fix(ui): bump pnpm overrides to resolve 11 npm security vulnerabilities (#10267)

alejandrobailo · web-flow · commit e2fe4822382c · 2026-03-05T14:00:44.000+01:00
diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 All notable changes to the **Prowler UI** are documented in this file.
 
+## [1.19.1] (Prowler v5.19.1)
+
+### 🔐 Security
+
+- npm transitive dependencies patched to resolve 11 Dependabot alerts (6 HIGH, 4 MEDIUM, 1 LOW): hono, @hono/node-server, fast-xml-parser, serialize-javascript, minimatch [(#10267)](https://github.com/prowler-cloud/prowler/pull/10267)
+
+---
+
 ## [1.19.0] (Prowler v5.19.0)
 
 ### 🚀 Added
diff --git a/ui/package.json b/ui/package.json
@@ -171,12 +171,15 @@
       "@react-aria/interactions>react": "19.2.4",
       "lodash": "4.17.23",
       "lodash-es": "4.17.23",
-      "hono": "4.11.10",
+      "hono": "4.12.4",
+      "@hono/node-server": "1.19.10",
       "@isaacs/brace-expansion": "5.0.1",
-      "fast-xml-parser": "5.3.6",
+      "fast-xml-parser": "5.3.8",
+      "serialize-javascript": "7.0.3",
       "rollup@>=4": "4.59.0",
-      "minimatch@<4": "3.1.3",
-      "minimatch@>=9 <10": "9.0.6",
+      "minimatch@<4": "3.1.4",
+      "minimatch@>=9 <10": "9.0.7",
+      "minimatch@>=10": "10.2.3",
       "ajv@<7": "6.14.0",
       "ajv@>=8": "8.18.0",
       "qs": "6.14.2"
diff --git a/ui/pnpm-lock.yaml b/ui/pnpm-lock.yaml
