From c31da266aedc39e47713e9501c19aac58eb098a2 Mon Sep 17 00:00:00 2001 From: Avi Vahl Date: Sun, 26 Apr 2026 13:56:11 +0300 Subject: [PATCH] fix: bump @fastify/static to 9.1.3 - upgrade to latest release to fix vulnerability - changed semver request to use a caret - also bumped local locked postcss version to newer non-vulnerable release. --- package-lock.json | 10 +++++++--- package.json | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 285c9771d70..217645b3775 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "hasInstallScript": true, "license": "MIT", "dependencies": { - "@fastify/static": "9.0.0", + "@fastify/static": "^9.1.3", "@netlify/ai": "0.4.1", "@netlify/api": "14.0.18", "@netlify/blobs": "10.7.0", @@ -1491,7 +1491,9 @@ } }, "node_modules/@fastify/static": { - "version": "9.0.0", + "version": "9.1.3", + "resolved": "https://registry.npmjs.org/@fastify/static/-/static-9.1.3.tgz", + "integrity": "sha512-aXrYtsiryLhRxRNaxNqsn7FUISeb7rB9q4eHUPIot5aeQBLNahnz1m6thzm7JWC1poSGXS9XrX8DvuMivp2hkQ==", "funding": [ { "type": "github", @@ -16319,7 +16321,9 @@ } }, "node_modules/postcss": { - "version": "8.5.6", + "version": "8.5.10", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz", + "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==", "funding": [ { "type": "opencollective", diff --git a/package.json b/package.json index 9f7b25e7661..24e7416e7ce 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "typecheck:watch": "tsc --watch" }, "dependencies": { - "@fastify/static": "9.0.0", + "@fastify/static": "^9.1.3", "@netlify/ai": "0.4.1", "@netlify/api": "14.0.18", "@netlify/blobs": "10.7.0",