fix(security): update dependencies to avoid RCE and other exploits

Обновлены зависимости Node.js, которые были уязвимы с разной степенью критичности. Обновлен Next.js, так как его предыдущая используемая версия привнесла в production-среду постоянную борьбу с майнерами. К сожалению, в этом коммите парсер расписания сломан.
2026-02-11 02:45:44 +04:00
parent 47b8bc7dad
commit b9ae52681e
13 changed files with 607 additions and 1354 deletions
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
    "npm": ">=10.0.0"
  },
  "scripts": {
-    "dev": "next dev --webpack -H 0.0.0.0",
+    "dev": "node --disable-warning=DEP0169 ./node_modules/next/dist/bin/next dev --webpack -H 0.0.0.0",
    "build": "next build --webpack",
    "start": "next start -H 0.0.0.0",
    "lint": "next lint"
@@ -30,11 +30,10 @@
    "date-fns": "^2.30.0",
    "jsdom": "^22.1.0",
    "lucide-react": "^0.554.0",
-    "next": "16.0.3",
+    "next": "16.1.6",
    "next-sitemap": "^4.2.3",
    "next-themes": "^0.2.1",
    "node-html-parser": "^6.1.10",
-    "node-telegram-bot-api": "^0.63.0",
    "react": "19.2.0",
    "react-dom": "19.2.0",
    "react-icons": "^4.11.0",
@@ -50,16 +49,20 @@
    "@types/better-sqlite3": "^7.6.11",
    "@types/jsdom": "^21.1.3",
    "@types/node": "22.0.0",
-    "@types/node-telegram-bot-api": "^0.61.8",
    "@types/react": "19.2.0",
    "@types/react-dom": "19.2.0",
-    "@typescript-eslint/eslint-plugin": "^6.7.3",
    "autoprefixer": "10.4.20",
-    "baseline-browser-mapping": "^2.8.32",
-    "eslint": "8.57.0",
-    "eslint-config-next": "16.0.3",
+    "baseline-browser-mapping": "^2.9.19",
+    "eslint": "^9.0.0",
+    "eslint-config-next": "16.1.6",
    "postcss": "8.4.47",
    "tailwindcss": "^3.4.18",
    "typescript": "5.9.3"
+  },
+  "overrides": {
+    "form-data": ">=2.5.4",
+    "qs": ">=6.14.1",
+    "tough-cookie": ">=4.1.3",
+    "tar": ">=7.5.7"
  }
 }