thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions

chore: security patch for the dependency chain v2025.12.0 (#5678)

Browse source 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
This commit is contained in:
Mir Arif Hasan 2025-12-12 17:28:35 +06:00 committed by GitHub
parent 973572d060
commit 05927f3d4d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 2004 additions and 1565 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
package.json
View file

@ -24,8 +24,8 @@
"./packages/*"
],
"devDependencies": {
"@commitlint/cli": "20.1.0",
"@commitlint/config-conventional": "20.0.0",
"@commitlint/cli": "20.2.0",
"@commitlint/config-conventional": "20.2.0",
"@hoppscotch/ui": "0.2.5",
"@types/node": "24.10.1",
"cross-env": "10.1.0",
@ -37,12 +37,12 @@
"overrides": {
"@nestjs-modules/mailer>mjml": "5.0.0-alpha.4",
"apiconnect-wsdl": "2.0.36",
"body-parser": "2.2.1",
"cross-spawn": "7.0.6",
"execa@0.10.0": "2.0.0",
"jws@<3.2.3": "3.2.3",
"nodemailer@<7.0.11": "7.0.11",
"glob@<11.1.0": "11.1.0",
"hono@<4.10.3": "4.10.3",
"nodemailer@<7.0.7": "7.0.7",
"sha.js@2.4.11": "2.4.12",
"subscriptions-transport-ws>ws": "7.5.10",
"vue": "3.5.25",
"form-data": "4.0.4",

10
packages/hoppscotch-agent/package.json
View file

@ -13,25 +13,25 @@
"@hoppscotch/ui": "0.2.5",
"@tauri-apps/api": "2.1.1",
"@tauri-apps/plugin-shell": "2.3.3",
"@vueuse/core": "14.0.0",
"@vueuse/core": "14.1.0",
"axios": "1.13.2",
"fp-ts": "2.16.11",
"lodash-es": "4.17.21",
"vue": "3.5.25"
},
"devDependencies": {
"@iconify-json/lucide": "1.2.73",
"@iconify-json/lucide": "1.2.80",
"@tauri-apps/cli": "2.9.3",
"@types/lodash-es": "4.17.12",
"@types/node": "24.10.1",
"@vitejs/plugin-vue": "6.0.2",
"autoprefixer": "10.4.21",
"@vitejs/plugin-vue": "6.0.3",
"autoprefixer": "10.4.22",
"postcss": "8.5.6",
"tailwindcss": "3.4.16",
"typescript": "5.9.3",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.4",
"vite": "7.2.7",
"vue-tsc": "2.2.0"
}
}

38
packages/hoppscotch-backend/package.json
View file

@ -39,23 +39,23 @@
"@nestjs/config": "4.0.2",
"@nestjs/core": "11.1.9",
"@nestjs/graphql": "13.2.0",
"@nestjs/jwt": "11.0.1",
"@nestjs/jwt": "11.0.2",
"@nestjs/passport": "11.0.0",
"@nestjs/platform-express": "11.1.9",
"@nestjs/schedule": "6.0.1",
"@nestjs/schedule": "6.1.0",
"@nestjs/swagger": "11.2.3",
"@nestjs/terminus": "11.0.0",
"@nestjs/throttler": "6.4.0",
"@prisma/adapter-pg": "7.0.0",
"@prisma/client": "7.0.0",
"@nestjs/throttler": "6.5.0",
"@prisma/adapter-pg": "7.1.0",
"@prisma/client": "7.1.0",
"argon2": "0.44.0",
"bcrypt": "6.0.0",
"class-transformer": "0.5.1",
"class-validator": "0.14.2",
"cookie": "1.0.2",
"class-validator": "0.14.3",
"cookie": "1.1.1",
"cookie-parser": "1.4.7",
"dotenv": "17.2.3",
"express": "5.1.0",
"express": "5.2.1",
"express-session": "1.18.2",
"fp-ts": "2.16.11",
"graphql": "16.12.0",
@ -65,7 +65,7 @@
"handlebars": "4.7.8",
"io-ts": "2.2.22",
"morgan": "1.10.1",
"nodemailer": "7.0.10",
"nodemailer": "7.0.11",
"passport": "0.7.0",
"passport-github2": "0.1.12",
"passport-google-oauth20": "2.0.0",
@ -73,24 +73,24 @@
"passport-local": "1.0.0",
"passport-microsoft": "2.1.0",
"pg": "8.16.3",
"posthog-node": "5.13.2",
"prisma": "7.0.0",
"posthog-node": "5.17.2",
"prisma": "7.1.0",
"reflect-metadata": "0.2.2",
"rimraf": "6.1.2",
"rxjs": "7.8.2"
},
"devDependencies": {
"@eslint/eslintrc": "3.3.1",
"@eslint/eslintrc": "3.3.3",
"@eslint/js": "9.39.1",
"@nestjs/cli": "11.0.12",
"@nestjs/cli": "11.0.14",
"@nestjs/schematics": "11.0.9",
"@nestjs/testing": "11.1.9",
"@relmify/jest-fp-ts": "2.1.1",
"@types/bcrypt": "6.0.0",
"@types/cookie-parser": "1.4.10",
"@types/express": "5.0.5",
"@types/express": "5.0.6",
"@types/jest": "30.0.0",
"@types/node": "24.10.1",
"@types/node": "24.10.2",
"@types/nodemailer": "7.0.4",
"@types/passport-github2": "1.2.9",
"@types/passport-google-oauth20": "2.0.17",
@ -98,8 +98,8 @@
"@types/passport-microsoft": "2.1.1",
"@types/pg": "8.15.6",
"@types/supertest": "6.0.3",
"@typescript-eslint/eslint-plugin": "8.48.0",
"@typescript-eslint/parser": "8.48.0",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"cross-env": "10.1.0",
"eslint": "9.39.1",
"eslint-config-prettier": "10.1.8",
@ -107,10 +107,10 @@
"globals": "16.5.0",
"jest": "30.2.0",
"jest-mock-extended": "4.0.0",
"prettier": "3.6.2",
"prettier": "3.7.4",
"source-map-support": "0.5.21",
"supertest": "7.1.4",
"ts-jest": "29.4.5",
"ts-jest": "29.4.6",
"ts-loader": "9.5.4",
"ts-node": "10.9.2",
"tsconfig-paths": "4.2.0",

8
packages/hoppscotch-cli/package.json
View file

@ -53,7 +53,7 @@
"qs": "6.14.0",
"tough-cookie": "6.0.0",
"verzod": "0.4.0",
"xmlbuilder2": "4.0.0",
"xmlbuilder2": "4.0.3",
"zod": "3.25.32"
},
"devDependencies": {
@ -61,14 +61,14 @@
"@hoppscotch/js-sandbox": "workspace:^",
"@relmify/jest-fp-ts": "2.1.1",
"@types/lodash-es": "4.17.12",
"@types/papaparse": "5.5.0",
"@types/papaparse": "5.5.1",
"@types/qs": "6.14.0",
"fp-ts": "2.16.11",
"prettier": "3.6.2",
"prettier": "3.7.4",
"qs": "6.11.2",
"semver": "7.7.3",
"tsup": "8.5.1",
"typescript": "5.9.3",
"vitest": "4.0.14"
"vitest": "4.0.15"
}
}

42
packages/hoppscotch-common/package.json
View file

@ -33,7 +33,7 @@
"@codemirror/merge": "6.11.2",
"@codemirror/search": "6.5.11",
"@codemirror/state": "6.5.2",
"@codemirror/view": "6.38.8",
"@codemirror/view": "6.39.4",
"@guolao/vue-monaco-editor": "1.6.0",
"@hoppscotch/codemirror-lang-graphql": "workspace:^",
"@hoppscotch/data": "workspace:^",
@ -48,7 +48,7 @@
"@scure/base": "2.0.0",
"@shopify/lang-jsonc": "1.0.1",
"@tauri-apps/api": "2.1.1",
"@tauri-apps/plugin-store": "2.2.0",
"@tauri-apps/plugin-store": "2.4.1",
"@types/hawk": "9.0.7",
"@types/markdown-it": "14.1.2",
"@types/node": "24.10.1",
@ -56,14 +56,14 @@
"@urql/core": "6.0.1",
"@urql/devtools": "2.0.3",
"@urql/exchange-auth": "3.0.0",
"@vueuse/core": "14.0.0",
"@vueuse/core": "14.1.0",
"acorn-walk": "8.3.4",
"aws4fetch": "1.0.20",
"axios": "1.13.2",
"buffer": "6.0.3",
"cookie-es": "2.0.0",
"dioc": "3.0.2",
"dompurify": "3.3.0",
"dompurify": "3.3.1",
"esprima": "4.0.1",
"events": "3.3.0",
"fp-ts": "2.16.11",
@ -103,7 +103,7 @@
"splitpanes": "3.1.5",
"stream-browserify": "3.0.0",
"subscriptions-transport-ws": "0.11.0",
"superjson": "2.2.5",
"superjson": "2.2.6",
"tern": "0.24.3",
"timers": "0.1.1",
"tippy.js": "6.3.7",
@ -115,7 +115,7 @@
"vue-i18n": "11.2.2",
"vue-json-pretty": "2.6.0",
"vue-pdf-embed": "2.1.3",
"vue-router": "4.6.3",
"vue-router": "4.6.4",
"vue-tippy": "6.7.1",
"vuedraggable-es": "4.1.1",
"wonka": "6.3.5",
@ -129,13 +129,13 @@
"@esbuild-plugins/node-modules-polyfill": "0.2.2",
"@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/typed-document-node": "6.1.3",
"@graphql-codegen/typescript": "5.0.5",
"@graphql-codegen/typescript-operations": "5.0.5",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.75",
"@iconify-json/lucide": "1.2.80",
"@import-meta-env/cli": "0.7.4",
"@intlify/unplugin-vue-i18n": "11.0.1",
"@relmify/jest-fp-ts": "2.1.1",
@ -149,9 +149,9 @@
"@types/qs": "6.14.0",
"@types/splitpanes": "2.2.6",
"@types/yargs-parser": "21.0.3",
"@typescript-eslint/eslint-plugin": "8.48.0",
"@typescript-eslint/parser": "8.48.0",
"@vitejs/plugin-vue": "6.0.2",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@vitejs/plugin-vue": "6.0.3",
"@vue/compiler-sfc": "3.5.25",
"@vue/eslint-config-typescript": "13.0.0",
"@vue/runtime-core": "3.5.25",
@ -160,31 +160,31 @@
"dotenv": "17.2.3",
"eslint": "8.57.0",
"eslint-plugin-prettier": "5.5.4",
"eslint-plugin-vue": "10.6.1",
"eslint-plugin-vue": "10.6.2",
"glob": "13.0.0",
"jsdom": "27.2.0",
"jsdom": "27.3.0",
"npm-run-all": "4.1.5",
"openapi-types": "12.1.3",
"postcss": "8.5.6",
"prettier": "3.6.2",
"prettier": "3.7.4",
"prettier-plugin-tailwindcss": "0.7.1",
"rollup-plugin-polyfill-node": "0.13.0",
"sass": "1.94.2",
"sass": "1.96.0",
"tailwindcss": "3.4.16",
"tsup": "8.5.1",
"typescript": "5.9.3",
"unplugin-fonts": "1.4.0",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.4",
"vite": "7.2.7",
"vite-plugin-checker": "0.11.0",
"vite-plugin-fonts": "0.7.0",
"vite-plugin-html-config": "2.0.2",
"vite-plugin-pages": "0.33.1",
"vite-plugin-pages": "0.33.2",
"vite-plugin-pages-sitemap": "1.7.1",
"vite-plugin-pwa": "1.1.0",
"vite-plugin-pwa": "1.2.0",
"vite-plugin-vue-layouts": "0.11.0",
"vitest": "4.0.14",
"vitest": "4.0.15",
"vue-tsc": "1.8.8"
}
}

4
packages/hoppscotch-common/src/components/http/Request.vue
View file

@ -70,9 +70,7 @@
<HoppButtonPrimary
id="send"
v-tippy="{ theme: 'tooltip', delay: [500, 20], allowHTML: true }"
:title="`${t(
'action.send'
)} <kbd>${getSpecialKey()}</kbd><kbd></kbd>`"
:title="`${t('action.send')} <kbd>${getSpecialKey()}</kbd><kbd>↩</kbd>`"
:label="`${
!isTabResponseLoading ? t('action.send') : t('action.cancel')
}`"

8
packages/hoppscotch-common/src/components/lenses/ResponseBodyRenderer.vue
View file

@ -106,10 +106,10 @@ const showIndicator = computed(() => {
const { expectResults, tests, envDiff } = doc.value.testResults
return Boolean(
expectResults.length ||
tests.length ||
envDiff.selected.additions.length ||
envDiff.selected.updations.length ||
envDiff.global.updations.length
tests.length ||
envDiff.selected.additions.length ||
envDiff.selected.updations.length ||
envDiff.global.updations.length
)
})

4
packages/hoppscotch-common/src/helpers/import-export/import/postman.ts
View file

@ -258,8 +258,8 @@ const getHoppResponses = (
}
type PMRequestAuthDef<
AuthType extends
RequestAuthDefinition["type"] = RequestAuthDefinition["type"],
AuthType extends RequestAuthDefinition["type"] =
RequestAuthDefinition["type"],
> = AuthType extends RequestAuthDefinition["type"] & string
? // eslint-disable-next-line no-unused-vars
{ type: AuthType } & { [x in AuthType]: VariableDefinition[] }

4
packages/hoppscotch-common/src/helpers/runner/adapter.ts
View file

@ -32,9 +32,7 @@ type Requests = {
export type CollectionNode = Collection | Folder | Requests
export class TestRunnerCollectionsAdapter
implements SmartTreeAdapter<CollectionNode>
{
export class TestRunnerCollectionsAdapter implements SmartTreeAdapter<CollectionNode> {
constructor(
public data: Ref<HoppCollection[]>,
private show: Ref<"all" | "passed" | "failed">

6
packages/hoppscotch-common/src/services/documentation.service.ts
View file

@ -69,8 +69,7 @@ export interface BaseDocumentationOptions {
/**
* Options for setting collection documentation
*/
export interface SetCollectionDocumentationOptions
extends BaseDocumentationOptions {
export interface SetCollectionDocumentationOptions extends BaseDocumentationOptions {
/**
* The path (for personal collections) or ID (for team collections) of the collection
*/
@ -81,8 +80,7 @@ export interface SetCollectionDocumentationOptions
/**
* Request documentation
*/
export interface SetRequestDocumentationOptions
extends BaseDocumentationOptions {
export interface SetRequestDocumentationOptions extends BaseDocumentationOptions {
parentCollectionID: string
folderPath: string
requestID?: string // For team requests

4
packages/hoppscotch-common/src/services/spotlight/searchers/base/static.searcher.ts
View file

@ -52,8 +52,8 @@ export type StaticSpotlightSearcherOptions<
* that can optionally be toggled against (via the `excludeFromSearch` property in the Doc)
*/
export abstract class StaticSpotlightSearcherService<
Doc extends object & { excludeFromSearch?: boolean },
>
Doc extends object & { excludeFromSearch?: boolean },
>
extends Service
implements SpotlightSearcher
{

4
packages/hoppscotch-data/package.json
View file

@ -37,12 +37,12 @@
"devDependencies": {
"@types/lodash": "4.17.21",
"typescript": "5.9.3",
"vite": "7.2.4"
"vite": "7.2.7"
},
"dependencies": {
"fp-ts": "2.16.11",
"io-ts": "2.2.22",
"jose": "6.1.2",
"jose": "6.1.3",
"lodash": "4.17.21",
"parser-ts": "0.7.0",
"uuid": "13.0.0",

22
packages/hoppscotch-desktop/package.json
View file

@ -20,7 +20,7 @@
},
"dependencies": {
"@fontsource-variable/inter": "5.2.8",
"@fontsource-variable/material-symbols-rounded": "5.2.24",
"@fontsource-variable/material-symbols-rounded": "5.2.30",
"@fontsource-variable/roboto-mono": "5.2.8",
"@hoppscotch/common": "workspace:^",
"@hoppscotch/kernel": "workspace:^",
@ -30,34 +30,34 @@
"@tauri-apps/plugin-fs": "2.0.2",
"@tauri-apps/plugin-process": "2.2.0",
"@tauri-apps/plugin-shell": "2.3.3",
"@tauri-apps/plugin-store": "2.2.0",
"@tauri-apps/plugin-store": "2.4.1",
"@tauri-apps/plugin-updater": "2.9.0",
"fp-ts": "2.16.11",
"rxjs": "7.8.2",
"vue": "3.5.25",
"vue-router": "4.6.3",
"vue-router": "4.6.4",
"vue-tippy": "6.7.1",
"zod": "3.25.32"
},
"devDependencies": {
"@iconify-json/lucide": "1.2.73",
"@iconify-json/lucide": "1.2.80",
"@rushstack/eslint-patch": "1.15.0",
"@tauri-apps/cli": "2.9.3",
"@typescript-eslint/eslint-plugin": "8.47.0",
"@typescript-eslint/parser": "8.47.0",
"@vitejs/plugin-vue": "6.0.2",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@vitejs/plugin-vue": "6.0.3",
"@vue/eslint-config-typescript": "13.0.0",
"autoprefixer": "10.4.21",
"autoprefixer": "10.4.22",
"eslint": "8.57.0",
"eslint-plugin-prettier": "5.5.4",
"eslint-plugin-vue": "10.6.1",
"eslint-plugin-vue": "10.6.2",
"postcss": "8.5.6",
"sass": "1.94.2",
"sass": "1.96.0",
"tailwindcss": "3.4.16",
"typescript": "5.9.3",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.4",
"vite": "7.2.7",
"vue-tsc": "2.2.0"
}
}

4
packages/hoppscotch-desktop/plugin-workspace/tauri-plugin-appload/examples/tauri-app/package.json
View file

@ -15,8 +15,8 @@
},
"devDependencies": {
"@sveltejs/vite-plugin-svelte": "^1.0.1",
"@tauri-apps/cli": "^2.0.0-alpha.17",
"svelte": "^3.49.0",
"vite": "^3.0.2",
"@tauri-apps/cli": "^2.0.0-alpha.17"
"vite": "^7.2.7"
}
}

10
packages/hoppscotch-js-sandbox/package.json
View file

@ -65,16 +65,16 @@
"@types/jest": "30.0.0",
"@types/lodash": "4.17.21",
"@types/node": "24.10.1",
"@typescript-eslint/eslint-plugin": "8.48.0",
"@typescript-eslint/parser": "8.48.0",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"eslint": "8.57.0",
"eslint-config-prettier": "10.1.8",
"eslint-plugin-prettier": "5.5.4",
"io-ts": "2.2.22",
"prettier": "3.6.2",
"prettier": "3.7.4",
"typescript": "5.9.3",
"vite": "7.2.4",
"vitest": "4.0.14"
"vite": "7.2.7",
"vitest": "4.0.15"
},
"peerDependencies": {
"isolated-vm": "6.0.2"

4
packages/hoppscotch-js-sandbox/src/types/index.ts
View file

@ -327,9 +327,7 @@ export interface RequestSetterMethodsResult {
* Return type for createBaseInputs function
*/
export interface BaseInputs
extends PwNamespaceMethods,
HoppNamespaceMethods,
PmNamespaceMethods {
extends PwNamespaceMethods, HoppNamespaceMethods, PmNamespaceMethods {
cookieGet: SandboxFunction
cookieSet: SandboxFunction
cookieHas: SandboxFunction

8
packages/hoppscotch-kernel/package.json
View file

@ -37,7 +37,7 @@
"devDependencies": {
"@types/node": "24.9.1",
"typescript": "5.9.3",
"vite": "6.3.5"
"vite": "7.2.7"
},
"peerDependencies": {
"@tauri-apps/api": "2.1.1"
@ -52,11 +52,11 @@
"@tauri-apps/plugin-dialog": "2.0.1",
"@tauri-apps/plugin-fs": "2.0.2",
"@tauri-apps/plugin-shell": "2.2.1",
"@tauri-apps/plugin-store": "2.2.0",
"@tauri-apps/plugin-store": "2.4.1",
"aws4fetch": "1.0.20",
"axios": "1.12.2",
"axios": "1.13.2",
"fp-ts": "2.16.11",
"superjson": "2.2.3",
"superjson": "2.2.6",
"zod": "3.25.32"
}
}

24
packages/hoppscotch-selfhost-web/package.json
View file

@ -36,7 +36,7 @@
"@tauri-apps/plugin-dialog": "2.0.1",
"@tauri-apps/plugin-fs": "2.0.2",
"@tauri-apps/plugin-shell": "2.2.1",
"@vueuse/core": "14.0.0",
"@vueuse/core": "14.1.0",
"axios": "1.13.2",
"buffer": "6.0.3",
"dioc": "3.0.2",
@ -53,26 +53,26 @@
"devDependencies": {
"@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/typed-document-node": "6.1.3",
"@graphql-codegen/typescript": "5.0.5",
"@graphql-codegen/typescript-operations": "5.0.5",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.75",
"@iconify-json/lucide": "1.2.80",
"@intlify/unplugin-vue-i18n": "11.0.1",
"@rushstack/eslint-patch": "1.15.0",
"@typescript-eslint/eslint-plugin": "8.48.0",
"@typescript-eslint/parser": "8.48.0",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@vitejs/plugin-legacy": "7.2.1",
"@vitejs/plugin-vue": "6.0.2",
"@vitejs/plugin-vue": "6.0.3",
"@vue/eslint-config-typescript": "13.0.0",
"autoprefixer": "10.4.22",
"cross-env": "10.1.0",
"dotenv": "17.2.3",
"eslint": "8.57.0",
"eslint-plugin-prettier": "5.5.4",
"eslint-plugin-vue": "10.6.1",
"eslint-plugin-vue": "10.6.2",
"npm-run-all": "4.1.5",
"postcss": "8.5.6",
"prettier-plugin-tailwindcss": "0.7.1",
@ -81,13 +81,13 @@
"unplugin-fonts": "1.4.0",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.4",
"vite": "7.2.7",
"vite-plugin-fonts": "0.7.0",
"vite-plugin-html-config": "2.0.2",
"vite-plugin-inspect": "11.3.3",
"vite-plugin-pages": "0.33.1",
"vite-plugin-pages": "0.33.2",
"vite-plugin-pages-sitemap": "1.7.1",
"vite-plugin-pwa": "1.1.0",
"vite-plugin-pwa": "1.2.0",
"vite-plugin-static-copy": "3.1.4",
"vite-plugin-vue-layouts": "0.11.0",
"vue-tsc": "2.1.6"

24
packages/hoppscotch-sh-admin/package.json
View file

@ -23,7 +23,7 @@
"@types/cors": "2.8.19",
"@urql/exchange-auth": "3.0.0",
"@urql/vue": "2.0.0",
"@vueuse/core": "14.0.0",
"@vueuse/core": "14.1.0",
"axios": "1.13.2",
"cors": "2.8.5",
"date-fns": "4.1.0",
@ -41,35 +41,35 @@
"unplugin-vue-components": "30.0.0",
"vue": "3.5.25",
"vue-i18n": "11.2.2",
"vue-router": "4.6.3",
"vue-router": "4.6.4",
"vue-tippy": "6.7.1"
},
"devDependencies": {
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/client-preset": "5.2.0",
"@graphql-codegen/client-preset": "5.2.1",
"@graphql-codegen/introspection": "5.0.0",
"@graphql-codegen/typed-document-node": "6.1.3",
"@graphql-codegen/typescript": "5.0.5",
"@graphql-codegen/typescript-document-nodes": "5.0.5",
"@graphql-codegen/typescript-operations": "5.0.5",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-document-nodes": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/urql-introspection": "3.0.1",
"@iconify-json/lucide": "1.2.75",
"@iconify-json/lucide": "1.2.80",
"@import-meta-env/cli": "0.7.4",
"@import-meta-env/unplugin": "0.6.3",
"@types/lodash-es": "4.17.12",
"@vitejs/plugin-vue": "6.0.2",
"@vitejs/plugin-vue": "6.0.3",
"@vue/compiler-sfc": "3.5.25",
"autoprefixer": "10.4.22",
"dotenv": "17.2.3",
"graphql-tag": "2.12.6",
"hoppscotch-backend": "workspace:^",
"npm-run-all": "4.1.5",
"sass": "1.94.2",
"sass": "1.96.0",
"ts-node": "10.9.2",
"typescript": "5.9.3",
"unplugin-fonts": "1.4.0",
"vite": "7.2.4",
"vite-plugin-pages": "0.33.1",
"vite": "7.2.7",
"vite-plugin-pages": "0.33.2",
"vite-plugin-vue-layouts": "0.11.0",
"vue-tsc": "2.1.6"
},

3301
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

30
prod.Dockerfile
View file

@ -1,6 +1,6 @@
# This step is used to build a custom build of Caddy to prevent
# vulnerable packages on the dependency chain
FROM alpine:3.22.2 AS caddy_builder
FROM alpine:3.23.0 AS caddy_builder
RUN apk add --no-cache curl git && \
mkdir -p /tmp/caddy-build && \
curl -L -o /tmp/caddy-build/src.tar.gz https://github.com/caddyserver/caddy/releases/download/v2.10.2/caddy_2.10.2_src.tar.gz
@ -14,7 +14,7 @@ RUN expected="a9efa00c161922dd24650fd0bee2f4f8bb2fb69ff3e63dcc44f0694da64bb0cf"
# Install Go 1.25.4 from GitHub releases to fix CVE-2025-47907
ARG TARGETARCH
ENV GOLANG_VERSION=1.25.4
ENV GOLANG_VERSION=1.25.5
# Download and install Go from the official tarball
RUN case "${TARGETARCH}" in amd64) GOARCH=amd64 ;; arm64) GOARCH=arm64 ;; *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; esac && \
curl -fsSL "https://go.dev/dl/go${GOLANG_VERSION}.linux-${GOARCH}.tar.gz" -o go.tar.gz && \
@ -33,6 +33,8 @@ RUN tar xvf /tmp/caddy-build/src.tar.gz && \
go get github.com/slackhq/nebula@v1.9.7 && \
# Patch to resolve CVE-2025-47913 on crypto
go get golang.org/x/crypto@v0.45.0 && \
# Patch to resolve CVE-2025-44005 on smallstep
go get github.com/smallstep/certificates@v0.29.0 && \
# Clean up any existing vendor directory and regenerate with updated deps
rm -rf vendor && \
go mod tidy && \
@ -45,16 +47,16 @@ RUN go build
# Shared Node.js base with optimized NPM installation
FROM alpine:3.22.2 AS node_base
FROM alpine:3.23.0 AS node_base
# Install dependencies
RUN apk add --no-cache nodejs curl bash tini ca-certificates \
&& mkdir -p /tmp/npm-install
RUN apk add --no-cache nodejs curl bash tini ca-certificates
# Set working directory for NPM installation
RUN mkdir -p /tmp/npm-install
WORKDIR /tmp/npm-install
# Download NPM tarball
RUN curl -fsSL https://registry.npmjs.org/npm/-/npm-11.6.3.tgz -o npm.tgz
RUN curl -fsSL https://registry.npmjs.org/npm/-/npm-11.6.4.tgz -o npm.tgz
# Verify checksum
RUN expected="f021e628209026669ec9e3881523a7efcf26934fd3fb5dd3fd9aa2a5030c7c41" \
RUN expected="9c07edca12853cddbf4fed4e372485aa60c064f9bf3e4cd157a2db5518a1792b" \
&& actual=$(sha256sum npm.tgz | cut -d' ' -f1) \
&& [ "$actual" = "$expected" ] \
&& echo "✅ NPM Tarball Checksum OK" \
@ -62,21 +64,17 @@ RUN expected="f021e628209026669ec9e3881523a7efcf26934fd3fb5dd3fd9aa2a5030c7c41"
# Install NPM from verified tarball and global packages
RUN tar -xzf npm.tgz && \
cd package && \
node bin/npm-cli.js install -g npm@11.6.3 && \
node bin/npm-cli.js install -g npm@11.6.4 && \
cd / && \
rm -rf /tmp/npm-install && \
npm install -g pnpm@10.23.0 @import-meta-env/cli && \
# Fix CVE-2025-64756 by replacing vulnerable glob with patched version
npm install -g glob@11.1.0 && \
# Replace glob in npm's node_modules
rm -rf /usr/lib/node_modules/npm/node_modules/glob && \
cp -r /usr/lib/node_modules/glob /usr/lib/node_modules/npm/node_modules/ && \
rm -rf /tmp/npm-install
RUN npm install -g pnpm@10.25.0 @import-meta-env/cli
# Fix CVE-2025-64756 by replacing vulnerable glob with patched version
RUN npm install -g glob@11.1.0 && \
# Replace glob in @import-meta-env/cli's node_modules
rm -rf /usr/lib/node_modules/@import-meta-env/cli/node_modules/glob && \
cp -r /usr/lib/node_modules/glob /usr/lib/node_modules/@import-meta-env/cli/node_modules/
FROM node_base AS base_builder
# Required by @hoppscotch/js-sandbox to build `isolated-vm`
RUN apk add --no-cache python3 make g++ zlib-dev brotli-dev c-ares-dev nghttp2-dev openssl-dev icu-dev ada-dev simdjson-dev simdutf-dev sqlite-dev zstd-dev