From 5b16882a83f9cb3a649529736e59ab7c973ba55a Mon Sep 17 00:00:00 2001
From: le king fu <lekingfu@protonmail.com>
Date: Wed, 8 Apr 2026 15:22:42 -0400
Subject: [PATCH] fix: update drizzle-orm and @xmldom/xmldom to fix high
 vulnerabilities (#54)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- drizzle-orm 0.45.1 → 0.45.2 (SQL injection via improperly escaped identifiers)
- @xmldom/xmldom 0.8.11 → 0.8.12 (XML injection via unsafe CDATA serialization)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 package-lock.json | 18 +++++++++---------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 16cf09d..e75ce87 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "simpl-liste",
-  "version": "1.4.0",
+  "version": "1.5.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "simpl-liste",
-      "version": "1.4.0",
+      "version": "1.5.1",
       "dependencies": {
         "@expo-google-fonts/inter": "^0.4.2",
         "@expo/ngrok": "^4.1.3",
@@ -16,7 +16,7 @@
         "@react-native-community/datetimepicker": "8.4.4",
         "@react-navigation/native": "^7.1.8",
         "date-fns": "^4.1.0",
-        "drizzle-orm": "^0.45.1",
+        "drizzle-orm": "^0.45.2",
         "expo": "~54.0.33",
         "expo-auth-session": "~7.0.10",
         "expo-calendar": "~15.0.8",
@@ -3816,9 +3816,9 @@
       }
     },
     "node_modules/@xmldom/xmldom": {
-      "version": "0.8.11",
-      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.11.tgz",
-      "integrity": "sha512-cQzWCtO6C8TQiYl1ruKNn2U6Ao4o4WBBcbL61yJl84x+j5sOWWFU9X7DpND8XZG3daDppSsigMdfAIl2upQBRw==",
+      "version": "0.8.12",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.12.tgz",
+      "integrity": "sha512-9k/gHF6n/pAi/9tqr3m3aqkuiNosYTurLLUtc7xQ9sxB/wm7WPygCv8GYa6mS0fLJEHhqMC1ATYhz++U/lRHqg==",
       "license": "MIT",
       "engines": {
         "node": ">=10.0.0"
@@ -5375,9 +5375,9 @@
       }
     },
     "node_modules/drizzle-orm": {
-      "version": "0.45.1",
-      "resolved": "https://registry.npmjs.org/drizzle-orm/-/drizzle-orm-0.45.1.tgz",
-      "integrity": "sha512-Te0FOdKIistGNPMq2jscdqngBRfBpC8uMFVwqjf6gtTVJHIQ/dosgV/CLBU2N4ZJBsXL5savCba9b0YJskKdcA==",
+      "version": "0.45.2",
+      "resolved": "https://registry.npmjs.org/drizzle-orm/-/drizzle-orm-0.45.2.tgz",
+      "integrity": "sha512-kY0BSaTNYWnoDMVoyY8uxmyHjpJW1geOmBMdSSicKo9CIIWkSxMIj2rkeSR51b8KAPB7m+qysjuHme5nKP+E5Q==",
       "license": "Apache-2.0",
       "peerDependencies": {
         "@aws-sdk/client-rds-data": ">=3",
diff --git a/package.json b/package.json
index 0dfe762..08d871b 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "@react-native-community/datetimepicker": "8.4.4",
     "@react-navigation/native": "^7.1.8",
     "date-fns": "^4.1.0",
-    "drizzle-orm": "^0.45.1",
+    "drizzle-orm": "^0.45.2",
     "expo": "~54.0.33",
     "expo-auth-session": "~7.0.10",
     "expo-calendar": "~15.0.8",