diff --git a/package.json b/package.json index 129f6841a3..53ce1523dd 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ }, "resolutions": { "chokidar": "5.0.0", - "lodash": "4.17.21" + "lodash": "4.17.23" }, "dependencies": { "cssnano": "7.1.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1dc046d43f..7e0fe10b7c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -6,7 +6,7 @@ settings: overrides: chokidar: 5.0.0 - lodash: 4.17.21 + lodash: 4.17.23 '@aiscript-dev/aiscript-languageserver': '-' importers: @@ -8029,8 +8029,8 @@ packages: lodash.uniq@4.5.0: resolution: {integrity: sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==} - lodash@4.17.21: - resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + lodash@4.17.23: + resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==} log-symbols@4.1.0: resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} @@ -10267,10 +10267,12 @@ packages: tar@6.2.1: resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} engines: {node: '>=10'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me tar@7.5.2: resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==} engines: {node: '>=18'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me taskkill@5.0.0: resolution: {integrity: sha512-+HRtZ40Vc+6YfCDWCeAsixwxJgMbPY4HHuTgzPYH3JXvqHWUlsCfy+ylXlAKhFNcuLp4xVeWeFBUhDk+7KYUvQ==} @@ -13242,7 +13244,7 @@ snapshots: '@rushstack/terminal': 0.19.5(@types/node@24.10.4) '@rushstack/ts-command-line': 5.1.5(@types/node@24.10.4) diff: 8.0.2 - lodash: 4.17.21 + lodash: 4.17.23 minimatch: 10.0.3 resolve: 1.22.11 semver: 7.5.4 @@ -15164,7 +15166,7 @@ snapshots: chalk: 3.0.0 css.escape: 1.5.1 dom-accessibility-api: 0.6.3 - lodash: 4.17.21 + lodash: 4.17.23 redent: 3.0.0 '@testing-library/jest-dom@6.9.1': @@ -16212,7 +16214,7 @@ snapshots: graceful-fs: 4.2.11 is-stream: 2.0.1 lazystream: 1.0.1 - lodash: 4.17.21 + lodash: 4.17.23 normalize-path: 3.0.0 readable-stream: 4.7.0 @@ -17166,7 +17168,7 @@ snapshots: hasha: 5.2.2 is-installed-globally: 0.4.0 listr2: 3.14.0(enquirer@2.4.1) - lodash: 4.17.21 + lodash: 4.17.23 log-symbols: 4.1.0 minimist: 1.2.8 ospath: 1.2.2 @@ -19662,7 +19664,7 @@ snapshots: lodash.uniq@4.5.0: {} - lodash@4.17.21: {} + lodash@4.17.23: {} log-symbols@4.1.0: dependencies: @@ -22907,7 +22909,7 @@ snapshots: dependencies: axios: 1.13.2(debug@4.4.3) joi: 18.0.1 - lodash: 4.17.21 + lodash: 4.17.23 minimist: 1.2.8 rxjs: 7.8.2 transitivePeerDependencies: diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index a9443da0b3..ce6c18b885 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -36,3 +36,5 @@ minimumReleaseAge: 10080 # delay 7days to mitigate supply-chain attack minimumReleaseAgeExclude: - '@syuilo/aiscript' - systeminformation # 脆弱性対応。そのうち消すこと + # Renovate security update: lodash@4.17.23 + - lodash@4.17.23