@checkstack/catalog-backend 1.1.0 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +64 -0
- package/package.json +14 -15
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,69 @@
|
|
|
1
1
|
# @checkstack/catalog-backend
|
|
2
2
|
|
|
3
|
+
## 1.1.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- b627562: Bump direct and transitive dependencies to clear MEDIUM-severity advisories
|
|
8
|
+
that Trivy now surfaces alongside CRITICAL/HIGH.
|
|
9
|
+
|
|
10
|
+
Direct version bumps in package.json:
|
|
11
|
+
|
|
12
|
+
- `@checkstack/catalog-backend`, `@checkstack/gitops-backend`,
|
|
13
|
+
`@checkstack/healthcheck-frontend`: `uuid` `^13.0.0` → `^14.0.0`
|
|
14
|
+
(GHSA-w5hq-g745-h8pq, missing buffer bounds check in v3/v5/v6). Also
|
|
15
|
+
dropped the now-redundant `@types/uuid` devDependency — uuid 14 ships
|
|
16
|
+
its own types and the npm `@types/uuid` package is a stub.
|
|
17
|
+
- `@checkstack/gitops-backend`: `yaml` `^2.7.0` → `^2.8.3`
|
|
18
|
+
(GHSA-48c2-rrv3-qjmp, stack overflow on deeply nested collections).
|
|
19
|
+
- `@checkstack/dev-server`: `vite` `^5.4.0` → `^8.0.12`
|
|
20
|
+
(GHSA-4w7w-66w2-5vf9, path traversal in optimized-deps `.map` handling)
|
|
21
|
+
and `@vitejs/plugin-react` `^4.3.4` → `^6.0.1` to stay inside the new
|
|
22
|
+
vite peer range.
|
|
23
|
+
|
|
24
|
+
Root `overrides` / `resolutions` to bypass transitive pins that block the
|
|
25
|
+
walk:
|
|
26
|
+
|
|
27
|
+
- `dompurify` `^3.4.3` — `monaco-editor@0.55.1` pins `dompurify@3.2.7`
|
|
28
|
+
exactly, so the only way to pick up the eight DOMPurify XSS / prototype
|
|
29
|
+
pollution advisories (GHSA-v2wj-7wpq-c8vv et al.) is an override.
|
|
30
|
+
Affects `@checkstack/ui`, which is the only consumer of monaco.
|
|
31
|
+
- `uuid` `^14.0.0` — also forces `bullmq`'s nested `uuid@11.1.0`
|
|
32
|
+
(vulnerable per GHSA-w5hq-g745-h8pq) to the patched line. Affects
|
|
33
|
+
`@checkstack/queue-bullmq-backend`.
|
|
34
|
+
- `yaml` `^2.9.0` — covers transitive resolutions that would otherwise
|
|
35
|
+
pin pre-2.8.3 yaml.
|
|
36
|
+
|
|
37
|
+
The CI image scan (`.github/workflows/pr-checks.yml`) and the local
|
|
38
|
+
`bun run audit:*` helper now include `MEDIUM` alongside `CRITICAL,HIGH`,
|
|
39
|
+
so future MEDIUM regressions fail the pipeline. The production Dockerfile
|
|
40
|
+
also strips vendored `test/`, `tests/`, `__tests__/`, `benchmark/`,
|
|
41
|
+
`benchmarks/`, `example/` and `examples/` folders from `node_modules`
|
|
42
|
+
before the runtime stage — those tarball artefacts ship their own
|
|
43
|
+
nested `package.json` (`benchmark`, `tedious-benchmarks`, etc.) which
|
|
44
|
+
Trivy was scanning as if they were real packages.
|
|
45
|
+
|
|
46
|
+
- Updated dependencies [b627562]
|
|
47
|
+
- @checkstack/gitops-backend@0.3.2
|
|
48
|
+
|
|
49
|
+
## 1.1.1
|
|
50
|
+
|
|
51
|
+
### Patch Changes
|
|
52
|
+
|
|
53
|
+
- Updated dependencies [9016526]
|
|
54
|
+
- Updated dependencies [080627f]
|
|
55
|
+
- @checkstack/common@0.10.0
|
|
56
|
+
- @checkstack/auth-common@0.7.0
|
|
57
|
+
- @checkstack/catalog-common@2.2.0
|
|
58
|
+
- @checkstack/notification-common@1.1.0
|
|
59
|
+
- @checkstack/gitops-common@0.4.0
|
|
60
|
+
- @checkstack/auth-backend@0.4.26
|
|
61
|
+
- @checkstack/backend-api@0.15.2
|
|
62
|
+
- @checkstack/command-backend@0.1.26
|
|
63
|
+
- @checkstack/gitops-backend@0.3.1
|
|
64
|
+
- @checkstack/cache-api@0.3.1
|
|
65
|
+
- @checkstack/cache-utils@0.2.6
|
|
66
|
+
|
|
3
67
|
## 1.1.0
|
|
4
68
|
|
|
5
69
|
### Minor Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@checkstack/catalog-backend",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.2",
|
|
4
4
|
"license": "Elastic-2.0",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.ts",
|
|
@@ -14,30 +14,29 @@
|
|
|
14
14
|
"lint:code": "eslint . --max-warnings 0"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
|
-
"@checkstack/backend-api": "0.15.
|
|
18
|
-
"@checkstack/cache-api": "0.
|
|
19
|
-
"@checkstack/cache-utils": "0.2.
|
|
20
|
-
"@checkstack/auth-common": "0.
|
|
21
|
-
"@checkstack/catalog-common": "2.0
|
|
22
|
-
"@checkstack/command-backend": "0.1.
|
|
23
|
-
"@checkstack/auth-backend": "0.4.
|
|
24
|
-
"@checkstack/gitops-backend": "0.
|
|
25
|
-
"@checkstack/gitops-common": "0.
|
|
26
|
-
"@checkstack/notification-common": "1.0
|
|
17
|
+
"@checkstack/backend-api": "0.15.2",
|
|
18
|
+
"@checkstack/cache-api": "0.3.1",
|
|
19
|
+
"@checkstack/cache-utils": "0.2.6",
|
|
20
|
+
"@checkstack/auth-common": "0.7.0",
|
|
21
|
+
"@checkstack/catalog-common": "2.2.0",
|
|
22
|
+
"@checkstack/command-backend": "0.1.26",
|
|
23
|
+
"@checkstack/auth-backend": "0.4.26",
|
|
24
|
+
"@checkstack/gitops-backend": "0.3.1",
|
|
25
|
+
"@checkstack/gitops-common": "0.4.0",
|
|
26
|
+
"@checkstack/notification-common": "1.1.0",
|
|
27
27
|
"@orpc/server": "^1.13.2",
|
|
28
28
|
"drizzle-orm": "^0.45.0",
|
|
29
29
|
"hono": "^4.12.14",
|
|
30
|
-
"uuid": "^
|
|
30
|
+
"uuid": "^14.0.0",
|
|
31
31
|
"zod": "^4.2.1",
|
|
32
|
-
"@checkstack/common": "0.
|
|
32
|
+
"@checkstack/common": "0.10.0"
|
|
33
33
|
},
|
|
34
34
|
"devDependencies": {
|
|
35
35
|
"@checkstack/drizzle-helper": "0.0.5",
|
|
36
|
-
"@checkstack/scripts": "0.3.
|
|
36
|
+
"@checkstack/scripts": "0.3.2",
|
|
37
37
|
"@checkstack/tsconfig": "0.0.7",
|
|
38
38
|
"@types/bun": "^1.3.5",
|
|
39
39
|
"@types/node": "^20.0.0",
|
|
40
|
-
"@types/uuid": "^11.0.0",
|
|
41
40
|
"drizzle-kit": "^0.31.10",
|
|
42
41
|
"typescript": "^5.0.0"
|
|
43
42
|
}
|