fix(deps): high picomatch vulnerabilities (#1574)

* fix medium and high vulnerabilities

* undo vitest as no vulnerabilities

* undo vite

* undo yaml lock

* undo yaml lock

* undo yaml lock

Author: guoda-puidokaite

.changeset/empty-doors-add.md

@@ -0,0 +1,11 @@
+---
+"@cloudoperators/juno-ui-components": patch
+"@cloudoperators/juno-app-greenhouse": patch
+"@cloudoperators/juno-app-supernova": patch
+"@cloudoperators/juno-app-template": patch
+"@cloudoperators/juno-app-heureka": patch
+"@cloudoperators/juno-app-carbon": patch
+"@cloudoperators/juno-app-doop": patch
+---
+
+Fix high vulnerabilities related to transitive dependencies `picomatch` by upgrading root project dependencies and where not possible, locking `picomatch` at versions without vulnerabilities.

apps/carbon/package.json

@@ -61,7 +61,7 @@
     "typescript": "5.9.3",
     "vite": "7.3.1",
     "vite-plugin-svgr": "4.5.0",
-    "vite-tsconfig-paths": "5.1.4",
+    "vite-tsconfig-paths": "6.1.1",
     "vitest": "3.2.4"
   }
 }

apps/doop/package.json

@@ -16,7 +16,7 @@
     "@cloudoperators/juno-config": "workspace:*",
     "@tanstack/react-query": "5.90.21",
     "@tailwindcss/vite": "4.2.1",
-    "@tanstack/router-plugin": "1.161.4",
+    "@tanstack/router-plugin": "1.167.8",
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.2",
     "@types/react": "19.2.14",

apps/greenhouse/package.json

@@ -12,7 +12,7 @@
   "devDependencies": {
     "@cloudoperators/juno-config": "workspace:*",
     "@tailwindcss/vite": "4.2.1",
-    "@tanstack/router-plugin": "1.161.4",
+    "@tanstack/router-plugin": "1.167.8",
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.2",
     "@testing-library/user-event": "14.6.1",

apps/heureka/package.json

@@ -46,7 +46,7 @@
     "@graphql-codegen/typescript": "5.0.9",
     "@graphql-codegen/typescript-operations": "5.0.9",
     "@graphql-codegen/typescript-react-apollo": "4.4.1",
-    "@tanstack/router-plugin": "1.161.4",
+    "@tanstack/router-plugin": "1.167.8",
     "@tailwindcss/vite": "4.2.1",
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.2",
@@ -73,7 +73,7 @@
     "typescript": "5.9.3",
     "vite": "7.3.1",
     "vite-plugin-svgr": "4.5.0",
-    "vite-tsconfig-paths": "5.1.4",
+    "vite-tsconfig-paths": "6.1.1",
     "vitest": "3.2.4"
   }
 }

apps/supernova/package.json

@@ -17,7 +17,7 @@
     "@cloudoperators/juno-config": "workspace:*",
     "@tailwindcss/vite": "4.2.1",
     "@tanstack/react-query": "5.90.21",
-    "@tanstack/router-plugin": "1.161.4",
+    "@tanstack/router-plugin": "1.167.8",
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.2",
     "@types/react": "19.2.14",

apps/template/package.json

@@ -54,7 +54,7 @@
     "tailwindcss": "4.2.1",
     "typescript": "5.9.3",
     "vite": "7.3.1",
-    "vite-tsconfig-paths": "5.1.4",
+    "vite-tsconfig-paths": "6.1.1",
     "vitest": "3.2.4"
   }
 }

package.json

@@ -28,7 +28,7 @@
     "pre:push": "turbo run lint typecheck"
   },
   "devDependencies": {
-    "@changesets/cli": "2.29.7",
+    "@changesets/cli": "2.30.0",
     "@commitlint/cli": "19.8.1",
     "@commitlint/config-conventional": "19.8.1",
     "@types/node": "24.3.2",
@@ -47,7 +47,8 @@
   "pnpm": {
     "overrides": {
       "minimatch": ">=10.2.4",
-      "@vitest/ui>flatted": ">=3.4.2"
+      "flatted": ">=3.4.2",
+      "picomatch": ">=4.0.4"
     }
   }
 }

packages/ui-components/package.json

@@ -53,7 +53,7 @@
     "vite-plugin-dts": "4.5.4",
     "vite-plugin-glob": "0.3.2",
     "vite-plugin-svgr": "4.5.0",
-    "vite-tsconfig-paths": "5.1.4",
+    "vite-tsconfig-paths": "6.1.1",
     "vitest": "3.2.4"
   },
   "peerDependencies": {