
@@ -138,11 +138,12 @@
138138
"canvg": "3.0.11",
139139
"elliptic": "6.6.1",
140140
"cross-spawn": ">=7.0.6",
141-
"glob": ">=10.4.5",
141+
"glob": ">=11.1.0",
142142
"form-data": ">=4.0.4",
143143
"sha.js": ">=2.4.12",
144144
"cipher-base": ">=1.0.5",
145-
"cheerio": "1.0.0-rc.10"
145+
"cheerio": "1.0.0-rc.10",
146+
"qs": ">=6.14.0"
146147
},
147148
"packageManager": "yarn@4.1.0"
148149
}

0 commit comments

Comments
 (0)