From 780ad31d3d35498ab7e872daa6e2cce3e9df9ba5 Mon Sep 17 00:00:00 2001
From: "Zen P." <zenpower@sonnenkinder.org>
Date: Sat, 3 Jan 2026 22:31:55 +0100
Subject: [PATCH] fix(deps): update @node-minify packages to v10.1.1 (#1150)

Fixes high severity vulnerability in glob (CVE via @node-minify/core).

Updates:
- @node-minify/core: ^9.0.2 -> ^10.1.1
- @node-minify/clean-css: ^9.0.1 -> ^10.1.1
- @node-minify/terser: ^9.0.1 -> ^10.1.1

The glob vulnerability (GHSA-5j98-mcp5-4vw2) allowed command injection
via -c/--cmd flag. @node-minify v10.x removes glob as a dependency,
eliminating this attack vector.

Co-authored-by: Zenpower <dev@zenpower.at>
---
 package.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 0a7c4d2..79133aa 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@emulatorjs/emulatorjs",
-    "version": "4.2.3",
+    "version": "4.2.4",
     "type": "module",
     "description": "EmulatorJS is a frontend for RetroArch in the web browser.",
     "homepage": "https://emulatorjs.org",
@@ -21,9 +21,9 @@
         "docs": "jsdoc data/src/*.js -d jsdoc"
     },
     "dependencies": {
-        "@node-minify/clean-css": "^9.0.1",
-        "@node-minify/core": "^9.0.2",
-        "@node-minify/terser": "^9.0.1",
+        "@node-minify/clean-css": "^10.1.1",
+        "@node-minify/core": "^10.1.1",
+        "@node-minify/terser": "^10.1.1",
         "http-server": "^14.1.1",
         "node-7z": "^3.0.0"
     },