From 6de04da5ba99fa854ad37ff98b56dc85f2c046d5 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 18 May 2026 08:01:39 -0600 Subject: [PATCH] =?UTF-8?q?Upgrade=20uuid=2013.0.0=E2=86=9213.0.1,=20add?= =?UTF-8?q?=20postcss=20and=20picomatch=20overrides?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes CVE-2026-41907 (uuid), CVE-2026-41305 (postcss), and CVE-2026-33672 (picomatch). --- package.json | 4 +++- pnpm-lock.yaml | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index f760abd..1669d60 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "dependencies": { "emittery": "1.2.0", "typescript-memoize": "1.1.1", - "uuid": "13.0.0" + "uuid": "13.0.1" }, "devDependencies": { "@changesets/changelog-github": "0.5.1", @@ -77,6 +77,8 @@ "minimatch@>=9.0.0 <9.0.6": "9.0.9", "ajv@<6.14.0": "6.14.0", "picomatch@2": "2.3.2", + "picomatch@>=4 <4.0.4": "4.0.4", + "postcss": "8.5.14", "brace-expansion@2": "2.0.3", "vite": "7.3.2" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c44b1d4..e955551 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -17,8 +17,8 @@ importers: specifier: 1.1.1 version: 1.1.1 uuid: - specifier: 13.0.0 - version: 13.0.0 + specifier: 13.0.1 + version: 13.0.1 devDependencies: '@changesets/changelog-github': specifier: 0.5.1 @@ -1419,8 +1419,8 @@ packages: uri-js@4.4.1: resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==} - uuid@13.0.0: - resolution: {integrity: sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==} + uuid@13.0.1: + resolution: {integrity: sha512-9ezox2roIft6ExBVTVqibSd5dc5/47Sw/uY6b4SjQUT2TzQ0tltNquWA46y4xPQmdZYqvnio22SgWd41M86+jw==} hasBin: true vite@7.3.2: @@ -2855,7 +2855,7 @@ snapshots: dependencies: punycode: 2.3.1 - uuid@13.0.0: {} + uuid@13.0.1: {} vite@7.3.2(@types/node@25.0.3): dependencies: