From 96de06dfd6ba7253c3733211930e9a301cffa71a Mon Sep 17 00:00:00 2001
From: ailuckly <ailuckly@outlook.com>
Date: Wed, 6 May 2026 21:37:41 +0800
Subject: [PATCH] fix(security): update vulnerable dependencies

- Update pgjdbc to 42.7.7 to address the channelBinding=require insecure authentication fallback advisory.

- Update PostCSS lockfile entries in vocata-web and vocata-admin to 8.5.14 to address the CSS stringify XSS advisory.

Verification:

- npm ls postcss --package-lock-only (vocata-web, vocata-admin)

- npm audit --audit-level=moderate (vocata-web, vocata-admin)

- mvn -Dmaven.repo.local=/tmp/juhao_m2repo -DskipTests -Dincludes=org.postgresql:postgresql dependency:tree

- ./scripts/validate-web.sh

- ./scripts/validate-admin.sh

- mvn -Dmaven.repo.local=/tmp/juhao_m2repo -Dmaven.test.skip=true package
---
 vocata-admin/package-lock.json | 4 +++-
 vocata-server/pom.xml          | 4 ++--
 vocata-web/package-lock.json   | 6 +++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/vocata-admin/package-lock.json b/vocata-admin/package-lock.json
index 620deb6..bde60ab 100644
--- a/vocata-admin/package-lock.json
+++ b/vocata-admin/package-lock.json
@@ -5093,7 +5093,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.6",
+      "version": "8.5.14",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.14.tgz",
+      "integrity": "sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==",
       "funding": [
         {
           "type": "opencollective",
diff --git a/vocata-server/pom.xml b/vocata-server/pom.xml
index b9ea384..a2243af 100644
--- a/vocata-server/pom.xml
+++ b/vocata-server/pom.xml
@@ -22,7 +22,7 @@
         <java.version>17</java.version>
         <mybatis-plus.version>3.5.3.2</mybatis-plus.version>
         <sa-token.version>1.37.0</sa-token.version>
-        <postgresql.version>42.7.4</postgresql.version>
+        <postgresql.version>42.7.7</postgresql.version>
         <redisson.version>3.23.4</redisson.version>
     </properties>
 
@@ -205,4 +205,4 @@
             </plugin>
         </plugins>
     </build>
-</project>
\ No newline at end of file
+</project>
diff --git a/vocata-web/package-lock.json b/vocata-web/package-lock.json
index 1a7b107..6713fcb 100644
--- a/vocata-web/package-lock.json
+++ b/vocata-web/package-lock.json
@@ -5949,9 +5949,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+      "version": "8.5.14",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.14.tgz",
+      "integrity": "sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==",
       "funding": [
         {
           "type": "opencollective",