From 417b70e16cf8f4a8c763762104ccf4929dc8b5d5 Mon Sep 17 00:00:00 2001 From: Elliot DeNolf Date: Tue, 8 Jul 2025 11:42:41 -0400 Subject: [PATCH 1/7] chore(deps): bump deps to resolve all high severity (#13002) Bumps dependencies to resolve all `high` severity vulnerabilities --- package.json | 5 +- packages/payload/package.json | 2 +- pnpm-lock.yaml | 339 +++++++++++++-------- templates/_template/package.json | 2 +- templates/blank/package.json | 2 +- templates/plugin/package.json | 4 +- templates/website/package.json | 2 +- templates/with-payload-cloud/package.json | 2 +- templates/with-postgres/package.json | 8 +- templates/with-vercel-website/package.json | 16 +- 10 files changed, 229 insertions(+), 153 deletions(-) diff --git a/package.json b/package.json index c1d2106afe..dd3be1a889 100644 --- a/package.json +++ b/package.json @@ -91,6 +91,10 @@ "reinstall": "pnpm clean:all && pnpm install", "release": "pnpm --filter releaser release --tag latest", "runts": "cross-env NODE_OPTIONS=\"--no-deprecation --no-experimental-strip-types\" node --no-deprecation --no-experimental-strip-types --import @swc-node/register/esm-register", + "script:audit": "pnpm audit -P", + "script:audit:critical": "pnpm audit -P --audit-level critical", + "script:audit:high": "pnpm audit -P --audit-level high", + "script:audit:moderate": "pnpm audit -P --audit-level moderate", "script:build-template-with-local-pkgs": "pnpm --filter scripts build-template-with-local-pkgs", "script:gen-templates": "pnpm --filter scripts gen-templates", "script:gen-templates:build": "pnpm --filter scripts gen-templates --build", @@ -121,7 +125,6 @@ "prettier --write", "eslint --cache --fix" ], - "templates/website/**/*": "sh -c \"cd templates/website; pnpm install --no-frozen-lockfile --ignore-workspace; pnpm run lint --fix\"", "templates/**/pnpm-lock.yaml": "pnpm runts scripts/remove-template-lock-files.ts", "tsconfig.base.json": "node scripts/reset-tsconfig.js" }, diff --git a/packages/payload/package.json b/packages/payload/package.json index 58b0c5e38d..2b9e6282de 100644 --- a/packages/payload/package.json +++ b/packages/payload/package.json @@ -111,7 +111,7 @@ "sanitize-filename": "1.6.3", "scmp": "2.1.0", "ts-essentials": "10.0.3", - "tsx": "4.19.2", + "tsx": "4.20.3", "undici": "7.10.0", "uuid": "10.0.0", "ws": "^8.16.0" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d15eb9fd95..9f7e558f35 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -883,8 +883,8 @@ importers: specifier: 10.0.3 version: 10.0.3(typescript@5.7.3) tsx: - specifier: 4.19.2 - version: 4.19.2 + specifier: 4.20.3 + version: 4.20.3 undici: specifier: 7.10.0 version: 7.10.0 @@ -1709,8 +1709,8 @@ importers: specifier: 19.1.0 version: 19.1.0 sharp: - specifier: 0.32.6 - version: 0.32.6 + specifier: 0.34.2 + version: 0.34.2 devDependencies: '@playwright/test': specifier: 1.50.0 @@ -1729,7 +1729,7 @@ importers: version: 19.1.2(@types/react@19.1.0) '@vitejs/plugin-react': specifier: 4.5.2 - version: 4.5.2(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + version: 4.5.2(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) eslint: specifier: ^9.16.0 version: 9.22.0(jiti@1.21.6) @@ -1753,10 +1753,10 @@ importers: version: 5.7.3 vite-tsconfig-paths: specifier: 5.1.4 - version: 5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + version: 5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) vitest: specifier: 3.2.3 - version: 3.2.3(@types/debug@4.1.12)(@types/node@22.15.30)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + version: 3.2.3(@types/debug@4.1.12)(@types/node@22.15.30)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) templates/website: dependencies: @@ -1851,8 +1851,8 @@ importers: specifier: 7.45.4 version: 7.45.4(react@19.1.0) sharp: - specifier: 0.32.6 - version: 0.32.6 + specifier: 0.34.2 + version: 0.34.2 tailwind-merge: specifier: ^2.3.0 version: 2.6.0 @@ -1886,7 +1886,7 @@ importers: version: 19.1.2(@types/react@19.1.0) '@vitejs/plugin-react': specifier: 4.5.2 - version: 4.5.2(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + version: 4.5.2(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) autoprefixer: specifier: ^10.4.19 version: 10.4.21(postcss@8.5.5) @@ -1922,10 +1922,10 @@ importers: version: 5.7.3 vite-tsconfig-paths: specifier: 5.1.4 - version: 5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + version: 5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) vitest: specifier: 3.2.3 - version: 3.2.3(@types/debug@4.1.12)(@types/node@22.5.4)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + version: 3.2.3(@types/debug@4.1.12)(@types/node@22.5.4)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) test: devDependencies: @@ -4001,8 +4001,8 @@ packages: cpu: [arm64] os: [darwin] - '@img/sharp-darwin-arm64@0.34.1': - resolution: {integrity: sha512-pn44xgBtgpEbZsu+lWf2KNb6OAf70X68k+yk69Ic2Xz11zHR/w24/U49XT7AeRwJ0Px+mhALhU5LPci1Aymk7A==} + '@img/sharp-darwin-arm64@0.34.2': + resolution: {integrity: sha512-OfXHZPppddivUJnqyKoi5YVeHRkkNE2zUFT2gbpKxp/JZCFYEYubnMg+gOp6lWfasPrTS+KPosKqdI+ELYVDtg==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm64] os: [darwin] @@ -4013,8 +4013,8 @@ packages: cpu: [x64] os: [darwin] - '@img/sharp-darwin-x64@0.34.1': - resolution: {integrity: sha512-VfuYgG2r8BpYiOUN+BfYeFo69nP/MIwAtSJ7/Zpxc5QF3KS22z8Pvg3FkrSFJBPNQ7mmcUcYQFBmEQp7eu1F8Q==} + '@img/sharp-darwin-x64@0.34.2': + resolution: {integrity: sha512-dYvWqmjU9VxqXmjEtjmvHnGqF8GrVjM2Epj9rJ6BUIXvk8slvNDJbhGFvIoXzkDhrJC2jUxNLz/GUjjvSzfw+g==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [darwin] @@ -4110,8 +4110,8 @@ packages: cpu: [arm64] os: [linux] - '@img/sharp-linux-arm64@0.34.1': - resolution: {integrity: sha512-kX2c+vbvaXC6vly1RDf/IWNXxrlxLNpBVWkdpRq5Ka7OOKj6nr66etKy2IENf6FtOgklkg9ZdGpEu9kwdlcwOQ==} + '@img/sharp-linux-arm64@0.34.2': + resolution: {integrity: sha512-D8n8wgWmPDakc83LORcfJepdOSN6MvWNzzz2ux0MnIbOqdieRZwVYY32zxVx+IFUT8er5KPcyU3XXsn+GzG/0Q==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm64] os: [linux] @@ -4122,8 +4122,8 @@ packages: cpu: [arm] os: [linux] - '@img/sharp-linux-arm@0.34.1': - resolution: {integrity: sha512-anKiszvACti2sGy9CirTlNyk7BjjZPiML1jt2ZkTdcvpLU1YH6CXwRAZCA2UmRXnhiIftXQ7+Oh62Ji25W72jA==} + '@img/sharp-linux-arm@0.34.2': + resolution: {integrity: sha512-0DZzkvuEOqQUP9mo2kjjKNok5AmnOr1jB2XYjkaoNRwpAYMDzRmAqUIa1nRi58S2WswqSfPOWLNOr0FDT3H5RQ==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm] os: [linux] @@ -4134,8 +4134,8 @@ packages: cpu: [s390x] os: [linux] - '@img/sharp-linux-s390x@0.34.1': - resolution: {integrity: sha512-7s0KX2tI9mZI2buRipKIw2X1ufdTeaRgwmRabt5bi9chYfhur+/C1OXg3TKg/eag1W+6CCWLVmSauV1owmRPxA==} + '@img/sharp-linux-s390x@0.34.2': + resolution: {integrity: sha512-EGZ1xwhBI7dNISwxjChqBGELCWMGDvmxZXKjQRuqMrakhO8QoMgqCrdjnAqJq/CScxfRn+Bb7suXBElKQpPDiw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [s390x] os: [linux] @@ -4146,8 +4146,8 @@ packages: cpu: [x64] os: [linux] - '@img/sharp-linux-x64@0.34.1': - resolution: {integrity: sha512-wExv7SH9nmoBW3Wr2gvQopX1k8q2g5V5Iag8Zk6AVENsjwd+3adjwxtp3Dcu2QhOXr8W9NusBU6XcQUohBZ5MA==} + '@img/sharp-linux-x64@0.34.2': + resolution: {integrity: sha512-sD7J+h5nFLMMmOXYH4DD9UtSNBD05tWSSdWAcEyzqW8Cn5UxXvsHAxmxSesYUsTOBmUnjtxghKDl15EvfqLFbQ==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [linux] @@ -4158,8 +4158,8 @@ packages: cpu: [arm64] os: [linux] - '@img/sharp-linuxmusl-arm64@0.34.1': - resolution: {integrity: sha512-DfvyxzHxw4WGdPiTF0SOHnm11Xv4aQexvqhRDAoD00MzHekAj9a/jADXeXYCDFH/DzYruwHbXU7uz+H+nWmSOQ==} + '@img/sharp-linuxmusl-arm64@0.34.2': + resolution: {integrity: sha512-NEE2vQ6wcxYav1/A22OOxoSOGiKnNmDzCYFOZ949xFmrWZOVII1Bp3NqVVpvj+3UeHMFyN5eP/V5hzViQ5CZNA==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm64] os: [linux] @@ -4170,8 +4170,8 @@ packages: cpu: [x64] os: [linux] - '@img/sharp-linuxmusl-x64@0.34.1': - resolution: {integrity: sha512-pax/kTR407vNb9qaSIiWVnQplPcGU8LRIJpDT5o8PdAx5aAA7AS3X9PS8Isw1/WfqgQorPotjrZL3Pqh6C5EBg==} + '@img/sharp-linuxmusl-x64@0.34.2': + resolution: {integrity: sha512-DOYMrDm5E6/8bm/yQLCWyuDJwUnlevR8xtF8bs+gjZ7cyUNYXiSf/E8Kp0Ss5xasIaXSHzb888V1BE4i1hFhAA==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [linux] @@ -4181,19 +4181,25 @@ packages: engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [wasm32] - '@img/sharp-wasm32@0.34.1': - resolution: {integrity: sha512-YDybQnYrLQfEpzGOQe7OKcyLUCML4YOXl428gOOzBgN6Gw0rv8dpsJ7PqTHxBnXnwXr8S1mYFSLSa727tpz0xg==} + '@img/sharp-wasm32@0.34.2': + resolution: {integrity: sha512-/VI4mdlJ9zkaq53MbIG6rZY+QRN3MLbR6usYlgITEzi4Rpx5S6LFKsycOQjkOGmqTNmkIdLjEvooFKwww6OpdQ==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [wasm32] + '@img/sharp-win32-arm64@0.34.2': + resolution: {integrity: sha512-cfP/r9FdS63VA5k0xiqaNaEoGxBg9k7uE+RQGzuK9fHt7jib4zAVVseR9LsE4gJcNWgT6APKMNnCcnyOtmSEUQ==} + engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} + cpu: [arm64] + os: [win32] + '@img/sharp-win32-ia32@0.33.5': resolution: {integrity: sha512-T36PblLaTwuVJ/zw/LaH0PdZkRz5rd3SmMHX8GSmR7vtNSP5Z6bQkExdSK7xGWyxLw4sUknBuugTelgw2faBbQ==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [ia32] os: [win32] - '@img/sharp-win32-ia32@0.34.1': - resolution: {integrity: sha512-WKf/NAZITnonBf3U1LfdjoMgNO5JYRSlhovhRhMxXVdvWYveM4kM3L8m35onYIdh75cOMCo1BexgVQcCDzyoWw==} + '@img/sharp-win32-ia32@0.34.2': + resolution: {integrity: sha512-QLjGGvAbj0X/FXl8n1WbtQ6iVBpWU7JO94u/P2M4a8CFYsvQi4GW2mRy/JqkRx0qpBzaOdKJKw8uc930EX2AHw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [ia32] os: [win32] @@ -4204,8 +4210,8 @@ packages: cpu: [x64] os: [win32] - '@img/sharp-win32-x64@0.34.1': - resolution: {integrity: sha512-hw1iIAHpNE8q3uMIRCgGOeDoz9KtFNarFLQclLxr/LK1VBkj8nby18RjFvr6aP7USRYAjTZW6yisnBWMX571Tw==} + '@img/sharp-win32-x64@0.34.2': + resolution: {integrity: sha512-aUdT6zEYtDKCaxkofmmJDJYGCf0+pJg3eU9/oBuqvEeoB9dKI6ZLc/1iLJCTuJQDO4ptntAlkUmHgGjyuobZbw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [win32] @@ -6976,17 +6982,35 @@ packages: bare-events@2.5.0: resolution: {integrity: sha512-/E8dDe9dsbLyh2qrZ64PEPadOQ0F4gbl1sUJOrmph7xOiIxfY8vwab/4bFLh4Y88/Hk/ujKcrQKc+ps0mv873A==} - bare-fs@2.3.5: - resolution: {integrity: sha512-SlE9eTxifPDJrT6YgemQ1WGFleevzwY+XAP1Xqgl56HtcrisC2CHCZ2tq6dBpcH2TnNxwUEUGhweo+lrQtYuiw==} + bare-events@2.5.4: + resolution: {integrity: sha512-+gFfDkR8pj4/TrWCGUGWmJIkBwuxPS5F+a5yWjOHQt2hHvNZd5YLzadjmDUtFmMM4y429bnKLa8bYBMHcYdnQA==} - bare-os@2.4.4: - resolution: {integrity: sha512-z3UiI2yi1mK0sXeRdc4O1Kk8aOa/e+FNWZcTiPB/dfTWyLypuE99LibgRaQki914Jq//yAWylcAt+mknKdixRQ==} + bare-fs@4.1.6: + resolution: {integrity: sha512-25RsLF33BqooOEFNdMcEhMpJy8EoR88zSMrnOQOaM3USnOK2VmaJ1uaQEwPA6AQjrv1lXChScosN6CzbwbO9OQ==} + engines: {bare: '>=1.16.0'} + peerDependencies: + bare-buffer: '*' + peerDependenciesMeta: + bare-buffer: + optional: true - bare-path@2.1.3: - resolution: {integrity: sha512-lh/eITfU8hrj9Ru5quUp0Io1kJWIk1bTjzo7JH1P5dWmQ2EL4hFUlfI8FonAhSlgIfhn63p84CDY/x+PisgcXA==} + bare-os@3.6.1: + resolution: {integrity: sha512-uaIjxokhFidJP+bmmvKSgiMzj2sV5GPHaZVAIktcxcpCyBFFWO+YlikVAdhmUo2vYFvFhOXIAlldqV29L8126g==} + engines: {bare: '>=1.14.0'} - bare-stream@2.3.2: - resolution: {integrity: sha512-EFZHSIBkDgSHIwj2l2QZfP4U5OcD4xFAOwhSb/vlr9PIqyGJGvB/nfClJbcnh3EY4jtPE4zsb5ztae96bVF79A==} + bare-path@3.0.0: + resolution: {integrity: sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==} + + bare-stream@2.6.5: + resolution: {integrity: sha512-jSmxKJNJmHySi6hC42zlZnq00rga4jjxcgNZjY9N5WlOe/iOoGRtdwGsHzQv2RlH2KOYMwGUXhf2zXd32BA9RA==} + peerDependencies: + bare-buffer: '*' + bare-events: '*' + peerDependenciesMeta: + bare-buffer: + optional: true + bare-events: + optional: true base64-js@1.5.1: resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==} @@ -7597,6 +7621,10 @@ packages: resolution: {integrity: sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==} engines: {node: '>=8'} + detect-libc@2.0.4: + resolution: {integrity: sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==} + engines: {node: '>=8'} + detect-newline@3.1.0: resolution: {integrity: sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==} engines: {node: '>=8'} @@ -11100,6 +11128,11 @@ packages: engines: {node: '>=10'} hasBin: true + semver@7.7.2: + resolution: {integrity: sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==} + engines: {node: '>=10'} + hasBin: true + serialize-javascript@6.0.2: resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==} @@ -11126,8 +11159,8 @@ packages: resolution: {integrity: sha512-haPVm1EkS9pgvHrQ/F3Xy+hgcuMV0Wm9vfIBSiwZ05k+xgb0PkBQpGsAA/oWdDobNaZTH5ppvHtzCFbnSEwHVw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} - sharp@0.34.1: - resolution: {integrity: sha512-1j0w61+eVxu7DawFJtnfYcvSv6qPFvfTaqzTQ2BLknVhHTwGS8sc63ZBF4rzkWMBVKybo4S5OBtDdZahh2A1xg==} + sharp@0.34.2: + resolution: {integrity: sha512-lszvBmB9QURERtyKT2bNmsgxXK0ShJrL/fvqlonCo7e6xBF8nT8xU6pW+PMIbLsz0RxQk3rgH9kd8UmvOzlMJg==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} shebang-command@2.0.0: @@ -11382,6 +11415,9 @@ packages: streamx@2.20.1: resolution: {integrity: sha512-uTa0mU6WUC65iUvzKH4X9hEdvSW7rbPxPtwfWiLMSj3qTdQbAiUboZTxauKfpFuGIGa1C2BYijZ7wgdUXICJhA==} + streamx@2.22.1: + resolution: {integrity: sha512-znKXEBxfatz2GBNK02kRnCXjV+AA4kjZIUxeWSr3UGirZMJfTE9uiwKHobnbgxWyL/JWro8tTq+vOqAK1/qbSA==} + string-argv@0.3.2: resolution: {integrity: sha512-aqD2Q0144Z+/RqG52NeHEkZauTAUWJO8c6yTftGJKO3Tja5tUgIfmIl6kExvhtxSDP7fXB6DvzkfMpCd/F3G+Q==} engines: {node: '>=0.6.19'} @@ -11566,11 +11602,11 @@ packages: resolution: {integrity: sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==} engines: {node: '>=6'} - tar-fs@2.1.1: - resolution: {integrity: sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng==} + tar-fs@2.1.3: + resolution: {integrity: sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==} - tar-fs@3.0.6: - resolution: {integrity: sha512-iokBDQQkUyeXhgPYaZxmczGPhnhXZ0CmrqI+MOb/WFGS9DW5wnfrLgtjUJBvz50vQ3qfRwJ62QVoCFu8mPVu5w==} + tar-fs@3.1.0: + resolution: {integrity: sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w==} tar-stream@2.2.0: resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==} @@ -11792,6 +11828,11 @@ packages: engines: {node: '>=18.0.0'} hasBin: true + tsx@4.20.3: + resolution: {integrity: sha512-qjbnuR9Tr+FJOMBqJCW5ehvIo/buZq7vH7qD7JziU98h6l3qGy0a/yPFjwO+y0/T7GFpNgNAvEcPPVfyT8rrPQ==} + engines: {node: '>=18.0.0'} + hasBin: true + tunnel-agent@0.6.0: resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==} @@ -14798,7 +14839,7 @@ snapshots: '@img/sharp-libvips-darwin-arm64': 1.0.4 optional: true - '@img/sharp-darwin-arm64@0.34.1': + '@img/sharp-darwin-arm64@0.34.2': optionalDependencies: '@img/sharp-libvips-darwin-arm64': 1.1.0 optional: true @@ -14808,7 +14849,7 @@ snapshots: '@img/sharp-libvips-darwin-x64': 1.0.4 optional: true - '@img/sharp-darwin-x64@0.34.1': + '@img/sharp-darwin-x64@0.34.2': optionalDependencies: '@img/sharp-libvips-darwin-x64': 1.1.0 optional: true @@ -14869,7 +14910,7 @@ snapshots: '@img/sharp-libvips-linux-arm64': 1.0.4 optional: true - '@img/sharp-linux-arm64@0.34.1': + '@img/sharp-linux-arm64@0.34.2': optionalDependencies: '@img/sharp-libvips-linux-arm64': 1.1.0 optional: true @@ -14879,7 +14920,7 @@ snapshots: '@img/sharp-libvips-linux-arm': 1.0.5 optional: true - '@img/sharp-linux-arm@0.34.1': + '@img/sharp-linux-arm@0.34.2': optionalDependencies: '@img/sharp-libvips-linux-arm': 1.1.0 optional: true @@ -14889,7 +14930,7 @@ snapshots: '@img/sharp-libvips-linux-s390x': 1.0.4 optional: true - '@img/sharp-linux-s390x@0.34.1': + '@img/sharp-linux-s390x@0.34.2': optionalDependencies: '@img/sharp-libvips-linux-s390x': 1.1.0 optional: true @@ -14899,7 +14940,7 @@ snapshots: '@img/sharp-libvips-linux-x64': 1.0.4 optional: true - '@img/sharp-linux-x64@0.34.1': + '@img/sharp-linux-x64@0.34.2': optionalDependencies: '@img/sharp-libvips-linux-x64': 1.1.0 optional: true @@ -14909,7 +14950,7 @@ snapshots: '@img/sharp-libvips-linuxmusl-arm64': 1.0.4 optional: true - '@img/sharp-linuxmusl-arm64@0.34.1': + '@img/sharp-linuxmusl-arm64@0.34.2': optionalDependencies: '@img/sharp-libvips-linuxmusl-arm64': 1.1.0 optional: true @@ -14919,7 +14960,7 @@ snapshots: '@img/sharp-libvips-linuxmusl-x64': 1.0.4 optional: true - '@img/sharp-linuxmusl-x64@0.34.1': + '@img/sharp-linuxmusl-x64@0.34.2': optionalDependencies: '@img/sharp-libvips-linuxmusl-x64': 1.1.0 optional: true @@ -14929,21 +14970,24 @@ snapshots: '@emnapi/runtime': 1.4.1 optional: true - '@img/sharp-wasm32@0.34.1': + '@img/sharp-wasm32@0.34.2': dependencies: - '@emnapi/runtime': 1.4.1 + '@emnapi/runtime': 1.4.3 + optional: true + + '@img/sharp-win32-arm64@0.34.2': optional: true '@img/sharp-win32-ia32@0.33.5': optional: true - '@img/sharp-win32-ia32@0.34.1': + '@img/sharp-win32-ia32@0.34.2': optional: true '@img/sharp-win32-x64@0.33.5': optional: true - '@img/sharp-win32-x64@0.34.1': + '@img/sharp-win32-x64@0.34.2': optional: true '@isaacs/cliui@8.0.2': @@ -17687,7 +17731,7 @@ snapshots: utf-8-validate: 6.0.5 ws: 8.18.0(bufferutil@4.0.8)(utf-8-validate@6.0.5) - '@vitejs/plugin-react@4.5.2(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0))': + '@vitejs/plugin-react@4.5.2(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0))': dependencies: '@babel/core': 7.27.4 '@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.27.4) @@ -17695,11 +17739,11 @@ snapshots: '@rolldown/pluginutils': 1.0.0-beta.11 '@types/babel__core': 7.20.5 react-refresh: 0.17.0 - vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - supports-color - '@vitejs/plugin-react@4.5.2(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0))': + '@vitejs/plugin-react@4.5.2(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0))': dependencies: '@babel/core': 7.27.4 '@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.27.4) @@ -17707,7 +17751,7 @@ snapshots: '@rolldown/pluginutils': 1.0.0-beta.11 '@types/babel__core': 7.20.5 react-refresh: 0.17.0 - vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - supports-color @@ -17719,21 +17763,21 @@ snapshots: chai: 5.2.0 tinyrainbow: 2.0.0 - '@vitest/mocker@3.2.3(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0))': + '@vitest/mocker@3.2.3(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0))': dependencies: '@vitest/spy': 3.2.3 estree-walker: 3.0.3 magic-string: 0.30.17 optionalDependencies: - vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) - '@vitest/mocker@3.2.3(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0))': + '@vitest/mocker@3.2.3(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0))': dependencies: '@vitest/spy': 3.2.3 estree-walker: 3.0.3 magic-string: 0.30.17 optionalDependencies: - vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) '@vitest/pretty-format@3.2.3': dependencies: @@ -18319,24 +18363,29 @@ snapshots: bare-events@2.5.0: optional: true - bare-fs@2.3.5: - dependencies: - bare-events: 2.5.0 - bare-path: 2.1.3 - bare-stream: 2.3.2 + bare-events@2.5.4: optional: true - bare-os@2.4.4: + bare-fs@4.1.6: + dependencies: + bare-events: 2.5.4 + bare-path: 3.0.0 + bare-stream: 2.6.5(bare-events@2.5.4) optional: true - bare-path@2.1.3: - dependencies: - bare-os: 2.4.4 + bare-os@3.6.1: optional: true - bare-stream@2.3.2: + bare-path@3.0.0: dependencies: - streamx: 2.20.1 + bare-os: 3.6.1 + optional: true + + bare-stream@2.6.5(bare-events@2.5.4): + dependencies: + streamx: 2.22.1 + optionalDependencies: + bare-events: 2.5.4 optional: true base64-js@1.5.1: {} @@ -18928,7 +18977,10 @@ snapshots: detect-libc@2.0.2: {} - detect-libc@2.0.3: {} + detect-libc@2.0.3: + optional: true + + detect-libc@2.0.4: {} detect-newline@3.1.0: {} @@ -20082,7 +20134,7 @@ snapshots: '@petamoriken/float16': 3.9.2 debug: 4.4.1 env-paths: 3.0.0 - semver: 7.7.1 + semver: 7.7.2 shell-quote: 1.8.3 which: 4.0.0 transitivePeerDependencies: @@ -20558,7 +20610,7 @@ snapshots: is-bun-module@2.0.0: dependencies: - semver: 7.7.1 + semver: 7.7.2 is-callable@1.2.7: {} @@ -20763,7 +20815,7 @@ snapshots: '@babel/parser': 7.27.5 '@istanbuljs/schema': 0.1.3 istanbul-lib-coverage: 3.2.2 - semver: 7.7.1 + semver: 7.7.2 transitivePeerDependencies: - supports-color @@ -21412,7 +21464,7 @@ snapshots: make-dir@4.0.0: dependencies: - semver: 7.7.1 + semver: 7.7.2 makeerror@1.0.12: dependencies: @@ -21948,7 +22000,7 @@ snapshots: '@opentelemetry/api': 1.9.0 '@playwright/test': 1.50.0 sass: 1.77.4 - sharp: 0.34.1 + sharp: 0.34.2 transitivePeerDependencies: - '@babel/core' - babel-plugin-macros @@ -21977,7 +22029,7 @@ snapshots: '@playwright/test': 1.50.0 babel-plugin-react-compiler: 19.1.0-rc.2 sass: 1.77.4 - sharp: 0.34.1 + sharp: 0.34.2 transitivePeerDependencies: - '@babel/core' - babel-plugin-macros @@ -22005,14 +22057,14 @@ snapshots: '@opentelemetry/api': 1.9.0 '@playwright/test': 1.50.0 sass: 1.77.4 - sharp: 0.34.1 + sharp: 0.34.2 transitivePeerDependencies: - '@babel/core' - babel-plugin-macros node-abi@3.71.0: dependencies: - semver: 7.7.1 + semver: 7.7.2 node-addon-api@6.1.0: {} @@ -22515,7 +22567,7 @@ snapshots: prebuild-install@7.1.2: dependencies: - detect-libc: 2.0.3 + detect-libc: 2.0.4 expand-template: 2.0.3 github-from-package: 0.0.0 minimist: 1.2.8 @@ -22525,7 +22577,7 @@ snapshots: pump: 3.0.2 rc: 1.2.8 simple-get: 4.0.1 - tar-fs: 2.1.1 + tar-fs: 2.1.3 tunnel-agent: 0.6.0 prelude-ls@1.2.1: {} @@ -23151,7 +23203,7 @@ snapshots: semver-truncate@3.0.0: dependencies: - semver: 7.7.1 + semver: 7.7.2 semver@5.7.2: {} @@ -23161,6 +23213,8 @@ snapshots: semver@7.7.1: {} + semver@7.7.2: {} + serialize-javascript@6.0.2: dependencies: randombytes: 2.1.0 @@ -23192,13 +23246,15 @@ snapshots: sharp@0.32.6: dependencies: color: 4.2.3 - detect-libc: 2.0.3 + detect-libc: 2.0.4 node-addon-api: 6.1.0 prebuild-install: 7.1.2 - semver: 7.7.1 + semver: 7.7.2 simple-get: 4.0.1 - tar-fs: 3.0.6 + tar-fs: 3.1.0 tunnel-agent: 0.6.0 + transitivePeerDependencies: + - bare-buffer sharp@0.33.5: dependencies: @@ -23227,14 +23283,14 @@ snapshots: '@img/sharp-win32-x64': 0.33.5 optional: true - sharp@0.34.1: + sharp@0.34.2: dependencies: color: 4.2.3 - detect-libc: 2.0.3 - semver: 7.7.1 + detect-libc: 2.0.4 + semver: 7.7.2 optionalDependencies: - '@img/sharp-darwin-arm64': 0.34.1 - '@img/sharp-darwin-x64': 0.34.1 + '@img/sharp-darwin-arm64': 0.34.2 + '@img/sharp-darwin-x64': 0.34.2 '@img/sharp-libvips-darwin-arm64': 1.1.0 '@img/sharp-libvips-darwin-x64': 1.1.0 '@img/sharp-libvips-linux-arm': 1.1.0 @@ -23244,16 +23300,16 @@ snapshots: '@img/sharp-libvips-linux-x64': 1.1.0 '@img/sharp-libvips-linuxmusl-arm64': 1.1.0 '@img/sharp-libvips-linuxmusl-x64': 1.1.0 - '@img/sharp-linux-arm': 0.34.1 - '@img/sharp-linux-arm64': 0.34.1 - '@img/sharp-linux-s390x': 0.34.1 - '@img/sharp-linux-x64': 0.34.1 - '@img/sharp-linuxmusl-arm64': 0.34.1 - '@img/sharp-linuxmusl-x64': 0.34.1 - '@img/sharp-wasm32': 0.34.1 - '@img/sharp-win32-ia32': 0.34.1 - '@img/sharp-win32-x64': 0.34.1 - optional: true + '@img/sharp-linux-arm': 0.34.2 + '@img/sharp-linux-arm64': 0.34.2 + '@img/sharp-linux-s390x': 0.34.2 + '@img/sharp-linux-x64': 0.34.2 + '@img/sharp-linuxmusl-arm64': 0.34.2 + '@img/sharp-linuxmusl-x64': 0.34.2 + '@img/sharp-wasm32': 0.34.2 + '@img/sharp-win32-arm64': 0.34.2 + '@img/sharp-win32-ia32': 0.34.2 + '@img/sharp-win32-x64': 0.34.2 shebang-command@2.0.0: dependencies: @@ -23530,6 +23586,14 @@ snapshots: optionalDependencies: bare-events: 2.5.0 + streamx@2.22.1: + dependencies: + fast-fifo: 1.3.2 + text-decoder: 1.2.1 + optionalDependencies: + bare-events: 2.5.4 + optional: true + string-argv@0.3.2: {} string-length@4.0.2: @@ -23766,20 +23830,22 @@ snapshots: tapable@2.2.1: {} - tar-fs@2.1.1: + tar-fs@2.1.3: dependencies: chownr: 1.1.4 mkdirp-classic: 0.5.3 pump: 3.0.2 tar-stream: 2.2.0 - tar-fs@3.0.6: + tar-fs@3.1.0: dependencies: pump: 3.0.2 tar-stream: 3.1.7 optionalDependencies: - bare-fs: 2.3.5 - bare-path: 2.1.3 + bare-fs: 4.1.6 + bare-path: 3.0.0 + transitivePeerDependencies: + - bare-buffer tar-stream@2.2.0: dependencies: @@ -23999,6 +24065,13 @@ snapshots: optionalDependencies: fsevents: 2.3.3 + tsx@4.20.3: + dependencies: + esbuild: 0.25.5 + get-tsconfig: 4.8.1 + optionalDependencies: + fsevents: 2.3.3 + tunnel-agent@0.6.0: dependencies: safe-buffer: 5.2.1 @@ -24317,13 +24390,13 @@ snapshots: '@types/unist': 3.0.3 unist-util-stringify-position: 4.0.0 - vite-node@3.2.3(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vite-node@3.2.3(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: cac: 6.7.14 debug: 4.4.1 es-module-lexer: 1.7.0 pathe: 2.0.3 - vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - '@types/node' - jiti @@ -24338,13 +24411,13 @@ snapshots: - tsx - yaml - vite-node@3.2.3(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vite-node@3.2.3(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: cac: 6.7.14 debug: 4.4.1 es-module-lexer: 1.7.0 pathe: 2.0.3 - vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - '@types/node' - jiti @@ -24359,29 +24432,29 @@ snapshots: - tsx - yaml - vite-tsconfig-paths@5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)): + vite-tsconfig-paths@5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)): dependencies: debug: 4.4.1 globrex: 0.1.2 tsconfck: 3.1.6(typescript@5.7.3) optionalDependencies: - vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - supports-color - typescript - vite-tsconfig-paths@5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)): + vite-tsconfig-paths@5.1.4(typescript@5.7.3)(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)): dependencies: debug: 4.4.1 globrex: 0.1.2 tsconfck: 3.1.6(typescript@5.7.3) optionalDependencies: - vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) transitivePeerDependencies: - supports-color - typescript - vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: esbuild: 0.25.5 fdir: 6.4.6(picomatch@4.0.2) @@ -24396,10 +24469,10 @@ snapshots: sass: 1.77.4 sass-embedded: 1.80.6 terser: 5.36.0 - tsx: 4.19.2 + tsx: 4.20.3 yaml: 2.6.0 - vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: esbuild: 0.25.5 fdir: 6.4.6(picomatch@4.0.2) @@ -24414,14 +24487,14 @@ snapshots: sass: 1.77.4 sass-embedded: 1.80.6 terser: 5.36.0 - tsx: 4.19.2 + tsx: 4.20.3 yaml: 2.6.0 - vitest@3.2.3(@types/debug@4.1.12)(@types/node@22.15.30)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vitest@3.2.3(@types/debug@4.1.12)(@types/node@22.15.30)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: '@types/chai': 5.2.2 '@vitest/expect': 3.2.3 - '@vitest/mocker': 3.2.3(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + '@vitest/mocker': 3.2.3(vite@6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) '@vitest/pretty-format': 3.2.3 '@vitest/runner': 3.2.3 '@vitest/snapshot': 3.2.3 @@ -24439,8 +24512,8 @@ snapshots: tinyglobby: 0.2.14 tinypool: 1.1.0 tinyrainbow: 2.0.0 - vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) - vite-node: 3.2.3(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) + vite-node: 3.2.3(@types/node@22.15.30)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) why-is-node-running: 2.3.0 optionalDependencies: '@types/debug': 4.1.12 @@ -24460,11 +24533,11 @@ snapshots: - tsx - yaml - vitest@3.2.3(@types/debug@4.1.12)(@types/node@22.5.4)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0): + vitest@3.2.3(@types/debug@4.1.12)(@types/node@22.5.4)(jiti@1.21.6)(jsdom@26.1.0(bufferutil@4.0.8)(utf-8-validate@6.0.5))(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0): dependencies: '@types/chai': 5.2.2 '@vitest/expect': 3.2.3 - '@vitest/mocker': 3.2.3(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0)) + '@vitest/mocker': 3.2.3(vite@6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0)) '@vitest/pretty-format': 3.2.3 '@vitest/runner': 3.2.3 '@vitest/snapshot': 3.2.3 @@ -24482,8 +24555,8 @@ snapshots: tinyglobby: 0.2.14 tinypool: 1.1.0 tinyrainbow: 2.0.0 - vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) - vite-node: 3.2.3(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.19.2)(yaml@2.6.0) + vite: 6.3.5(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) + vite-node: 3.2.3(@types/node@22.5.4)(jiti@1.21.6)(sass-embedded@1.80.6)(sass@1.77.4)(terser@5.36.0)(tsx@4.20.3)(yaml@2.6.0) why-is-node-running: 2.3.0 optionalDependencies: '@types/debug': 4.1.12 diff --git a/templates/_template/package.json b/templates/_template/package.json index ae9547fd1b..66163f8583 100644 --- a/templates/_template/package.json +++ b/templates/_template/package.json @@ -29,7 +29,7 @@ "payload": "latest", "react": "19.1.0", "react-dom": "19.1.0", - "sharp": "0.32.6" + "sharp": "0.34.2" }, "devDependencies": { "@eslint/eslintrc": "^3.2.0", diff --git a/templates/blank/package.json b/templates/blank/package.json index 753a189d05..ec2f64378d 100644 --- a/templates/blank/package.json +++ b/templates/blank/package.json @@ -29,7 +29,7 @@ "next": "15.3.2", "payload": "workspace:*", "react": "19.1.0", - "sharp": "0.32.6" + "sharp": "0.34.2" }, "devDependencies": { "@playwright/test": "1.50.0", diff --git a/templates/plugin/package.json b/templates/plugin/package.json index eecf7e6808..aa983d8ef0 100644 --- a/templates/plugin/package.json +++ b/templates/plugin/package.json @@ -36,8 +36,8 @@ "dev:generate-importmap": "pnpm dev:payload generate:importmap", "dev:generate-types": "pnpm dev:payload generate:types", "dev:payload": "cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload", - "generate:types": "pnpm dev:generate-types", "generate:importmap": "pnpm dev:generate-importmap", + "generate:types": "pnpm dev:generate-types", "lint": "eslint", "lint:fix": "eslint ./src --fix", "prepublishOnly": "pnpm clean && pnpm build", @@ -74,7 +74,7 @@ "react": "19.1.0", "react-dom": "19.1.0", "rimraf": "3.0.2", - "sharp": "0.32.6", + "sharp": "0.34.2", "sort-package-json": "^2.10.0", "typescript": "5.7.3", "vite-tsconfig-paths": "^5.1.4", diff --git a/templates/website/package.json b/templates/website/package.json index 631a9ad5f2..86b6af0fcb 100644 --- a/templates/website/package.json +++ b/templates/website/package.json @@ -52,7 +52,7 @@ "react": "19.1.0", "react-dom": "19.1.0", "react-hook-form": "7.45.4", - "sharp": "0.32.6", + "sharp": "0.34.2", "tailwind-merge": "^2.3.0", "tailwindcss-animate": "^1.0.7" }, diff --git a/templates/with-payload-cloud/package.json b/templates/with-payload-cloud/package.json index 5d4ecb0cad..d4c142b218 100644 --- a/templates/with-payload-cloud/package.json +++ b/templates/with-payload-cloud/package.json @@ -25,7 +25,7 @@ "payload": "3.29.0", "react": "19.1.0", "react-dom": "19.1.0", - "sharp": "0.32.6" + "sharp": "0.34.2" }, "devDependencies": { "@eslint/eslintrc": "^3.2.0", diff --git a/templates/with-postgres/package.json b/templates/with-postgres/package.json index c6ad4eb48e..bfb553fe76 100644 --- a/templates/with-postgres/package.json +++ b/templates/with-postgres/package.json @@ -6,6 +6,7 @@ "type": "module", "scripts": { "build": "cross-env NODE_OPTIONS=--no-deprecation next build", + "ci": "payload migrate && pnpm build", "dev": "cross-env NODE_OPTIONS=--no-deprecation next dev", "devsafe": "rm -rf .next && cross-env NODE_OPTIONS=--no-deprecation next dev", "generate:importmap": "cross-env NODE_OPTIONS=--no-deprecation payload generate:importmap", @@ -15,10 +16,10 @@ "start": "cross-env NODE_OPTIONS=--no-deprecation next start", "test": "pnpm run test:int && pnpm run test:e2e", "test:e2e": "cross-env NODE_OPTIONS=\"--no-deprecation --no-experimental-strip-types\" pnpm exec playwright test", - "test:int": "cross-env NODE_OPTIONS=--no-deprecation vitest run --config ./vitest.config.mts", - "ci": "payload migrate && pnpm build" + "test:int": "cross-env NODE_OPTIONS=--no-deprecation vitest run --config ./vitest.config.mts" }, "dependencies": { + "@payloadcms/db-postgres": "3.44.0", "@payloadcms/next": "3.44.0", "@payloadcms/payload-cloud": "3.44.0", "@payloadcms/richtext-lexical": "3.44.0", @@ -29,8 +30,7 @@ "payload": "3.44.0", "react": "19.1.0", "react-dom": "19.1.0", - "sharp": "0.32.6", - "@payloadcms/db-postgres": "3.44.0" + "sharp": "0.34.2" }, "devDependencies": { "@eslint/eslintrc": "^3.2.0", diff --git a/templates/with-vercel-website/package.json b/templates/with-vercel-website/package.json index ef1f1a8f0f..e0b9e8c6db 100644 --- a/templates/with-vercel-website/package.json +++ b/templates/with-vercel-website/package.json @@ -7,6 +7,7 @@ "scripts": { "build": "cross-env NODE_OPTIONS=--no-deprecation next build", "postbuild": "next-sitemap --config next-sitemap.config.cjs", + "ci": "payload migrate && pnpm build", "dev": "cross-env NODE_OPTIONS=--no-deprecation next dev", "dev:prod": "cross-env NODE_OPTIONS=--no-deprecation rm -rf .next && pnpm build && pnpm start", "generate:importmap": "cross-env NODE_OPTIONS=--no-deprecation payload generate:importmap", @@ -19,11 +20,11 @@ "start": "cross-env NODE_OPTIONS=--no-deprecation next start", "test": "pnpm run test:int && pnpm run test:e2e", "test:e2e": "cross-env NODE_OPTIONS=\"--no-deprecation --no-experimental-strip-types\" pnpm exec playwright test --config=playwright.config.ts", - "test:int": "cross-env NODE_OPTIONS=--no-deprecation vitest run --config ./vitest.config.mts", - "ci": "payload migrate && pnpm build" + "test:int": "cross-env NODE_OPTIONS=--no-deprecation vitest run --config ./vitest.config.mts" }, "dependencies": { "@payloadcms/admin-bar": "3.44.0", + "@payloadcms/db-vercel-postgres": "3.44.0", "@payloadcms/live-preview-react": "3.44.0", "@payloadcms/next": "3.44.0", "@payloadcms/payload-cloud": "3.44.0", @@ -33,6 +34,7 @@ "@payloadcms/plugin-search": "3.44.0", "@payloadcms/plugin-seo": "3.44.0", "@payloadcms/richtext-lexical": "3.44.0", + "@payloadcms/storage-vercel-blob": "3.44.0", "@payloadcms/ui": "3.44.0", "@radix-ui/react-checkbox": "^1.0.4", "@radix-ui/react-label": "^2.0.2", @@ -52,11 +54,9 @@ "react": "19.1.0", "react-dom": "19.1.0", "react-hook-form": "7.45.4", - "sharp": "0.32.6", + "sharp": "0.34.2", "tailwind-merge": "^2.3.0", - "tailwindcss-animate": "^1.0.7", - "@payloadcms/db-vercel-postgres": "3.44.0", - "@payloadcms/storage-vercel-blob": "3.44.0" + "tailwindcss-animate": "^1.0.7" }, "devDependencies": { "@eslint/eslintrc": "^3.2.0", @@ -82,6 +82,7 @@ "vite-tsconfig-paths": "5.1.4", "vitest": "3.2.3" }, + "packageManager": "pnpm@10.12.4", "engines": { "node": "^18.20.2 || >=20.9.0" }, @@ -91,6 +92,5 @@ "esbuild", "unrs-resolver" ] - }, - "packageManager": "pnpm@10.12.4" + } } From fee33b59eea8277e1bae21ae7c4240b849918ad4 Mon Sep 17 00:00:00 2001 From: Elliot DeNolf Date: Tue, 8 Jul 2025 12:28:53 -0400 Subject: [PATCH 2/7] ci: blank audit-dependencies workflow [skip ci] --- .github/workflows/audit-dependencies.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/audit-dependencies.yml diff --git a/.github/workflows/audit-dependencies.yml b/.github/workflows/audit-dependencies.yml new file mode 100644 index 0000000000..026a75ef4f --- /dev/null +++ b/.github/workflows/audit-dependencies.yml @@ -0,0 +1,11 @@ +name: audit-dependencies + +on: + workflow_dispatch: + +jobs: + dummy: + runs-on: ubuntu-24.04 + steps: + - name: Dummy step + run: echo "This is a dummy step" From 0b88466de6522fe92610a6eddabe9961797c7728 Mon Sep 17 00:00:00 2001 From: Jacob Fletcher Date: Tue, 8 Jul 2025 13:02:54 -0400 Subject: [PATCH 3/7] fix(next): prevent live preview url functions from firing unnecessarily (#13088) Ensures Live Preview url functions aren't fired during create or on collections that do not have Live Preview enabled. --- - To see the specific tasks where the Asana app for GitHub is being used, see below: - https://app.asana.com/0/0/1210743577153852 --- packages/next/src/views/Document/index.tsx | 41 +++++++++++-------- .../ui/src/providers/LivePreview/index.tsx | 11 +---- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/packages/next/src/views/Document/index.tsx b/packages/next/src/views/Document/index.tsx index 894c5f720f..88e42680c4 100644 --- a/packages/next/src/views/Document/index.tsx +++ b/packages/next/src/views/Document/index.tsx @@ -329,27 +329,36 @@ export const renderDocument = async ({ viewType, } + const isLivePreviewEnabled = Boolean( + config.admin?.livePreview?.collections?.includes(collectionSlug) || + config.admin?.livePreview?.globals?.includes(globalSlug) || + collectionConfig?.admin?.livePreview || + globalConfig?.admin?.livePreview, + ) + const livePreviewConfig: LivePreviewConfig = { - ...(config.admin.livePreview || {}), + ...(isLivePreviewEnabled ? config.admin.livePreview : {}), ...(collectionConfig?.admin?.livePreview || {}), ...(globalConfig?.admin?.livePreview || {}), } const livePreviewURL = - typeof livePreviewConfig?.url === 'function' - ? await livePreviewConfig.url({ - collectionConfig, - data: doc, - globalConfig, - locale, - req, - /** - * @deprecated - * Use `req.payload` instead. This will be removed in the next major version. - */ - payload: initPageResult.req.payload, - }) - : livePreviewConfig?.url + operation !== 'create' + ? typeof livePreviewConfig?.url === 'function' + ? await livePreviewConfig.url({ + collectionConfig, + data: doc, + globalConfig, + locale, + req, + /** + * @deprecated + * Use `req.payload` instead. This will be removed in the next major version. + */ + payload: initPageResult.req.payload, + }) + : livePreviewConfig?.url + : '' return { data: doc, @@ -380,8 +389,8 @@ export const renderDocument = async ({ > {showHeader && !drawerSlug && ( diff --git a/packages/ui/src/providers/LivePreview/index.tsx b/packages/ui/src/providers/LivePreview/index.tsx index e2ff1bcd3b..0cb8174e5d 100644 --- a/packages/ui/src/providers/LivePreview/index.tsx +++ b/packages/ui/src/providers/LivePreview/index.tsx @@ -21,8 +21,8 @@ export type LivePreviewProviderProps = { height: number width: number } + isLivePreviewEnabled?: boolean isLivePreviewing: boolean - operation?: 'create' | 'update' url: string } @@ -37,8 +37,8 @@ const getAbsoluteUrl = (url) => { export const LivePreviewProvider: React.FC = ({ breakpoints: incomingBreakpoints, children, + isLivePreviewEnabled, isLivePreviewing: incomingIsLivePreviewing, - operation, url: incomingUrl, }) => { const [previewWindowType, setPreviewWindowType] = useState<'iframe' | 'popup'>('iframe') @@ -226,13 +226,6 @@ export const LivePreviewProvider: React.FC = ({ ) }, [isLivePreviewing, setPreference, collectionSlug, globalSlug]) - const isLivePreviewEnabled = Boolean( - operation !== 'create' && - ((collectionSlug && config?.admin?.livePreview?.collections?.includes(collectionSlug)) || - (globalSlug && config.admin?.livePreview?.globals?.includes(globalSlug)) || - entityConfig?.admin?.livePreview), - ) - return ( Date: Tue, 8 Jul 2025 13:32:16 -0400 Subject: [PATCH 4/7] fix: correctly reset login attempts (#13075) Login attempts were not being reset correctly which led to situations where a failed login attempt followed by a successful login attempt would keep the loginAttempts at 1. ### Before Example with maxAttempts of 2: - failed login -> `loginAttempts: 1` - successful login -> `loginAttempts: 1` - failed login -> `loginAttempts: 2` - successful login -> `"This user is locked due to having too many failed login attempts."` ### After Example with maxAttempts of 2: - failed login -> `loginAttempts: 1` - successful login -> `loginAttempts: 0` - failed login -> `loginAttempts: 1` - successful login -> `loginAttempts: 0` --- .../strategies/local/resetLoginAttempts.ts | 5 +- test/auth/int.spec.ts | 130 ++++++++++++++++++ 2 files changed, 134 insertions(+), 1 deletion(-) diff --git a/packages/payload/src/auth/strategies/local/resetLoginAttempts.ts b/packages/payload/src/auth/strategies/local/resetLoginAttempts.ts index 4231a466cc..b03e608f2f 100644 --- a/packages/payload/src/auth/strategies/local/resetLoginAttempts.ts +++ b/packages/payload/src/auth/strategies/local/resetLoginAttempts.ts @@ -15,7 +15,10 @@ export const resetLoginAttempts = async ({ payload, req, }: Args): Promise => { - if (!('lockUntil' in doc && typeof doc.lockUntil === 'string') || doc.loginAttempts === 0) { + if ( + !('lockUntil' in doc && typeof doc.lockUntil === 'string') && + (!('loginAttempts' in doc) || doc.loginAttempts === 0) + ) { return } await payload.update({ diff --git a/test/auth/int.spec.ts b/test/auth/int.spec.ts index 4e52206a82..f354782092 100644 --- a/test/auth/int.spec.ts +++ b/test/auth/int.spec.ts @@ -1023,6 +1023,136 @@ describe('Auth', () => { }), ).rejects.toThrow('Token is either invalid or has expired.') }) + + describe('Login Attempts', () => { + async function attemptLogin(email: string, password: string) { + return payload.login({ + collection: slug, + data: { + email, + password, + }, + overrideAccess: false, + }) + } + + it('should reset the login attempts after a successful login', async () => { + // fail 1 + try { + const failedLogin = await attemptLogin(devUser.email, 'wrong-password') + expect(failedLogin).toBeUndefined() + } catch (error) { + expect((error as Error).message).toBe('The email or password provided is incorrect.') + } + + // successful login 1 + const successfulLogin = await attemptLogin(devUser.email, devUser.password) + expect(successfulLogin).toBeDefined() + + // fail 2 + try { + const failedLogin = await attemptLogin(devUser.email, 'wrong-password') + expect(failedLogin).toBeUndefined() + } catch (error) { + expect((error as Error).message).toBe('The email or password provided is incorrect.') + } + + // successful login 2 without exceeding attempts + const successfulLogin2 = await attemptLogin(devUser.email, devUser.password) + expect(successfulLogin2).toBeDefined() + + const user = await payload.findByID({ + collection: slug, + id: successfulLogin2.user.id, + overrideAccess: true, + showHiddenFields: true, + }) + + expect(user.loginAttempts).toBe(0) + expect(user.lockUntil).toBeNull() + }) + + it('should lock the user after too many failed login attempts', async () => { + const now = new Date() + // fail 1 + try { + const failedLogin = await attemptLogin(devUser.email, 'wrong-password') + expect(failedLogin).toBeUndefined() + } catch (error) { + expect((error as Error).message).toBe('The email or password provided is incorrect.') + } + + // fail 2 + try { + const failedLogin = await attemptLogin(devUser.email, 'wrong-password') + expect(failedLogin).toBeUndefined() + } catch (error) { + expect((error as Error).message).toBe('The email or password provided is incorrect.') + } + + // fail 3 + try { + const failedLogin = await attemptLogin(devUser.email, 'wrong-password') + expect(failedLogin).toBeUndefined() + } catch (error) { + expect((error as Error).message).toBe( + 'This user is locked due to having too many failed login attempts.', + ) + } + + const userQuery = await payload.find({ + collection: slug, + overrideAccess: true, + showHiddenFields: true, + where: { + email: { + equals: devUser.email, + }, + }, + }) + + expect(userQuery.docs[0]).toBeDefined() + + if (userQuery.docs[0]) { + const user = userQuery.docs[0] + expect(user.loginAttempts).toBe(2) + expect(user.lockUntil).toBeDefined() + expect(typeof user.lockUntil).toBe('string') + if (typeof user.lockUntil === 'string') { + expect(new Date(user.lockUntil).getTime()).toBeGreaterThan(now.getTime()) + } + } + }) + + it('should allow force unlocking of a user', async () => { + await payload.unlock({ + collection: slug, + data: { + email: devUser.email, + } as any, + overrideAccess: true, + }) + + const userQuery = await payload.find({ + collection: slug, + overrideAccess: true, + showHiddenFields: true, + where: { + email: { + equals: devUser.email, + }, + }, + }) + + expect(userQuery.docs[0]).toBeDefined() + + if (userQuery.docs[0]) { + const user = userQuery.docs[0] + expect(user.loginAttempts).toBe(0) + expect(user.lockUntil).toBeNull() + } + }) + }) }) describe('Email - format validation', () => { From 855a3204749de4fd0555bb69563a6dd92b1227d5 Mon Sep 17 00:00:00 2001 From: Jarrod Flesch <30633324+JarrodMFlesch@users.noreply.github.com> Date: Tue, 8 Jul 2025 13:34:10 -0400 Subject: [PATCH 5/7] fix: ensure default values are not shown when value is hidden (#13074) Fixes #12834 `loginAttempts` was being shown in the admin panel when it should be hidden. The field is set to `hidden: true` therefore the value is removed from siblingData and passes the `allowDefaultValue` check - showing inconsistent data. This PR ensures the default value is not returned if the field has a value but was removed due to the field being hidden. --- .../src/fields/hooks/afterRead/promise.ts | 7 +++++-- test/access-control/config.ts | 6 ++++++ test/access-control/int.spec.ts | 20 +++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/packages/payload/src/fields/hooks/afterRead/promise.ts b/packages/payload/src/fields/hooks/afterRead/promise.ts index 30603c3807..3ceb856d73 100644 --- a/packages/payload/src/fields/hooks/afterRead/promise.ts +++ b/packages/payload/src/fields/hooks/afterRead/promise.ts @@ -114,6 +114,7 @@ export const promise = async ({ const pathSegments = path ? path.split('.') : [] const schemaPathSegments = schemaPath ? schemaPath.split('.') : [] const indexPathSegments = indexPath ? indexPath.split('-').filter(Boolean)?.map(Number) : [] + let removedFieldValue = false if ( fieldAffectsData(field) && @@ -121,6 +122,7 @@ export const promise = async ({ typeof siblingDoc[field.name!] !== 'undefined' && !showHiddenFields ) { + removedFieldValue = true delete siblingDoc[field.name!] } @@ -331,7 +333,7 @@ export const promise = async ({ // Execute access control let allowDefaultValue = true if (triggerAccessControl && field.access && field.access.read) { - const result = overrideAccess + const canReadField = overrideAccess ? true : await field.access.read({ id: doc.id as number | string, @@ -342,7 +344,7 @@ export const promise = async ({ siblingData: siblingDoc, }) - if (!result) { + if (!canReadField) { allowDefaultValue = false delete siblingDoc[field.name!] } @@ -351,6 +353,7 @@ export const promise = async ({ // Set defaultValue on the field for globals being returned without being first created // or collection documents created prior to having a default if ( + !removedFieldValue && allowDefaultValue && typeof siblingDoc[field.name!] === 'undefined' && typeof field.defaultValue !== 'undefined' diff --git a/test/access-control/config.ts b/test/access-control/config.ts index df351e0097..3081766ca0 100644 --- a/test/access-control/config.ts +++ b/test/access-control/config.ts @@ -484,6 +484,12 @@ export default buildConfigWithDefaults( type: 'checkbox', hidden: true, }, + { + name: 'hiddenWithDefault', + type: 'text', + hidden: true, + defaultValue: 'default value', + }, ], }, { diff --git a/test/access-control/int.spec.ts b/test/access-control/int.spec.ts index e7854ffc1a..da663417b2 100644 --- a/test/access-control/int.spec.ts +++ b/test/access-control/int.spec.ts @@ -231,6 +231,26 @@ describe('Access Control', () => { expect(updatedDoc.cannotMutateRequired).toBe('cannotMutateRequired') expect(updatedDoc.cannotMutateNotRequired).toBe('cannotMutateNotRequired') }) + + it('should not return default values for hidden fields with values', async () => { + const doc = await payload.create({ + collection: hiddenFieldsSlug, + data: { + title: 'Test Title', + }, + showHiddenFields: true, + }) + + expect(doc.hiddenWithDefault).toBe('default value') + + const findDoc2 = await payload.findByID({ + id: doc.id, + collection: hiddenFieldsSlug, + overrideAccess: false, + }) + + expect(findDoc2.hiddenWithDefault).toBeUndefined() + }) }) describe('Collections', () => { describe('restricted collection', () => { From c876ddf858930891d0e86d0c7fe847d8fc8061e3 Mon Sep 17 00:00:00 2001 From: Elliot DeNolf Date: Tue, 8 Jul 2025 14:42:24 -0400 Subject: [PATCH 6/7] ci: audit-dependencies workflow (#13090) Add weekly check for dependency vulnerabilities. Asana: https://app.asana.com/1/10497086658021/project/1210456585958356/task/1210561338171143 --- .github/workflows/audit-dependencies.sh | 30 ++++++++++++++ .github/workflows/audit-dependencies.yml | 53 ++++++++++++++++++++++-- .gitignore | 2 + 3 files changed, 82 insertions(+), 3 deletions(-) create mode 100755 .github/workflows/audit-dependencies.sh diff --git a/.github/workflows/audit-dependencies.sh b/.github/workflows/audit-dependencies.sh new file mode 100755 index 0000000000..107c2a34a4 --- /dev/null +++ b/.github/workflows/audit-dependencies.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +severity=${1:-"critical"} +audit_json=$(pnpm audit --prod --json) +output_file="audit_output.json" + +echo "Auditing for ${severity} vulnerabilities..." + +echo "${audit_json}" | jq --arg severity "${severity}" ' + .advisories | to_entries | + map(select(.value.patched_versions != "<0.0.0" and .value.severity == $severity) | + { + package: .value.module_name, + vulnerable: .value.vulnerable_versions, + fixed_in: .value.patched_versions + } + ) +' >$output_file + +audit_length=$(jq 'length' $output_file) + +if [[ "${audit_length}" -gt "0" ]]; then + echo "Actionable vulnerabilities found in the following packages:" + jq -r '.[] | "\u001b[1m\(.package)\u001b[0m vulnerable in \u001b[31m\(.vulnerable)\u001b[0m fixed in \u001b[32m\(.fixed_in)\u001b[0m"' $output_file | while read -r line; do echo -e "$line"; done + echo "Output written to ${output_file}" + exit 1 +else + echo "No actionable vulnerabilities" + exit 0 +fi diff --git a/.github/workflows/audit-dependencies.yml b/.github/workflows/audit-dependencies.yml index 026a75ef4f..5eb8349bf7 100644 --- a/.github/workflows/audit-dependencies.yml +++ b/.github/workflows/audit-dependencies.yml @@ -1,11 +1,58 @@ name: audit-dependencies on: + # Sundays at 2am EST + schedule: + - cron: '0 7 * * 0' workflow_dispatch: + inputs: + audit-level: + description: The level of audit to run (low, moderate, high, critical) + required: false + default: critical + debug: + description: Enable debug logging + required: false + default: false + +env: + NODE_VERSION: 23.11.0 + PNPM_VERSION: 9.7.1 + DO_NOT_TRACK: 1 # Disable Turbopack telemetry + NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry jobs: - dummy: + audit: runs-on: ubuntu-24.04 steps: - - name: Dummy step - run: echo "This is a dummy step" + - name: Checkout + uses: actions/checkout@v4 + - name: Setup + uses: ./.github/actions/setup + with: + node-version: ${{ env.NODE_VERSION }} + pnpm-version: ${{ env.PNPM_VERSION }} + + - name: Run audit dependencies script + id: audit_dependencies + run: ./.github/workflows/audit-dependencies.sh ${{ inputs.audit-level }} + + - name: Slack notification on failure + if: failure() + uses: slackapi/slack-github-action@v2.1.0 + with: + webhook: ${{ inputs.debug == 'true' && secrets.SLACK_TEST_WEBHOOK_URL || secrets.SLACK_WEBHOOK_URL }} + webhook-type: incoming-webhook + payload: | + { + "username": "GitHub Actions Bot", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "🚨 Actionable vulnerabilities found: " + } + }, + ] + } diff --git a/.gitignore b/.gitignore index 73ca1e3c75..1c37385708 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,8 @@ packages/ui/esbuild packages/next/esbuild packages/richtext-lexical/esbuild +audit_output.json + .turbo # Ignore test directory media folder/files From dde96810898e477daa436ce923f18517fcbb024a Mon Sep 17 00:00:00 2001 From: Elliot DeNolf Date: Tue, 8 Jul 2025 17:20:31 -0400 Subject: [PATCH 7/7] ci: use .tool-versions file in setup (#13093) Parse `.tool-versions` file in the composite node setup action. This will make it the source of truth and easier to bump node/pnpm versions in the future. --- .github/actions/setup/action.yml | 63 +++++++++++++++----- .github/workflows/audit-dependencies.yml | 5 -- .github/workflows/main.yml | 34 ----------- .github/workflows/post-release-templates.yml | 5 -- .github/workflows/post-release.yml | 2 - .github/workflows/publish-prerelease.yml | 5 -- 6 files changed, 48 insertions(+), 66 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 197ee65ac7..7e8bb9fe0c 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -4,24 +4,17 @@ description: | inputs: node-version: - description: Node.js version - required: true - default: 23.11.0 + description: Node.js version override pnpm-version: - description: Pnpm version - required: true - default: 9.7.1 + description: Pnpm version override pnpm-run-install: description: Whether to run pnpm install - required: false default: true pnpm-restore-cache: description: Whether to restore cache - required: false default: true pnpm-install-cache-key: - description: The cache key for the pnpm install cache - default: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + description: The cache key override for the pnpm install cache outputs: pnpm-store-path: @@ -37,15 +30,44 @@ runs: shell: bash run: sudo ethtool -K eth0 tx off rx off + - name: Get versions from .tool-versions or use overrides + shell: bash + run: | + # if node-version input is provided, use it; otherwise, read from .tool-versions + if [ "${{ inputs.node-version }}" ]; then + echo "Node version override provided: ${{ inputs.node-version }}" + echo "NODE_VERSION=${{ inputs.node-version }}" >> $GITHUB_ENV + elif [ -f .tool-versions ]; then + NODE_VERSION=$(grep '^nodejs ' .tool-versions | awk '{print $2}') + echo "NODE_VERSION=$NODE_VERSION" >> $GITHUB_ENV + echo "Node version resolved to: $NODE_VERSION" + else + echo "No .tool-versions file found and no node-version input provided. Invalid configuration." + exit 1 + fi + + # if pnpm-version input is provided, use it; otherwise, read from .tool-versions + if [ "${{ inputs.pnpm-version }}" ]; then + echo "Pnpm version override provided: ${{ inputs.pnpm-version }}" + echo "PNPM_VERSION=${{ inputs.pnpm-version }}" >> $GITHUB_ENV + elif [ -f .tool-versions ]; then + PNPM_VERSION=$(grep '^pnpm ' .tool-versions | awk '{print $2}') + echo "PNPM_VERSION=$PNPM_VERSION" >> $GITHUB_ENV + echo "Pnpm version resolved to: $PNPM_VERSION" + else + echo "No .tool-versions file found and no pnpm-version input provided. Invalid configuration." + exit 1 + fi + - name: Setup Node@${{ inputs.node-version }} uses: actions/setup-node@v4 with: - node-version: ${{ inputs.node-version }} + node-version: ${{ env.NODE_VERSION }} - name: Install pnpm uses: pnpm/action-setup@v4 with: - version: ${{ inputs.pnpm-version }} + version: ${{ env.PNPM_VERSION }} run_install: false - name: Get pnpm store path @@ -55,14 +77,25 @@ runs: echo "STORE_PATH=$STORE_PATH" >> $GITHUB_ENV echo "Pnpm store path resolved to: $STORE_PATH" + - name: Compute Cache Key + shell: bash + run: | + if [ -n "${{ inputs.pnpm-install-cache-key }}" ]; then + PNPM_INSTALL_CACHE_KEY="${{ inputs.pnpm-install-cache-key }}" + else + PNPM_INSTALL_CACHE_KEY="pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}" + fi + echo "Computed PNPM_INSTALL_CACHE_KEY: $PNPM_INSTALL_CACHE_KEY" + echo "PNPM_INSTALL_CACHE_KEY=$PNPM_INSTALL_CACHE_KEY" >> $GITHUB_ENV + - name: Restore pnpm install cache if: ${{ inputs.pnpm-restore-cache == 'true' }} uses: actions/cache@v4 with: path: ${{ env.STORE_PATH }} - key: ${{ inputs.pnpm-install-cache-key }} + key: ${{ env.PNPM_INSTALL_CACHE_KEY }} restore-keys: | - pnpm-store-${{ inputs.pnpm-version }}- + pnpm-store-${{ env.PNPM_VERSION }}- pnpm-store- - name: Run pnpm install @@ -72,5 +105,5 @@ runs: # Set the cache key output - run: | - echo "pnpm-install-cache-key=${{ inputs.pnpm-install-cache-key }}" >> $GITHUB_ENV + echo "pnpm-install-cache-key=${{ env.PNPM_INSTALL_CACHE_KEY }}" >> $GITHUB_OUTPUT shell: bash diff --git a/.github/workflows/audit-dependencies.yml b/.github/workflows/audit-dependencies.yml index 5eb8349bf7..043ef633e9 100644 --- a/.github/workflows/audit-dependencies.yml +++ b/.github/workflows/audit-dependencies.yml @@ -16,8 +16,6 @@ on: default: false env: - NODE_VERSION: 23.11.0 - PNPM_VERSION: 9.7.1 DO_NOT_TRACK: 1 # Disable Turbopack telemetry NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry @@ -29,9 +27,6 @@ jobs: uses: actions/checkout@v4 - name: Setup uses: ./.github/actions/setup - with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} - name: Run audit dependencies script id: audit_dependencies diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 71dde36448..9ca829bcbe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,8 +17,6 @@ concurrency: cancel-in-progress: true env: - NODE_VERSION: 23.11.0 - PNPM_VERSION: 9.7.1 DO_NOT_TRACK: 1 # Disable Turbopack telemetry NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry @@ -71,10 +69,6 @@ jobs: - name: Node setup uses: ./.github/actions/setup - with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Lint run: pnpm lint -- --quiet @@ -89,10 +83,6 @@ jobs: - name: Node setup uses: ./.github/actions/setup - with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - run: pnpm run build:all env: @@ -114,11 +104,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -141,11 +128,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -205,11 +189,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -330,11 +311,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -467,11 +445,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -573,11 +548,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -673,11 +645,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 @@ -735,11 +704,8 @@ jobs: - name: Node setup uses: ./.github/actions/setup with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} pnpm-run-install: false pnpm-restore-cache: false # Full build is restored below - pnpm-install-cache-key: pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - name: Restore build uses: actions/cache@v4 diff --git a/.github/workflows/post-release-templates.yml b/.github/workflows/post-release-templates.yml index f371e8dab7..71c0a9739c 100644 --- a/.github/workflows/post-release-templates.yml +++ b/.github/workflows/post-release-templates.yml @@ -7,8 +7,6 @@ on: workflow_dispatch: env: - NODE_VERSION: 23.11.0 - PNPM_VERSION: 9.7.1 DO_NOT_TRACK: 1 # Disable Turbopack telemetry NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry @@ -60,9 +58,6 @@ jobs: - name: Setup uses: ./.github/actions/setup - with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} - name: Start PostgreSQL uses: CasperWA/postgresql-action@v1.2 diff --git a/.github/workflows/post-release.yml b/.github/workflows/post-release.yml index f455ad2da2..daea79ead2 100644 --- a/.github/workflows/post-release.yml +++ b/.github/workflows/post-release.yml @@ -12,8 +12,6 @@ on: default: '' env: - NODE_VERSION: 23.11.0 - PNPM_VERSION: 9.7.1 DO_NOT_TRACK: 1 # Disable Turbopack telemetry NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry diff --git a/.github/workflows/publish-prerelease.yml b/.github/workflows/publish-prerelease.yml index cdc43c7142..ba8383ccf4 100644 --- a/.github/workflows/publish-prerelease.yml +++ b/.github/workflows/publish-prerelease.yml @@ -7,8 +7,6 @@ on: workflow_dispatch: env: - NODE_VERSION: 23.11.0 - PNPM_VERSION: 9.7.1 DO_NOT_TRACK: 1 # Disable Turbopack telemetry NEXT_TELEMETRY_DISABLED: 1 # Disable Next telemetry @@ -23,9 +21,6 @@ jobs: uses: actions/checkout@v4 - name: Setup uses: ./.github/actions/setup - with: - node-version: ${{ env.NODE_VERSION }} - pnpm-version: ${{ env.PNPM_VERSION }} - name: Load npm token run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc env: