From 4bba12fd529b1d60084d6a1d36a436cba4e19b03 Mon Sep 17 00:00:00 2001 From: Thomas Hohn Date: Thu, 2 Apr 2026 12:40:00 +0200 Subject: [PATCH 1/2] Fix open security issues --- package.json | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/package.json b/package.json index 98435806c..f734a65af 100644 --- a/package.json +++ b/package.json @@ -85,15 +85,15 @@ "dependencies": { "@codeceptjs/configure": "1.0.6", "@codeceptjs/helper": "2.0.4", - "@cucumber/cucumber-expressions": "19", + "@cucumber/cucumber-expressions": "^19.0.0", "@cucumber/gherkin": "39.0.0", "@cucumber/messages": "32.2.0", - "@xmldom/xmldom": "0.9.8", + "@xmldom/xmldom": "0.9.9", "acorn": "8.16.0", "arrify": "3.0.0", - "axios": "1.13.6", + "axios": "1.14.0", "chalk": "4.1.2", - "cheerio": "^1.0.0", + "cheerio": "^1.2.0", "chokidar": "^4.0.3", "commander": "11.1.0", "cross-spawn": "7.0.6", @@ -104,11 +104,11 @@ "figures": "3.2.0", "fn-args": "4.0.0", "fs-extra": "11.3.4", - "fuse.js": "^7.0.0", - "glob": ">=9.0.0 <12", + "fuse.js": "^7.1.0", + "glob": "^11.1.0", "html-minifier-terser": "7.2.0", "inquirer": "^8.2.7", - "invisi-data": "^1.0.0", + "invisi-data": "^1.2.0", "joi": "18.0.2", "js-beautify": "1.15.4", "lodash.clonedeep": "4.5.0", @@ -117,7 +117,7 @@ "mocha": "11.7.5", "monocart-coverage-reports": "2.12.9", "ms": "2.1.3", - "multer": "^2.0.2", + "multer": "^2.1.1", "ora-classic": "5.4.2", "parse-function": "5.6.10", "parse5": "7.3.0", @@ -130,7 +130,7 @@ "@codeceptjs/detox-helper": "1.1.14" }, "devDependencies": { - "@apollo/server": "^5", + "@apollo/server": "^5.5.0", "@codeceptjs/expect-helper": "^1.0.2", "@codeceptjs/mock-request": "0.3.1", "@eslint/eslintrc": "3.3.5", @@ -144,17 +144,17 @@ "@wdio/sauce-service": "9.12.5", "@wdio/selenium-standalone-service": "8.15.0", "@wdio/utils": "9.19.2", - "@xmldom/xmldom": "0.9.8", - "chai": "^4.0.0", + "@xmldom/xmldom": "0.9.9", + "chai": "^4.5.0", "chai-as-promised": "7.1.2", "chai-subset": "1.6.0", "documentation": "14.0.3", "electron": "41.0.3", - "eslint": "^9.36.0", + "eslint": "^9.39.4", "eslint-plugin-import": "2.32.0", "eslint-plugin-mocha": "11.2.0", "expect": "30.3.0", - "express": "^5.1.0", + "express": "^5.2.1", "globals": "17.4.0", "graphql": "16.13.1", "graphql-tag": "^2.12.6", @@ -163,9 +163,9 @@ "jsdoc": "^3.6.11", "jsdoc-typeof-plugin": "1.0.0", "json-server": "0.17.4", - "mochawesome": "^7.1.3", + "mochawesome": "^7.1.4", "playwright": "1.55.1", - "prettier": "^3.3.2", + "prettier": "^3.8.1", "puppeteer": "24.15.0", "qrcode-terminal": "0.12.0", "rosie": "2.1.1", @@ -198,10 +198,12 @@ } }, "overrides": { + "@xmldom/xmldom": "0.9.9", + "diff": "~8.0.3", + "fast-xml-parser": "~5.5.6", + "js-yaml": "~4.1.1", "tmp": "0.2.5", - "js-yaml": "^4.1.1", - "serialize-javascript": "7.0.3", - "axios": "1.13.6", - "fast-xml-parser": "^5.5.6" + "serialize-javascript": "~7.0.3", + "underscore": "~1.13.8" } -} \ No newline at end of file +} From 0563824d3326f900fbebe0d80513dd959877f6ab Mon Sep 17 00:00:00 2001 From: Thomas Hohn Date: Thu, 2 Apr 2026 13:07:56 +0200 Subject: [PATCH 2/2] Update more packages --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index f734a65af..627d67938 100644 --- a/package.json +++ b/package.json @@ -149,14 +149,14 @@ "chai-as-promised": "7.1.2", "chai-subset": "1.6.0", "documentation": "14.0.3", - "electron": "41.0.3", + "electron": "41.1.1", "eslint": "^9.39.4", "eslint-plugin-import": "2.32.0", "eslint-plugin-mocha": "11.2.0", "expect": "30.3.0", "express": "^5.2.1", "globals": "17.4.0", - "graphql": "16.13.1", + "graphql": "16.13.2", "graphql-tag": "^2.12.6", "husky": "9.1.7", "inquirer-test": "2.0.1",