From 95651475f2e677a3f2ba8de92753c886bfa021f8 Mon Sep 17 00:00:00 2001 From: Steve Larson <9larsons@gmail.com> Date: Mon, 27 Apr 2026 18:34:11 -0500 Subject: [PATCH 1/3] Added overrides to clear 6 critical advisories + 2 high + 1 moderate (#27592) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no ref Adds 5 entries to root `pnpm.overrides` that force vulnerable transitive packages forward. All replacement versions are caret-pinned within the existing major to avoid cross-major resolution surprises. ## Modules and their callers | module | range → replacement | caller chain | path type | |---|---|---|---| | `form-data` | `<2.5.4` → `^2.5.4` | `e2e > @tryghost/logging > bunyan-loggly > node-loggly-bulk > request` | dev | | `growl` | `<1.10.0` → `^1.10.0` | `ghost/admin > ember-mocha > mocha > growl` | dev | | `minimist` | `<0.2.4` → `^0.2.4` | `ghost/admin > ember-mocha > mocha > mkdirp > minimist` | dev | | `protobufjs` | `<7.5.5` → `^7.5.5` | `e2e > dockerode > protobufjs` | dev | | `underscore` | `>=1.3.2 <1.12.1` → `^1.12.1` | `ghost/core > nodemailer > nodemailer-direct-transport > smtp-connection > httpntlm` **and** `ghost/core > express-brute > underscore` | **runtime** | `underscore` is the only runtime-path override here. The bump 1.12 → 1.13 is within the same major; API and function signatures are unchanged. The two consumers use `underscore` for NTLM SMTP authentication helpers (narrow runtime use) and inside `express-brute`'s rate-limiter (runtime). The remaining critical advisory (`babel-traverse <7.23.2` via `ghost/admin > @tryghost/ember-promise-modals > ember-auto-import > babel-core`) has no fix in the affected range — `babel-core` was deprecated in favor of `@babel/core` years ago. That advisory resolves only when `ember-auto-import` is bumped to a release that drops `babel-core`, which is part of the larger Ember toolchain modernization work. --- package.json | 5 ++++ pnpm-lock.yaml | 62 +++++++++++++++++++++++--------------------------- 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/package.json b/package.json index 70528140146..4abbd117c9b 100644 --- a/package.json +++ b/package.json @@ -81,14 +81,19 @@ "debug@<2.6.9": "^2.6.9", "diff@<3.5.1": "^3.5.1", "diff@>=6.0.0 <8.0.3": "^8.0.3", + "form-data@<2.5.4": "^2.5.4", + "growl@<1.10.0": "^1.10.0", "handlebars@>=4.0.0 <=4.7.8": "^4.7.9", "lodash@<4.18.0": "^4.18.0", "minimatch@<3.1.4": "^3.1.4", "minimatch@>=9.0.0 <9.0.7": "^9.0.7", + "minimist@<0.2.4": "^0.2.4", + "protobufjs@<7.5.5": "^7.5.5", "qs@>=6.7.0 <=6.14.1": "^6.14.2", "tar@<7.5.11": "^7.5.11", "tmp@<=0.2.3": "^0.2.4", "undici@<6.24.0": "^6.24.0", + "underscore@>=1.3.2 <1.12.1": "^1.12.1", "@xmldom/xmldom@<0.8.13": "^0.8.13" }, "onlyBuiltDependencies": [ diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2771d5cf820..96b5f6edf77 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -42,14 +42,19 @@ overrides: debug@<2.6.9: ^2.6.9 diff@<3.5.1: ^3.5.1 diff@>=6.0.0 <8.0.3: ^8.0.3 + form-data@<2.5.4: ^2.5.4 + growl@<1.10.0: ^1.10.0 handlebars@>=4.0.0 <=4.7.8: ^4.7.9 lodash@<4.18.0: ^4.18.0 minimatch@<3.1.4: ^3.1.4 minimatch@>=9.0.0 <9.0.7: ^9.0.7 + minimist@<0.2.4: ^0.2.4 + protobufjs@<7.5.5: ^7.5.5 qs@>=6.7.0 <=6.14.1: ^6.14.2 tar@<7.5.11: ^7.5.11 tmp@<=0.2.3: ^0.2.4 undici@<6.24.0: ^6.24.0 + underscore@>=1.3.2 <1.12.1: ^1.12.1 '@xmldom/xmldom@<0.8.13': ^0.8.13 importers: @@ -11547,7 +11552,7 @@ packages: toffee: ^0.3.6 twig: ^1.15.2 twing: ^5.0.2 - underscore: ^1.11.0 + underscore: ^1.12.1 vash: ^0.13.0 velocityjs: ^2.0.1 walrus: ^0.10.1 @@ -11707,7 +11712,7 @@ packages: toffee: ^0.3.6 twig: ^1.15.2 twing: ^5.0.2 - underscore: ^1.11.0 + underscore: ^1.12.1 vash: ^0.13.0 velocityjs: ^2.0.1 walrus: ^0.10.1 @@ -14175,8 +14180,8 @@ packages: resolution: {integrity: sha512-G6NsmEW15s0Uw9XnCg+33H3ViYRyiM0hMrMhhqQOR8NFc5GhYrI+6I3u7OTw7b91J2g8rtvMBZJDbcGb2YUniw==} engines: {node: '>= 18'} - form-data@2.3.3: - resolution: {integrity: sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==} + form-data@2.5.5: + resolution: {integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==} engines: {node: '>= 0.12'} form-data@3.0.4: @@ -14590,8 +14595,9 @@ packages: resolution: {integrity: sha512-5bJ+nf/UCpAjHM8i06fl7eLyVC9iuNAjm9qzkiu2ZGhM0VscSvS6WDPfAwkdkBuoXGM9FJSbKl6wylMwP9Ktig==} engines: {node: ^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0} - growl@1.9.2: - resolution: {integrity: sha512-RTBwDHhNuOx4F0hqzItc/siXCasGfC4DeWcBamclWd+6jWtBaeB/SGbMkGf0eiQoW7ib8JpvOgnUsmgMHI3Mfw==} + growl@1.10.5: + resolution: {integrity: sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==} + engines: {node: '>=4.x'} growly@1.3.0: resolution: {integrity: sha512-+xGQY0YyAWCnqy7Cd++hc2JqMYzlm0dG30Jd0beaA64sROr8C4nt8Yc9V5Ro3avlSUDTN0ulqP/VBKi1/lLygw==} @@ -17117,9 +17123,6 @@ packages: resolution: {integrity: sha512-Q4r8ghd80yhO/0j1O3B2BjweX3fiHg9cdOwjJd2J76Q135c+NDxGCqdYKQ1SKBuFfgWbAUzBfvYjPUEeNgqN1A==} engines: {node: '>= 6'} - minimist@0.0.8: - resolution: {integrity: sha512-miQKw5Hv4NS1Psg2517mV4e4dYNaO3++hjAvLOAzKqZ61rH8NS1SK+vbfBWZ5PY/Me/bEWhUwqMghEW5Fb9T7Q==} - minimist@0.2.4: resolution: {integrity: sha512-Pkrrm8NjyQ8yVt8Am9M+yUt74zE3iokhzbG1bFVNjLB92vwM71hf40RkEsryg98BujhVOncKm/C1xROxZ030LQ==} @@ -19080,8 +19083,8 @@ packages: proto-list@1.2.4: resolution: {integrity: sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==} - protobufjs@7.5.4: - resolution: {integrity: sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg==} + protobufjs@7.5.5: + resolution: {integrity: sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg==} engines: {node: '>=12.0.0'} proxy-addr@2.0.7: @@ -21328,12 +21331,6 @@ packages: underscore@1.13.8: resolution: {integrity: sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==} - underscore@1.7.0: - resolution: {integrity: sha512-cp0oQQyZhUM1kpJDLdGO1jPZHgS/MpzoWYfe9+CM2h/QGDZlqwT2T3YGukuBdaNJ/CAPoeyAZRRHz8JFo176vA==} - - underscore@1.8.3: - resolution: {integrity: sha512-5WsVTFcH1ut/kkhAaHf4PVgI8c7++GiVcpCGxPouI6ZVjsqPnSDf8h/8HtVqc0t4fzRXwnMK70EcZeAs3PIddg==} - undici-types@5.26.5: resolution: {integrity: sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==} @@ -25299,14 +25296,14 @@ snapshots: dependencies: lodash.camelcase: 4.3.0 long: 5.3.2 - protobufjs: 7.5.4 + protobufjs: 7.5.5 yargs: 17.7.2 '@grpc/proto-loader@0.8.0': dependencies: lodash.camelcase: 4.3.0 long: 5.3.2 - protobufjs: 7.5.4 + protobufjs: 7.5.5 yargs: 17.7.2 '@gulpjs/to-absolute-glob@4.0.0': @@ -35025,7 +35022,7 @@ snapshots: '@grpc/grpc-js': 1.14.3 '@grpc/proto-loader': 0.7.15 docker-modem: 5.0.7 - protobufjs: 7.5.4 + protobufjs: 7.5.5 tar-fs: 2.1.4 uuid: 10.0.0 transitivePeerDependencies: @@ -37512,7 +37509,7 @@ snapshots: dependencies: express: 4.21.2 long-timeout: 0.1.1 - underscore: 1.8.3 + underscore: 1.13.8 express-end@0.0.8: dependencies: @@ -38087,11 +38084,14 @@ snapshots: form-data-encoder@4.1.0: {} - form-data@2.3.3: + form-data@2.5.5: dependencies: asynckit: 0.4.0 combined-stream: 1.0.8 + es-set-tostringtag: 2.1.0 + hasown: 2.0.2 mime-types: 2.1.35 + safe-buffer: 5.2.1 form-data@3.0.4: dependencies: @@ -38641,7 +38641,7 @@ snapshots: graphql@16.13.2: {} - growl@1.9.2: {} + growl@1.10.5: {} growly@1.3.0: {} @@ -39028,7 +39028,7 @@ snapshots: httpntlm@1.6.1: dependencies: httpreq: 1.1.1 - underscore: 1.7.0 + underscore: 1.13.8 httpreq@1.1.1: {} @@ -41844,8 +41844,6 @@ snapshots: is-plain-obj: 1.1.0 kind-of: 6.0.3 - minimist@0.0.8: {} - minimist@0.2.4: {} minimist@1.2.8: {} @@ -41947,7 +41945,7 @@ snapshots: mkdirp@0.5.1: dependencies: - minimist: 0.0.8 + minimist: 0.2.4 mkdirp@0.5.6: dependencies: @@ -42012,7 +42010,7 @@ snapshots: diff: 3.5.1 escape-string-regexp: 1.0.2 glob: 3.2.11 - growl: 1.9.2 + growl: 1.10.5 jade: 0.26.3 mkdirp: 0.5.1 supports-color: 1.2.0 @@ -44177,7 +44175,7 @@ snapshots: proto-list@1.2.4: optional: true - protobufjs@7.5.4: + protobufjs@7.5.5: dependencies: '@protobufjs/aspromise': 1.1.2 '@protobufjs/base64': 1.1.2 @@ -44813,7 +44811,7 @@ snapshots: combined-stream: 1.0.8 extend: 3.0.2 forever-agent: 0.6.1 - form-data: 2.3.3 + form-data: 2.5.5 har-validator: 5.1.5 http-signature: 1.2.0 is-typedarray: 1.0.0 @@ -47068,10 +47066,6 @@ snapshots: underscore@1.13.8: {} - underscore@1.7.0: {} - - underscore@1.8.3: {} - undici-types@5.26.5: {} undici-types@6.21.0: {} From b2d2569aa7b487ce3db5871d163d7b877dc55c38 Mon Sep 17 00:00:00 2001 From: Steve Larson <9larsons@gmail.com> Date: Mon, 27 Apr 2026 19:10:37 -0500 Subject: [PATCH 2/3] Added package overrides (#27594) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no ref Adds 2 entries to root `pnpm.overrides` for transitive packages flagged as high-severity. Both callers are dev/build chains; no runtime path is touched. Caret-pinned within the existing major. | module | range → replacement | caller chain | |---|---|---| | `nth-check` | `<2.0.1` → `^2.0.1` | `ghost/admin > cssnano > cssnano-preset-default > postcss-svgo > svgo > css-select > nth-check` | | `path-to-regexp` | `<0.1.13` → `^0.1.13` | `e2e > express > path-to-regexp` | A `rollup` override was tried in an earlier iteration of this branch but broke `ghost-admin`'s build (`broccoli-rollup@2.1.1` is tightly coupled to the rollup 2.79.x return shape and crashed under 2.80.0). The rollup advisory needs a different fix and is left out of this PR. --- package.json | 2 ++ pnpm-lock.yaml | 23 +++++++++-------------- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/package.json b/package.json index 4abbd117c9b..0d1c6aaacac 100644 --- a/package.json +++ b/package.json @@ -88,6 +88,8 @@ "minimatch@<3.1.4": "^3.1.4", "minimatch@>=9.0.0 <9.0.7": "^9.0.7", "minimist@<0.2.4": "^0.2.4", + "nth-check@<2.0.1": "^2.0.1", + "path-to-regexp@<0.1.13": "^0.1.13", "protobufjs@<7.5.5": "^7.5.5", "qs@>=6.7.0 <=6.14.1": "^6.14.2", "tar@<7.5.11": "^7.5.11", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 96b5f6edf77..f4fb10fbe10 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -49,6 +49,8 @@ overrides: minimatch@<3.1.4: ^3.1.4 minimatch@>=9.0.0 <9.0.7: ^9.0.7 minimist@<0.2.4: ^0.2.4 + nth-check@<2.0.1: ^2.0.1 + path-to-regexp@<0.1.13: ^0.1.13 protobufjs@<7.5.5: ^7.5.5 qs@>=6.7.0 <=6.14.1: ^6.14.2 tar@<7.5.11: ^7.5.11 @@ -17618,9 +17620,6 @@ packages: engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} deprecated: This package is no longer supported. - nth-check@1.0.2: - resolution: {integrity: sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==} - nth-check@2.1.1: resolution: {integrity: sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==} @@ -18104,8 +18103,8 @@ packages: resolution: {integrity: sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==} engines: {node: 18 || 20 || >=22} - path-to-regexp@0.1.12: - resolution: {integrity: sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==} + path-to-regexp@0.1.13: + resolution: {integrity: sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==} path-to-regexp@1.9.0: resolution: {integrity: sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g==} @@ -34483,14 +34482,14 @@ snapshots: boolbase: 1.0.0 css-what: 2.1.3 domutils: 1.5.1 - nth-check: 1.0.2 + nth-check: 2.1.1 css-select@2.1.0: dependencies: boolbase: 1.0.0 css-what: 3.4.2 domutils: 1.7.0 - nth-check: 1.0.2 + nth-check: 2.1.1 css-select@5.2.2: dependencies: @@ -37587,7 +37586,7 @@ snapshots: methods: 1.1.2 on-finished: 2.4.1 parseurl: 1.3.3 - path-to-regexp: 0.1.12 + path-to-regexp: 0.1.13 proxy-addr: 2.0.7 qs: 6.15.0 range-parser: 1.2.1 @@ -37623,7 +37622,7 @@ snapshots: methods: 1.1.2 on-finished: 2.4.1 parseurl: 1.3.3 - path-to-regexp: 0.1.12 + path-to-regexp: 0.1.13 proxy-addr: 2.0.7 qs: 6.14.2 range-parser: 1.2.1 @@ -42590,10 +42589,6 @@ snapshots: set-blocking: 2.0.0 optional: true - nth-check@1.0.2: - dependencies: - boolbase: 1.0.0 - nth-check@2.1.1: dependencies: boolbase: 1.0.0 @@ -43117,7 +43112,7 @@ snapshots: lru-cache: 11.3.5 minipass: 7.1.3 - path-to-regexp@0.1.12: {} + path-to-regexp@0.1.13: {} path-to-regexp@1.9.0: dependencies: From eaafc4ca5360d0555254d745cefad679deba9b80 Mon Sep 17 00:00:00 2001 From: Steve Larson <9larsons@gmail.com> Date: Mon, 27 Apr 2026 19:43:03 -0500 Subject: [PATCH 3/3] Added follow-redirects and js-yaml overrides (#27596) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no ref Adds 2 entries to root `pnpm.overrides` for transitive packages flagged as moderate-severity. Both are patch-level bumps within the existing major (no version-jump risk). | module | range → replacement | caller chain | |---|---|---| | `follow-redirects` | `<1.16.0` → `^1.16.0` | `. > nx > axios > follow-redirects` (root dev tooling) | | `js-yaml` | `>=4.0.0 <4.1.1` → `^4.1.1` | `ghost/i18n > i18next-parser > js-yaml` | `follow-redirects` collapses the single resolved instance from `1.15.11` → `1.16.0` (patch). `js-yaml`'s vulnerable `4.1.0` instance is replaced by `4.1.1`; the unrelated `3.14.2` instance pulled by other consumers stays where it is. --- package.json | 2 ++ pnpm-lock.yaml | 24 +++++++++--------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/package.json b/package.json index 0d1c6aaacac..c4c1bbece94 100644 --- a/package.json +++ b/package.json @@ -81,9 +81,11 @@ "debug@<2.6.9": "^2.6.9", "diff@<3.5.1": "^3.5.1", "diff@>=6.0.0 <8.0.3": "^8.0.3", + "follow-redirects@<1.16.0": "^1.16.0", "form-data@<2.5.4": "^2.5.4", "growl@<1.10.0": "^1.10.0", "handlebars@>=4.0.0 <=4.7.8": "^4.7.9", + "js-yaml@>=4.0.0 <4.1.1": "^4.1.1", "lodash@<4.18.0": "^4.18.0", "minimatch@<3.1.4": "^3.1.4", "minimatch@>=9.0.0 <9.0.7": "^9.0.7", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f4fb10fbe10..a7ff0be6e64 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -42,9 +42,11 @@ overrides: debug@<2.6.9: ^2.6.9 diff@<3.5.1: ^3.5.1 diff@>=6.0.0 <8.0.3: ^8.0.3 + follow-redirects@<1.16.0: ^1.16.0 form-data@<2.5.4: ^2.5.4 growl@<1.10.0: ^1.10.0 handlebars@>=4.0.0 <=4.7.8: ^4.7.9 + js-yaml@>=4.0.0 <4.1.1: ^4.1.1 lodash@<4.18.0: ^4.18.0 minimatch@<3.1.4: ^3.1.4 minimatch@>=9.0.0 <9.0.7: ^9.0.7 @@ -14143,8 +14145,8 @@ packages: focus-trap@6.9.4: resolution: {integrity: sha512-v2NTsZe2FF59Y+sDykKY+XjqZ0cPfhq/hikWVL88BqLivnNiEffAsac6rP6H45ff9wG9LL5ToiDqrLEP9GX9mw==} - follow-redirects@1.15.11: - resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==} + follow-redirects@1.16.0: + resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==} engines: {node: '>=4.0'} peerDependencies: debug: '*' @@ -15885,10 +15887,6 @@ packages: resolution: {integrity: sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==} hasBin: true - js-yaml@4.1.0: - resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} - hasBin: true - js-yaml@4.1.1: resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==} hasBin: true @@ -31799,7 +31797,7 @@ snapshots: axios@1.13.6: dependencies: - follow-redirects: 1.15.11 + follow-redirects: 1.16.0 form-data: 4.0.5 proxy-from-env: 1.1.0 transitivePeerDependencies: @@ -31807,7 +31805,7 @@ snapshots: axios@1.15.0: dependencies: - follow-redirects: 1.15.11 + follow-redirects: 1.16.0 form-data: 4.0.5 proxy-from-env: 2.1.0 transitivePeerDependencies: @@ -38058,7 +38056,7 @@ snapshots: dependencies: tabbable: 5.3.3 - follow-redirects@1.15.11: {} + follow-redirects@1.16.0: {} for-each@0.3.5: dependencies: @@ -39003,7 +39001,7 @@ snapshots: http-proxy@1.18.1: dependencies: eventemitter3: 4.0.7 - follow-redirects: 1.15.11 + follow-redirects: 1.16.0 requires-port: 1.0.0 transitivePeerDependencies: - debug @@ -39086,7 +39084,7 @@ snapshots: fs-extra: 11.3.4 gulp-sort: 2.0.0 i18next: 23.16.8 - js-yaml: 4.1.0 + js-yaml: 4.1.1 lilconfig: 3.1.3 rsvp: 4.8.5 sort-keys: 5.1.0 @@ -40349,10 +40347,6 @@ snapshots: argparse: 1.0.10 esprima: 4.0.1 - js-yaml@4.1.0: - dependencies: - argparse: 2.0.1 - js-yaml@4.1.1: dependencies: argparse: 2.0.1