mirror of
https://github.com/nexu-io/open-design.git
synced 2026-07-03 12:27:55 +08:00
security: resolve vulnerable tmp transitive dependency (#3379)
* security: override tmp to patched version * chore: refresh nix pnpm deps hash --------- Co-authored-by: Gateway <gateway@users.noreply.github.com> Co-authored-by: a1chzt <chizblank@gmail.com>
This commit is contained in:
@@ -9,6 +9,6 @@
|
||||
# 1. Temporarily set the consuming `hash = lib.fakeHash;`
|
||||
# 2. Run the relevant nix build/flake check
|
||||
# 3. Copy the expected hash printed by Nix into the matching field below
|
||||
daemonHash = "sha256-nSMVyVSHfcXV5fLMXM3tfdQxZRb+FNF6P4iuJw/Z8Mo=";
|
||||
webHash = "sha256-IlXE7iNoT/+mcVbtzhJdcP5fNs7Hk8AYZMxfJ33dXck=";
|
||||
daemonHash = "sha256-cHVStKsh5vDiplA7QVCZuC9xbXKOoE7v7VfwX0A3Pes=";
|
||||
webHash = "sha256-THVcqWm8iPpF65gBaV8/nK27ZjOwVJzsAAfVQZxN+As=";
|
||||
}
|
||||
|
||||
@@ -47,6 +47,7 @@
|
||||
"postcss": "8.5.15",
|
||||
"protobufjs": "8.4.0",
|
||||
"qs": "6.15.2",
|
||||
"tmp": "0.2.7",
|
||||
"yaml": "2.9.0"
|
||||
},
|
||||
"onlyBuiltDependencies": [
|
||||
|
||||
9
pnpm-lock.yaml
generated
9
pnpm-lock.yaml
generated
@@ -13,6 +13,7 @@ overrides:
|
||||
postcss: 8.5.15
|
||||
protobufjs: 8.4.0
|
||||
qs: 6.15.2
|
||||
tmp: 0.2.7
|
||||
yaml: 2.9.0
|
||||
|
||||
importers:
|
||||
@@ -4468,8 +4469,8 @@ packages:
|
||||
tmp-promise@3.0.3:
|
||||
resolution: {integrity: sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==}
|
||||
|
||||
tmp@0.2.5:
|
||||
resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==}
|
||||
tmp@0.2.7:
|
||||
resolution: {integrity: sha512-e0votIpp4Uo2AJYSzVHV6xCcawuiez3DzqDAbrTc3YxBkplN6e+dM13ZeIcZnDg/QpSuU2zfZ3rzwY8ukEnaXw==}
|
||||
engines: {node: '>=14.14'}
|
||||
|
||||
toidentifier@1.0.1:
|
||||
@@ -9435,9 +9436,9 @@ snapshots:
|
||||
|
||||
tmp-promise@3.0.3:
|
||||
dependencies:
|
||||
tmp: 0.2.5
|
||||
tmp: 0.2.7
|
||||
|
||||
tmp@0.2.5: {}
|
||||
tmp@0.2.7: {}
|
||||
|
||||
toidentifier@1.0.1: {}
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ overrides:
|
||||
postcss: 8.5.15
|
||||
protobufjs: 8.4.0
|
||||
qs: 6.15.2
|
||||
tmp: 0.2.7
|
||||
yaml: 2.9.0
|
||||
|
||||
onlyBuiltDependencies:
|
||||
|
||||
Reference in New Issue
Block a user