thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions

chore: security patch for the dependency chain v2026.2.0 (#5887)

Browse source 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
This commit is contained in:
Mir Arif Hasan 2026-02-19 13:18:50 +06:00 committed by GitHub
parent 680439a1b0
commit 4fe0e376bb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 2882 additions and 5409 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
package.json
View file

@ -24,8 +24,8 @@
"./packages/*" "./packages/*"
], ],
"devDependencies": { "devDependencies": {
"@commitlint/cli": "20.2.0", "@commitlint/cli": "20.4.1",
"@commitlint/config-conventional": "20.3.1", "@commitlint/config-conventional": "20.4.1",
"@hoppscotch/ui": "0.2.5", "@hoppscotch/ui": "0.2.5",
"@types/node": "24.10.1", "@types/node": "24.10.1",
"cross-env": "10.1.0", "cross-env": "10.1.0",
@ -39,15 +39,15 @@
"apiconnect-wsdl": "2.0.36", "apiconnect-wsdl": "2.0.36",
"body-parser": "2.2.1", "body-parser": "2.2.1",
"cross-spawn": "7.0.6", "cross-spawn": "7.0.6",
"execa@0.10.0": "2.0.0", "execa@<2.0.0": "2.0.0",
"form-data": "4.0.4", "form-data": "4.0.4",
"glob@<11.1.0": "11.1.0", "glob@<11.1.0": "11.1.0",
"hono@4.10.6": "4.11.4", "hono@4.11.4": "4.11.7",
"jws@<3.2.3": "3.2.3", "lodash@4.17.21": "4.17.23",
"nodemailer@<7.0.12": "8.0.0", "nodemailer@<7.0.11": "7.0.11",
"qs@6.14.0": "6.14.1", "qs@6.14.1": "6.14.2",
"subscriptions-transport-ws>ws": "7.5.10", "subscriptions-transport-ws>ws": "7.5.10",
"vue": "3.5.27", "vue": "3.5.28",
"ws": "8.17.1" "ws": "8.17.1"
}, },
"onlyBuiltDependencies": [ "onlyBuiltDependencies": [

22
packages/hoppscotch-agent/package.json
View file

@ -20,26 +20,26 @@
"@hoppscotch/ui": "0.2.5", "@hoppscotch/ui": "0.2.5",
"@tauri-apps/api": "2.1.1", "@tauri-apps/api": "2.1.1",
"@tauri-apps/plugin-shell": "2.3.3", "@tauri-apps/plugin-shell": "2.3.3",
"@vueuse/core": "14.1.0", "@vueuse/core": "14.2.1",
"axios": "1.13.2", "axios": "1.13.5",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"lodash-es": "4.17.22", "lodash-es": "4.17.23",
"vue": "3.5.27" "vue": "3.5.28"
}, },
"devDependencies": { "devDependencies": {
"@iconify-json/lucide": "1.2.86", "@iconify-json/lucide": "1.2.91",
"@tauri-apps/cli": "2.9.3", "@tauri-apps/cli": "2.9.3",
"@types/lodash-es": "4.17.12", "@types/lodash-es": "4.17.12",
"@types/node": "24.10.1", "@types/node": "24.10.1",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"@vitejs/plugin-vue": "6.0.3", "@vitejs/plugin-vue": "6.0.4",
"@vue/eslint-config-typescript": "14.6.0", "@vue/eslint-config-typescript": "14.7.0",
"autoprefixer": "10.4.23", "autoprefixer": "10.4.24",
"cross-env": "10.1.0", "cross-env": "10.1.0",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"eslint-plugin-vue": "10.6.2", "eslint-plugin-vue": "10.8.0",
"globals": "16.5.0", "globals": "16.5.0",
"postcss": "8.5.6", "postcss": "8.5.6",
"tailwindcss": "3.4.16", "tailwindcss": "3.4.16",

54
packages/hoppscotch-backend/package.json
View file

@ -31,32 +31,32 @@
"do-test": "pnpm run test" "do-test": "pnpm run test"
}, },
"dependencies": { "dependencies": {
"@apollo/server": "5.2.0", "@apollo/server": "5.4.0",
"@as-integrations/express5": "1.1.2", "@as-integrations/express5": "1.1.2",
"@nestjs-modules/mailer": "2.0.2", "@nestjs-modules/mailer": "2.0.2",
"@nestjs/apollo": "13.2.3", "@nestjs/apollo": "13.2.4",
"@nestjs/common": "11.1.12", "@nestjs/common": "11.1.13",
"@nestjs/config": "4.0.2", "@nestjs/config": "4.0.3",
"@nestjs/core": "11.1.12", "@nestjs/core": "11.1.13",
"@nestjs/graphql": "13.2.3", "@nestjs/graphql": "13.2.4",
"@nestjs/jwt": "11.0.2", "@nestjs/jwt": "11.0.2",
"@nestjs/passport": "11.0.0", "@nestjs/passport": "11.0.0",
"@nestjs/platform-express": "11.1.12", "@nestjs/platform-express": "11.1.13",
"@nestjs/schedule": "6.1.0", "@nestjs/schedule": "6.1.1",
"@nestjs/swagger": "11.2.5", "@nestjs/swagger": "11.2.6",
"@nestjs/terminus": "11.0.0", "@nestjs/terminus": "11.0.0",
"@nestjs/throttler": "6.5.0", "@nestjs/throttler": "6.5.0",
"@prisma/adapter-pg": "7.2.0", "@prisma/adapter-pg": "7.4.0",
"@prisma/client": "7.2.0", "@prisma/client": "7.4.0",
"argon2": "0.44.0", "argon2": "0.44.0",
"bcrypt": "6.0.0", "bcrypt": "6.0.0",
"class-transformer": "0.5.1", "class-transformer": "0.5.1",
"class-validator": "0.14.3", "class-validator": "0.14.3",
"cookie": "1.1.1", "cookie": "1.1.1",
"cookie-parser": "1.4.7", "cookie-parser": "1.4.7",
"dotenv": "17.2.3", "dotenv": "17.3.1",
"express": "5.2.1", "express": "5.2.1",
"express-session": "1.18.2", "express-session": "1.19.0",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"graphql": "16.12.0", "graphql": "16.12.0",
"graphql-query-complexity": "1.1.0", "graphql-query-complexity": "1.1.0",
@ -65,49 +65,49 @@
"handlebars": "4.7.8", "handlebars": "4.7.8",
"io-ts": "2.2.22", "io-ts": "2.2.22",
"morgan": "1.10.1", "morgan": "1.10.1",
"nodemailer": "8.0.0", "nodemailer": "8.0.1",
"passport": "0.7.0", "passport": "0.7.0",
"passport-github2": "0.1.12", "passport-github2": "0.1.12",
"passport-google-oauth20": "2.0.0", "passport-google-oauth20": "2.0.0",
"passport-jwt": "4.0.1", "passport-jwt": "4.0.1",
"passport-local": "1.0.0", "passport-local": "1.0.0",
"passport-microsoft": "2.1.0", "passport-microsoft": "2.1.0",
"pg": "8.17.1", "pg": "8.18.0",
"posthog-node": "5.23.0", "posthog-node": "5.24.15",
"prisma": "7.2.0", "prisma": "7.4.0",
"reflect-metadata": "0.2.2", "reflect-metadata": "0.2.2",
"rimraf": "6.1.2", "rimraf": "6.1.3",
"rxjs": "7.8.2" "rxjs": "7.8.2"
}, },
"devDependencies": { "devDependencies": {
"@eslint/eslintrc": "3.3.3", "@eslint/eslintrc": "3.3.3",
"@eslint/js": "9.39.2", "@eslint/js": "10.0.1",
"@nestjs/cli": "11.0.16", "@nestjs/cli": "11.0.16",
"@nestjs/schematics": "11.0.9", "@nestjs/schematics": "11.0.9",
"@nestjs/testing": "11.1.12", "@nestjs/testing": "11.1.13",
"@relmify/jest-fp-ts": "2.1.1", "@relmify/jest-fp-ts": "2.1.1",
"@types/bcrypt": "6.0.0", "@types/bcrypt": "6.0.0",
"@types/cookie-parser": "1.4.10", "@types/cookie-parser": "1.4.10",
"@types/express": "5.0.6", "@types/express": "5.0.6",
"@types/jest": "30.0.0", "@types/jest": "30.0.0",
"@types/node": "25.0.9", "@types/node": "25.2.3",
"@types/nodemailer": "7.0.5", "@types/nodemailer": "7.0.10",
"@types/passport-github2": "1.2.9", "@types/passport-github2": "1.2.9",
"@types/passport-google-oauth20": "2.0.17", "@types/passport-google-oauth20": "2.0.17",
"@types/passport-jwt": "4.0.1", "@types/passport-jwt": "4.0.1",
"@types/passport-microsoft": "2.1.1", "@types/passport-microsoft": "2.1.1",
"@types/pg": "8.16.0", "@types/pg": "8.16.0",
"@types/supertest": "6.0.3", "@types/supertest": "6.0.3",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"cross-env": "10.1.0", "cross-env": "10.1.0",
"eslint": "9.39.2", "eslint": "10.0.0",
"eslint-config-prettier": "10.1.8", "eslint-config-prettier": "10.1.8",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"globals": "17.0.0", "globals": "17.3.0",
"jest": "30.2.0", "jest": "30.2.0",
"jest-mock-extended": "4.0.0", "jest-mock-extended": "4.0.0",
"prettier": "3.8.0", "prettier": "3.8.1",
"source-map-support": "0.5.21", "source-map-support": "0.5.21",
"supertest": "7.2.2", "supertest": "7.2.2",
"ts-jest": "29.4.6", "ts-jest": "29.4.6",

14
packages/hoppscotch-cli/package.json
View file

@ -42,16 +42,16 @@
"private": false, "private": false,
"dependencies": { "dependencies": {
"aws4fetch": "1.0.20", "aws4fetch": "1.0.20",
"axios": "1.13.2", "axios": "1.13.5",
"axios-cookiejar-support": "6.0.5", "axios-cookiejar-support": "6.0.5",
"chalk": "5.6.2", "chalk": "5.6.2",
"commander": "14.0.2", "commander": "14.0.3",
"isolated-vm": "6.0.2", "isolated-vm": "6.0.2",
"js-md5": "0.8.3", "js-md5": "0.8.3",
"jsonc-parser": "3.3.1", "jsonc-parser": "3.3.1",
"lodash-es": "4.17.22", "lodash-es": "4.17.23",
"papaparse": "5.5.3", "papaparse": "5.5.3",
"qs": "6.14.1", "qs": "6.15.0",
"tough-cookie": "6.0.0", "tough-cookie": "6.0.0",
"verzod": "0.4.0", "verzod": "0.4.0",
"xmlbuilder2": "4.0.3", "xmlbuilder2": "4.0.3",
@ -65,11 +65,11 @@
"@types/papaparse": "5.5.2", "@types/papaparse": "5.5.2",
"@types/qs": "6.14.0", "@types/qs": "6.14.0",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"prettier": "3.8.0", "prettier": "3.8.1",
"qs": "6.11.2", "qs": "6.11.2",
"semver": "7.7.3", "semver": "7.7.4",
"tsup": "8.5.1", "tsup": "8.5.1",
"typescript": "5.9.3", "typescript": "5.9.3",
"vitest": "4.0.17" "vitest": "4.0.18"
} }
} }

52
packages/hoppscotch-common/package.json
View file

@ -52,14 +52,14 @@
"@types/hawk": "9.0.7", "@types/hawk": "9.0.7",
"@types/markdown-it": "14.1.2", "@types/markdown-it": "14.1.2",
"@types/node": "24.10.1", "@types/node": "24.10.1",
"@unhead/vue": "2.1.2", "@unhead/vue": "2.1.4",
"@urql/core": "6.0.1", "@urql/core": "6.0.1",
"@urql/devtools": "2.0.3", "@urql/devtools": "2.0.3",
"@urql/exchange-auth": "3.0.0", "@urql/exchange-auth": "3.0.0",
"@vueuse/core": "14.1.0", "@vueuse/core": "14.2.1",
"acorn-walk": "8.3.4", "acorn-walk": "8.3.4",
"aws4fetch": "1.0.20", "aws4fetch": "1.0.20",
"axios": "1.13.2", "axios": "1.13.5",
"buffer": "6.0.3", "buffer": "6.0.3",
"cookie-es": "2.0.0", "cookie-es": "2.0.0",
"dioc": "3.0.2", "dioc": "3.0.2",
@ -80,17 +80,17 @@
"js-md5": "0.8.3", "js-md5": "0.8.3",
"js-yaml": "4.1.1", "js-yaml": "4.1.1",
"jsonc-parser": "3.3.1", "jsonc-parser": "3.3.1",
"lodash-es": "4.17.22", "lodash-es": "4.17.23",
"lossless-json": "4.3.0", "lossless-json": "4.3.0",
"markdown-it": "14.1.0", "markdown-it": "14.1.1",
"minisearch": "7.2.0", "minisearch": "7.2.0",
"monaco-editor": "0.55.1", "monaco-editor": "0.55.1",
"nprogress": "0.2.0", "nprogress": "0.2.0",
"paho-mqtt": "1.1.0", "paho-mqtt": "1.1.0",
"path": "0.12.7", "path": "0.12.7",
"postman-collection": "5.2.0", "postman-collection": "5.2.1",
"process": "0.11.10", "process": "0.11.10",
"qs": "6.14.1", "qs": "6.15.0",
"quicktype-core": "23.2.6", "quicktype-core": "23.2.6",
"rollup": "4.55.3", "rollup": "4.55.3",
"rxjs": "7.8.2", "rxjs": "7.8.2",
@ -111,7 +111,7 @@
"util": "0.12.5", "util": "0.12.5",
"uuid": "13.0.0", "uuid": "13.0.0",
"verzod": "0.4.0", "verzod": "0.4.0",
"vue": "3.5.27", "vue": "3.5.28",
"vue-i18n": "11.2.8", "vue-i18n": "11.2.8",
"vue-json-pretty": "2.6.0", "vue-json-pretty": "2.6.0",
"vue-pdf-embed": "2.1.3", "vue-pdf-embed": "2.1.3",
@ -131,15 +131,15 @@
"@eslint/js": "9.39.2", "@eslint/js": "9.39.2",
"@graphql-codegen/add": "6.0.0", "@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.1", "@graphql-codegen/cli": "6.1.1",
"@graphql-codegen/typed-document-node": "6.1.5", "@graphql-codegen/typed-document-node": "6.1.6",
"@graphql-codegen/typescript": "5.0.7", "@graphql-codegen/typescript": "5.0.8",
"@graphql-codegen/typescript-operations": "5.0.7", "@graphql-codegen/typescript-operations": "5.0.8",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1", "@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1", "@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0", "@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.86", "@iconify-json/lucide": "1.2.91",
"@import-meta-env/cli": "0.7.4", "@import-meta-env/cli": "0.7.4",
"@intlify/unplugin-vue-i18n": "11.0.3", "@intlify/unplugin-vue-i18n": "11.0.7",
"@relmify/jest-fp-ts": "2.1.1", "@relmify/jest-fp-ts": "2.1.1",
"@rushstack/eslint-patch": "1.15.0", "@rushstack/eslint-patch": "1.15.0",
"@types/har-format": "1.2.16", "@types/har-format": "1.2.16",
@ -151,28 +151,28 @@
"@types/qs": "6.14.0", "@types/qs": "6.14.0",
"@types/splitpanes": "2.2.6", "@types/splitpanes": "2.2.6",
"@types/yargs-parser": "21.0.3", "@types/yargs-parser": "21.0.3",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"@vitejs/plugin-vue": "6.0.3", "@vitejs/plugin-vue": "6.0.4",
"@vue/compiler-sfc": "3.5.27", "@vue/compiler-sfc": "3.5.28",
"@vue/eslint-config-typescript": "14.6.0", "@vue/eslint-config-typescript": "14.7.0",
"@vue/runtime-core": "3.5.27", "@vue/runtime-core": "3.5.28",
"autoprefixer": "10.4.23", "autoprefixer": "10.4.24",
"cross-env": "10.1.0", "cross-env": "10.1.0",
"dotenv": "17.2.3", "dotenv": "17.3.1",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"eslint-plugin-vue": "10.6.2", "eslint-plugin-vue": "10.8.0",
"glob": "13.0.0", "glob": "13.0.5",
"globals": "16.5.0", "globals": "16.5.0",
"jsdom": "27.4.0", "jsdom": "27.4.0",
"npm-run-all": "4.1.5", "npm-run-all": "4.1.5",
"openapi-types": "12.1.3", "openapi-types": "12.1.3",
"postcss": "8.5.6", "postcss": "8.5.6",
"prettier": "3.8.0", "prettier": "3.8.1",
"prettier-plugin-tailwindcss": "0.7.1", "prettier-plugin-tailwindcss": "0.7.1",
"rollup-plugin-polyfill-node": "0.13.0", "rollup-plugin-polyfill-node": "0.13.0",
"sass": "1.97.2", "sass": "1.97.3",
"tailwindcss": "3.4.16", "tailwindcss": "3.4.16",
"tsup": "8.5.1", "tsup": "8.5.1",
"typescript": "5.9.3", "typescript": "5.9.3",
@ -187,7 +187,7 @@
"vite-plugin-pages-sitemap": "1.7.1", "vite-plugin-pages-sitemap": "1.7.1",
"vite-plugin-pwa": "1.2.0", "vite-plugin-pwa": "1.2.0",
"vite-plugin-vue-layouts": "0.11.0", "vite-plugin-vue-layouts": "0.11.0",
"vitest": "4.0.17", "vitest": "4.0.18",
"vue-tsc": "1.8.8" "vue-tsc": "1.8.8"
} }
} }

2
packages/hoppscotch-data/package.json
View file

@ -43,7 +43,7 @@
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"io-ts": "2.2.22", "io-ts": "2.2.22",
"jose": "6.1.3", "jose": "6.1.3",
"lodash": "4.17.21", "lodash": "4.17.23",
"parser-ts": "0.7.0", "parser-ts": "0.7.0",
"uuid": "13.0.0", "uuid": "13.0.0",
"verzod": "0.4.0", "verzod": "0.4.0",

20
packages/hoppscotch-desktop/package.json
View file

@ -23,7 +23,7 @@
}, },
"dependencies": { "dependencies": {
"@fontsource-variable/inter": "5.2.8", "@fontsource-variable/inter": "5.2.8",
"@fontsource-variable/material-symbols-rounded": "5.2.32", "@fontsource-variable/material-symbols-rounded": "5.2.35",
"@fontsource-variable/roboto-mono": "5.2.8", "@fontsource-variable/roboto-mono": "5.2.8",
"@hoppscotch/common": "workspace:^", "@hoppscotch/common": "workspace:^",
"@hoppscotch/kernel": "workspace:^", "@hoppscotch/kernel": "workspace:^",
@ -37,7 +37,7 @@
"@tauri-apps/plugin-updater": "2.9.0", "@tauri-apps/plugin-updater": "2.9.0",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"rxjs": "7.8.2", "rxjs": "7.8.2",
"vue": "3.5.27", "vue": "3.5.28",
"vue-router": "4.6.4", "vue-router": "4.6.4",
"vue-tippy": "6.7.1", "vue-tippy": "6.7.1",
"zod": "3.25.32" "zod": "3.25.32"
@ -45,20 +45,20 @@
"devDependencies": { "devDependencies": {
"@eslint/eslintrc": "3.3.3", "@eslint/eslintrc": "3.3.3",
"@eslint/js": "9.39.2", "@eslint/js": "9.39.2",
"@iconify-json/lucide": "1.2.86", "@iconify-json/lucide": "1.2.91",
"@rushstack/eslint-patch": "1.15.0", "@rushstack/eslint-patch": "1.15.0",
"@tauri-apps/cli": "2.9.3", "@tauri-apps/cli": "2.9.3",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"@vitejs/plugin-vue": "6.0.3", "@vitejs/plugin-vue": "6.0.4",
"@vue/eslint-config-typescript": "14.6.0", "@vue/eslint-config-typescript": "14.7.0",
"autoprefixer": "10.4.23", "autoprefixer": "10.4.24",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"eslint-plugin-vue": "10.6.2", "eslint-plugin-vue": "10.8.0",
"globals": "16.5.0", "globals": "16.5.0",
"postcss": "8.5.6", "postcss": "8.5.6",
"sass": "1.97.2", "sass": "1.97.3",
"tailwindcss": "3.4.16", "tailwindcss": "3.4.16",
"typescript": "5.9.3", "typescript": "5.9.3",
"unplugin-icons": "22.5.0", "unplugin-icons": "22.5.0",

12
packages/hoppscotch-js-sandbox/package.json
View file

@ -55,8 +55,8 @@
"chai": "6.2.2", "chai": "6.2.2",
"faraday-cage": "0.1.0", "faraday-cage": "0.1.0",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"lodash": "4.17.21", "lodash": "4.17.23",
"lodash-es": "4.17.22" "lodash-es": "4.17.23"
}, },
"devDependencies": { "devDependencies": {
"@digitak/esrun": "3.2.26", "@digitak/esrun": "3.2.26",
@ -67,17 +67,17 @@
"@types/jest": "30.0.0", "@types/jest": "30.0.0",
"@types/lodash": "4.17.23", "@types/lodash": "4.17.23",
"@types/node": "24.10.1", "@types/node": "24.10.1",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-config-prettier": "10.1.8", "eslint-config-prettier": "10.1.8",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"globals": "16.5.0", "globals": "16.5.0",
"io-ts": "2.2.22", "io-ts": "2.2.22",
"prettier": "3.8.0", "prettier": "3.8.1",
"typescript": "5.9.3", "typescript": "5.9.3",
"vite": "7.3.1", "vite": "7.3.1",
"vitest": "4.0.17" "vitest": "4.0.18"
}, },
"peerDependencies": { "peerDependencies": {
"isolated-vm": "6.0.2" "isolated-vm": "6.0.2"

6
packages/hoppscotch-kernel/package.json
View file

@ -41,8 +41,8 @@
"devDependencies": { "devDependencies": {
"@eslint/js": "9.39.2", "@eslint/js": "9.39.2",
"@types/node": "24.9.1", "@types/node": "24.9.1",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"globals": "16.5.0", "globals": "16.5.0",
@ -64,7 +64,7 @@
"@tauri-apps/plugin-shell": "2.2.1", "@tauri-apps/plugin-shell": "2.2.1",
"@tauri-apps/plugin-store": "2.4.1", "@tauri-apps/plugin-store": "2.4.1",
"aws4fetch": "1.0.20", "aws4fetch": "1.0.20",
"axios": "1.13.2", "axios": "1.13.5",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"superjson": "2.2.6", "superjson": "2.2.6",
"zod": "3.25.32" "zod": "3.25.32"

34
packages/hoppscotch-selfhost-web/package.json
View file

@ -24,7 +24,7 @@
}, },
"dependencies": { "dependencies": {
"@fontsource-variable/inter": "5.2.8", "@fontsource-variable/inter": "5.2.8",
"@fontsource-variable/material-symbols-rounded": "5.2.32", "@fontsource-variable/material-symbols-rounded": "5.2.35",
"@fontsource-variable/roboto-mono": "5.2.8", "@fontsource-variable/roboto-mono": "5.2.8",
"@hoppscotch/common": "workspace:^", "@hoppscotch/common": "workspace:^",
"@hoppscotch/data": "workspace:^", "@hoppscotch/data": "workspace:^",
@ -36,8 +36,8 @@
"@tauri-apps/plugin-dialog": "2.0.1", "@tauri-apps/plugin-dialog": "2.0.1",
"@tauri-apps/plugin-fs": "2.0.2", "@tauri-apps/plugin-fs": "2.0.2",
"@tauri-apps/plugin-shell": "2.2.1", "@tauri-apps/plugin-shell": "2.2.1",
"@vueuse/core": "14.1.0", "@vueuse/core": "14.2.1",
"axios": "1.13.2", "axios": "1.13.5",
"buffer": "6.0.3", "buffer": "6.0.3",
"dioc": "3.0.2", "dioc": "3.0.2",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
@ -46,7 +46,7 @@
"stream-browserify": "3.0.0", "stream-browserify": "3.0.0",
"util": "0.12.5", "util": "0.12.5",
"verzod": "0.4.0", "verzod": "0.4.0",
"vue": "3.5.27", "vue": "3.5.28",
"workbox-window": "7.4.0", "workbox-window": "7.4.0",
"zod": "3.25.32" "zod": "3.25.32"
}, },
@ -55,26 +55,26 @@
"@eslint/js": "9.39.2", "@eslint/js": "9.39.2",
"@graphql-codegen/add": "6.0.0", "@graphql-codegen/add": "6.0.0",
"@graphql-codegen/cli": "6.1.1", "@graphql-codegen/cli": "6.1.1",
"@graphql-codegen/typed-document-node": "6.1.5", "@graphql-codegen/typed-document-node": "6.1.6",
"@graphql-codegen/typescript": "5.0.7", "@graphql-codegen/typescript": "5.0.8",
"@graphql-codegen/typescript-operations": "5.0.7", "@graphql-codegen/typescript-operations": "5.0.8",
"@graphql-codegen/typescript-urql-graphcache": "3.1.1", "@graphql-codegen/typescript-urql-graphcache": "3.1.1",
"@graphql-codegen/urql-introspection": "3.0.1", "@graphql-codegen/urql-introspection": "3.0.1",
"@graphql-typed-document-node/core": "3.2.0", "@graphql-typed-document-node/core": "3.2.0",
"@iconify-json/lucide": "1.2.86", "@iconify-json/lucide": "1.2.91",
"@intlify/unplugin-vue-i18n": "11.0.3", "@intlify/unplugin-vue-i18n": "11.0.7",
"@rushstack/eslint-patch": "1.15.0", "@rushstack/eslint-patch": "1.15.0",
"@typescript-eslint/eslint-plugin": "8.53.1", "@typescript-eslint/eslint-plugin": "8.56.0",
"@typescript-eslint/parser": "8.53.1", "@typescript-eslint/parser": "8.56.0",
"@vitejs/plugin-legacy": "7.2.1", "@vitejs/plugin-legacy": "7.2.1",
"@vitejs/plugin-vue": "6.0.3", "@vitejs/plugin-vue": "6.0.4",
"@vue/eslint-config-typescript": "14.6.0", "@vue/eslint-config-typescript": "14.7.0",
"autoprefixer": "10.4.23", "autoprefixer": "10.4.24",
"cross-env": "10.1.0", "cross-env": "10.1.0",
"dotenv": "17.2.3", "dotenv": "17.3.1",
"eslint": "9.39.2", "eslint": "9.39.2",
"eslint-plugin-prettier": "5.5.5", "eslint-plugin-prettier": "5.5.5",
"eslint-plugin-vue": "10.6.2", "eslint-plugin-vue": "10.8.0",
"globals": "16.5.0", "globals": "16.5.0",
"npm-run-all": "4.1.5", "npm-run-all": "4.1.5",
"postcss": "8.5.6", "postcss": "8.5.6",
@ -91,7 +91,7 @@
"vite-plugin-pages": "0.33.2", "vite-plugin-pages": "0.33.2",
"vite-plugin-pages-sitemap": "1.7.1", "vite-plugin-pages-sitemap": "1.7.1",
"vite-plugin-pwa": "1.2.0", "vite-plugin-pwa": "1.2.0",
"vite-plugin-static-copy": "3.1.5", "vite-plugin-static-copy": "3.2.0",
"vite-plugin-vue-layouts": "0.11.0", "vite-plugin-vue-layouts": "0.11.0",
"vue-tsc": "2.1.6" "vue-tsc": "2.1.6"
} }

36
packages/hoppscotch-sh-admin/package.json
View file

@ -14,23 +14,23 @@
}, },
"dependencies": { "dependencies": {
"@fontsource-variable/inter": "5.2.8", "@fontsource-variable/inter": "5.2.8",
"@fontsource-variable/material-symbols-rounded": "5.2.32", "@fontsource-variable/material-symbols-rounded": "5.2.35",
"@fontsource-variable/roboto-mono": "5.2.8", "@fontsource-variable/roboto-mono": "5.2.8",
"@graphql-typed-document-node/core": "3.2.0", "@graphql-typed-document-node/core": "3.2.0",
"@hoppscotch/ui": "0.2.5", "@hoppscotch/ui": "0.2.5",
"@hoppscotch/vue-toasted": "0.1.0", "@hoppscotch/vue-toasted": "0.1.0",
"@intlify/unplugin-vue-i18n": "11.0.3", "@intlify/unplugin-vue-i18n": "11.0.7",
"@types/cors": "2.8.19", "@types/cors": "2.8.19",
"@urql/exchange-auth": "3.0.0", "@urql/exchange-auth": "3.0.0",
"@urql/vue": "2.0.0", "@urql/vue": "2.0.0",
"@vueuse/core": "14.1.0", "@vueuse/core": "14.2.1",
"axios": "1.13.2", "axios": "1.13.5",
"cors": "2.8.5", "cors": "2.8.6",
"date-fns": "4.1.0", "date-fns": "4.1.0",
"fp-ts": "2.16.11", "fp-ts": "2.16.11",
"graphql": "16.12.0", "graphql": "16.12.0",
"io-ts": "2.2.22", "io-ts": "2.2.22",
"lodash-es": "4.17.22", "lodash-es": "4.17.23",
"postcss": "8.5.6", "postcss": "8.5.6",
"prettier-plugin-tailwindcss": "0.7.1", "prettier-plugin-tailwindcss": "0.7.1",
"rxjs": "7.8.2", "rxjs": "7.8.2",
@ -39,32 +39,32 @@
"ts-node-dev": "2.0.0", "ts-node-dev": "2.0.0",
"unplugin-icons": "22.5.0", "unplugin-icons": "22.5.0",
"unplugin-vue-components": "30.0.0", "unplugin-vue-components": "30.0.0",
"vue": "3.5.27", "vue": "3.5.28",
"vue-i18n": "11.2.8", "vue-i18n": "11.2.8",
"vue-router": "4.6.4", "vue-router": "4.6.4",
"vue-tippy": "6.7.1" "vue-tippy": "6.7.1"
}, },
"devDependencies": { "devDependencies": {
"@graphql-codegen/cli": "6.1.1", "@graphql-codegen/cli": "6.1.1",
"@graphql-codegen/client-preset": "5.2.2", "@graphql-codegen/client-preset": "5.2.3",
"@graphql-codegen/introspection": "5.0.0", "@graphql-codegen/introspection": "5.0.0",
"@graphql-codegen/typed-document-node": "6.1.5", "@graphql-codegen/typed-document-node": "6.1.6",
"@graphql-codegen/typescript": "5.0.7", "@graphql-codegen/typescript": "5.0.8",
"@graphql-codegen/typescript-document-nodes": "5.0.7", "@graphql-codegen/typescript-document-nodes": "5.0.8",
"@graphql-codegen/typescript-operations": "5.0.7", "@graphql-codegen/typescript-operations": "5.0.8",
"@graphql-codegen/urql-introspection": "3.0.1", "@graphql-codegen/urql-introspection": "3.0.1",
"@iconify-json/lucide": "1.2.86", "@iconify-json/lucide": "1.2.91",
"@import-meta-env/cli": "0.7.4", "@import-meta-env/cli": "0.7.4",
"@import-meta-env/unplugin": "0.6.3", "@import-meta-env/unplugin": "0.6.3",
"@types/lodash-es": "4.17.12", "@types/lodash-es": "4.17.12",
"@vitejs/plugin-vue": "6.0.3", "@vitejs/plugin-vue": "6.0.4",
"@vue/compiler-sfc": "3.5.27", "@vue/compiler-sfc": "3.5.28",
"autoprefixer": "10.4.23", "autoprefixer": "10.4.24",
"dotenv": "17.2.3", "dotenv": "17.3.1",
"graphql-tag": "2.12.6", "graphql-tag": "2.12.6",
"hoppscotch-backend": "workspace:^", "hoppscotch-backend": "workspace:^",
"npm-run-all": "4.1.5", "npm-run-all": "4.1.5",
"sass": "1.97.2", "sass": "1.97.3",
"ts-node": "10.9.2", "ts-node": "10.9.2",
"typescript": "5.9.3", "typescript": "5.9.3",
"unplugin-fonts": "1.4.0", "unplugin-fonts": "1.4.0",

7943
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

80
prod.Dockerfile
View file

@ -1,38 +1,46 @@
# Base Go builder with Go lang installation # Base Go builder with Go lang installation
# This stage is used to build both Caddy and the webapp server, # This stage is used to build both Caddy and the webapp server,
# preventing vulnerable packages on the dependency chain # preventing vulnerable packages on the dependency chain
FROM alpine:3.23.2 AS go_builder FROM alpine:3.23.3 AS go_builder
RUN apk add --no-cache curl git
# Install Go 1.26.0 from GitHub releases to fix CVE-2025-47907
ARG TARGETARCH
ENV GOLANG_VERSION=1.26.0
# Download Go tarball
RUN case "${TARGETARCH}" in amd64) GOARCH=amd64 ;; arm64) GOARCH=arm64 ;; *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; esac && \
curl -fsSL "https://go.dev/dl/go${GOLANG_VERSION}.linux-${GOARCH}.tar.gz" -o go.tar.gz
# Checksum verification of Go tarball
RUN case "${TARGETARCH}" in \
amd64) expected="aac1b08a0fb0c4e0a7c1555beb7b59180b05dfc5a3d62e40e9de90cd42f88235" ;; \
arm64) expected="bd03b743eb6eb4193ea3c3fd3956546bf0e3ca5b7076c8226334afe6b75704cd" ;; \
esac && \
actual=$(sha256sum go.tar.gz | cut -d' ' -f1) && \
[ "$actual" = "$expected" ] && \
echo "✅ Go Tarball Checksum OK" || \
(echo "❌ Go Tarball Checksum failed! Expected: ${expected} Got: ${actual}" && exit 1)
# Install Go from verified tarball
RUN tar -C /usr/local -xzf go.tar.gz && rm go.tar.gz
# Set up Go environment variables
ENV PATH="/usr/local/go/bin:${PATH}" \
GOPATH="/go" \
GOBIN="/go/bin"
RUN apk add --no-cache curl git && \
mkdir -p /tmp/caddy-build && \
# Build Caddy from the Go base
FROM go_builder AS caddy_builder
RUN mkdir -p /tmp/caddy-build && \
curl -L -o /tmp/caddy-build/src.tar.gz https://github.com/caddyserver/caddy/releases/download/v2.10.2/caddy_2.10.2_src.tar.gz curl -L -o /tmp/caddy-build/src.tar.gz https://github.com/caddyserver/caddy/releases/download/v2.10.2/caddy_2.10.2_src.tar.gz
# Checksum verification of caddy source # Checksum verification of caddy source
RUN expected="a9efa00c161922dd24650fd0bee2f4f8bb2fb69ff3e63dcc44f0694da64bb0cf" && \ RUN expected="a9efa00c161922dd24650fd0bee2f4f8bb2fb69ff3e63dcc44f0694da64bb0cf" && \
actual=$(sha256sum /tmp/caddy-build/src.tar.gz | cut -d' ' -f1) && \ actual=$(sha256sum /tmp/caddy-build/src.tar.gz | cut -d' ' -f1) && \
[ "$actual" = "$expected" ] && \ [ "$actual" = "$expected" ] && \
echo "✅ Caddy Source Checksum OK" || \ echo "✅ Caddy Source Checksum OK" || \
(echo "❌ Caddy Source Checksum failed!" && exit 1) (echo "❌ Caddy Source Checksum failed!" && exit 1)
# Install Go 1.25.4 from GitHub releases to fix CVE-2025-47907
ARG TARGETARCH
ENV GOLANG_VERSION=1.25.6
# Download and install Go from the official tarball
RUN case "${TARGETARCH}" in amd64) GOARCH=amd64 ;; arm64) GOARCH=arm64 ;; *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; esac && \
curl -fsSL "https://go.dev/dl/go${GOLANG_VERSION}.linux-${GOARCH}.tar.gz" -o go.tar.gz && \
tar -C /usr/local -xzf go.tar.gz && \
rm go.tar.gz
# Set up Go environment variables
ENV PATH="/usr/local/go/bin:${PATH}" \
GOPATH="/go" \
GOBIN="/go/bin"
WORKDIR /tmp/caddy-build WORKDIR /tmp/caddy-build
RUN tar xvf /tmp/caddy-build/src.tar.gz && \ RUN tar xvf /tmp/caddy-build/src.tar.gz && \
# Patch to resolve CVE-2025-64702 on quic-go # Patch to resolve CVE-2025-64702 on quic-go
go get github.com/quic-go/quic-go@v0.57.0 && \ go get github.com/quic-go/quic-go@v0.57.0 && \
# Patch to resolve CVE-2025-62820 on nebula
go get github.com/slackhq/nebula@v1.9.7 && \
# Patch to resolve CVE-2025-47913 on crypto # Patch to resolve CVE-2025-47913 on crypto
go get golang.org/x/crypto@v0.45.0 && \ go get golang.org/x/crypto@v0.45.0 && \
# Patch to resolve CVE-2025-44005 on smallstep # Patch to resolve CVE-2025-44005 on smallstep
@ -41,13 +49,12 @@ RUN tar xvf /tmp/caddy-build/src.tar.gz && \
rm -rf vendor && \ rm -rf vendor && \
go mod tidy && \ go mod tidy && \
go mod vendor go mod vendor
# Build Caddy from the Go base
FROM go_builder AS caddy_builder
WORKDIR /tmp/caddy-build/cmd/caddy WORKDIR /tmp/caddy-build/cmd/caddy
# Build using the updated vendored dependencies # Build using the updated vendored dependencies
RUN go build RUN go build
# Build webapp server from the Go base # Build webapp server from the Go base
# This reuses the Go installation from go_builder, avoiding a separate image pull # This reuses the Go installation from go_builder, avoiding a separate image pull
# and significantly reducing build time (especially on ARM64 in CI) # and significantly reducing build time (especially on ARM64 in CI)
@ -61,16 +68,16 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o webapp-server .
# Shared Node.js base with optimized NPM installation # Shared Node.js base with optimized NPM installation
FROM alpine:3.23.2 AS node_base FROM alpine:3.23.3 AS node_base
# Install dependencies # Install dependencies
RUN apk add --no-cache nodejs curl bash tini ca-certificates RUN apk add --no-cache nodejs curl bash tini ca-certificates
# Set working directory for NPM installation # Set working directory for NPM installation
RUN mkdir -p /tmp/npm-install RUN mkdir -p /tmp/npm-install
WORKDIR /tmp/npm-install WORKDIR /tmp/npm-install
# Download NPM tarball # Download NPM tarball
RUN curl -fsSL https://registry.npmjs.org/npm/-/npm-11.7.0.tgz -o npm.tgz RUN curl -fsSL https://registry.npmjs.org/npm/-/npm-11.10.0.tgz -o npm.tgz
# Verify checksum # Verify checksum
RUN expected="292f142dc1a8c01199ba34a07e57cf016c260ea2c59b64f3eee8aaae7a2e7504" \ RUN expected="43c653384c39617756846ad405705061a78fb6bbddb2ced57ab79fb92e8af2a7" \
&& actual=$(sha256sum npm.tgz | cut -d' ' -f1) \ && actual=$(sha256sum npm.tgz | cut -d' ' -f1) \
&& [ "$actual" = "$expected" ] \ && [ "$actual" = "$expected" ] \
&& echo "✅ NPM Tarball Checksum OK" \ && echo "✅ NPM Tarball Checksum OK" \
@ -78,30 +85,21 @@ RUN expected="292f142dc1a8c01199ba34a07e57cf016c260ea2c59b64f3eee8aaae7a2e7504"
# Install NPM from verified tarball and global packages # Install NPM from verified tarball and global packages
RUN tar -xzf npm.tgz && \ RUN tar -xzf npm.tgz && \
cd package && \ cd package && \
node bin/npm-cli.js install -g npm@11.7.0 && \ node bin/npm-cli.js install -g npm@11.10.0 && \
cd / && \ cd / && \
rm -rf /tmp/npm-install rm -rf /tmp/npm-install
RUN npm install -g pnpm@10.28.1 @import-meta-env/cli RUN npm install -g pnpm@10.29.3 @import-meta-env/cli
# Fix CVE-2025-64756 by replacing vulnerable glob with patched version # Fix CVE-2025-64756 by replacing vulnerable glob with patched version
# Fix CVE-2026-23745 by replacing vulnerable tar with patched version RUN npm install -g glob@11.1.0 tar@7.5.8 && \
# Fix GHSA-73rr-hh4g-fpgx replacing vulnerable diff with patched version
RUN npm install -g glob@11.1.0 tar@7.5.3 diff@8.0.3 && \
# Replace tar in npm's node_modules # Replace tar in npm's node_modules
rm -rf /usr/lib/node_modules/npm/node_modules/tar && \ rm -rf /usr/lib/node_modules/npm/node_modules/tar && \
cp -r /usr/lib/node_modules/tar /usr/lib/node_modules/npm/node_modules/ && \ cp -r /usr/lib/node_modules/tar /usr/lib/node_modules/npm/node_modules/ && \
# Replace tar in npm's node_modules cp -r /usr/lib/node_modules/tar /usr/lib/node_modules/pnpm/dist/node_modules/ && \
rm -rf /usr/lib/node_modules/npm/node_modules/diff && \
cp -r /usr/lib/node_modules/diff /usr/lib/node_modules/npm/node_modules/ && \
# Replace glob in @import-meta-env/cli's node_modules # Replace glob in @import-meta-env/cli's node_modules
rm -rf /usr/lib/node_modules/@import-meta-env/cli/node_modules/glob && \ rm -rf /usr/lib/node_modules/@import-meta-env/cli/node_modules/glob && \
cp -r /usr/lib/node_modules/glob /usr/lib/node_modules/@import-meta-env/cli/node_modules/ && \ cp -r /usr/lib/node_modules/glob /usr/lib/node_modules/@import-meta-env/cli/node_modules/
# Replace tar in @import-meta-env/cli's node_modules
rm -rf /usr/lib/node_modules/@import-meta-env/cli/node_modules/tar && \
cp -r /usr/lib/node_modules/tar /usr/lib/node_modules/@import-meta-env/cli/node_modules/ && \
# Replace diff in @import-meta-env/cli's node_modules
rm -rf /usr/lib/node_modules/@import-meta-env/cli/node_modules/diff && \
cp -r /usr/lib/node_modules/diff /usr/lib/node_modules/@import-meta-env/cli/node_modules/
FROM node_base AS base_builder FROM node_base AS base_builder