From c9f0be358c6638426ce8b7f84a98aaed36e51779 Mon Sep 17 00:00:00 2001 From: Jeric Cruz Date: Sat, 18 Oct 2025 20:08:49 +0800 Subject: [PATCH 1/2] chore: upgrade prismjs to 1.30.0 to resolve security issue #1268 --- package-lock.json | 11 ++++++----- package.json | 3 +-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index ae403ebf..048ed25f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -66,7 +66,7 @@ "isomorphic-dompurify": "^2.16.0", "lowlight": "^3.1.0", "lucide-react": "^0.451.0", - "nanoid": "^5.0.9", + "nanoid": "^5.0.7", "next": "^14.2.21", "next-auth": "^4.24.9", "next-safe-action": "^7.9.4", @@ -75,7 +75,7 @@ "pg": "^8.12.0", "postgres": "^3.4.4", "posthog-js": "^1.180.0", - "prismjs": "^1.29.0", + "prismjs": "^1.30.0", "react": "^18.3.1", "react-dom": "^18.3.1", "react-highlight-words": "^0.20.0", @@ -16834,9 +16834,10 @@ "integrity": "sha512-WuxUnVtlWL1OfZFQFuqvnvs6MiAGk9UNsBostyBOB0Is9wb5uRESevA6rnl/rkksXaGX3GzZhPup5d6Vp1nFew==" }, "node_modules/prismjs": { - "version": "1.29.0", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz", - "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==", + "version": "1.30.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.30.0.tgz", + "integrity": "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw==", + "license": "MIT", "engines": { "node": ">=6" } diff --git a/package.json b/package.json index 326d7747..180e219b 100644 --- a/package.json +++ b/package.json @@ -84,7 +84,6 @@ "isomorphic-dompurify": "^2.16.0", "lowlight": "^3.1.0", "lucide-react": "^0.451.0", - "nanoid": "^5.0.9", "nanoid": "^5.0.7", "next": "^14.2.21", "next-auth": "^4.24.9", @@ -94,7 +93,7 @@ "pg": "^8.12.0", "postgres": "^3.4.4", "posthog-js": "^1.180.0", - "prismjs": "^1.29.0", + "prismjs": "^1.30.0", "react": "^18.3.1", "react-dom": "^18.3.1", "react-highlight-words": "^0.20.0", From 5cd9b55efd1d008de3e9cf70b29e6fd06251fff8 Mon Sep 17 00:00:00 2001 From: Jeric Cruz Date: Sat, 18 Oct 2025 22:24:48 +0800 Subject: [PATCH 2/2] Update next-auth dependency to ^4.24.11 to fix vulnerabilities --- package-lock.json | 13 +++++++------ package.json | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 048ed25f..ba4a733b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -68,7 +68,7 @@ "lucide-react": "^0.451.0", "nanoid": "^5.0.7", "next": "^14.2.21", - "next-auth": "^4.24.9", + "next-auth": "^4.24.11", "next-safe-action": "^7.9.4", "next-themes": "^0.3.0", "nodemailer": "^6.9.14", @@ -15551,9 +15551,10 @@ } }, "node_modules/next-auth": { - "version": "4.24.10", - "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.10.tgz", - "integrity": "sha512-8NGqiRO1GXBcVfV8tbbGcUgQkAGsX4GRzzXXea4lDikAsJtD5KiEY34bfhUOjHLvr6rT6afpcxw2H8EZqOV6aQ==", + "version": "4.24.11", + "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.11.tgz", + "integrity": "sha512-pCFXzIDQX7xmHFs4KVH4luCjaCbuPRtZ9oBUjUhOk84mZ9WVPf94n87TxYI4rSRf9HmfHEF8Yep3JrYDVOo3Cw==", + "license": "ISC", "dependencies": { "@babel/runtime": "^7.20.13", "@panva/hkdf": "^1.0.2", @@ -15569,8 +15570,8 @@ "@auth/core": "0.34.2", "next": "^12.2.5 || ^13 || ^14 || ^15", "nodemailer": "^6.6.5", - "react": "^17.0.2 || ^18", - "react-dom": "^17.0.2 || ^18" + "react": "^17.0.2 || ^18 || ^19", + "react-dom": "^17.0.2 || ^18 || ^19" }, "peerDependenciesMeta": { "@auth/core": { diff --git a/package.json b/package.json index 180e219b..c235493e 100644 --- a/package.json +++ b/package.json @@ -86,7 +86,7 @@ "lucide-react": "^0.451.0", "nanoid": "^5.0.7", "next": "^14.2.21", - "next-auth": "^4.24.9", + "next-auth": "^4.24.11", "next-safe-action": "^7.9.4", "next-themes": "^0.3.0", "nodemailer": "^6.9.14",