-
Notifications
You must be signed in to change notification settings - Fork 148
Security: Update dependencies to fix CVE vulnerabilities #304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -12,95 +12,95 @@ | |||||
| "vercel:build": "pnpm db:build && pnpm build:next" | ||||||
| }, | ||||||
| "dependencies": { | ||||||
| "@auth/prisma-adapter": "^2.4.1", | ||||||
| "@hookform/resolvers": "^3.6.0", | ||||||
| "@prisma/client": "^5.17.0", | ||||||
| "@radix-ui/react-accordion": "^1.1.2", | ||||||
| "@radix-ui/react-alert-dialog": "^1.0.5", | ||||||
| "@radix-ui/react-aspect-ratio": "^1.0.3", | ||||||
| "@radix-ui/react-avatar": "^1.0.4", | ||||||
| "@radix-ui/react-checkbox": "^1.0.4", | ||||||
| "@radix-ui/react-collapsible": "^1.0.3", | ||||||
| "@radix-ui/react-context-menu": "^2.1.5", | ||||||
| "@radix-ui/react-dialog": "^1.0.5", | ||||||
| "@radix-ui/react-dropdown-menu": "^2.0.6", | ||||||
| "@radix-ui/react-hover-card": "^1.0.7", | ||||||
| "@radix-ui/react-label": "^2.0.2", | ||||||
| "@radix-ui/react-menubar": "^1.0.4", | ||||||
| "@radix-ui/react-navigation-menu": "^1.1.4", | ||||||
| "@radix-ui/react-popover": "^1.0.7", | ||||||
| "@radix-ui/react-progress": "^1.0.3", | ||||||
| "@radix-ui/react-radio-group": "^1.1.3", | ||||||
| "@radix-ui/react-scroll-area": "^1.0.5", | ||||||
| "@radix-ui/react-select": "^2.1.1", | ||||||
| "@radix-ui/react-separator": "^1.0.3", | ||||||
| "@radix-ui/react-slider": "^1.1.2", | ||||||
| "@radix-ui/react-slot": "^1.1.0", | ||||||
| "@radix-ui/react-switch": "^1.0.3", | ||||||
| "@radix-ui/react-tabs": "^1.0.4", | ||||||
| "@radix-ui/react-toast": "^1.1.5", | ||||||
| "@radix-ui/react-toggle": "^1.1.0", | ||||||
| "@radix-ui/react-toggle-group": "^1.1.0", | ||||||
| "@radix-ui/react-tooltip": "^1.0.7", | ||||||
| "@auth/prisma-adapter": "^2.11.1", | ||||||
| "@hookform/resolvers": "^3.10.0", | ||||||
| "@prisma/client": "^5.22.0", | ||||||
| "@radix-ui/react-accordion": "^1.2.12", | ||||||
| "@radix-ui/react-alert-dialog": "^1.1.15", | ||||||
| "@radix-ui/react-aspect-ratio": "^1.1.8", | ||||||
| "@radix-ui/react-avatar": "^1.1.11", | ||||||
| "@radix-ui/react-checkbox": "^1.3.3", | ||||||
| "@radix-ui/react-collapsible": "^1.1.12", | ||||||
| "@radix-ui/react-context-menu": "^2.2.16", | ||||||
| "@radix-ui/react-dialog": "^1.1.15", | ||||||
| "@radix-ui/react-dropdown-menu": "^2.1.16", | ||||||
| "@radix-ui/react-hover-card": "^1.1.15", | ||||||
| "@radix-ui/react-label": "^2.1.8", | ||||||
| "@radix-ui/react-menubar": "^1.1.16", | ||||||
| "@radix-ui/react-navigation-menu": "^1.2.14", | ||||||
| "@radix-ui/react-popover": "^1.1.15", | ||||||
| "@radix-ui/react-progress": "^1.1.8", | ||||||
| "@radix-ui/react-radio-group": "^1.3.8", | ||||||
| "@radix-ui/react-scroll-area": "^1.2.10", | ||||||
| "@radix-ui/react-select": "^2.2.6", | ||||||
| "@radix-ui/react-separator": "^1.1.8", | ||||||
| "@radix-ui/react-slider": "^1.3.6", | ||||||
| "@radix-ui/react-slot": "^1.2.4", | ||||||
| "@radix-ui/react-switch": "^1.2.6", | ||||||
| "@radix-ui/react-tabs": "^1.1.13", | ||||||
| "@radix-ui/react-toast": "^1.2.15", | ||||||
| "@radix-ui/react-toggle": "^1.1.10", | ||||||
| "@radix-ui/react-toggle-group": "^1.1.11", | ||||||
| "@radix-ui/react-tooltip": "^1.2.8", | ||||||
| "@react-hookz/web": "^24.0.4", | ||||||
| "@simplewebauthn/browser": "9.0.1", | ||||||
| "@simplewebauthn/server": "9.0.3", | ||||||
| "@tanstack/react-query": "^5.45.1", | ||||||
| "@tanstack/react-table": "^8.11.7", | ||||||
| "@tanstack/react-query": "^5.90.12", | ||||||
| "@tanstack/react-table": "^8.21.3", | ||||||
| "@trpc/client": "11.0.0-rc.467", | ||||||
| "@trpc/react-query": "11.0.0-rc.467", | ||||||
| "@trpc/server": "11.0.0-rc.467", | ||||||
| "class-variance-authority": "^0.7.0", | ||||||
| "class-variance-authority": "^0.7.1", | ||||||
| "clsx": "^2.1.1", | ||||||
| "cmdk": "1.0.0", | ||||||
| "date-fns": "^3.6.0", | ||||||
| "decimal.js": "^10.4.3", | ||||||
| "embla-carousel-react": "^8.2.0", | ||||||
| "input-otp": "^1.2.4", | ||||||
| "decimal.js": "^10.6.0", | ||||||
| "embla-carousel-react": "^8.6.0", | ||||||
| "input-otp": "^1.4.2", | ||||||
| "lodash-es": "^4.17.21", | ||||||
| "lucide-react": "^0.316.0", | ||||||
| "next": "15.3.4", | ||||||
| "next-auth": "5.0.0-beta.25", | ||||||
| "next": "15.4.8", | ||||||
| "next-auth": "5.0.0-beta.30", | ||||||
| "next-themes": "^0.2.1", | ||||||
| "next-usequerystate": "^1.17.8", | ||||||
| "nextjs-toploader": "^1.6.4", | ||||||
| "next-usequerystate": "^1.20.0", | ||||||
| "nextjs-toploader": "^1.6.12", | ||||||
| "node-fetch": "^3.3.2", | ||||||
| "react": "19.0.0", | ||||||
| "react-day-picker": "^8.10.1", | ||||||
| "react-dom": "19.0.0", | ||||||
| "react-hook-form": "^7.52.0", | ||||||
| "react-resizable-panels": "^2.1.1", | ||||||
| "react-virtuoso": "^4.10.1", | ||||||
| "recharts": "^2.12.7", | ||||||
| "semver": "^7.6.3", | ||||||
| "sharp": "^0.33.2", | ||||||
| "sonner": "^1.5.0", | ||||||
| "superjson": "^2.2.1", | ||||||
| "tailwind-merge": "^2.3.0", | ||||||
| "react-hook-form": "^7.68.0", | ||||||
| "react-resizable-panels": "^2.1.9", | ||||||
| "react-virtuoso": "^4.17.0", | ||||||
| "recharts": "^2.15.4", | ||||||
| "semver": "^7.7.3", | ||||||
| "sharp": "^0.33.5", | ||||||
| "sonner": "^1.7.4", | ||||||
| "superjson": "^2.2.6", | ||||||
| "tailwind-merge": "^2.6.0", | ||||||
| "tailwindcss-animate": "^1.0.7", | ||||||
| "usehooks-ts": "^2.10.0", | ||||||
| "vaul": "^0.9.1", | ||||||
| "zod": "^3.23.8" | ||||||
| "usehooks-ts": "^2.16.0", | ||||||
| "vaul": "^0.9.9", | ||||||
| "zod": "^3.25.76" | ||||||
| }, | ||||||
| "devDependencies": { | ||||||
| "@ngneat/falso": "^7.2.0", | ||||||
| "@tailwindcss/postcss": "^4.1.3", | ||||||
| "@ngneat/falso": "^7.4.0", | ||||||
| "@tailwindcss/postcss": "^4.1.17", | ||||||
| "@types/cookie": "^0.6.0", | ||||||
| "@types/js-cookie": "^3.0.4", | ||||||
| "@types/js-cookie": "^3.0.6", | ||||||
| "@types/lodash-es": "^4.17.12", | ||||||
| "@types/node": "20.14.2", | ||||||
| "@types/react": "19.0.12", | ||||||
| "@types/react-dom": "19.0.4", | ||||||
| "@types/semver": "^7.5.8", | ||||||
| "@types/semver": "^7.7.1", | ||||||
| "autoprefixer": "10.4.17", | ||||||
| "eslint-config-next": "15.3.0", | ||||||
|
||||||
| "eslint-config-next": "15.3.0", | |
| "eslint-config-next": "15.4.8", |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -11,26 +11,26 @@ | |||||
| }, | ||||||
| "dependencies": { | ||||||
| "@reach/skip-nav": "^0.16.0", | ||||||
| "chart.js": "^3.7.1", | ||||||
| "focus-visible": "^5.2.0", | ||||||
| "markdown-to-jsx": "^6.11.4", | ||||||
| "next": "15.3.4", | ||||||
| "chart.js": "^3.9.1", | ||||||
| "focus-visible": "^5.2.1", | ||||||
| "markdown-to-jsx": "^7.4.0", | ||||||
|
||||||
| "markdown-to-jsx": "^7.4.0", | |
| "markdown-to-jsx": "^6.11.4", |
Copilot
AI
Dec 7, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@types/react is updated to 19.0.12 but the pnpm overrides section (line 42) still forces @types/react to 19.1.0. This creates a version mismatch. Consider either:
- Updating the pnpm override to
19.0.12to match, or - Updating the devDependency version to
19.1.0to match the override
Currently, the override will win, making the declared version in devDependencies misleading.
| "@types/react": "19.0.12", | |
| "@types/react": "19.1.0", |
Copilot
AI
Dec 7, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eslint-config-next is still at version 15.3.0 while Next.js has been updated to 15.4.8. The ESLint config version should typically match the Next.js version to ensure compatibility and get the latest lint rules. Consider updating this to 15.4.8 or a compatible version.
| "eslint-config-next": "15.3.0", | |
| "eslint-config-next": "15.4.8", |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,11 +20,11 @@ | |
| "devDependencies": { | ||
| "eslint": "8.23.0", | ||
| "eslint-plugin-simple-import-sort": "^9.0.0", | ||
| "husky": "^8.0.1", | ||
| "lint-staged": "^13.0.3", | ||
| "prettier": "^2.7.1", | ||
| "husky": "^8.0.3", | ||
| "lint-staged": "^15.2.11", | ||
|
||
| "prettier": "^2.8.8", | ||
| "prettier-plugin-tailwindcss": "^0.1.13", | ||
| "turbo": "^2.5.0" | ||
| "turbo": "^2.6.3" | ||
| }, | ||
| "lint-staged": { | ||
| "*.{js,jsx,ts,tsx}": [ | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nitpick]
zodis being updated from^3.23.8to^3.25.76, a minor version increase with 2 minor versions. While this should be backward compatible, Zod schema validation is critical for runtime type safety and data validation. Please ensure all existing Zod schemas, particularly those used for API validation and form validation, continue to work as expected after this update.