diff --git a/package.json b/package.json index 96d3f063e..10b024569 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,8 @@ "svelte": "$svelte", "vite": "$vite", "@types/node@<=20.12.0": "20.19.0", - "send@<0.19.0": "^0.19.1" + "send@<0.19.0": "^0.19.1", + "@sveltejs/kit>cookie@<0.7.0": "^0.7.0" }, "onlyBuiltDependencies": [ "esbuild" @@ -90,7 +91,8 @@ ], "auditConfig": { "ignoreGhsas": [ - "GHSA-67mh-4wv8-2f99" + "GHSA-67mh-4wv8-2f99", + "GHSA-v6h2-p8h4-qcjw" ] }, "updateConfig": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5fc54d03a..debf08b14 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -13,6 +13,7 @@ overrides: vite: ^7.0.0-beta.0 '@types/node@<=20.12.0': 20.19.0 send@<0.19.0: ^0.19.1 + '@sveltejs/kit>cookie@<0.7.0': ^0.7.0 importers: @@ -618,22 +619,6 @@ importers: specifier: ^7.0.0-beta.0 version: 7.0.0-beta.0(@types/node@22.15.30)(sass@1.89.1)(stylus@0.64.0)(yaml@2.8.0) - packages/playground/vite-dompurify: - dependencies: - isomorphic-dompurify: - specifier: ^2.25.0 - version: 2.25.0 - devDependencies: - '@sveltejs/vite-plugin-svelte': - specifier: workspace:^ - version: link:../../vite-plugin-svelte - svelte: - specifier: ^5.33.18 - version: 5.33.18 - vite: - specifier: ^7.0.0-beta.0 - version: 7.0.0-beta.0(@types/node@22.15.30)(sass@1.89.1)(stylus@0.64.0)(yaml@2.8.0) - packages/vite-plugin-svelte: dependencies: '@sveltejs/vite-plugin-svelte-inspector': @@ -1518,9 +1503,6 @@ packages: '@types/resolve@1.20.2': resolution: {integrity: sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==} - '@types/trusted-types@2.0.7': - resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==} - '@types/unist@2.0.11': resolution: {integrity: sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==} @@ -1714,11 +1696,11 @@ packages: resolution: {integrity: sha512-pbnl5XzGBdrFU/wT4jqmJVPn2B6UHPBOhzMQkY/SPUPB6QtUXtmBHBIwCbXJol93mOpGMnQyP/+BB19q04xj7g==} engines: {node: '>=4'} - brace-expansion@1.1.11: - resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==} + brace-expansion@1.1.12: + resolution: {integrity: sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==} - brace-expansion@2.0.1: - resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==} + brace-expansion@2.0.2: + resolution: {integrity: sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==} braces@3.0.3: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} @@ -1824,8 +1806,8 @@ packages: concat-map@0.0.1: resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} - cookie@0.6.0: - resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==} + cookie@0.7.2: + resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==} engines: {node: '>= 0.6'} cross-env@7.0.3: @@ -1918,9 +1900,6 @@ packages: resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==} engines: {node: '>=8'} - dompurify@3.2.6: - resolution: {integrity: sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==} - dotenv@16.5.0: resolution: {integrity: sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==} engines: {node: '>=12'} @@ -2448,10 +2427,6 @@ packages: resolution: {integrity: sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==} engines: {node: '>=16'} - isomorphic-dompurify@2.25.0: - resolution: {integrity: sha512-bcpJzu9DOjN21qaCVpcoCwUX1ytpvA6EFqCK5RNtPg5+F0Jz9PX50jl6jbEicBNeO87eDDfC7XtPs4zjDClZJg==} - engines: {node: '>=18'} - jackspeak@3.4.3: resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} @@ -3516,6 +3491,7 @@ snapshots: '@csstools/css-parser-algorithms': 3.0.5(@csstools/css-tokenizer@3.0.4) '@csstools/css-tokenizer': 3.0.4 lru-cache: 10.4.3 + optional: true '@babel/runtime@7.27.1': {} @@ -3668,12 +3644,14 @@ snapshots: human-id: 4.1.1 prettier: 2.8.8 - '@csstools/color-helpers@5.0.2': {} + '@csstools/color-helpers@5.0.2': + optional: true '@csstools/css-calc@2.1.4(@csstools/css-parser-algorithms@3.0.5(@csstools/css-tokenizer@3.0.4))(@csstools/css-tokenizer@3.0.4)': dependencies: '@csstools/css-parser-algorithms': 3.0.5(@csstools/css-tokenizer@3.0.4) '@csstools/css-tokenizer': 3.0.4 + optional: true '@csstools/css-color-parser@3.0.10(@csstools/css-parser-algorithms@3.0.5(@csstools/css-tokenizer@3.0.4))(@csstools/css-tokenizer@3.0.4)': dependencies: @@ -3681,12 +3659,15 @@ snapshots: '@csstools/css-calc': 2.1.4(@csstools/css-parser-algorithms@3.0.5(@csstools/css-tokenizer@3.0.4))(@csstools/css-tokenizer@3.0.4) '@csstools/css-parser-algorithms': 3.0.5(@csstools/css-tokenizer@3.0.4) '@csstools/css-tokenizer': 3.0.4 + optional: true '@csstools/css-parser-algorithms@3.0.5(@csstools/css-tokenizer@3.0.4)': dependencies: '@csstools/css-tokenizer': 3.0.4 + optional: true - '@csstools/css-tokenizer@3.0.4': {} + '@csstools/css-tokenizer@3.0.4': + optional: true '@esbuild/aix-ppc64@0.19.12': optional: true @@ -4175,7 +4156,7 @@ snapshots: '@sveltejs/vite-plugin-svelte': link:packages/vite-plugin-svelte '@types/cookie': 0.6.0 acorn: 8.14.1 - cookie: 0.6.0 + cookie: 0.7.2 devalue: 5.1.1 esm-env: 1.2.2 kleur: 4.1.5 @@ -4255,9 +4236,6 @@ snapshots: '@types/resolve@1.20.2': {} - '@types/trusted-types@2.0.7': - optional: true - '@types/unist@2.0.11': {} '@typescript-eslint/eslint-plugin@8.33.1(@typescript-eslint/parser@8.33.1(eslint@9.28.0)(typescript@5.8.3))(eslint@9.28.0)(typescript@5.8.3)': @@ -4444,7 +4422,8 @@ snapshots: acorn@8.14.1: {} - agent-base@7.1.3: {} + agent-base@7.1.3: + optional: true ajv@6.12.6: dependencies: @@ -4499,12 +4478,12 @@ snapshots: dependencies: is-windows: 1.0.2 - brace-expansion@1.1.11: + brace-expansion@1.1.12: dependencies: balanced-match: 1.0.2 concat-map: 0.0.1 - brace-expansion@2.0.1: + brace-expansion@2.0.2: dependencies: balanced-match: 1.0.2 @@ -4607,7 +4586,7 @@ snapshots: concat-map@0.0.1: {} - cookie@0.6.0: {} + cookie@0.7.2: {} cross-env@7.0.3: dependencies: @@ -4627,6 +4606,7 @@ snapshots: dependencies: '@asamuzakjp/css-color': 3.2.0 rrweb-cssom: 0.8.0 + optional: true d@1.0.2: dependencies: @@ -4639,6 +4619,7 @@ snapshots: dependencies: whatwg-mimetype: 4.0.0 whatwg-url: 14.2.0 + optional: true dataloader@1.4.0: {} @@ -4673,10 +4654,6 @@ snapshots: dependencies: path-type: 4.0.0 - dompurify@3.2.6: - optionalDependencies: - '@types/trusted-types': 2.0.7 - dotenv@16.5.0: {} dts-buddy@0.6.2(typescript@5.8.3): @@ -4748,7 +4725,8 @@ snapshots: ansi-colors: 4.1.3 strip-ansi: 6.0.1 - entities@6.0.1: {} + entities@6.0.1: + optional: true environment@1.1.0: {} @@ -5171,6 +5149,7 @@ snapshots: html-encoding-sniffer@4.0.0: dependencies: whatwg-encoding: 3.1.1 + optional: true http-proxy-agent@7.0.2: dependencies: @@ -5178,6 +5157,7 @@ snapshots: debug: 4.4.1 transitivePeerDependencies: - supports-color + optional: true https-proxy-agent@7.0.6: dependencies: @@ -5185,6 +5165,7 @@ snapshots: debug: 4.4.1 transitivePeerDependencies: - supports-color + optional: true human-id@4.1.1: {} @@ -5199,6 +5180,7 @@ snapshots: iconv-lite@0.6.3: dependencies: safer-buffer: 2.1.2 + optional: true ignore@5.3.2: {} @@ -5253,7 +5235,8 @@ snapshots: is-number@7.0.0: {} - is-potential-custom-element-name@1.0.1: {} + is-potential-custom-element-name@1.0.1: + optional: true is-promise@2.2.2: {} @@ -5277,16 +5260,6 @@ snapshots: isexe@3.1.1: {} - isomorphic-dompurify@2.25.0: - dependencies: - dompurify: 3.2.6 - jsdom: 26.1.0 - transitivePeerDependencies: - - bufferutil - - canvas - - supports-color - - utf-8-validate - jackspeak@3.4.3: dependencies: '@isaacs/cliui': 8.0.2 @@ -5328,6 +5301,7 @@ snapshots: - bufferutil - supports-color - utf-8-validate + optional: true json-buffer@3.0.1: {} @@ -5475,11 +5449,11 @@ snapshots: minimatch@3.1.2: dependencies: - brace-expansion: 1.1.11 + brace-expansion: 1.1.12 minimatch@9.0.5: dependencies: - brace-expansion: 2.0.1 + brace-expansion: 2.0.2 minipass@7.1.2: {} @@ -5542,7 +5516,8 @@ snapshots: dependencies: path-key: 4.0.0 - nwsapi@2.2.20: {} + nwsapi@2.2.20: + optional: true on-headers@1.0.2: {} @@ -5615,6 +5590,7 @@ snapshots: parse5@7.3.0: dependencies: entities: 6.0.1 + optional: true pascal-case@3.1.2: dependencies: @@ -5783,7 +5759,8 @@ snapshots: '@rollup/rollup-win32-x64-msvc': 4.41.1 fsevents: 2.3.3 - rrweb-cssom@0.8.0: {} + rrweb-cssom@0.8.0: + optional: true run-parallel@1.2.0: dependencies: @@ -5810,6 +5787,7 @@ snapshots: saxes@6.0.0: dependencies: xmlchars: 2.2.0 + optional: true semver@7.7.2: {} @@ -5978,7 +5956,8 @@ snapshots: magic-string: 0.30.17 zimmerframe: 1.1.2 - symbol-tree@3.2.4: {} + symbol-tree@3.2.4: + optional: true synckit@0.11.8: dependencies: @@ -6013,11 +5992,13 @@ snapshots: tinyspy@4.0.3: {} - tldts-core@6.1.86: {} + tldts-core@6.1.86: + optional: true tldts@6.1.86: dependencies: tldts-core: 6.1.86 + optional: true tmp@0.0.33: dependencies: @@ -6032,12 +6013,14 @@ snapshots: tough-cookie@5.1.2: dependencies: tldts: 6.1.86 + optional: true tr46@0.0.3: {} tr46@5.1.1: dependencies: punycode: 2.3.1 + optional: true tree-kill@1.2.2: {} @@ -6267,23 +6250,28 @@ snapshots: w3c-xmlserializer@5.0.0: dependencies: xml-name-validator: 5.0.0 + optional: true web-streams-polyfill@3.3.3: {} webidl-conversions@3.0.1: {} - webidl-conversions@7.0.0: {} + webidl-conversions@7.0.0: + optional: true whatwg-encoding@3.1.1: dependencies: iconv-lite: 0.6.3 + optional: true - whatwg-mimetype@4.0.0: {} + whatwg-mimetype@4.0.0: + optional: true whatwg-url@14.2.0: dependencies: tr46: 5.1.1 webidl-conversions: 7.0.0 + optional: true whatwg-url@5.0.0: dependencies: @@ -6323,11 +6311,14 @@ snapshots: string-width: 7.2.0 strip-ansi: 7.1.0 - ws@8.18.2: {} + ws@8.18.2: + optional: true - xml-name-validator@5.0.0: {} + xml-name-validator@5.0.0: + optional: true - xmlchars@2.2.0: {} + xmlchars@2.2.0: + optional: true yaml@1.10.2: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index a378f8cb5..bda65ff67 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -2,4 +2,3 @@ packages: - 'packages/*' - 'packages/e2e-tests/*' - 'packages/e2e-tests/_test_dependencies/*' - - 'packages/playground/*'