From 2e86c708cf67fd8ed1544bbaff6150da7e5872eb Mon Sep 17 00:00:00 2001
From: johndoe6345789 <john.doe6345789@gmail.com>
Date: Mon, 9 Mar 2026 23:31:29 +0000
Subject: [PATCH] fix: patch dependabot vulnerabilities in frontends/postgres
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- npm overrides: minimatch → 10.2.4, tar → 7.5.11, esbuild → >=0.25.0
- Update drizzle-kit to latest
- 4 moderate esbuild vulns remain (drizzle-kit/@esbuild-kit transitive, no upstream fix)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontends/postgres/package.json | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/frontends/postgres/package.json b/frontends/postgres/package.json
index 14665d75e..d14739ead 100644
--- a/frontends/postgres/package.json
+++ b/frontends/postgres/package.json
@@ -66,7 +66,11 @@
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
     "minimatch": "10.2.4",
-    "tar": "7.5.11"
+    "tar": "7.5.11",
+    "esbuild": ">=0.25.0",
+    "@esbuild-kit/core-utils": {
+      "esbuild": ">=0.25.0"
+    }
   },
   "devDependencies": {
     "@antfu/eslint-config": "^7.4.3",
@@ -81,6 +85,7 @@
     "@next/bundle-analyzer": "^16.1.6",
     "@next/eslint-plugin-next": "^16.1.6",
     "@playwright/test": "^1.58.2",
+    "@sentry/nextjs": "^10.39.0",
     "@spotlightjs/spotlight": "^4.10.0",
     "@storybook/addon-a11y": "^10.2.10",
     "@storybook/addon-docs": "^10.2.10",
@@ -101,14 +106,17 @@
     "dotenv-cli": "^11.0.0",
     "drizzle-kit": "^0.31.9",
     "eslint": "^10.0.1",
+    "eslint-config-next": "^16.1.6",
     "eslint-plugin-format": "^2.0.1",
     "eslint-plugin-jsx-a11y": "^6.10.2",
     "eslint-plugin-playwright": "^2.7.0",
+    "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^7.0.1",
     "eslint-plugin-react-refresh": "^0.5.0",
     "eslint-plugin-storybook": "^10.2.10",
     "eslint-plugin-tailwindcss": "^4.0.0-beta.0",
     "get-db": "^0.13.0",
+    "jest": "^30.2.0",
     "knip": "^5.84.1",
     "lefthook": "^2.1.1",
     "npm-run-all2": "^8.0.4",
@@ -122,11 +130,7 @@
     "typescript": "5.9.3",
     "vite-tsconfig-paths": "^6.1.1",
     "vitest": "^4.0.18",
-    "vitest-browser-react": "^2.0.5",
-    "eslint-config-next": "^16.1.6",
-    "eslint-plugin-react": "^7.37.5",
-    "jest": "^30.2.0",
-    "@sentry/nextjs": "^10.39.0"
+    "vitest-browser-react": "^2.0.5"
   },
   "release": {
     "branches": [