From 31d6392180eea8b303ce29b311da3a2dcaa874f8 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Tue, 16 Jun 2026 15:32:50 +0000 Subject: [PATCH 1/2] fix: CVE-2026-9277 security vulnerability Automated dependency upgrade by OrbisAI Security --- package.json | 4 +++- yarn.lock | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 1145fad9..e55c418f 100644 --- a/package.json +++ b/package.json @@ -105,7 +105,8 @@ "@tiptap/extension-underline": "3.20.4", "@tiptap/extensions": "3.20.4", "@tiptap/pm": "3.20.4", - "@tiptap/react": "3.20.4" + "@tiptap/react": "3.20.4", + "shell-quote": "1.8.4" }, "devDependencies": { "@commitlint/config-conventional": "^19.6.0", @@ -120,6 +121,7 @@ "@types/jest": "^29.5.5", "@types/react": "^19.1.0", "@types/react-dom": "^19.1.0", + "@types/shell-quote": "^1", "clang-format": "^1.8.0", "commitlint": "^19.6.1", "del-cli": "^5.1.0", diff --git a/yarn.lock b/yarn.lock index 46bce347..8f46249a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4516,6 +4516,13 @@ __metadata: languageName: node linkType: hard +"@types/shell-quote@npm:^1": + version: 1.7.5 + resolution: "@types/shell-quote@npm:1.7.5" + checksum: 10c0/ddcf225e85e5520e3f44411d7d79eee0e56477fab705d0d93e293b61b9f8de2a57db6e859d492a24bc9e0d071c0490271efeae832756e2ac0d4d255922ac281d + languageName: node + linkType: hard + "@types/stack-utils@npm:^2.0.0": version: 2.0.3 resolution: "@types/stack-utils@npm:2.0.3" @@ -12587,6 +12594,7 @@ __metadata: "@types/jest": "npm:^29.5.5" "@types/react": "npm:^19.1.0" "@types/react-dom": "npm:^19.1.0" + "@types/shell-quote": "npm:^1" clang-format: "npm:^1.8.0" commitlint: "npm:^19.6.1" del-cli: "npm:^5.1.0" @@ -12601,6 +12609,7 @@ __metadata: react-native: "npm:0.81.0" react-native-builder-bob: "npm:^0.40.18" release-it: "npm:^17.10.0" + shell-quote: "npm:1.8.4" turbo: "npm:^1.10.7" typescript: "npm:^5.8.3" peerDependencies: @@ -13489,6 +13498,13 @@ __metadata: languageName: node linkType: hard +"shell-quote@npm:1.8.4": + version: 1.8.4 + resolution: "shell-quote@npm:1.8.4" + checksum: 10c0/86c93678bc394cb81f5ddcdc87df9c95d279ef9652775cd1cd1eed361404169a8d8cbaacaeed232ab09919e36ee1e5363863570390d78571f8c22b7f6312fb40 + languageName: node + linkType: hard + "shell-quote@npm:^1.6.1, shell-quote@npm:^1.8.1": version: 1.8.2 resolution: "shell-quote@npm:1.8.2" From a588525f2cef290e6523156cb377e1f78169e8ce Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Wed, 17 Jun 2026 05:58:57 +0000 Subject: [PATCH 2/2] Address review feedback (1 comments) --- package.json | 2 +- yarn.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index e55c418f..963f85b4 100644 --- a/package.json +++ b/package.json @@ -121,7 +121,7 @@ "@types/jest": "^29.5.5", "@types/react": "^19.1.0", "@types/react-dom": "^19.1.0", - "@types/shell-quote": "^1", + "@types/shell-quote": "^1.7.5", "clang-format": "^1.8.0", "commitlint": "^19.6.1", "del-cli": "^5.1.0", diff --git a/yarn.lock b/yarn.lock index 8f46249a..716cdfe6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4516,7 +4516,7 @@ __metadata: languageName: node linkType: hard -"@types/shell-quote@npm:^1": +"@types/shell-quote@npm:^1.7.5": version: 1.7.5 resolution: "@types/shell-quote@npm:1.7.5" checksum: 10c0/ddcf225e85e5520e3f44411d7d79eee0e56477fab705d0d93e293b61b9f8de2a57db6e859d492a24bc9e0d071c0490271efeae832756e2ac0d4d255922ac281d @@ -12594,7 +12594,7 @@ __metadata: "@types/jest": "npm:^29.5.5" "@types/react": "npm:^19.1.0" "@types/react-dom": "npm:^19.1.0" - "@types/shell-quote": "npm:^1" + "@types/shell-quote": "npm:^1.7.5" clang-format: "npm:^1.8.0" commitlint: "npm:^19.6.1" del-cli: "npm:^5.1.0"