chore: security patch for the quic-go vulnerability (hoppscotch#5710)

Co-authored-by: James George <[email protected]>
Co-authored-by: Nahid Hasan <[email protected]>

Author: 3 people

package.json

@@ -44,7 +44,7 @@
       "nodemailer@<7.0.11": "7.0.11",
       "glob@<11.1.0": "11.1.0",
       "subscriptions-transport-ws>ws": "7.5.10",
-      "vue": "3.5.25",
+      "vue": "3.5.26",
       "form-data": "4.0.4",
       "ws": "8.17.1"
     },

packages/codemirror-lang-graphql/package.json

@@ -25,7 +25,7 @@
     "@lezer/generator": "1.8.0",
     "@rollup/plugin-typescript": "12.1.4",
     "mocha": "11.7.5",
-    "rollup": "4.53.3",
+    "rollup": "4.53.5",
     "typescript": "5.9.3"
   }
 }

packages/hoppscotch-agent/package.json

@@ -16,22 +16,22 @@
     "@vueuse/core": "14.1.0",
     "axios": "1.13.2",
     "fp-ts": "2.16.11",
-    "lodash-es": "4.17.21",
-    "vue": "3.5.25"
+    "lodash-es": "4.17.22",
+    "vue": "3.5.26"
   },
   "devDependencies": {
-    "@iconify-json/lucide": "1.2.80",
+    "@iconify-json/lucide": "1.2.81",
     "@tauri-apps/cli": "2.9.3",
     "@types/lodash-es": "4.17.12",
     "@types/node": "24.10.1",
     "@vitejs/plugin-vue": "6.0.3",
-    "autoprefixer": "10.4.22",
+    "autoprefixer": "10.4.23",
     "postcss": "8.5.6",
     "tailwindcss": "3.4.16",
     "typescript": "5.9.3",
     "unplugin-icons": "22.5.0",
     "unplugin-vue-components": "30.0.0",
-    "vite": "7.2.7",
+    "vite": "7.3.0",
     "vue-tsc": "2.2.0"
   }
 }

packages/hoppscotch-backend/package.json

@@ -34,20 +34,20 @@
     "@apollo/server": "5.2.0",
     "@as-integrations/express5": "1.1.2",
     "@nestjs-modules/mailer": "2.0.2",
-    "@nestjs/apollo": "13.2.1",
+    "@nestjs/apollo": "13.2.3",
     "@nestjs/common": "11.1.9",
     "@nestjs/config": "4.0.2",
     "@nestjs/core": "11.1.9",
-    "@nestjs/graphql": "13.2.0",
+    "@nestjs/graphql": "13.2.3",
     "@nestjs/jwt": "11.0.2",
     "@nestjs/passport": "11.0.0",
     "@nestjs/platform-express": "11.1.9",
     "@nestjs/schedule": "6.1.0",
     "@nestjs/swagger": "11.2.3",
     "@nestjs/terminus": "11.0.0",
     "@nestjs/throttler": "6.5.0",
-    "@prisma/adapter-pg": "7.1.0",
-    "@prisma/client": "7.1.0",
+    "@prisma/adapter-pg": "7.2.0",
+    "@prisma/client": "7.2.0",
     "argon2": "0.44.0",
     "bcrypt": "6.0.0",
     "class-transformer": "0.5.1",
@@ -73,15 +73,15 @@
     "passport-local": "1.0.0",
     "passport-microsoft": "2.1.0",
     "pg": "8.16.3",
-    "posthog-node": "5.17.2",
-    "prisma": "7.1.0",
+    "posthog-node": "5.17.4",
+    "prisma": "7.2.0",
     "reflect-metadata": "0.2.2",
     "rimraf": "6.1.2",
     "rxjs": "7.8.2"
   },
   "devDependencies": {
     "@eslint/eslintrc": "3.3.3",
-    "@eslint/js": "9.39.1",
+    "@eslint/js": "9.39.2",
     "@nestjs/cli": "11.0.14",
     "@nestjs/schematics": "11.0.9",
     "@nestjs/testing": "11.1.9",
@@ -90,18 +90,18 @@
     "@types/cookie-parser": "1.4.10",
     "@types/express": "5.0.6",
     "@types/jest": "30.0.0",
-    "@types/node": "24.10.2",
+    "@types/node": "25.0.3",
     "@types/nodemailer": "7.0.4",
     "@types/passport-github2": "1.2.9",
     "@types/passport-google-oauth20": "2.0.17",
     "@types/passport-jwt": "4.0.1",
     "@types/passport-microsoft": "2.1.1",
-    "@types/pg": "8.15.6",
+    "@types/pg": "8.16.0",
     "@types/supertest": "6.0.3",
-    "@typescript-eslint/eslint-plugin": "8.49.0",
-    "@typescript-eslint/parser": "8.49.0",
+    "@typescript-eslint/eslint-plugin": "8.50.0",
+    "@typescript-eslint/parser": "8.50.0",
     "cross-env": "10.1.0",
-    "eslint": "9.39.1",
+    "eslint": "9.39.2",
     "eslint-config-prettier": "10.1.8",
     "eslint-plugin-prettier": "5.5.4",
     "globals": "16.5.0",

packages/hoppscotch-cli/package.json

@@ -48,7 +48,7 @@
     "commander": "14.0.2",
     "isolated-vm": "6.0.2",
     "js-md5": "0.8.3",
-    "lodash-es": "4.17.21",
+    "lodash-es": "4.17.22",
     "papaparse": "5.5.3",
     "qs": "6.14.0",
     "tough-cookie": "6.0.0",
@@ -61,14 +61,14 @@
     "@hoppscotch/js-sandbox": "workspace:^",
     "@relmify/jest-fp-ts": "2.1.1",
     "@types/lodash-es": "4.17.12",
-    "@types/papaparse": "5.5.1",
+    "@types/papaparse": "5.5.2",
     "@types/qs": "6.14.0",
     "fp-ts": "2.16.11",
     "prettier": "3.7.4",
     "qs": "6.11.2",
     "semver": "7.7.3",
     "tsup": "8.5.1",
     "typescript": "5.9.3",
-    "vitest": "4.0.15"
+    "vitest": "4.0.16"
   }
 }

packages/hoppscotch-common/package.json

@@ -80,7 +80,7 @@
     "js-yaml": "4.1.1",
     "jsonc-parser": "3.3.1",
     "jsonpath-plus": "10.3.0",
-    "lodash-es": "4.17.21",
+    "lodash-es": "4.17.22",
     "lossless-json": "4.3.0",
     "markdown-it": "14.1.0",
     "minisearch": "7.2.0",
@@ -92,7 +92,7 @@
     "process": "0.11.10",
     "qs": "6.14.0",
     "quicktype-core": "23.2.6",
-    "rollup": "4.53.3",
+    "rollup": "4.53.5",
     "rxjs": "7.8.2",
     "set-cookie-parser": "2.7.2",
     "set-cookie-parser-es": "1.0.5",
@@ -111,7 +111,7 @@
     "util": "0.12.5",
     "uuid": "13.0.0",
     "verzod": "0.4.0",
-    "vue": "3.5.25",
+    "vue": "3.5.26",
     "vue-i18n": "11.2.2",
     "vue-json-pretty": "2.6.0",
     "vue-pdf-embed": "2.1.3",
@@ -129,15 +129,15 @@
     "@esbuild-plugins/node-modules-polyfill": "0.2.2",
     "@graphql-codegen/add": "6.0.0",
     "@graphql-codegen/cli": "6.1.0",
-    "@graphql-codegen/typed-document-node": "6.1.4",
-    "@graphql-codegen/typescript": "5.0.6",
-    "@graphql-codegen/typescript-operations": "5.0.6",
+    "@graphql-codegen/typed-document-node": "6.1.5",
+    "@graphql-codegen/typescript": "5.0.7",
+    "@graphql-codegen/typescript-operations": "5.0.7",
     "@graphql-codegen/typescript-urql-graphcache": "3.1.1",
     "@graphql-codegen/urql-introspection": "3.0.1",
     "@graphql-typed-document-node/core": "3.2.0",
-    "@iconify-json/lucide": "1.2.80",
+    "@iconify-json/lucide": "1.2.81",
     "@import-meta-env/cli": "0.7.4",
-    "@intlify/unplugin-vue-i18n": "11.0.1",
+    "@intlify/unplugin-vue-i18n": "11.0.3",
     "@relmify/jest-fp-ts": "2.1.1",
     "@rushstack/eslint-patch": "1.15.0",
     "@types/har-format": "1.2.16",
@@ -149,13 +149,13 @@
     "@types/qs": "6.14.0",
     "@types/splitpanes": "2.2.6",
     "@types/yargs-parser": "21.0.3",
-    "@typescript-eslint/eslint-plugin": "8.49.0",
-    "@typescript-eslint/parser": "8.49.0",
+    "@typescript-eslint/eslint-plugin": "8.50.0",
+    "@typescript-eslint/parser": "8.50.0",
     "@vitejs/plugin-vue": "6.0.3",
-    "@vue/compiler-sfc": "3.5.25",
+    "@vue/compiler-sfc": "3.5.26",
     "@vue/eslint-config-typescript": "13.0.0",
-    "@vue/runtime-core": "3.5.25",
-    "autoprefixer": "10.4.22",
+    "@vue/runtime-core": "3.5.26",
+    "autoprefixer": "10.4.23",
     "cross-env": "10.1.0",
     "dotenv": "17.2.3",
     "eslint": "8.57.0",
@@ -169,22 +169,22 @@
     "prettier": "3.7.4",
     "prettier-plugin-tailwindcss": "0.7.1",
     "rollup-plugin-polyfill-node": "0.13.0",
-    "sass": "1.96.0",
+    "sass": "1.97.0",
     "tailwindcss": "3.4.16",
     "tsup": "8.5.1",
     "typescript": "5.9.3",
     "unplugin-fonts": "1.4.0",
     "unplugin-icons": "22.5.0",
     "unplugin-vue-components": "30.0.0",
-    "vite": "7.2.7",
+    "vite": "7.3.0",
     "vite-plugin-checker": "0.11.0",
     "vite-plugin-fonts": "0.7.0",
     "vite-plugin-html-config": "2.0.2",
     "vite-plugin-pages": "0.33.2",
     "vite-plugin-pages-sitemap": "1.7.1",
     "vite-plugin-pwa": "1.2.0",
     "vite-plugin-vue-layouts": "0.11.0",
-    "vitest": "4.0.15",
+    "vitest": "4.0.16",
     "vue-tsc": "1.8.8"
   }
 }

packages/hoppscotch-common/src/services/context-menu/menu/__tests__/parameter.menu.spec.ts

@@ -25,61 +25,49 @@ describe("ParameterMenuService", () => {
 
     expect(registerContextMenuFn).toHaveBeenCalledOnce()
     expect(registerContextMenuFn).toHaveBeenCalledWith(parameter)
+  })
 
-    describe("getMenuFor", () => {
-      it("validating if the text passes the regex and return the menu", () => {
-        const container = new TestContainer()
-        const parameter = container.bind(ParameterMenuService)
-
-        const test = "https://hoppscotch.io?id=some-text"
-        const result = parameter.getMenuFor(test)
-
-        if (test.match(urlAndParameterRegex)) {
-          expect(result.results).toContainEqual(
-            expect.objectContaining({ id: "parameter" })
-          )
-        } else {
-          expect(result.results).not.toContainEqual(
-            expect.objectContaining({ id: "parameter" })
-          )
-        }
-      })
-
-      it("should call the addParameter function when action is called", () => {
-        const addParameterFn = vi.fn()
-
-        const container = new TestContainer()
-        const environment = container.bind(ParameterMenuService)
-
-        const test = "https://hoppscotch.io"
-
-        const result = environment.getMenuFor(test)
-
-        const action = result.results[0].action
-
-        action()
+  describe("getMenuFor", () => {
+    it("validating if the text passes the regex and return the menu", () => {
+      const container = new TestContainer()
+      const parameter = container.bind(ParameterMenuService)
+
+      const test = "https://hoppscotch.io?id=some-text"
+      const result = parameter.getMenuFor(test)
+
+      if (test.match(urlAndParameterRegex)) {
+        expect(result.results).toContainEqual(
+          expect.objectContaining({ id: "parameter" })
+        )
+      } else {
+        expect(result.results).not.toContainEqual(
+          expect.objectContaining({ id: "parameter" })
+        )
+      }
+    })
 
-        expect(addParameterFn).toHaveBeenCalledOnce()
-        expect(addParameterFn).toHaveBeenCalledWith(action)
-      })
+    it("should return a result with an action when text contains parameters", () => {
+      const container = new TestContainer()
+      const parameter = container.bind(ParameterMenuService)
 
-      it("should call the extractParams function when addParameter function is called", () => {
-        const extractParamsFn = vi.fn()
+      const test = "https://hoppscotch.io?id=some-text"
 
-        const container = new TestContainer()
-        const environment = container.bind(ParameterMenuService)
+      const result = parameter.getMenuFor(test)
 
-        const test = "https://hoppscotch.io"
+      expect(result.results).toHaveLength(1)
+      expect(result.results[0]).toHaveProperty("action")
+      expect(typeof result.results[0].action).toBe("function")
+    })
 
-        const result = environment.getMenuFor(test)
+    it("should return empty results when text does not contain parameters", () => {
+      const container = new TestContainer()
+      const parameter = container.bind(ParameterMenuService)
 
-        const action = result.results[0].action
+      const test = "https://hoppscotch.io"
 
-        action()
+      const result = parameter.getMenuFor(test)
 
-        expect(extractParamsFn).toHaveBeenCalledOnce()
-        expect(extractParamsFn).toHaveBeenCalledWith(action)
-      })
+      expect(result.results).toHaveLength(0)
     })
   })
 })

packages/hoppscotch-common/src/services/context-menu/menu/parameter.menu.ts

@@ -120,7 +120,7 @@ export class ParameterMenuService extends Service implements ContextMenu {
     if (urlAndParameterRegex.test(text)) {
       results.value = [
         {
-          id: "environment",
+          id: "parameter",
           text: {
             type: "text",
             text: this.t("context_menu.add_parameters"),

packages/hoppscotch-data/package.json

@@ -37,7 +37,7 @@
   "devDependencies": {
     "@types/lodash": "4.17.21",
     "typescript": "5.9.3",
-    "vite": "7.2.7"
+    "vite": "7.3.0"
   },
   "dependencies": {
     "fp-ts": "2.16.11",

packages/hoppscotch-desktop/package.json

@@ -34,30 +34,30 @@
     "@tauri-apps/plugin-updater": "2.9.0",
     "fp-ts": "2.16.11",
     "rxjs": "7.8.2",
-    "vue": "3.5.25",
+    "vue": "3.5.26",
     "vue-router": "4.6.4",
     "vue-tippy": "6.7.1",
     "zod": "3.25.32"
   },
   "devDependencies": {
-    "@iconify-json/lucide": "1.2.80",
+    "@iconify-json/lucide": "1.2.81",
     "@rushstack/eslint-patch": "1.15.0",
     "@tauri-apps/cli": "2.9.3",
-    "@typescript-eslint/eslint-plugin": "8.49.0",
-    "@typescript-eslint/parser": "8.49.0",
+    "@typescript-eslint/eslint-plugin": "8.50.0",
+    "@typescript-eslint/parser": "8.50.0",
     "@vitejs/plugin-vue": "6.0.3",
     "@vue/eslint-config-typescript": "13.0.0",
-    "autoprefixer": "10.4.22",
+    "autoprefixer": "10.4.23",
     "eslint": "8.57.0",
     "eslint-plugin-prettier": "5.5.4",
     "eslint-plugin-vue": "10.6.2",
     "postcss": "8.5.6",
-    "sass": "1.96.0",
+    "sass": "1.97.0",
     "tailwindcss": "3.4.16",
     "typescript": "5.9.3",
     "unplugin-icons": "22.5.0",
     "unplugin-vue-components": "30.0.0",
-    "vite": "7.2.7",
+    "vite": "7.3.0",
     "vue-tsc": "2.2.0"
   }
 }