From 2f4c893673c01d2b27ea17b066a50c263368eb38 Mon Sep 17 00:00:00 2001 From: sheyanjie Date: Fri, 22 May 2026 16:40:42 +0800 Subject: [PATCH] build: update vulnerable dependencies Update dependency resolutions for js-cookie, uuid, and protobufjs to versions that address Trivy-reported vulnerabilities. Closes: [6997045617](https://project.feishu.cn/taosdata_td/job/detail/6997045617) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- package.json | 4 +++- yarn.lock | 29 ++++++++++++----------------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index 543128b..f52c567 100644 --- a/package.json +++ b/package.json @@ -98,6 +98,7 @@ "dompurify": "3.4.0", "eslint": "9.26.0", "form-data": "4.0.5", + "js-cookie": "3.0.7", "js-yaml": "4.1.1", "lodash": "4.18.0", "nanoid": "3.3.8", @@ -109,9 +110,10 @@ "@tootallnate/once": "3.0.1", "string-width": "4.2.3", "strip-ansi": "6.0.1", + "uuid": "11.1.1", "wrap-ansi": "7.0.0", "follow-redirects": "1.16.0", - "protobufjs": "7.5.6", + "protobufjs": "7.5.8", "@protobufjs/utf8": "1.1.1", "protocol-buffers-schema": "3.6.1", "cosmiconfig/yaml": "1.10.3", diff --git a/yarn.lock b/yarn.lock index f8bb58a..3ba3d63 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6141,10 +6141,10 @@ jquery@3.7.1: resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.7.1.tgz#083ef98927c9a6a74d05a6af02806566d16274de" integrity sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg== -js-cookie@^2.2.1: - version "2.2.1" - resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-2.2.1.tgz#69e106dc5d5806894562902aa5baec3744e9b2b8" - integrity sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ== +js-cookie@3.0.7, js-cookie@^2.2.1: + version "3.0.7" + resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-3.0.7.tgz#0a53abfc459c8e89c85d7a38eb6cb68714965b8c" + integrity sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw== "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0: version "4.0.0" @@ -7109,10 +7109,10 @@ prop-types@15.x, prop-types@^15.5.10, prop-types@^15.5.8, prop-types@^15.6.0, pr object-assign "^4.1.1" react-is "^16.13.1" -protobufjs@7.5.6, protobufjs@^7.3.0: - version "7.5.6" - resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-7.5.6.tgz#11af832ebc4b4326f658a5b1308e6141eb57edfd" - integrity sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg== +protobufjs@7.5.8, protobufjs@^7.3.0: + version "7.5.8" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-7.5.8.tgz#51b153a06da6e47153a1aa6800cb1253bc502436" + integrity sha512-dvpCIeLPbXZS/Ete7yLaO7RenOdken2NHKykBXbsaGxZT0UTltcarBciw+A78SRQs9iMAAVpsYA+l8b1hTePIA== dependencies: "@protobufjs/aspromise" "^1.1.2" "@protobufjs/base64" "^1.1.2" @@ -8857,15 +8857,10 @@ util-deprecate@^1.0.2: resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== -uuid@9.0.1: - version "9.0.1" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.1.tgz#e188d4c8853cc722220392c424cd637f32293f30" - integrity sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA== - -uuid@^11.0.2: - version "11.0.3" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-11.0.3.tgz#248451cac9d1a4a4128033e765d137e2b2c49a3d" - integrity sha512-d0z310fCWv5dJwnX1Y/MncBAqGMKEzlBb1AOf7z9K8ALnd0utBX/msg/fA0+sbyN1ihbMsLhrBlnl1ak7Wa0rg== +uuid@11.1.1, uuid@9.0.1, uuid@^11.0.2: + version "11.1.1" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-11.1.1.tgz#f6d81d2e1c65d00762e5e29b16c5d2d995e208ad" + integrity sha512-vIYxrBCC/N/K+Js3qSN88go7kIfNPssr/hHCesKCQNAjmgvYS2oqr69kIufEG+O4+PfezOH4EbIeHCfFov8ZgQ== v8-compile-cache-lib@^3.0.1: version "3.0.1"