From 1e664bdfa54b27eb2566399aebb204c0711a7c67 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Thu, 12 Mar 2020 07:18:12 +0100 Subject: [PATCH] fix: update dependencies security warnings (#1748) --- package.json | 8 ++-- yarn.lock | 117 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 74 insertions(+), 51 deletions(-) diff --git a/package.json b/package.json index c0c5df75c..cd8df577c 100644 --- a/package.json +++ b/package.json @@ -20,10 +20,10 @@ "url": "https://opencollective.com/verdaccio" }, "dependencies": { - "@verdaccio/commons-api": "^8.5.0", - "@verdaccio/local-storage": "^9.3.0", - "@verdaccio/readme": "^9.3.2", - "@verdaccio/streams": "^8.5.2", + "@verdaccio/commons-api": "^9.3.2", + "@verdaccio/local-storage": "^9.3.4", + "@verdaccio/readme": "^9.3.3", + "@verdaccio/streams": "^9.3.2", "@verdaccio/ui-theme": "^0.3.13", "JSONStream": "1.3.5", "async": "3.1.1", diff --git a/yarn.lock b/yarn.lock index da1f7e04e..cf3acc2d6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1850,10 +1850,10 @@ http-errors "1.7.3" http-status-codes "1.4.0" -"@verdaccio/commons-api@^9.0.0": - version "9.0.0" - resolved "https://registry.verdaccio.org/@verdaccio%2fcommons-api/-/commons-api-9.0.0.tgz#d13d73e3d784fb2292965015176bd7f870583cb1" - integrity sha512-rX4ABMh80dXyWRo8gEppiyA04siVAGzmhCG+vvVu7fGN6hn3XU1pR4xYeKWMDq4ofWpyI777uMftcYzbZc9AtA== +"@verdaccio/commons-api@^9.3.2": + version "9.3.2" + resolved "https://registry.verdaccio.org/@verdaccio%2fcommons-api/-/commons-api-9.3.2.tgz#7ce1e2c694fb6ca4f5a7cbc2b4445f3019d7e950" + integrity sha512-qbzyTRZtbURr6p50Gdo4axFrVBJ57HXymiU79Oh6OwmPNWpPJxhau+FURzVJySSIhCoDyOfFKI/KirTEt+V8Pw== dependencies: http-errors "1.7.3" http-status-codes "1.4.0" @@ -1888,10 +1888,10 @@ dependencies: lockfile "1.0.4" -"@verdaccio/file-locking@^9.3.0": - version "9.3.0" - resolved "https://registry.yarnpkg.com/@verdaccio/file-locking/-/file-locking-9.3.0.tgz#35758e6651da2779dd6d74c358328fb4bc9a8163" - integrity sha512-uIMReFaMKl/MZBmfiuO+tWf5XHlPSrECbmBtmZaUyah3WHSKsNcfhGF7mEfvPglUP580twaWHa7NNJRmI5NFeA== +"@verdaccio/file-locking@^9.3.2": + version "9.3.2" + resolved "https://registry.verdaccio.org/@verdaccio%2ffile-locking/-/file-locking-9.3.2.tgz#f3bdc21fe7adfb3c12216d65f6402cd496584f31" + integrity sha512-SVILYv5MAVX1NMkBc8oV1nMjlh04YS/9QOZgasv87GEzgxYbO/l/sfK/kQmMs9yCniK4km6fZMvQN8DyidgMeg== dependencies: lockfile "1.0.4" @@ -1908,18 +1908,18 @@ lodash "4.17.15" mkdirp "0.5.1" -"@verdaccio/local-storage@^9.3.0": - version "9.3.0" - resolved "https://registry.yarnpkg.com/@verdaccio/local-storage/-/local-storage-9.3.0.tgz#3501baf9b60ebb65249224f835ea5111f241863c" - integrity sha512-W2o3GeaUoBBw5m+8oSRvJDt/QwqPuNz6fUFOvK7pfUdhiw6aT7GH40djofuTOvZr+DS5g9qYBpyAFxbT+onXFQ== +"@verdaccio/local-storage@^9.3.4": + version "9.3.4" + resolved "https://registry.verdaccio.org/@verdaccio%2flocal-storage/-/local-storage-9.3.4.tgz#2dc629fded284c3ef8bf8b147550caa1ae21f0e8" + integrity sha512-NXG6xvt9T9aFC0fBB8YxvqFkrSmhom8nAoGCPUOFB6fG3mGB/pXo9eWH1p6iGu2jnaZ5sZ6YI5KtXZgZUqpkzQ== dependencies: - "@verdaccio/commons-api" "^9.0.0" - "@verdaccio/file-locking" "^9.3.0" - "@verdaccio/streams" "^9.3.0" - async "3.1.0" + "@verdaccio/commons-api" "^9.3.2" + "@verdaccio/file-locking" "^9.3.2" + "@verdaccio/streams" "^9.3.2" + async "3.2.0" level "5.0.1" lodash "4.17.15" - mkdirp "0.5.1" + mkdirp "1.0.3" "@verdaccio/readme@8.4.2": version "8.4.2" @@ -1930,13 +1930,13 @@ jsdom "15.2.1" marked "0.7.0" -"@verdaccio/readme@^9.3.2": - version "9.3.2" - resolved "https://registry.verdaccio.org/@verdaccio%2freadme/-/readme-9.3.2.tgz#4f056058b84784938059e6a637f75318390e69a8" - integrity sha512-B3ppnWAE+05LrrWCTt4fIwQrlGBHvsRfHAr6KBQG+XAnM2WqSFbNJk9prhpRvH4SvrFhYxlT1r+ozXNLlP7YGA== +"@verdaccio/readme@^9.3.3": + version "9.3.3" + resolved "https://registry.verdaccio.org/@verdaccio%2freadme/-/readme-9.3.3.tgz#76f43fb80687ffed7e52a1a8ed4403bc96d60f85" + integrity sha512-g1hFbUDO6KFZ03Edq5qchkB9xAgnhRyVCBWF7c2Qj4xIDdH6koPQNwbz6YLnXfNBAd9l++nZ2lbf4LDFJojhig== dependencies: dompurify "2.0.8" - jsdom "16.2.0" + jsdom "16.2.1" marked "0.7.0" "@verdaccio/streams@8.2.0": @@ -1954,10 +1954,10 @@ resolved "https://registry.verdaccio.org/@verdaccio%2fstreams/-/streams-8.5.2.tgz#d6f366f94b905bb945bcdfa1572fde8e09f53d7a" integrity sha512-Rbw+vm/KHgy5OQB+jSxxIXYvVFmG/fuFmBeH7F4fp2r5h7w1TP/mlQZI7PVlPPhLZtM6Xdrzf6H+NRCwRncwIg== -"@verdaccio/streams@^9.3.0": - version "9.3.0" - resolved "https://registry.yarnpkg.com/@verdaccio/streams/-/streams-9.3.0.tgz#c8f2e6dbe9ffe1668c784c1f5c76a998eaf83b33" - integrity sha512-QzGr0BRpqcXla/F2+RXQagkzpMh2CG5zphjDMOjL2MDybj1dvauazscO944UPWh0eHkoZP+CG3CMdk7+b+RbKQ== +"@verdaccio/streams@^9.3.2": + version "9.3.2" + resolved "https://registry.verdaccio.org/@verdaccio%2fstreams/-/streams-9.3.2.tgz#6bddbd70c1fc72fa2b85c74bd7545d58d66a589e" + integrity sha512-+DtUE/t/o4WDDtUVudjHqxcypvqnfwoHEy5x1KndFUhSbmdHsWjLOmy+Fu1FXzWPncODRebyZZro2LDiMxoaqg== "@verdaccio/types@^9.0.0": version "9.0.0" @@ -2029,7 +2029,7 @@ acorn-globals@^4.1.0: acorn "^6.0.1" acorn-walk "^6.0.1" -acorn-globals@^4.3.2, acorn-globals@^4.3.4: +acorn-globals@^4.3.2: version "4.3.4" resolved "https://registry.verdaccio.org/acorn-globals/-/acorn-globals-4.3.4.tgz#9fa1926addc11c97308c4e66d7add0d40c3272e7" integrity sha512-clfQEh21R+D0leSbUdWf3OcfqyaCSAQ8Ryq00bofSekfr9W8u1jyYZo6ir0xu9Gtcf7BjcHJpnbZH7JOCpP60A== @@ -2037,6 +2037,14 @@ acorn-globals@^4.3.2, acorn-globals@^4.3.4: acorn "^6.0.1" acorn-walk "^6.0.1" +acorn-globals@^6.0.0: + version "6.0.0" + resolved "https://registry.verdaccio.org/acorn-globals/-/acorn-globals-6.0.0.tgz#46cdd39f0f8ff08a876619b55f5ac8a6dc770b45" + integrity sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg== + dependencies: + acorn "^7.1.1" + acorn-walk "^7.1.1" + acorn-jsx@^5.1.0: version "5.1.0" resolved "https://registry.verdaccio.org/acorn-jsx/-/acorn-jsx-5.1.0.tgz#294adb71b57398b0680015f0a38c563ee1db5384" @@ -2047,6 +2055,11 @@ acorn-walk@^6.0.1: resolved "https://registry.verdaccio.org/acorn-walk/-/acorn-walk-6.2.0.tgz#123cb8f3b84c2171f1f7fb252615b1c78a6b1a8c" integrity sha512-7evsyfH1cLOCdAzZAd43Cic04yKydNx0cF+7tiA19p1XnLLPU4dpCQOqpjqwokFe//vS0QqfqqjCS2JkiIs0cA== +acorn-walk@^7.1.1: + version "7.1.1" + resolved "https://registry.verdaccio.org/acorn-walk/-/acorn-walk-7.1.1.tgz#345f0dffad5c735e7373d2fec9a1023e6a44b83e" + integrity sha512-wdlPY2tm/9XBr7QkKlq0WQVgiuGTX6YWPyRyBviSoScBuLfTVQhvwg6wJ369GJ/1nPfTLMfnrFIfjqVg6d+jQQ== + acorn@^5.5.3: version "5.7.3" resolved "https://registry.verdaccio.org/acorn/-/acorn-5.7.3.tgz#67aa231bf8812974b85235a96771eb6bd07ea279" @@ -2057,7 +2070,7 @@ acorn@^6.0.1: resolved "https://registry.verdaccio.org/acorn/-/acorn-6.4.0.tgz#b659d2ffbafa24baf5db1cdbb2c94a983ecd2784" integrity sha512-gac8OEcQ2Li1dxIEWGZzsp2BitJxwkwcOm0zHAJLcPJaVvm58FRnk6RkuLRpU1EujipU2ZFODv2P9DLMfnV8mw== -acorn@^7.1.0: +acorn@^7.1.0, acorn@^7.1.1: version "7.1.1" resolved "https://registry.verdaccio.org/acorn/-/acorn-7.1.1.tgz#e35668de0b402f359de515c5482a1ab9f89a69bf" integrity sha512-add7dgA5ppRPxCFJoAGfMDi7PIBXq1RtGo7BhbLaxwrXPOmw8gq48Y9ozT01hUKy9byMjlR20EJhu5zlkErEkg== @@ -2310,6 +2323,11 @@ async@3.1.1: resolved "https://registry.yarnpkg.com/async/-/async-3.1.1.tgz#dd3542db03de837979c9ebbca64ca01b06dc98df" integrity sha512-X5Dj8hK1pJNC2Wzo2Rcp9FBVdJMGRR/S7V+lH46s8GVFhtbo5O4Le5GECCF/8PISVdkUA6mMPvgz7qTTD1rf1g== +async@3.2.0: + version "3.2.0" + resolved "https://registry.verdaccio.org/async/-/async-3.2.0.tgz#b3a2685c5ebb641d3de02d161002c60fc9f85720" + integrity sha512-TR2mEZFVOj2pLStYxLht7TyfuRzaydfpxr3k9RpHIzMgw7A64dzsdqCxH1WJyQdoe8T10nDXd9wnEigmiuHIZw== + asynckit@^0.4.0: version "0.4.0" resolved "https://registry.verdaccio.org/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" @@ -3711,7 +3729,7 @@ escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.4, escape-string-regexp@^ resolved "https://registry.verdaccio.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= -escodegen@^1.11.1, escodegen@^1.13.0: +escodegen@^1.11.1, escodegen@^1.14.1: version "1.14.1" resolved "https://registry.verdaccio.org/escodegen/-/escodegen-1.14.1.tgz#ba01d0c8278b5e95a9a45350142026659027a457" integrity sha512-Bmt7NcRySdIfNPfU2ZoXDrrXsG9ZjvDxcAlMfDUgRBjLOWTuIACXPBFJH7Z+cLb40JeQco5toikyc9t9P8E9SQ== @@ -4683,7 +4701,7 @@ html-encoding-sniffer@^1.0.2: dependencies: whatwg-encoding "^1.0.1" -html-encoding-sniffer@^2.0.0: +html-encoding-sniffer@^2.0.1: version "2.0.1" resolved "https://registry.verdaccio.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz#42a6dc4fd33f00281176e8b23759ca4e4fa185f3" integrity sha512-D5JbOMBIR/TVZkubHT+OyT2705QvogUW4IBn6nHd756OwieSF9aDYFj4dv6HHEVGYbHaLETa3WggZYWWMyy3ZQ== @@ -5674,30 +5692,30 @@ jsdom@15.2.1: ws "^7.0.0" xml-name-validator "^3.0.0" -jsdom@16.2.0: - version "16.2.0" - resolved "https://registry.verdaccio.org/jsdom/-/jsdom-16.2.0.tgz#fc171c305635046c100708b1c7ea7820ba015164" - integrity sha512-6VaW3UWyKbm9DFVIAgTfhuwnvqiqlRYNg5Rk6dINTVoZT0eKz+N86vQZr+nqt1ny1lSB1TWZJWSEWQAfu8oTpA== +jsdom@16.2.1: + version "16.2.1" + resolved "https://registry.verdaccio.org/jsdom/-/jsdom-16.2.1.tgz#df934649ab9175daeeff3e6f1e2b2268ed1470cd" + integrity sha512-3p0gHs5EfT7PxW9v8Phz3mrq//4Dy8MQenU/PoKxhdT+c45S7NjIjKbGT3Ph0nkICweE1r36+yaknXA5WfVNAg== dependencies: abab "^2.0.3" - acorn "^7.1.0" - acorn-globals "^4.3.4" + acorn "^7.1.1" + acorn-globals "^6.0.0" cssom "^0.4.4" cssstyle "^2.2.0" data-urls "^2.0.0" decimal.js "^10.2.0" domexception "^2.0.1" - escodegen "^1.13.0" - html-encoding-sniffer "^2.0.0" + escodegen "^1.14.1" + html-encoding-sniffer "^2.0.1" is-potential-custom-element-name "^1.0.0" nwsapi "^2.2.0" parse5 "5.1.1" - request "^2.88.0" + request "^2.88.2" request-promise-native "^1.0.8" - saxes "^4.0.2" + saxes "^5.0.0" symbol-tree "^3.2.4" tough-cookie "^3.0.1" - w3c-hr-time "^1.0.1" + w3c-hr-time "^1.0.2" w3c-xmlserializer "^2.0.0" webidl-conversions "^5.0.0" whatwg-encoding "^1.0.5" @@ -6565,6 +6583,11 @@ mkdirp@1.0.0: resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-1.0.0.tgz#8487b07699b70c9b06fce47b3ce28d8176c13c75" integrity sha512-4Pb+8NJ5DdvaWD797hKOM28wMXsObb4HppQdIwKUHFiB69ICZ4wktOE+qsGGBy7GtwgYNizp0R9KEy4zKYBLMg== +mkdirp@1.0.3: + version "1.0.3" + resolved "https://registry.verdaccio.org/mkdirp/-/mkdirp-1.0.3.tgz#4cf2e30ad45959dddea53ad97d518b6c8205e1ea" + integrity sha512-6uCP4Qc0sWsgMLy1EOqqS/3rjDHOEnsStVr/4vtAIK2Y5i2kA7lFFejYrpIyiN9w0pYf4ckeCYT9f1r1P9KX5g== + modify-values@^1.0.0: version "1.0.1" resolved "https://registry.verdaccio.org/modify-values/-/modify-values-1.0.1.tgz#b3939fa605546474e3e3e3c63d64bd43b4ee6022" @@ -7777,7 +7800,7 @@ request@2.88.0, request@^2.87.0: tunnel-agent "^0.6.0" uuid "^3.3.2" -request@^2.88.0: +request@^2.88.0, request@^2.88.2: version "2.88.2" resolved "https://registry.verdaccio.org/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3" integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw== @@ -7986,10 +8009,10 @@ saxes@^3.1.9: dependencies: xmlchars "^2.1.1" -saxes@^4.0.2: - version "4.0.2" - resolved "https://registry.verdaccio.org/saxes/-/saxes-4.0.2.tgz#76f8e762efc96ec4af5f885d8151c50426103165" - integrity sha512-EZOTeQ4bgkOaGCDaTKux+LaRNcLNbdbvMH7R3/yjEEULPEmqvkFbFub6DJhJTub2iGMT93CfpZ5LTdKZmAbVeQ== +saxes@^5.0.0: + version "5.0.0" + resolved "https://registry.verdaccio.org/saxes/-/saxes-5.0.0.tgz#b7d30284d7583a5ca6ad0248b56d8889da53788b" + integrity sha512-LXTZygxhf8lfwKaTP/8N9CsVdjTlea3teze4lL6u37ivbgGbV0GGMuNtS/I9rnD/HC2/txUM7Df4S2LVl1qhiA== dependencies: xmlchars "^2.2.0" @@ -9086,7 +9109,7 @@ verror@1.10.0: core-util-is "1.0.2" extsprintf "^1.2.0" -w3c-hr-time@^1.0.1: +w3c-hr-time@^1.0.1, w3c-hr-time@^1.0.2: version "1.0.2" resolved "https://registry.verdaccio.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz#0a89cdf5cc15822df9c360543676963e0cc308cd" integrity sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==