Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: security fixes #6461

Merged
merged 9 commits into from
Nov 20, 2024
Merged

chore: security fixes #6461

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
af26de0
chore: upgrade happy-dom
elycheea Nov 12, 2024
0ade80e
chore: upgrade body-parser
elycheea Nov 13, 2024
d58d6d5
Merge branch 'main' into 1786-happy-dom
elycheea Nov 13, 2024
3345b12
Merge branch 'main' into 1786-happy-dom
elycheea Nov 18, 2024
5c3df2e
chore: update cross-spawn
elycheea Nov 18, 2024
5e77573
chore: update path-to-regexp
elycheea Nov 18, 2024
ad8fbaa
Merge branch 'main' into 1786-happy-dom
elycheea Nov 18, 2024
d125744
chore: remove path-to-regexp resolution
elycheea Nov 19, 2024
8ac0335
chore: upgrade happy-dom
elycheea Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,10 @@
"//resolutions:http-signature": "package 'request' deprecated but still used, asks for http-signature ~1.2.0 which indirectly has vulnerabilities",
"//resolutions:minimist": "https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795 (version <=1.2.5)",
"resolutions": {
"cheerio": "1.0.0-rc.10",
"body-parser": "1.20.3",
"braces": "^3.0.3",
"cheerio": "1.0.0-rc.10",
"cross-spawn": "7.0.6",
"micromatch": "4.0.8",
"ws": "^8.17.1",
"@carbon/ibm-products-styles": "^2.49.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/ibm-products-web-components/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@
"eslint": "^9.11.1",
"eslint-config-carbon": "3.17.1",
"globby": "^14.0.2",
"happy-dom": "^15.7.4",
"happy-dom": "^15.11.6",
"postcss": "^8.4.47",
"remark-gfm": "^4.0.0",
"rimraf": "^5.0.5",
Expand Down
85 changes: 11 additions & 74 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1911,7 +1911,7 @@ __metadata:
eslint: "npm:^9.11.1"
eslint-config-carbon: "npm:3.17.1"
globby: "npm:^14.0.2"
happy-dom: "npm:^15.7.4"
happy-dom: "npm:^15.11.6"
lit: "npm:^3.1.0"
postcss: "npm:^8.4.47"
remark-gfm: "npm:^4.0.0"
Expand Down Expand Up @@ -10424,26 +10424,6 @@ __metadata:
languageName: node
linkType: hard

"body-parser@npm:1.20.2":
version: 1.20.2
resolution: "body-parser@npm:1.20.2"
dependencies:
bytes: "npm:3.1.2"
content-type: "npm:~1.0.5"
debug: "npm:2.6.9"
depd: "npm:2.0.0"
destroy: "npm:1.2.0"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
on-finished: "npm:2.4.1"
qs: "npm:6.11.0"
raw-body: "npm:2.5.2"
type-is: "npm:~1.6.18"
unpipe: "npm:1.0.0"
checksum: 3cf171b82190cf91495c262b073e425fc0d9e25cc2bf4540d43f7e7bbca27d6a9eae65ca367b6ef3993eea261159d9d2ab37ce444e8979323952e12eb3df319a
languageName: node
linkType: hard

"body-parser@npm:1.20.3":
version: 1.20.3
resolution: "body-parser@npm:1.20.3"
Expand Down Expand Up @@ -12082,27 +12062,14 @@ __metadata:
languageName: node
linkType: hard

"cross-spawn@npm:^6.0.5":
version: 6.0.5
resolution: "cross-spawn@npm:6.0.5"
dependencies:
nice-try: "npm:^1.0.4"
path-key: "npm:^2.0.1"
semver: "npm:^5.5.0"
shebang-command: "npm:^1.2.0"
which: "npm:^1.2.9"
checksum: f07e643b4875f26adffcd7f13bc68d9dff20cf395f8ed6f43a23f3ee24fc3a80a870a32b246fd074e514c8fd7da5f978ac6a7668346eec57aa87bac89c1ed3a1
languageName: node
linkType: hard

"cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.1, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
version: 7.0.5
resolution: "cross-spawn@npm:7.0.5"
"cross-spawn@npm:7.0.6":
version: 7.0.6
resolution: "cross-spawn@npm:7.0.6"
dependencies:
path-key: "npm:^3.1.0"
shebang-command: "npm:^2.0.0"
which: "npm:^2.0.1"
checksum: c95062469d4bdbc1f099454d01c0e77177a3733012d41bf907a71eb8d22d2add43b5adf6a0a14ef4e7feaf804082714d6c262ef4557a1c480b86786c120d18e2
checksum: 0d52657d7ae36eb130999dffff1168ec348687b48dd38e2ff59992ed916c88d328cf1d07ff4a4a10bc78de5e1c23f04b306d569e42f7a2293915c081e4dfee86
languageName: node
linkType: hard

Expand Down Expand Up @@ -16064,14 +16031,14 @@ __metadata:
languageName: node
linkType: hard

"happy-dom@npm:^15.7.4":
version: 15.7.4
resolution: "happy-dom@npm:15.7.4"
"happy-dom@npm:^15.11.6":
version: 15.11.6
resolution: "happy-dom@npm:15.11.6"
dependencies:
entities: "npm:^4.5.0"
webidl-conversions: "npm:^7.0.0"
whatwg-mimetype: "npm:^3.0.0"
checksum: fd5026e8a2d9437f161e4c6d9725ffe68f6d31cd09ac7d729b3cd5dd2207a3833272607171da1caf4b1247839ead8bd01a4381a0e31909589af29d27fa24a0f5
checksum: 895a40bda00753f833ea563f64aef80558b6f701a3238e9fe7143265a1246bde57bc5a7a58ed89e77e2bbe309a119dcf956a70c48033fa84893c41206a6b4128
languageName: node
linkType: hard

Expand Down Expand Up @@ -20598,13 +20565,6 @@ __metadata:
languageName: node
linkType: hard

"nice-try@npm:^1.0.4":
version: 1.0.5
resolution: "nice-try@npm:1.0.5"
checksum: 0b4af3b5bb5d86c289f7a026303d192a7eb4417231fe47245c460baeabae7277bcd8fd9c728fb6bd62c30b3e15cd6620373e2cf33353b095d8b403d3e8a15aff
languageName: node
linkType: hard

"no-case@npm:^3.0.4":
version: 3.0.4
resolution: "no-case@npm:3.0.4"
Expand Down Expand Up @@ -22156,13 +22116,6 @@ __metadata:
languageName: node
linkType: hard

"path-key@npm:^2.0.1":
version: 2.0.1
resolution: "path-key@npm:2.0.1"
checksum: 6e654864e34386a2a8e6bf72cf664dcabb76574dd54013add770b374384d438aca95f4357bb26935b514a4e4c2c9b19e191f2200b282422a76ee038b9258c5e7
languageName: node
linkType: hard

"path-key@npm:^3.0.0, path-key@npm:^3.1.0":
version: 3.1.1
resolution: "path-key@npm:3.1.1"
Expand Down Expand Up @@ -24500,7 +24453,7 @@ __metadata:
languageName: node
linkType: hard

"semver@npm:2 || 3 || 4 || 5, semver@npm:^5.5.0, semver@npm:^5.6.0":
"semver@npm:2 || 3 || 4 || 5, semver@npm:^5.6.0":
version: 5.7.2
resolution: "semver@npm:5.7.2"
bin:
Expand Down Expand Up @@ -24700,15 +24653,6 @@ __metadata:
languageName: node
linkType: hard

"shebang-command@npm:^1.2.0":
version: 1.2.0
resolution: "shebang-command@npm:1.2.0"
dependencies:
shebang-regex: "npm:^1.0.0"
checksum: 9eed1750301e622961ba5d588af2212505e96770ec376a37ab678f965795e995ade7ed44910f5d3d3cb5e10165a1847f52d3348c64e146b8be922f7707958908
languageName: node
linkType: hard

"shebang-command@npm:^2.0.0":
version: 2.0.0
resolution: "shebang-command@npm:2.0.0"
Expand All @@ -24718,13 +24662,6 @@ __metadata:
languageName: node
linkType: hard

"shebang-regex@npm:^1.0.0":
version: 1.0.0
resolution: "shebang-regex@npm:1.0.0"
checksum: 404c5a752cd40f94591dfd9346da40a735a05139dac890ffc229afba610854d8799aaa52f87f7e0c94c5007f2c6af55bdcaeb584b56691926c5eaf41dc8f1372
languageName: node
linkType: hard

"shebang-regex@npm:^3.0.0":
version: 3.0.0
resolution: "shebang-regex@npm:3.0.0"
Expand Down Expand Up @@ -27750,7 +27687,7 @@ __metadata:
languageName: node
linkType: hard

"which@npm:^1.2.9, which@npm:^1.3.1":
"which@npm:^1.3.1":
version: 1.3.1
resolution: "which@npm:1.3.1"
dependencies:
Expand Down
Loading