From 478414f42f896c61bf3410a95a2da453c23ab4f4 Mon Sep 17 00:00:00 2001 From: samithkavishke Date: Fri, 19 Jun 2026 11:34:33 +0530 Subject: [PATCH] Fix the trivy vulnerability --- common/config/rush/pnpm-config.json | 4 +- common/config/rush/pnpm-lock.yaml | 65 +++++++++++------------------ 2 files changed, 27 insertions(+), 42 deletions(-) diff --git a/common/config/rush/pnpm-config.json b/common/config/rush/pnpm-config.json index d4a5f1da1c..434f77fc82 100644 --- a/common/config/rush/pnpm-config.json +++ b/common/config/rush/pnpm-config.json @@ -101,7 +101,9 @@ "markdown-it": ">=14.2.0", "protobufjs": ">=7.6.3 <8", "tmp": ">=0.2.7", - "webpack-dev-server": ">=5.2.5" + "webpack-dev-server": ">=5.2.5", + "undici": ">=7.28.0", + "http-proxy-middleware": ">=3.0.6" }, /** diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml index 2b9094d261..df58220aab 100644 --- a/common/config/rush/pnpm-lock.yaml +++ b/common/config/rush/pnpm-lock.yaml @@ -18,6 +18,8 @@ overrides: protobufjs: '>=7.6.3 <8' tmp: '>=0.2.7' webpack-dev-server: '>=5.2.5' + undici: '>=7.28.0' + http-proxy-middleware: '>=3.0.6' pnpmfileChecksum: sha256-XTeZQwJtKk4dimqf7175GhJCXrnq3Yh7+kwb86Bwcdo= @@ -10582,9 +10584,6 @@ packages: '@types/http-errors@2.0.5': resolution: {integrity: sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==} - '@types/http-proxy@1.17.17': - resolution: {integrity: sha512-ED6LB+Z1AVylNTu7hdzuBqOgMnvG/ld6wGCG8wFnAzKX5uyW2K3WD52v0gnLCTK/VLpXtKckgWuyScYK6cSPaw==} - '@types/is-function@1.0.3': resolution: {integrity: sha512-/CLhCW79JUeLKznI6mbVieGbl4QU5Hfn+6udw1YHZoofASjbQ5zaP5LzAUZYDpRYEjS4/P+DhEgyJ/PQmGGTWw==} @@ -15518,14 +15517,9 @@ packages: resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==} engines: {node: '>= 14'} - http-proxy-middleware@2.0.9: - resolution: {integrity: sha512-c1IyJYLYppU574+YI7R4QyX2ystMtVXZwIdzazUIPIJsHuWNd+mho2j+bKoHftndicGj9yh+xjd+l0yj7VeT1Q==} - engines: {node: '>=12.0.0'} - peerDependencies: - '@types/express': ^4.17.13 - peerDependenciesMeta: - '@types/express': - optional: true + http-proxy-middleware@4.1.1: + resolution: {integrity: sha512-KX5ZofGXLFXqFAkQoOWZ+rTtaLTut7m0gyL+QzJrdejtIZ+F4bPPDoe7reISg2+v0CAz5OfVwEJEhty7X+e57g==} + engines: {node: ^22.15.0 || ^24.0.0 || >=26.0.0} http-proxy@1.18.1: resolution: {integrity: sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==} @@ -15555,6 +15549,9 @@ packages: resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==} engines: {node: '>= 14'} + httpxy@0.5.3: + resolution: {integrity: sha512-SMS9V6Sn7VWaS11lYhoAr0ceoaiolTWf4jYdJn0NJhCdKMu9R2H9Fh0LBDWBHQF6HRLI1PmaePYsjanSpE5PEw==} + human-signals@1.1.1: resolution: {integrity: sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==} engines: {node: '>=8.12.0'} @@ -15980,10 +15977,6 @@ packages: resolution: {integrity: sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==} engines: {node: '>=8'} - is-plain-obj@3.0.0: - resolution: {integrity: sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==} - engines: {node: '>=10'} - is-plain-obj@4.1.0: resolution: {integrity: sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==} engines: {node: '>=12'} @@ -21933,9 +21926,9 @@ packages: undici-types@6.21.0: resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==} - undici@7.24.0: - resolution: {integrity: sha512-jxytwMHhsbdpBXxLAcuu0fzlQeXCNnWdDyRHpvWsUl8vd98UwYdl9YTyn8/HcpcJPC3pwUveefsa3zTxyD/ERg==} - engines: {node: '>=20.18.1'} + undici@8.5.0: + resolution: {integrity: sha512-xamtWoB1EshgjpmlXd7GGm2VfdDtw1+rD8uhry8pSNW3If6S8E0m2T2+orSKeZXEn/aPJMviCpDBA65WJt8zhg==} + engines: {node: '>=22.19.0'} unfetch@4.2.0: resolution: {integrity: sha512-F9p7yYCn6cIW9El1zi0HI6vqpeIvBsr3dSuRO6Xuppb1u5rXpCPmMvLSyECLhybr9isec8Ohl0hPekMVrEinDA==} @@ -34683,10 +34676,6 @@ snapshots: '@types/http-errors@2.0.5': {} - '@types/http-proxy@1.17.17': - dependencies: - '@types/node': 20.19.17 - '@types/is-function@1.0.3': {} '@types/istanbul-lib-coverage@2.0.6': {} @@ -37520,7 +37509,7 @@ snapshots: parse5: 7.3.0 parse5-htmlparser2-tree-adapter: 7.1.0 parse5-parser-stream: 7.1.2 - undici: 7.24.0 + undici: 8.5.0 whatwg-mimetype: 4.0.0 chokidar@2.1.8: @@ -41272,17 +41261,15 @@ snapshots: transitivePeerDependencies: - supports-color - http-proxy-middleware@2.0.9(@types/express@4.17.25): + http-proxy-middleware@4.1.1: dependencies: - '@types/http-proxy': 1.17.17 - http-proxy: 1.18.1 + debug: 4.4.3(supports-color@8.1.1) + httpxy: 0.5.3 is-glob: 4.0.3 - is-plain-obj: 3.0.0 + is-plain-obj: 4.1.0 micromatch: 4.0.8 - optionalDependencies: - '@types/express': 4.17.25 transitivePeerDependencies: - - debug + - supports-color http-proxy@1.18.1: dependencies: @@ -41338,6 +41325,8 @@ snapshots: transitivePeerDependencies: - supports-color + httpxy@0.5.3: {} + human-signals@1.1.1: {} human-signals@2.1.0: {} @@ -41679,8 +41668,6 @@ snapshots: is-plain-obj@2.1.0: {} - is-plain-obj@3.0.0: {} - is-plain-obj@4.1.0: {} is-plain-object@2.0.4: @@ -50347,7 +50334,7 @@ snapshots: undici-types@6.21.0: {} - undici@7.24.0: {} + undici@8.5.0: {} unfetch@4.2.0: {} @@ -51304,7 +51291,7 @@ snapshots: connect-history-api-fallback: 2.0.0 express: 4.22.1 graceful-fs: 4.2.11 - http-proxy-middleware: 2.0.9(@types/express@4.17.25) + http-proxy-middleware: 4.1.1 ipaddr.js: 2.4.0 launch-editor: 2.14.1 open: 10.2.0 @@ -51321,7 +51308,6 @@ snapshots: webpack-cli: 4.10.0(webpack-dev-server@5.2.5)(webpack@5.104.1) transitivePeerDependencies: - bufferutil - - debug - supports-color - utf-8-validate optional: true @@ -51344,7 +51330,7 @@ snapshots: connect-history-api-fallback: 2.0.0 express: 4.22.1 graceful-fs: 4.2.11 - http-proxy-middleware: 2.0.9(@types/express@4.17.25) + http-proxy-middleware: 4.1.1 ipaddr.js: 2.4.0 launch-editor: 2.14.1 open: 10.2.0 @@ -51361,7 +51347,6 @@ snapshots: webpack-cli: 5.1.4(webpack-dev-server@5.2.5)(webpack@5.104.1) transitivePeerDependencies: - bufferutil - - debug - supports-color - utf-8-validate @@ -51383,7 +51368,7 @@ snapshots: connect-history-api-fallback: 2.0.0 express: 4.22.1 graceful-fs: 4.2.11 - http-proxy-middleware: 2.0.9(@types/express@4.17.25) + http-proxy-middleware: 4.1.1 ipaddr.js: 2.4.0 launch-editor: 2.14.1 open: 10.2.0 @@ -51400,7 +51385,6 @@ snapshots: webpack-cli: 6.0.1(webpack-dev-server@5.2.5)(webpack@5.104.1) transitivePeerDependencies: - bufferutil - - debug - supports-color - utf-8-validate @@ -51422,7 +51406,7 @@ snapshots: connect-history-api-fallback: 2.0.0 express: 4.22.1 graceful-fs: 4.2.11 - http-proxy-middleware: 2.0.9(@types/express@4.17.25) + http-proxy-middleware: 4.1.1 ipaddr.js: 2.4.0 launch-editor: 2.14.1 open: 10.2.0 @@ -51438,7 +51422,6 @@ snapshots: webpack: 5.104.1(webpack-cli@5.1.4) transitivePeerDependencies: - bufferutil - - debug - supports-color - utf-8-validate optional: true