thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions

chore: security patch for the quic-go vulnerability (#5710)

Browse source 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: Nahid Hasan <52489202+nahidhasan94@users.noreply.github.com>
This commit is contained in:
Mir Arif Hasan 2025-12-19 21:30:22 +06:00 committed by GitHub
parent 440868d635
commit 442242c8ca
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
19 changed files with 1628 additions and 1555 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -44,7 +44,7 @@
"nodemailer@<7.0.11": "7.0.11",
"glob@<11.1.0": "11.1.0",
"subscriptions-transport-ws>ws": "7.5.10",
"vue": "3.5.25",
"vue": "3.5.26",
"form-data": "4.0.4",
"ws": "8.17.1"
},

2
packages/codemirror-lang-graphql/package.json
View file

@ -25,7 +25,7 @@
"@lezer/generator": "1.8.0",
"@rollup/plugin-typescript": "12.1.4",
"mocha": "11.7.5",
"rollup": "4.53.3",
"rollup": "4.53.5",
"typescript": "5.9.3"
}
}

10
packages/hoppscotch-agent/package.json
View file

@ -16,22 +16,22 @@
"@vueuse/core": "14.1.0",
"axios": "1.13.2",
"fp-ts": "2.16.11",
"lodash-es": "4.17.21",
"vue": "3.5.25"
"lodash-es": "4.17.22",
"vue": "3.5.26"
},
"devDependencies": {
"@iconify-json/lucide": "1.2.80",
"@iconify-json/lucide": "1.2.81",
"@tauri-apps/cli": "2.9.3",
"@types/lodash-es": "4.17.12",
"@types/node": "24.10.1",
"@vitejs/plugin-vue": "6.0.3",
"autoprefixer": "10.4.22",
"autoprefixer": "10.4.23",
"postcss": "8.5.6",
"tailwindcss": "3.4.16",
"typescript": "5.9.3",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.7",
"vite": "7.3.0",
"vue-tsc": "2.2.0"
}
}

24
packages/hoppscotch-backend/package.json
View file

@ -34,11 +34,11 @@
"@apollo/server": "5.2.0",
"@as-integrations/express5": "1.1.2",
"@nestjs-modules/mailer": "2.0.2",
"@nestjs/apollo": "13.2.1",
"@nestjs/apollo": "13.2.3",
"@nestjs/common": "11.1.9",
"@nestjs/config": "4.0.2",
"@nestjs/core": "11.1.9",
"@nestjs/graphql": "13.2.0",
"@nestjs/graphql": "13.2.3",
"@nestjs/jwt": "11.0.2",
"@nestjs/passport": "11.0.0",
"@nestjs/platform-express": "11.1.9",
@ -46,8 +46,8 @@
"@nestjs/swagger": "11.2.3",
"@nestjs/terminus": "11.0.0",
"@nestjs/throttler": "6.5.0",
"@prisma/adapter-pg": "7.1.0",
"@prisma/client": "7.1.0",
"@prisma/adapter-pg": "7.2.0",
"@prisma/client": "7.2.0",
"argon2": "0.44.0",
"bcrypt": "6.0.0",
"class-transformer": "0.5.1",
@ -73,15 +73,15 @@
"passport-local": "1.0.0",
"passport-microsoft": "2.1.0",
"pg": "8.16.3",
"posthog-node": "5.17.2",
"prisma": "7.1.0",
"posthog-node": "5.17.4",
"prisma": "7.2.0",
"reflect-metadata": "0.2.2",
"rimraf": "6.1.2",
"rxjs": "7.8.2"
},
"devDependencies": {
"@eslint/eslintrc": "3.3.3",
"@eslint/js": "9.39.1",
"@eslint/js": "9.39.2",
"@nestjs/cli": "11.0.14",
"@nestjs/schematics": "11.0.9",
"@nestjs/testing": "11.1.9",
@ -90,18 +90,18 @@
"@types/cookie-parser": "1.4.10",
"@types/express": "5.0.6",
"@types/jest": "30.0.0",
"@types/node": "24.10.2",
"@types/node": "25.0.3",
"@types/nodemailer": "7.0.4",
"@types/passport-github2": "1.2.9",
"@types/passport-google-oauth20": "2.0.17",
"@types/passport-jwt": "4.0.1",
"@types/passport-microsoft": "2.1.1",
"@types/pg": "8.15.6",
"@types/pg": "8.16.0",
"@types/supertest": "6.0.3",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@typescript-eslint/eslint-plugin": "8.50.0",
"@typescript-eslint/parser": "8.50.0",
"cross-env": "10.1.0",
"eslint": "9.39.1",
"eslint": "9.39.2",
"eslint-config-prettier": "10.1.8",
"eslint-plugin-prettier": "5.5.4",
"globals": "16.5.0",

6
packages/hoppscotch-cli/package.json
View file

@ -48,7 +48,7 @@
"commander": "14.0.2",
"isolated-vm": "6.0.2",
"js-md5": "0.8.3",
"lodash-es": "4.17.21",
"lodash-es": "4.17.22",
"papaparse": "5.5.3",
"qs": "6.14.0",
"tough-cookie": "6.0.0",
@ -61,7 +61,7 @@
"@hoppscotch/js-sandbox": "workspace:^",
"@relmify/jest-fp-ts": "2.1.1",
"@types/lodash-es": "4.17.12",
"@types/papaparse": "5.5.1",
"@types/papaparse": "5.5.2",
"@types/qs": "6.14.0",
"fp-ts": "2.16.11",
"prettier": "3.7.4",
@ -69,6 +69,6 @@
"semver": "7.7.3",
"tsup": "8.5.1",
"typescript": "5.9.3",
"vitest": "4.0.15"
"vitest": "4.0.16"
}
}

32
packages/hoppscotch-common/package.json
View file

@ -80,7 +80,7 @@
"js-yaml": "4.1.1",
"jsonc-parser": "3.3.1",
"jsonpath-plus": "10.3.0",
"lodash-es": "4.17.21",
"lodash-es": "4.17.22",
"lossless-json": "4.3.0",
"markdown-it": "14.1.0",
"minisearch": "7.2.0",
@ -92,7 +92,7 @@
"process": "0.11.10",
"qs": "6.14.0",
"quicktype-core": "23.2.6",
"rollup": "4.53.3",
"rollup": "4.53.5",
"rxjs": "7.8.2",
"set-cookie-parser": "2.7.2",
"set-cookie-parser-es": "1.0.5",
@ -111,7 +111,7 @@
"util": "0.12.5",
"uuid": "13.0.0",
"verzod": "0.4.0",
"vue": "3.5.25",
"vue": "3.5.26",
"vue-i18n": "11.2.2",
"vue-json-pretty": "2.6.0",
"vue-pdf-embed": "2.1.3",
@ -129,15 +129,15 @@
"@esbuild-plugins/node-modules-polyfill": "0.2.2",
"@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/typed-document-node": "6.1.5",
"@graphql-codegen/typescript": "5.0.7",
"@graphql-codegen/typescript-operations": "5.0.7",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.80",
"@iconify-json/lucide": "1.2.81",
"@import-meta-env/cli": "0.7.4",
"@intlify/unplugin-vue-i18n": "11.0.1",
"@intlify/unplugin-vue-i18n": "11.0.3",
"@relmify/jest-fp-ts": "2.1.1",
"@rushstack/eslint-patch": "1.15.0",
"@types/har-format": "1.2.16",
@ -149,13 +149,13 @@
"@types/qs": "6.14.0",
"@types/splitpanes": "2.2.6",
"@types/yargs-parser": "21.0.3",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@typescript-eslint/eslint-plugin": "8.50.0",
"@typescript-eslint/parser": "8.50.0",
"@vitejs/plugin-vue": "6.0.3",
"@vue/compiler-sfc": "3.5.25",
"@vue/compiler-sfc": "3.5.26",
"@vue/eslint-config-typescript": "13.0.0",
"@vue/runtime-core": "3.5.25",
"autoprefixer": "10.4.22",
"@vue/runtime-core": "3.5.26",
"autoprefixer": "10.4.23",
"cross-env": "10.1.0",
"dotenv": "17.2.3",
"eslint": "8.57.0",
@ -169,14 +169,14 @@
"prettier": "3.7.4",
"prettier-plugin-tailwindcss": "0.7.1",
"rollup-plugin-polyfill-node": "0.13.0",
"sass": "1.96.0",
"sass": "1.97.0",
"tailwindcss": "3.4.16",
"tsup": "8.5.1",
"typescript": "5.9.3",
"unplugin-fonts": "1.4.0",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.7",
"vite": "7.3.0",
"vite-plugin-checker": "0.11.0",
"vite-plugin-fonts": "0.7.0",
"vite-plugin-html-config": "2.0.2",
@ -184,7 +184,7 @@
"vite-plugin-pages-sitemap": "1.7.1",
"vite-plugin-pwa": "1.2.0",
"vite-plugin-vue-layouts": "0.11.0",
"vitest": "4.0.15",
"vitest": "4.0.16",
"vue-tsc": "1.8.8"
}
}

76
packages/hoppscotch-common/src/services/context-menu/menu/__tests__/parameter.menu.spec.ts
View file

@ -25,61 +25,49 @@ describe("ParameterMenuService", () => {
expect(registerContextMenuFn).toHaveBeenCalledOnce()
expect(registerContextMenuFn).toHaveBeenCalledWith(parameter)
})
describe("getMenuFor", () => {
it("validating if the text passes the regex and return the menu", () => {
const container = new TestContainer()
const parameter = container.bind(ParameterMenuService)
describe("getMenuFor", () => {
it("validating if the text passes the regex and return the menu", () => {
const container = new TestContainer()
const parameter = container.bind(ParameterMenuService)
const test = "https://hoppscotch.io?id=some-text"
const result = parameter.getMenuFor(test)
const test = "https://hoppscotch.io?id=some-text"
const result = parameter.getMenuFor(test)
if (test.match(urlAndParameterRegex)) {
expect(result.results).toContainEqual(
expect.objectContaining({ id: "parameter" })
)
} else {
expect(result.results).not.toContainEqual(
expect.objectContaining({ id: "parameter" })
)
}
})
if (test.match(urlAndParameterRegex)) {
expect(result.results).toContainEqual(
expect.objectContaining({ id: "parameter" })
)
} else {
expect(result.results).not.toContainEqual(
expect.objectContaining({ id: "parameter" })
)
}
})
it("should call the addParameter function when action is called", () => {
const addParameterFn = vi.fn()
it("should return a result with an action when text contains parameters", () => {
const container = new TestContainer()
const parameter = container.bind(ParameterMenuService)
const container = new TestContainer()
const environment = container.bind(ParameterMenuService)
const test = "https://hoppscotch.io?id=some-text"
const test = "https://hoppscotch.io"
const result = parameter.getMenuFor(test)
const result = environment.getMenuFor(test)
expect(result.results).toHaveLength(1)
expect(result.results[0]).toHaveProperty("action")
expect(typeof result.results[0].action).toBe("function")
})
const action = result.results[0].action
it("should return empty results when text does not contain parameters", () => {
const container = new TestContainer()
const parameter = container.bind(ParameterMenuService)
action()
const test = "https://hoppscotch.io"
expect(addParameterFn).toHaveBeenCalledOnce()
expect(addParameterFn).toHaveBeenCalledWith(action)
})
const result = parameter.getMenuFor(test)
it("should call the extractParams function when addParameter function is called", () => {
const extractParamsFn = vi.fn()
const container = new TestContainer()
const environment = container.bind(ParameterMenuService)
const test = "https://hoppscotch.io"
const result = environment.getMenuFor(test)
const action = result.results[0].action
action()
expect(extractParamsFn).toHaveBeenCalledOnce()
expect(extractParamsFn).toHaveBeenCalledWith(action)
})
expect(result.results).toHaveLength(0)
})
})
})

2
packages/hoppscotch-common/src/services/context-menu/menu/parameter.menu.ts
View file

@ -120,7 +120,7 @@ export class ParameterMenuService extends Service implements ContextMenu {
if (urlAndParameterRegex.test(text)) {
results.value = [
{
id: "environment",
id: "parameter",
text: {
type: "text",
text: this.t("context_menu.add_parameters"),

2
packages/hoppscotch-data/package.json
View file

@ -37,7 +37,7 @@
"devDependencies": {
"@types/lodash": "4.17.21",
"typescript": "5.9.3",
"vite": "7.2.7"
"vite": "7.3.0"
},
"dependencies": {
"fp-ts": "2.16.11",

14
packages/hoppscotch-desktop/package.json
View file

@ -34,30 +34,30 @@
"@tauri-apps/plugin-updater": "2.9.0",
"fp-ts": "2.16.11",
"rxjs": "7.8.2",
"vue": "3.5.25",
"vue": "3.5.26",
"vue-router": "4.6.4",
"vue-tippy": "6.7.1",
"zod": "3.25.32"
},
"devDependencies": {
"@iconify-json/lucide": "1.2.80",
"@iconify-json/lucide": "1.2.81",
"@rushstack/eslint-patch": "1.15.0",
"@tauri-apps/cli": "2.9.3",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@typescript-eslint/eslint-plugin": "8.50.0",
"@typescript-eslint/parser": "8.50.0",
"@vitejs/plugin-vue": "6.0.3",
"@vue/eslint-config-typescript": "13.0.0",
"autoprefixer": "10.4.22",
"autoprefixer": "10.4.23",
"eslint": "8.57.0",
"eslint-plugin-prettier": "5.5.4",
"eslint-plugin-vue": "10.6.2",
"postcss": "8.5.6",
"sass": "1.96.0",
"sass": "1.97.0",
"tailwindcss": "3.4.16",
"typescript": "5.9.3",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.7",
"vite": "7.3.0",
"vue-tsc": "2.2.0"
}
}

2
packages/hoppscotch-desktop/plugin-workspace/tauri-plugin-appload/examples/tauri-app/package.json
View file

@ -17,6 +17,6 @@
"@sveltejs/vite-plugin-svelte": "^1.0.1",
"@tauri-apps/cli": "^2.0.0-alpha.17",
"svelte": "^3.49.0",
"vite": "^7.2.7"
"vite": "^7.3.0"
}
}

2
packages/hoppscotch-desktop/plugin-workspace/tauri-plugin-appload/package.json
View file

@ -26,7 +26,7 @@
},
"devDependencies": {
"@rollup/plugin-typescript": "^12.3.0",
"rollup": "^4.52.5",
"rollup": "^4.53.5",
"tslib": "^2.6.2",
"typescript": "5.9.3"
}

2
packages/hoppscotch-desktop/plugin-workspace/tauri-plugin-relay/package.json
View file

@ -26,7 +26,7 @@
},
"devDependencies": {
"@rollup/plugin-typescript": "^12.3.0",
"rollup": "^4.52.5",
"rollup": "^4.53.5",
"tslib": "^2.6.2",
"typescript": "5.9.3"
}

10
packages/hoppscotch-js-sandbox/package.json
View file

@ -56,7 +56,7 @@
"faraday-cage": "0.1.0",
"fp-ts": "2.16.11",
"lodash": "4.17.21",
"lodash-es": "4.17.21"
"lodash-es": "4.17.22"
},
"devDependencies": {
"@digitak/esrun": "3.2.26",
@ -65,16 +65,16 @@
"@types/jest": "30.0.0",
"@types/lodash": "4.17.21",
"@types/node": "24.10.1",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@typescript-eslint/eslint-plugin": "8.50.0",
"@typescript-eslint/parser": "8.50.0",
"eslint": "8.57.0",
"eslint-config-prettier": "10.1.8",
"eslint-plugin-prettier": "5.5.4",
"io-ts": "2.2.22",
"prettier": "3.7.4",
"typescript": "5.9.3",
"vite": "7.2.7",
"vitest": "4.0.15"
"vite": "7.3.0",
"vitest": "4.0.16"
},
"peerDependencies": {
"isolated-vm": "6.0.2"

2
packages/hoppscotch-kernel/package.json
View file

@ -37,7 +37,7 @@
"devDependencies": {
"@types/node": "24.9.1",
"typescript": "5.9.3",
"vite": "7.2.7"
"vite": "7.3.0"
},
"peerDependencies": {
"@tauri-apps/api": "2.1.1"

20
packages/hoppscotch-selfhost-web/package.json
View file

@ -46,28 +46,28 @@
"stream-browserify": "3.0.0",
"util": "0.12.5",
"verzod": "0.4.0",
"vue": "3.5.25",
"vue": "3.5.26",
"workbox-window": "7.4.0",
"zod": "3.25.32"
},
"devDependencies": {
"@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/typed-document-node": "6.1.5",
"@graphql-codegen/typescript": "5.0.7",
"@graphql-codegen/typescript-operations": "5.0.7",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.80",
"@intlify/unplugin-vue-i18n": "11.0.1",
"@iconify-json/lucide": "1.2.81",
"@intlify/unplugin-vue-i18n": "11.0.3",
"@rushstack/eslint-patch": "1.15.0",
"@typescript-eslint/eslint-plugin": "8.49.0",
"@typescript-eslint/parser": "8.49.0",
"@typescript-eslint/eslint-plugin": "8.50.0",
"@typescript-eslint/parser": "8.50.0",
"@vitejs/plugin-legacy": "7.2.1",
"@vitejs/plugin-vue": "6.0.3",
"@vue/eslint-config-typescript": "13.0.0",
"autoprefixer": "10.4.22",
"autoprefixer": "10.4.23",
"cross-env": "10.1.0",
"dotenv": "17.2.3",
"eslint": "8.57.0",
@ -81,7 +81,7 @@
"unplugin-fonts": "1.4.0",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vite": "7.2.7",
"vite": "7.3.0",
"vite-plugin-fonts": "0.7.0",
"vite-plugin-html-config": "2.0.2",
"vite-plugin-inspect": "11.3.3",

26
packages/hoppscotch-sh-admin/package.json
View file

@ -19,7 +19,7 @@
"@graphql-typed-document-node/core": "3.2.0",
"@hoppscotch/ui": "0.2.5",
"@hoppscotch/vue-toasted": "0.1.0",
"@intlify/unplugin-vue-i18n": "11.0.1",
"@intlify/unplugin-vue-i18n": "11.0.3",
"@types/cors": "2.8.19",
"@urql/exchange-auth": "3.0.0",
"@urql/vue": "2.0.0",
@ -30,7 +30,7 @@
"fp-ts": "2.16.11",
"graphql": "16.12.0",
"io-ts": "2.2.22",
"lodash-es": "4.17.21",
"lodash-es": "4.17.22",
"postcss": "8.5.6",
"prettier-plugin-tailwindcss": "0.7.1",
"rxjs": "7.8.2",
@ -39,36 +39,36 @@
"ts-node-dev": "2.0.0",
"unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0",
"vue": "3.5.25",
"vue": "3.5.26",
"vue-i18n": "11.2.2",
"vue-router": "4.6.4",
"vue-tippy": "6.7.1"
},
"devDependencies": {
"@graphql-codegen/cli": "6.1.0",
"@graphql-codegen/client-preset": "5.2.1",
"@graphql-codegen/client-preset": "5.2.2",
"@graphql-codegen/introspection": "5.0.0",
"@graphql-codegen/typed-document-node": "6.1.4",
"@graphql-codegen/typescript": "5.0.6",
"@graphql-codegen/typescript-document-nodes": "5.0.6",
"@graphql-codegen/typescript-operations": "5.0.6",
"@graphql-codegen/typed-document-node": "6.1.5",
"@graphql-codegen/typescript": "5.0.7",
"@graphql-codegen/typescript-document-nodes": "5.0.7",
"@graphql-codegen/typescript-operations": "5.0.7",
"@graphql-codegen/urql-introspection": "3.0.1",
"@iconify-json/lucide": "1.2.80",
"@iconify-json/lucide": "1.2.81",
"@import-meta-env/cli": "0.7.4",
"@import-meta-env/unplugin": "0.6.3",
"@types/lodash-es": "4.17.12",
"@vitejs/plugin-vue": "6.0.3",
"@vue/compiler-sfc": "3.5.25",
"autoprefixer": "10.4.22",
"@vue/compiler-sfc": "3.5.26",
"autoprefixer": "10.4.23",
"dotenv": "17.2.3",
"graphql-tag": "2.12.6",
"hoppscotch-backend": "workspace:^",
"npm-run-all": "4.1.5",
"sass": "1.96.0",
"sass": "1.97.0",
"ts-node": "10.9.2",
"typescript": "5.9.3",
"unplugin-fonts": "1.4.0",
"vite": "7.2.7",
"vite": "7.3.0",
"vite-plugin-pages": "0.33.2",
"vite-plugin-vue-layouts": "0.11.0",
"vue-tsc": "2.1.6"

2945
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

4
prod.Dockerfile
View file

@ -29,8 +29,8 @@ ENV PATH="/usr/local/go/bin:${PATH}" \
WORKDIR /tmp/caddy-build
RUN tar xvf /tmp/caddy-build/src.tar.gz && \
# Patch to resolve CVE-2025-59530 on quic-go
go get github.com/quic-go/quic-go@v0.55.0 && \
# Patch to resolve CVE-2025-64702 on quic-go
go get github.com/quic-go/quic-go@v0.57.0 && \
# Patch to resolve CVE-2025-62820 on nebula
go get github.com/slackhq/nebula@v1.9.7 && \
# Patch to resolve CVE-2025-47913 on crypto