Fix JS dependencies triggering security alerts

sebaslogen · Dec 25, 2024 · 0461773 · 0461773
1 parent aa4809f
commit 0461773
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/kotlin-js-store/yarn.lock b/kotlin-js-store/yarn.lock
@@ -752,6 +752,15 @@ cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+cross-spawn@^7.0.5:
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  dependencies:
+    path-key "^3.1.0"
+    shebang-command "^2.0.0"
+    which "^2.0.1"
+
 custom-event@~1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/custom-event/-/custom-event-1.0.1.tgz#5d02a46850adf1b4a317946a3928fccb5bfd0425"
@@ -1988,6 +1997,11 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b"
   integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==
 
+path-to-regexp@^0.1.12:
+  version "0.1.12"
+  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.12.tgz#d5e1a12e478a976d432ef3c58d534b9923164bb7"
+  integrity sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==
+
 picocolors@^1.0.0, picocolors@^1.0.1:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.0.tgz#5358b76a78cde483ba5cef6a9dc9671440b27d59"

diff --git a/resaca/build.gradle.kts b/resaca/build.gradle.kts
@@ -60,6 +60,8 @@ kotlin {
             implementation(dependencies.platform(npm("webpack", "^5.94.0"))) // Force updated version to fix security issues
             implementation(dependencies.platform(npm("http-proxy-middleware", "^2.0.7"))) // Force updated version to fix security issues
             implementation(dependencies.platform(npm("cookie", "^0.7.0"))) // Force updated version to fix security issues
+            implementation(dependencies.platform(npm("cross-spawn", "^7.0.5"))) // Force updated version to fix security issues
+            implementation(dependencies.platform(npm("path-to-regexp", "^0.1.12"))) // Force updated version to fix security issues
         }
     }
 }