mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 04:16:31 +02:00
Code Issues Projects Releases Wiki Activity

Update DOMPurify and Carbon Charts for UI security remediation (#13511) (#13519)

Browse Source 
Pull in the patched DOMPurify release used by the UI sanitizer helper and Carbon Charts.

Co-authored-by: Angelo Cordon <angelo.cordon@hashicorp.com>
Co-authored-by: OpenCode Agent (GPT-5.4) <opencode-agent@users.noreply.github.com>
This commit is contained in:
Vault Automation 2026-04-09 09:55:42 -06:00 committed by GitHub
parent c9aff8aed5
commit 7e23bd9cee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ui/package.json
View File

@ -94,7 +94,7 @@
"d3-shape": "~3.2.0",
"date-fns": "~2.30.0",
"date-fns-tz": "~1.3.8",
"dompurify": "~3.2.5",
"dompurify": "~3.3.3",
"ember-a11y-testing": "~7.1.2",
"ember-basic-dropdown": "~8.7.0",
"ember-cli": "~5.8.0",
@ -209,7 +209,7 @@
"dependencies": {
"@babel/core": "7.26.10",
"@babel/eslint-parser": "^7.28.5",
"@carbon/charts": "^1.27.2",
"@carbon/charts": "^1.27.3",
"@hashicorp-internal/vault-reporting": "file:vault-reporting/0.21.0.tgz",
"@hashicorp/design-system-components": "4.24.1",
"@hashicorp/design-system-tokens": "3.0.0",

66
ui/pnpm-lock.yaml generated
View File

@ -27,8 +27,8 @@ importers:
specifier: ^7.28.5
version: 7.28.5(@babel/core@7.26.10)(eslint@8.57.1)
'@carbon/charts':
specifier: ^1.27.2
version: 1.27.2
specifier: ^1.27.3
version: 1.27.3
'@hashicorp-internal/vault-reporting':
specifier: file:vault-reporting/0.21.0.tgz
version: file:vault-reporting/0.21.0.tgz(@babel/core@7.26.10)(@ember/test-helpers@5.2.2(@babel/core@7.26.10)(@glint/template@1.7.3))(@glint/template@1.7.3)(@hashicorp/design-system-components@4.24.1(819e00e41698270af4113d99ff1633b6))(ember-source@5.8.0(@babel/core@7.26.10)(@glimmer/component@1.1.2(@babel/core@7.26.10))(@glint/template@1.7.3)(rsvp@4.8.5)(webpack@5.105.4))(typescript@5.6.3)(webpack@5.105.4)
@ -199,8 +199,8 @@ importers:
specifier: ~1.3.8
version: 1.3.8(date-fns@2.30.0)
dompurify:
specifier: ~3.2.5
version: 3.2.6
specifier: ~3.3.3
version: 3.3.3
ember-a11y-testing:
specifier: ~7.1.2
version: 7.1.2(@ember/test-helpers@5.2.2(@babel/core@7.26.10)(@glint/template@1.7.3))(@glint/template@1.7.3)(qunit@2.24.1)(webpack@5.105.4)
@ -1085,11 +1085,11 @@ packages:
resolution: {integrity: sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==}
engines: {node: '>=6.9.0'}
'@carbon/charts@1.27.2':
resolution: {integrity: sha512-0eYS1bgwP/z+lCBQrDT8vOJSMJQVKzT3h51lyXwxn9rx3/GLuseEr1+t65elyjUaBxMAs9wT1kDat2PU2d32lA==}
'@carbon/charts@1.27.3':
resolution: {integrity: sha512-Xc8xeujTXoksRKIYzoYXLyMbAr/fxJgLC0/2YiS9ez31xgwr3gPuY4Iijt2KLzMVwmrGSwhZ9VJHCKCrjIKsLQ==}
'@carbon/colors@11.45.0':
resolution: {integrity: sha512-3ZHP2L77PbBytPl6jf7OcDVvEH/i1SIzGJfdA9rMZ7L8AyUpvf/zTEcN+BrOv+Xsg2idPtlz3ZyRkm5oASl6rg==}
'@carbon/colors@11.49.0':
resolution: {integrity: sha512-+e7/noJmk+Hh/9PscNOLsKZHRc6ic2Z2Gb2ay+mqrqtokzNB6qGtilTzD59w9yePXeIy3dZopIv7vCdLAQW++Q==}
'@carbon/utils-position@1.3.0':
resolution: {integrity: sha512-bfar2dV+fQ15syIrH3n9ujY4PXd1Q+AF2VcTLJIC04IDe2f80zOnJlLNPc/RktHcWTZ7WSQm80cQo3abGcsfTA==}
@ -1611,8 +1611,8 @@ packages:
resolution: {integrity: sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==}
deprecated: Use @eslint/object-schema instead
'@ibm/telemetry-js@1.10.2':
resolution: {integrity: sha512-F8+/NNUwtm8BuFz18O9KPvIFTFDo8GUSoyhPxPjEpk7nEyEzWGfhIiEPhL00B2NdHRLDSljh3AiCfSnL/tutiQ==}
'@ibm/telemetry-js@1.11.0':
resolution: {integrity: sha512-RO/9j+URJnSfseWg9ZkEX9p+a3Ousd33DBU7rOafoZB08RqdzxFVYJ2/iM50dkBuD0o7WX7GYt1sLbNgCoE+pA==}
hasBin: true
'@icholy/duration@5.1.0':
@ -3557,8 +3557,8 @@ packages:
resolution: {integrity: sha512-VE5S6TNa+j8msksl7HwjxMHDM2yNK3XCkusIlpX5kwauBfXuyLAtNg9jCp/iHH61tgI4sb6R/EIMWCqEIdjT/g==}
engines: {node: '>=12'}
d3-cloud@1.2.8:
resolution: {integrity: sha512-K0qBFkgystNlgFW/ufdwIES5kDiC8cGJxMw4ULzN9UU511v89A6HXs1X8vUPxqurehzqJZS5KzZI4c8McT+4UA==}
d3-cloud@1.2.9:
resolution: {integrity: sha512-leL1GLneC9ZQtnV+6TGWrNlGfI1WX7S2arcTv2vae12DaXo5wjm6GBCkskXbrDlyOymd/A75Pyj1H37MW4BZ/Q==}
d3-color@3.1.0:
resolution: {integrity: sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==}
@ -3786,8 +3786,8 @@ packages:
resolution: {integrity: sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==}
engines: {node: '>= 0.4'}
delaunator@5.0.1:
resolution: {integrity: sha512-8nvh+XBe96aCESrGOqMp/84b13H9cdKbG5P2ejQCh4d4sK9RL4371qou9drQjMhvnPmhWl5hnmqbEE0fXr9Xnw==}
delaunator@5.1.0:
resolution: {integrity: sha512-AGrQ4QSgssa1NGmWmLPqN5NY2KajF5MqxetNEO+o0n3ZwZZeTmt7bBnvzHWrmkZFxGgr4HdyFgelzgi06otLuQ==}
delegates@1.0.0:
resolution: {integrity: sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==}
@ -3843,8 +3843,8 @@ packages:
dom-element-descriptors@0.5.1:
resolution: {integrity: sha512-DLayMRQ+yJaziF4JJX1FMjwjdr7wdTr1y9XvZ+NfHELfOMcYDnCHneAYXAS4FT1gLILh4V0juMZohhH1N5FsoQ==}
dompurify@3.2.6:
resolution: {integrity: sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==}
dompurify@3.3.3:
resolution: {integrity: sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==}
dot-case@3.0.4:
resolution: {integrity: sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==}
@ -6943,8 +6943,8 @@ packages:
resolution: {integrity: sha512-l0OE8wL34P4nJH/H2ffoaniAokM2qSmrtXHmlpvYr5AVVX8msAyW0l8NVJFDxlSK4u3Uh/f41cQheDVdnYijwQ==}
hasBin: true
robust-predicates@3.0.2:
resolution: {integrity: sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==}
robust-predicates@3.0.3:
resolution: {integrity: sha512-NS3levdsRIUOmiJ8FZWCP7LG3QpJyrs/TE0Zpf1yvZu8cAJJ6QMW92H1c7kWpdIHo8RvmLxN/o2JXTKHp74lUA==}
rollup-pluginutils@2.8.2:
resolution: {integrity: sha512-EEp9NhnUkwY8aif6bxgovPHMoMoNr2FulJziTndpt5H9RdwC47GSGuII9XxpSdzVGM0GWrNPHV6ie1LTNJPaLQ==}
@ -10203,30 +10203,30 @@ snapshots:
'@babel/helper-string-parser': 7.27.1
'@babel/helper-validator-identifier': 7.28.5
'@carbon/charts@1.27.2':
'@carbon/charts@1.27.3':
dependencies:
'@carbon/colors': 11.45.0
'@carbon/colors': 11.49.0
'@carbon/utils-position': 1.3.0
'@ibm/telemetry-js': 1.10.2
'@ibm/telemetry-js': 1.11.0
'@types/d3': 7.4.3
'@types/topojson': 3.2.6
d3: 7.9.0
d3-cloud: 1.2.8
d3-cloud: 1.2.9
d3-sankey: 0.12.3
date-fns: 4.1.0
dompurify: 3.2.6
dompurify: 3.3.3
html-to-image: 1.11.11
lodash-es: 4.17.23
topojson-client: 3.1.0
tslib: 2.8.1
'@carbon/colors@11.45.0':
'@carbon/colors@11.49.0':
dependencies:
'@ibm/telemetry-js': 1.10.2
'@ibm/telemetry-js': 1.11.0
'@carbon/utils-position@1.3.0':
dependencies:
'@ibm/telemetry-js': 1.10.2
'@ibm/telemetry-js': 1.11.0
'@cnakazawa/watch@1.0.4':
dependencies:
@ -11154,7 +11154,7 @@ snapshots:
'@humanwhocodes/object-schema@2.0.3': {}
'@ibm/telemetry-js@1.10.2': {}
'@ibm/telemetry-js@1.11.0': {}
'@icholy/duration@5.1.0': {}
@ -13641,7 +13641,7 @@ snapshots:
dependencies:
d3-path: 3.1.0
d3-cloud@1.2.8:
d3-cloud@1.2.9:
dependencies:
d3-dispatch: 1.0.6
@ -13653,7 +13653,7 @@ snapshots:
d3-delaunay@6.0.4:
dependencies:
delaunator: 5.0.1
delaunator: 5.1.0
d3-dispatch@1.0.6: {}
@ -13884,9 +13884,9 @@ snapshots:
has-property-descriptors: 1.0.2
object-keys: 1.1.1
delaunator@5.0.1:
delaunator@5.1.0:
dependencies:
robust-predicates: 3.0.2
robust-predicates: 3.0.3
delegates@1.0.0: {}
@ -13921,7 +13921,7 @@ snapshots:
dom-element-descriptors@0.5.1: {}
dompurify@3.2.6:
dompurify@3.3.3:
optionalDependencies:
'@types/trusted-types': 2.0.7
@ -18193,7 +18193,7 @@ snapshots:
dependencies:
glob: 10.5.0
robust-predicates@3.0.2: {}
robust-predicates@3.0.3: {}
rollup-pluginutils@2.8.2:
dependencies: