[Snyk] Security upgrade @polkadot/react-components from 0.0.0-use.local to 0.34.1

[wetzja04-dot]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• packages/page-sudo/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improperly Controlled Modification of Dynamically-Determined Object Attributes SNYK-JS-MDASTUTILTOHAST-14157221	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes

[continue]

Keep this PR in a mergeable state →

Learn more

---

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

[Copilot]

Pull request overview

This PR was automatically created by Snyk to address a security vulnerability (SNYK-JS-MDASTUTILTOHAST-14157221) by attempting to upgrade @polkadot/react-components from 0.0.0-use.local to 0.34.1. However, this change is fundamentally incorrect because @polkadot/react-components is a private local workspace package within this monorepo, not a published npm package that can be upgraded.

Key Issues:

• Snyk misidentified a private workspace package as a published npm package
• The proposed version ^0.34.1 does not exist for this internal package
• The change would break workspace dependency resolution across the monorepo

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Snyk appears to have misidentified @polkadot/react-components as a published npm package with a security vulnerability. However, this is a private workspace package within this monorepo and has no published versions. The security vulnerability (SNYK-JS-MDASTUTILTOHAST-14157221) in the mdast-util-to-hast dependency should be addressed by updating the actual transitive dependencies of @polkadot/react-components (specifically react-markdown or rehype-raw), not by changing the version reference of the workspace package itself.