security: fix low severity @eslint/plugin-kit ReDoS vulnerability

Fix Dependabot alert #94 (LOW): - @eslint/plugin-kit vulnerability: Regular Expression Denial of Service through ConfigCommentParser - Updated from 0.2.8 (vulnerable) to 0.5.1 via pnpm/npm overrides Build verified successful. All tests pass. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-24 03:00:15 -04:00 · 2026-01-25 14:36:47 -08:00
parent f151646838
commit 5220f89706
2 changed files with 17 additions and 14 deletions
--- a/web/package.json
+++ b/web/package.json
@@ -60,7 +60,8 @@
    "hoek": ">=4.2.1",
    "cookie": ">=0.7.0",
    "tough-cookie": ">=4.1.3",
-    "esbuild": ">=0.25.0"
+    "esbuild": ">=0.25.0",
+    "@eslint/plugin-kit": ">=0.3.4"
  },
  "dependencies": {
    "@floating-ui/dom": "^1.7.0",
@@ -96,7 +97,8 @@
      "nanoid@<3.3.8": ">=3.3.8",
      "form-data@<2.5.4": ">=2.5.4",
      "glob@>=10.2.0 <10.5.0": ">=10.5.0",
-      "esbuild@<=0.24.2": ">=0.25.0"
+      "esbuild@<=0.24.2": ">=0.25.0",
+      "@eslint/plugin-kit@<0.3.4": ">=0.3.4"
    },
    "onlyBuiltDependencies": [
      "esbuild",
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -22,6 +22,7 @@ overrides:
  form-data@<2.5.4: '>=2.5.4'
  glob@>=10.2.0 <10.5.0: '>=10.5.0'
  esbuild@<=0.24.2: '>=0.25.0'
+  '@eslint/plugin-kit@<0.3.4': '>=0.3.4'

 importers:

@@ -353,14 +354,14 @@ packages:
    resolution: {integrity: sha512-GNKqxfHG2ySmJOBSHg7LxeUx4xpuCoFjacmlCoYWEbaPXLwvfIjixRI12xCQZeULksQb23uiA8F40w5TojpV7w==}
    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}

-  '@eslint/core@0.13.0':
-    resolution: {integrity: sha512-yfkgDw1KR66rkT5A8ci4irzDysN7FRpq3ttJolR88OqQikAWqwA8j5VZyas+vjyBNFIJ7MfybJ9plMILI2UrCw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
  '@eslint/core@0.9.1':
    resolution: {integrity: sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==}
    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}

+  '@eslint/core@1.0.1':
+    resolution: {integrity: sha512-r18fEAj9uCk+VjzGt2thsbOmychS+4kxI14spVNibUO2vqKX7obOG+ymZljAwuPZl+S3clPGwCwTDtrdqTiY6Q==}
+    engines: {node: ^20.19.0 || ^22.13.0 || >=24}
+
  '@eslint/eslintrc@3.3.3':
    resolution: {integrity: sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==}
    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
@@ -377,9 +378,9 @@ packages:
    resolution: {integrity: sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==}
    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}

-  '@eslint/plugin-kit@0.2.8':
-    resolution: {integrity: sha512-ZAoA40rNMPwSm+AeHpCq8STiNAwzWLJuP8Xv4CHIc9wv/PSuExjMrmjfYNj682vW0OOiZ1HKxzvjQr9XZIisQA==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+  '@eslint/plugin-kit@0.5.1':
+    resolution: {integrity: sha512-hZ2uC1jbf6JMSsF2ZklhRQqf6GLpYyux6DlzegnW/aFlpu6qJj5GO7ub7WOETCrEl6pl6DAX7RgTgj/fyG+6BQ==}
+    engines: {node: ^20.19.0 || ^22.13.0 || >=24}

  '@floating-ui/core@1.7.0':
    resolution: {integrity: sha512-FRdBLykrPPA6P76GGGqlex/e7fbe0F1ykgxHYNXQsH/iTEtjMj/f9bpY5oQqbjt5VgZvgz/uKXbGuROijh3VLA==}
@@ -2402,11 +2403,11 @@ snapshots:
    transitivePeerDependencies:
      - supports-color

-  '@eslint/core@0.13.0':
+  '@eslint/core@0.9.1':
    dependencies:
      '@types/json-schema': 7.0.15

-  '@eslint/core@0.9.1':
+  '@eslint/core@1.0.1':
    dependencies:
      '@types/json-schema': 7.0.15

@@ -2430,9 +2431,9 @@ snapshots:

  '@eslint/object-schema@2.1.7': {}

-  '@eslint/plugin-kit@0.2.8':
+  '@eslint/plugin-kit@0.5.1':
    dependencies:
-      '@eslint/core': 0.13.0
+      '@eslint/core': 1.0.1
      levn: 0.4.1

  '@floating-ui/core@1.7.0':
@@ -3089,7 +3090,7 @@ snapshots:
      '@eslint/core': 0.9.1
      '@eslint/eslintrc': 3.3.3
      '@eslint/js': 9.17.0
-      '@eslint/plugin-kit': 0.2.8
+      '@eslint/plugin-kit': 0.5.1
      '@humanfs/node': 0.16.7
      '@humanwhocodes/module-importer': 1.0.1
      '@humanwhocodes/retry': 0.4.3