diff --git a/.changeset/eight-dogs-allow.md b/.changeset/eight-dogs-allow.md new file mode 100644 index 0000000000..b541ae931b --- /dev/null +++ b/.changeset/eight-dogs-allow.md @@ -0,0 +1,9 @@ +--- +"@medusajs/framework": patch +"@medusajs/types": patch +"@medusajs/admin-bundler": patch +"@medusajs/admin-vite-plugin": patch +"@medusajs/telemetry": patch +--- + +chore(): Upgrade vit to non vulnerable one diff --git a/package.json b/package.json index 4f61520a23..056fddcc10 100644 --- a/package.json +++ b/package.json @@ -129,7 +129,7 @@ "turbo": "^1.6.3", "typescript": "^5.6.2", "uuid": "^9.0.0", - "vite": "^5.4.14", + "vite": "^5.4.21", "vite-plugin-inspect": "^0.8.7", "vite-plugin-turbosnap": "^1.0.2", "vitest": "^3.0.5", @@ -165,7 +165,6 @@ "dependencies": { "@changesets/changelog-github": "^0.4.8", "@changesets/cli": "^2.26.0", - "global": "^4.4.0", "import-from": "^3.0.0" }, "resolutions": { diff --git a/packages/admin/admin-bundler/package.json b/packages/admin/admin-bundler/package.json index 1ae2d3c4ff..38e6c94d43 100644 --- a/packages/admin/admin-bundler/package.json +++ b/packages/admin/admin-bundler/package.json @@ -33,7 +33,7 @@ "outdent": "^0.8.0", "postcss": "^8.4.38", "tailwindcss": "^3.4.3", - "vite": "^5.4.14" + "vite": "^5.4.21" }, "packageManager": "yarn@3.2.1" } diff --git a/packages/admin/admin-vite-plugin/package.json b/packages/admin/admin-vite-plugin/package.json index 84409abb72..55a7f9b403 100644 --- a/packages/admin/admin-vite-plugin/package.json +++ b/packages/admin/admin-vite-plugin/package.json @@ -27,10 +27,10 @@ "test:watch": "../../../node_modules/.bin/vitest" }, "devDependencies": { - "vite": "^5.4.14" + "vite": "^5.4.21" }, "peerDependencies": { - "vite": "^5.4.14" + "vite": "^5.4.21" }, "dependencies": { "@babel/parser": "7.25.6", diff --git a/packages/core/framework/package.json b/packages/core/framework/package.json index 7868702c4a..855c308e2e 100644 --- a/packages/core/framework/package.json +++ b/packages/core/framework/package.json @@ -100,7 +100,7 @@ "@medusajs/cli": "2.11.3", "connect-dynamodb": "^3.0.5", "ioredis": "^5.4.1", - "vite": "^5.4.14" + "vite": "^5.4.21" }, "peerDependenciesMeta": { "@aws-sdk/client-dynamodb": { diff --git a/packages/core/types/package.json b/packages/core/types/package.json index 960c07b042..f5a7e892e8 100644 --- a/packages/core/types/package.json +++ b/packages/core/types/package.json @@ -39,7 +39,7 @@ }, "peerDependencies": { "ioredis": "^5.4.1", - "vite": "^5.4.14" + "vite": "^5.4.21" }, "peerDependenciesMeta": { "ioredis": { diff --git a/packages/medusa-telemetry/package.json b/packages/medusa-telemetry/package.json index fdc79c915a..beae18db67 100644 --- a/packages/medusa-telemetry/package.json +++ b/packages/medusa-telemetry/package.json @@ -35,7 +35,6 @@ "boxen": "^5.0.1", "ci-info": "^3.2.0", "configstore": "^5.0.1", - "global": "^4.4.0", "is-docker": "^2.2.1", "remove-trailing-slash": "^0.1.1", "uuid": "^9.0.0" diff --git a/yarn.lock b/yarn.lock index 02121eac09..9b049fdcbd 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3138,7 +3138,7 @@ __metadata: outdent: ^0.8.0 postcss: ^8.4.38 tailwindcss: ^3.4.3 - vite: ^5.4.14 + vite: ^5.4.21 languageName: unknown linkType: soft @@ -3170,9 +3170,9 @@ __metadata: magic-string: 0.30.5 outdent: ^0.8.0 picocolors: ^1.1.0 - vite: ^5.4.14 + vite: ^5.4.21 peerDependencies: - vite: ^5.4.14 + vite: ^5.4.21 languageName: unknown linkType: soft @@ -3603,7 +3603,7 @@ __metadata: "@medusajs/cli": 2.11.3 connect-dynamodb: ^3.0.5 ioredis: ^5.4.1 - vite: ^5.4.14 + vite: ^5.4.21 peerDependenciesMeta: "@aws-sdk/client-dynamodb": optional: true @@ -4041,7 +4041,6 @@ __metadata: boxen: ^5.0.1 ci-info: ^3.2.0 configstore: ^5.0.1 - global: ^4.4.0 is-docker: ^2.2.1 remove-trailing-slash: ^0.1.1 uuid: ^9.0.0 @@ -4095,7 +4094,7 @@ __metadata: bignumber.js: ^9.1.2 peerDependencies: ioredis: ^5.4.1 - vite: ^5.4.14 + vite: ^5.4.21 peerDependenciesMeta: ioredis: optional: true @@ -15626,13 +15625,6 @@ __metadata: languageName: node linkType: hard -"dom-walk@npm:^0.1.0": - version: 0.1.2 - resolution: "dom-walk@npm:0.1.2" - checksum: 4d2ad9062a9423d890f8577aa202b597a6b85f9489bdde656b9443901b8b322b289655c3affefc58ec2e41931e0828dfee0a1d2db6829a607d76def5901fc5a9 - languageName: node - linkType: hard - "domelementtype@npm:^2.3.0": version: 2.3.0 resolution: "domelementtype@npm:2.3.0" @@ -17650,16 +17642,6 @@ __metadata: languageName: node linkType: hard -"global@npm:^4.4.0": - version: 4.4.0 - resolution: "global@npm:4.4.0" - dependencies: - min-document: ^2.19.0 - process: ^0.11.10 - checksum: 4a467aec6602c00a7c5685f310574ab04e289ad7f894f0f01c9c5763562b82f4b92d1e381ce6c5bbb12173e2a9f759c1b63dda6370cfb199970267e14d90aa91 - languageName: node - linkType: hard - "globals@npm:^11.1.0": version: 11.12.0 resolution: "globals@npm:11.12.0" @@ -20904,15 +20886,6 @@ __metadata: languageName: node linkType: hard -"min-document@npm:^2.19.0": - version: 2.19.0 - resolution: "min-document@npm:2.19.0" - dependencies: - dom-walk: ^0.1.0 - checksum: 783724da716fc73a51c171865d7b29bf2b855518573f82ef61c40d214f6898d7b91b5c5419e4d22693cdb78d4615873ebc3b37d7639d3dd00ca283e5a07c7af9 - languageName: node - linkType: hard - "min-indent@npm:^1.0.0": version: 1.0.1 resolution: "min-indent@npm:1.0.1" @@ -24710,7 +24683,6 @@ __metadata: faker: ^5.5.3 get-port: ^5.1.1 glob: ^11.0.0 - global: ^4.4.0 import-from: ^3.0.0 ioredis: ^5.4.1 jest: ^29.7.0 @@ -24746,7 +24718,7 @@ __metadata: turbo: ^1.6.3 typescript: ^5.6.2 uuid: ^9.0.0 - vite: ^5.4.14 + vite: ^5.4.21 vite-plugin-inspect: ^0.8.7 vite-plugin-turbosnap: ^1.0.2 vitest: ^3.0.5 @@ -27565,7 +27537,7 @@ __metadata: languageName: node linkType: hard -"vite@npm:^5.4.14": +"vite@npm:^5.4.21": version: 5.4.21 resolution: "vite@npm:5.4.21" dependencies: