From f6f014a907f346e46576776162430010314ba7b5 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Mon, 11 Feb 2019 07:22:54 +0100 Subject: [PATCH 1/3] fix: update dependencies due to security vulnerabilities lodash@3.0.1-0 --- package.json | 6 +++--- yarn.lock | 54 +++++++++++++++++++++++----------------------------- 2 files changed, 27 insertions(+), 33 deletions(-) diff --git a/package.json b/package.json index 5b2550008..1ba6cb8e3 100644 --- a/package.json +++ b/package.json @@ -16,10 +16,10 @@ }, "dependencies": { "@verdaccio/file-locking": "0.0.8", - "@verdaccio/local-storage": "1.1.4", + "@verdaccio/local-storage": "1.1.6", "@verdaccio/streams": "1.0.0", "JSONStream": "1.3.5", - "async": "2.6.1", + "async": "3.0.1-0", "body-parser": "1.18.3", "bunyan": "1.8.12", "chalk": "2.4.2", @@ -30,7 +30,7 @@ "date-fns": "1.29.0", "express": "4.16.4", "global": "4.3.2", - "handlebars": "4.0.12", + "handlebars": "4.1.0", "http-errors": "1.7.1", "js-base64": "2.5.1", "js-string-escape": "1.0.1", diff --git a/yarn.lock b/yarn.lock index 8bd28d93b..ff162fc59 100644 --- a/yarn.lock +++ b/yarn.lock @@ -237,13 +237,6 @@ version "10.5.4" resolved "https://registry.npmjs.org/@types/node/-/node-10.5.4.tgz#6eccc158504357d1da91434d75e86acde94bb10b" -"@verdaccio/file-locking@0.0.7": - version "0.0.7" - resolved "https://registry.npmjs.org/@verdaccio/file-locking/-/file-locking-0.0.7.tgz#5fd1b2bd391e54fa32d079002b5f7ba90844e344" - dependencies: - lockfile "1.0.3" - lodash "4.17.10" - "@verdaccio/file-locking@0.0.8": version "0.0.8" resolved "https://registry.npmjs.org/@verdaccio/file-locking/-/file-locking-0.0.8.tgz#6acb62e17db2fa093f86158e4a1c0b2802a69359" @@ -252,14 +245,14 @@ lockfile "1.0.4" lodash "4.17.11" -"@verdaccio/local-storage@1.1.4": - version "1.1.4" - resolved "https://registry.npmjs.org/@verdaccio/local-storage/-/local-storage-1.1.4.tgz#e40f0315fb1964cb4234e32f6526dc5c5a40d285" - integrity sha512-ocmot986URUER2DYXFM2iMqRTlO1so7tY2uxPF86+T9qOpvBS+TT2Q+ZwMyDJxe6f5GMAjpB19WFFFBq8k6LSA== +"@verdaccio/local-storage@1.1.6": + version "1.1.6" + resolved "https://registry.npmjs.org/@verdaccio/local-storage/-/local-storage-1.1.6.tgz#961310552d1927178830aa00d9ad3cef1dd1deea" + integrity sha512-rSzugEK6GDenprvnbzR66LSwwpdvXkG7UUJQDQu7dFjlwcCFYJZ9vgOwSU2XJnxFH+ah+ngFIQFB/wTGzzK2gA== dependencies: - "@verdaccio/file-locking" "0.0.7" + "@verdaccio/file-locking" "0.0.8" "@verdaccio/streams" "1.0.0" - async "2.6.1" + async "3.0.1-0" http-errors "1.7.1" lodash "4.17.11" mkdirp "0.5.1" @@ -745,16 +738,21 @@ async-validator@^1.8.1: dependencies: babel-runtime "6.x" -async@2.6.1, async@^2.1.4, async@^2.5.0: - version "2.6.1" - resolved "https://registry.npmjs.org/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" - dependencies: - lodash "^4.17.10" +async@3.0.1-0: + version "3.0.1-0" + resolved "https://registry.npmjs.org/async/-/async-3.0.1-0.tgz#ca06713f91c3d9eea3e966ace4093f41ef89f200" + integrity sha512-b+lONkCWH/GCAIrU0j4m5zed5t+5dfjM2TbUSmKCagx6TZp2jQrNkGL7j1SUb0fF1yH6sKBiXC7Zid8Zj94O6A== async@^1.4.0, async@^1.5.2: version "1.5.2" resolved "https://registry.npmjs.org/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" +async@^2.1.4, async@^2.5.0: + version "2.6.1" + resolved "https://registry.npmjs.org/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" + dependencies: + lodash "^4.17.10" + asynckit@^0.4.0: version "0.4.0" resolved "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" @@ -4691,10 +4689,10 @@ handle-thing@^2.0.0: resolved "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.0.tgz#0e039695ff50c93fc288557d696f3c1dc6776754" integrity sha512-d4sze1JNC454Wdo2fkuyzCr6aHcbL6PGGuFAz0Li/NcOm1tCHGnWDRmJP85dh9IhQErTc2svWFEX5xHIOo//kQ== -handlebars@4.0.12: - version "4.0.12" - resolved "https://registry.npmjs.org/handlebars/-/handlebars-4.0.12.tgz#2c15c8a96d46da5e266700518ba8cb8d919d5bc5" - integrity sha512-RhmTekP+FZL+XNhwS1Wf+bTTZpdLougwt5pcgA1tuz6Jcx0fpH/7z0qd71RKnZHBCxIRBHfBOnio4gViPemNzA== +handlebars@4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/handlebars/-/handlebars-4.1.0.tgz#0d6a6f34ff1f63cecec8423aa4169827bf787c3a" + integrity sha512-l2jRuU1NAWK6AW5qqcTATWQJvNPEwkM7NEKSiv/gqOsoSQbVoWyqVEY5GS+XPQ88zLNmqASRpzfdm8d79hJS+w== dependencies: async "^2.5.0" optimist "^0.6.1" @@ -6308,10 +6306,6 @@ locate-path@^3.0.0: p-locate "^3.0.0" path-exists "^3.0.0" -lockfile@1.0.3: - version "1.0.3" - resolved "https://registry.npmjs.org/lockfile/-/lockfile-1.0.3.tgz#2638fc39a0331e9cac1a04b71799931c9c50df79" - lockfile@1.0.4: version "1.0.4" resolved "https://registry.npmjs.org/lockfile/-/lockfile-1.0.4.tgz#07f819d25ae48f87e538e6578b6964a4981a5609" @@ -6435,15 +6429,15 @@ lodash.upperfirst@4.3.1: version "4.3.1" resolved "https://registry.npmjs.org/lodash.upperfirst/-/lodash.upperfirst-4.3.1.tgz#1365edf431480481ef0d1c68957a5ed99d49f7ce" -lodash@4.17.10, lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@~4.17.10: - version "4.17.10" - resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7" - lodash@4.17.11: version "4.17.11" resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg== +lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@~4.17.10: + version "4.17.10" + resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7" + log-symbols@^2.0.0, log-symbols@^2.1.0: version "2.2.0" resolved "https://registry.npmjs.org/log-symbols/-/log-symbols-2.2.0.tgz#5740e1c5d6f0dfda4ad9323b5332107ef6b4c40a" From 12d153344b5a95c0fb5b147528ec6db408aaf3c2 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Mon, 11 Feb 2019 07:23:24 +0100 Subject: [PATCH 2/3] chore(release): 3.11.4 --- CHANGELOG.md | 10 ++++++++++ package.json | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 145d8c928..aa5ae6b5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [3.11.4](https://github.com/verdaccio/verdaccio/compare/v3.11.3...v3.11.4) (2019-02-11) + + +### Bug Fixes + +* update dependencies due to security vulnerabilities ([f6f014a](https://github.com/verdaccio/verdaccio/commit/f6f014a)) + + + ## [3.11.3](https://github.com/verdaccio/verdaccio/compare/v3.11.2...v3.11.3) (2019-02-07) diff --git a/package.json b/package.json index 1ba6cb8e3..8634bcf91 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "verdaccio", - "version": "3.11.3", + "version": "3.11.4", "description": "Private npm repository server", "author": { "name": "Alex Kocharin", From c42c06666f359d219adb00e620a03f642613b05e Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Mon, 11 Feb 2019 07:33:35 +0100 Subject: [PATCH 3/3] chore: update lock file --- yarn.lock | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/yarn.lock b/yarn.lock index a74ad7e8b..5e464a94d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1795,6 +1795,11 @@ async@2.6.1, async@^2.1.4, async@^2.5.0: dependencies: lodash "^4.17.10" +async@3.0.1-0: + version "3.0.1-0" + resolved "https://registry.verdaccio.org/async/-/async-3.0.1-0.tgz#ca06713f91c3d9eea3e966ace4093f41ef89f200" + integrity sha512-b+lONkCWH/GCAIrU0j4m5zed5t+5dfjM2TbUSmKCagx6TZp2jQrNkGL7j1SUb0fF1yH6sKBiXC7Zid8Zj94O6A== + async@^1.5.2: version "1.5.2" resolved "https://registry.verdaccio.org/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a"