Skip to content

Commit

Permalink
Merge pull request #512 from guardian/cross-spawn-dep--vuln-mitigation
Browse files Browse the repository at this point in the history
cross-spawn vulnerability fix
  • Loading branch information
rBangay authored Nov 25, 2024
2 parents cc5c6d0 + 9fa6a18 commit 972684b
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 102 deletions.
5 changes: 3 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"@babel/preset-react": "^7.22.5",
"@babel/preset-typescript": "^7.22.5",
"@braze/web-sdk-core": "3.5.1",
"@changesets/cli": "^2.27.9",
"@changesets/cli": "^2.27.10",
"@emotion/babel-preset-css-prop": "^11.1.2",
"@emotion/eslint-plugin": "^11.10.0",
"@emotion/react": "^11.1.2",
Expand Down Expand Up @@ -106,7 +106,8 @@
"resolutions": {
"@types/react": "18.0.32",
"immer": "9.0.6",
"minimist": "1.2.6"
"minimist": "1.2.6",
"cross-spawn": "7.0.6"
},
"engines": {
"node": "^18.15 || ^20.8"
Expand Down
162 changes: 62 additions & 100 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1709,14 +1709,14 @@
resolved "https://registry.yarnpkg.com/@braze/web-sdk-core/-/web-sdk-core-3.5.1.tgz#a239f2bd430266accba9e9a3393b03ac22f9abdf"
integrity sha512-pHnlKaHz8UCrlGkAF6aoBptFUTzeZeL7OpHqKGx7uZC67ZfVvk1L11SJkxOw2CLxUQm9YxigSQXqtpUiImXDng==

"@changesets/apply-release-plan@^7.0.5":
version "7.0.5"
resolved "https://registry.yarnpkg.com/@changesets/apply-release-plan/-/apply-release-plan-7.0.5.tgz#3323c97afc08abc15e5136488f9c7cf1a864832e"
integrity sha512-1cWCk+ZshEkSVEZrm2fSj1Gz8sYvxgUL4Q78+1ZZqeqfuevPTPk033/yUZ3df8BKMohkqqHfzj0HOOrG0KtXTw==
"@changesets/apply-release-plan@^7.0.6":
version "7.0.6"
resolved "https://registry.yarnpkg.com/@changesets/apply-release-plan/-/apply-release-plan-7.0.6.tgz#39af3f80f3ba287920271d1a542ef5394eb0bf8a"
integrity sha512-TKhVLtiwtQOgMAC0fCJfmv93faiViKSDqr8oMEqrnNs99gtSC1sZh/aEMS9a+dseU1ESZRCK+ofLgGY7o0fw/Q==
dependencies:
"@changesets/config" "^3.0.3"
"@changesets/config" "^3.0.4"
"@changesets/get-version-range-type" "^0.4.0"
"@changesets/git" "^3.0.1"
"@changesets/git" "^3.0.2"
"@changesets/should-skip-package" "^0.1.1"
"@changesets/types" "^6.0.0"
"@manypkg/get-packages" "^1.1.3"
Expand All @@ -1728,10 +1728,10 @@
resolve-from "^5.0.0"
semver "^7.5.3"

"@changesets/assemble-release-plan@^6.0.4":
version "6.0.4"
resolved "https://registry.yarnpkg.com/@changesets/assemble-release-plan/-/assemble-release-plan-6.0.4.tgz#153d5154bb9f4162215ca69ad1c6e0886f686ccb"
integrity sha512-nqICnvmrwWj4w2x0fOhVj2QEGdlUuwVAwESrUo5HLzWMI1rE5SWfsr9ln+rDqWB6RQ2ZyaMZHUcU7/IRaUJS+Q==
"@changesets/assemble-release-plan@^6.0.5":
version "6.0.5"
resolved "https://registry.yarnpkg.com/@changesets/assemble-release-plan/-/assemble-release-plan-6.0.5.tgz#d987b01c2d91c8b2f81eedd2df56ba355e4ce536"
integrity sha512-IgvBWLNKZd6k4t72MBTBK3nkygi0j3t3zdC1zrfusYo0KpdsvnDjrMM9vPnTCLCMlfNs55jRL4gIMybxa64FCQ==
dependencies:
"@changesets/errors" "^0.2.0"
"@changesets/get-dependents-graph" "^2.1.2"
Expand All @@ -1747,22 +1747,22 @@
dependencies:
"@changesets/types" "^6.0.0"

"@changesets/cli@^2.27.9":
version "2.27.9"
resolved "https://registry.yarnpkg.com/@changesets/cli/-/cli-2.27.9.tgz#7b58a4c9eaf95d81fe0d1386705ecefe94a20062"
integrity sha512-q42a/ZbDnxPpCb5Wkm6tMVIxgeI9C/bexntzTeCFBrQEdpisQqk8kCHllYZMDjYtEc1ZzumbMJAG8H0Z4rdvjg==
"@changesets/cli@^2.27.10":
version "2.27.10"
resolved "https://registry.yarnpkg.com/@changesets/cli/-/cli-2.27.10.tgz#b2b98caaf6f8a6630592456f07a881e7684f6ada"
integrity sha512-PfeXjvs9OfQJV8QSFFHjwHX3QnUL9elPEQ47SgkiwzLgtKGyuikWjrdM+lO9MXzOE22FO9jEGkcs4b+B6D6X0Q==
dependencies:
"@changesets/apply-release-plan" "^7.0.5"
"@changesets/assemble-release-plan" "^6.0.4"
"@changesets/apply-release-plan" "^7.0.6"
"@changesets/assemble-release-plan" "^6.0.5"
"@changesets/changelog-git" "^0.2.0"
"@changesets/config" "^3.0.3"
"@changesets/config" "^3.0.4"
"@changesets/errors" "^0.2.0"
"@changesets/get-dependents-graph" "^2.1.2"
"@changesets/get-release-plan" "^4.0.4"
"@changesets/git" "^3.0.1"
"@changesets/get-release-plan" "^4.0.5"
"@changesets/git" "^3.0.2"
"@changesets/logger" "^0.1.1"
"@changesets/pre" "^2.0.1"
"@changesets/read" "^0.6.1"
"@changesets/read" "^0.6.2"
"@changesets/should-skip-package" "^0.1.1"
"@changesets/types" "^6.0.0"
"@changesets/write" "^0.3.2"
Expand All @@ -1778,21 +1778,21 @@
picocolors "^1.1.0"
resolve-from "^5.0.0"
semver "^7.5.3"
spawndamnit "^2.0.0"
spawndamnit "^3.0.1"
term-size "^2.1.0"

"@changesets/config@^3.0.3":
version "3.0.3"
resolved "https://registry.yarnpkg.com/@changesets/config/-/config-3.0.3.tgz#19196558882b25c8aaf04941d4ac7e151f5a1b36"
integrity sha512-vqgQZMyIcuIpw9nqFIpTSNyc/wgm/Lu1zKN5vECy74u95Qx/Wa9g27HdgO4NkVAaq+BGA8wUc/qvbvVNs93n6A==
"@changesets/config@^3.0.4":
version "3.0.4"
resolved "https://registry.yarnpkg.com/@changesets/config/-/config-3.0.4.tgz#2acfdf3e09424149684b3bd10c88074becf251aa"
integrity sha512-+DiIwtEBpvvv1z30f8bbOsUQGuccnZl9KRKMM/LxUHuDu5oEjmN+bJQ1RIBKNJjfYMQn8RZzoPiX0UgPaLQyXw==
dependencies:
"@changesets/errors" "^0.2.0"
"@changesets/get-dependents-graph" "^2.1.2"
"@changesets/logger" "^0.1.1"
"@changesets/types" "^6.0.0"
"@manypkg/get-packages" "^1.1.3"
fs-extra "^7.0.1"
micromatch "^4.0.2"
micromatch "^4.0.8"

"@changesets/errors@^0.2.0":
version "0.2.0"
Expand All @@ -1811,15 +1811,15 @@
picocolors "^1.1.0"
semver "^7.5.3"

"@changesets/get-release-plan@^4.0.4":
version "4.0.4"
resolved "https://registry.yarnpkg.com/@changesets/get-release-plan/-/get-release-plan-4.0.4.tgz#e7ef0d84d9079c69febb64f8018a18ac4b77ac90"
integrity sha512-SicG/S67JmPTrdcc9Vpu0wSQt7IiuN0dc8iR5VScnnTVPfIaLvKmEGRvIaF0kcn8u5ZqLbormZNTO77bCEvyWw==
"@changesets/get-release-plan@^4.0.5":
version "4.0.5"
resolved "https://registry.yarnpkg.com/@changesets/get-release-plan/-/get-release-plan-4.0.5.tgz#2c857ce2f1942b88ff6ffcb24667edc52bcbfaea"
integrity sha512-E6wW7JoSMcctdVakut0UB76FrrN3KIeJSXvB+DHMFo99CnC3ZVnNYDCVNClMlqAhYGmLmAj77QfApaI3ca4Fkw==
dependencies:
"@changesets/assemble-release-plan" "^6.0.4"
"@changesets/config" "^3.0.3"
"@changesets/assemble-release-plan" "^6.0.5"
"@changesets/config" "^3.0.4"
"@changesets/pre" "^2.0.1"
"@changesets/read" "^0.6.1"
"@changesets/read" "^0.6.2"
"@changesets/types" "^6.0.0"
"@manypkg/get-packages" "^1.1.3"

Expand All @@ -1828,16 +1828,16 @@
resolved "https://registry.yarnpkg.com/@changesets/get-version-range-type/-/get-version-range-type-0.4.0.tgz#429a90410eefef4368502c41c63413e291740bf5"
integrity sha512-hwawtob9DryoGTpixy1D3ZXbGgJu1Rhr+ySH2PvTLHvkZuQ7sRT4oQwMh0hbqZH1weAooedEjRsbrWcGLCeyVQ==

"@changesets/git@^3.0.1":
version "3.0.1"
resolved "https://registry.yarnpkg.com/@changesets/git/-/git-3.0.1.tgz#4499a07d35d8e783cd56f8295fb7d4d70282701b"
integrity sha512-pdgHcYBLCPcLd82aRcuO0kxCDbw/yISlOtkmwmE8Odo1L6hSiZrBOsRl84eYG7DRCab/iHnOkWqExqc4wxk2LQ==
"@changesets/git@^3.0.2":
version "3.0.2"
resolved "https://registry.yarnpkg.com/@changesets/git/-/git-3.0.2.tgz#669c700049dc3b8ba53f46de45f5c4b1e6ddea3b"
integrity sha512-r1/Kju9Y8OxRRdvna+nxpQIsMsRQn9dhhAZt94FLDeu0Hij2hnOozW8iqnHBgvu+KdnJppCveQwK4odwfw/aWQ==
dependencies:
"@changesets/errors" "^0.2.0"
"@manypkg/get-packages" "^1.1.3"
is-subdir "^1.1.1"
micromatch "^4.0.2"
spawndamnit "^2.0.0"
micromatch "^4.0.8"
spawndamnit "^3.0.1"

"@changesets/logger@^0.1.1":
version "0.1.1"
Expand All @@ -1864,12 +1864,12 @@
"@manypkg/get-packages" "^1.1.3"
fs-extra "^7.0.1"

"@changesets/read@^0.6.1":
version "0.6.1"
resolved "https://registry.yarnpkg.com/@changesets/read/-/read-0.6.1.tgz#32c91d97e602861717696c49a09c23eb492810f6"
integrity sha512-jYMbyXQk3nwP25nRzQQGa1nKLY0KfoOV7VLgwucI0bUO8t8ZLCr6LZmgjXsiKuRDc+5A6doKPr9w2d+FEJ55zQ==
"@changesets/read@^0.6.2":
version "0.6.2"
resolved "https://registry.yarnpkg.com/@changesets/read/-/read-0.6.2.tgz#816cf75dd22a70e75ac279474e44be52fb3fb91b"
integrity sha512-wjfQpJvryY3zD61p8jR87mJdyx2FIhEcdXhKUqkja87toMrP/3jtg/Yg29upN+N4Ckf525/uvV7a4tzBlpk6gg==
dependencies:
"@changesets/git" "^3.0.1"
"@changesets/git" "^3.0.2"
"@changesets/logger" "^0.1.1"
"@changesets/parse" "^0.4.0"
"@changesets/types" "^6.0.0"
Expand Down Expand Up @@ -4977,19 +4977,10 @@ create-jest@^29.7.0:
jest-util "^29.7.0"
prompts "^2.0.1"

cross-spawn@^5.1.0:
version "5.1.0"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-5.1.0.tgz#e8bd0efee58fcff6f8f94510a0a554bbfa235449"
integrity sha512-pTgQJ5KC0d2hcY8eyL1IzlBPYjTkyH72XRZPnLyKus2mBfNjQs3klqbJU2VILqZryAZUt9JOb3h/mWMy23/f5A==
dependencies:
lru-cache "^4.0.1"
shebang-command "^1.2.0"
which "^1.2.9"

cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3:
version "7.0.3"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
[email protected], cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3, cross-spawn@^7.0.5:
version "7.0.6"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
dependencies:
path-key "^3.1.0"
shebang-command "^2.0.0"
Expand Down Expand Up @@ -7958,14 +7949,6 @@ lru-cache@^10.2.0:
resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.2.2.tgz#48206bc114c1252940c41b25b41af5b545aca878"
integrity sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==

lru-cache@^4.0.1:
version "4.1.5"
resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-4.1.5.tgz#8bbe50ea85bed59bc9e33dcab8235ee9bcf443cd"
integrity sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==
dependencies:
pseudomap "^1.0.2"
yallist "^2.1.2"

lru-cache@^5.1.1:
version "5.1.1"
resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920"
Expand Down Expand Up @@ -8123,6 +8106,14 @@ micromatch@^4.0.2, micromatch@^4.0.4:
braces "^3.0.3"
picomatch "^2.3.1"

micromatch@^4.0.8:
version "4.0.8"
resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.8.tgz#d66fa18f3a47076789320b9b1af32bd86d9fa202"
integrity sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==
dependencies:
braces "^3.0.3"
picomatch "^2.3.1"

[email protected]:
version "1.49.0"
resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.49.0.tgz#f3dfde60c99e9cf3bc9701d687778f537001cbed"
Expand Down Expand Up @@ -9145,11 +9136,6 @@ proxy-addr@~2.0.7:
forwarded "0.2.0"
ipaddr.js "1.9.1"

pseudomap@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3"
integrity sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==

psl@^1.1.33:
version "1.8.0"
resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
Expand Down Expand Up @@ -9875,25 +9861,13 @@ [email protected]:
resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==

shebang-command@^1.2.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-1.2.0.tgz#44aac65b695b03398968c39f363fee5deafdf1ea"
integrity sha512-EV3L1+UQWGor21OmnvojK36mhg+TyIKDh3iFBKBohr5xeXIhNBcx8oWdgkTEEQ+BEFFYdLRuqMfd5L84N1V5Vg==
dependencies:
shebang-regex "^1.0.0"

shebang-command@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea"
integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==
dependencies:
shebang-regex "^3.0.0"

shebang-regex@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-1.0.0.tgz#da42f49740c0b42db2ca9728571cb190c98efea3"
integrity sha512-wpoSFAxys6b2a2wHZ1XpDSgD7N9iVjg29Ph9uV/uaP9Ex/KXlkTZTeddxDPSYQpgvzKLGJke2UU0AzoGCjNIvQ==

shebang-regex@^3.0.0:
version "3.0.0"
resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
Expand Down Expand Up @@ -10030,13 +10004,13 @@ space-separated-tokens@^2.0.0:
resolved "https://registry.yarnpkg.com/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz#1ecd9d2350a3844572c3f4a312bceb018348859f"
integrity sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==

spawndamnit@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/spawndamnit/-/spawndamnit-2.0.0.tgz#9f762ac5c3476abb994b42ad592b5ad22bb4b0ad"
integrity sha512-j4JKEcncSjFlqIwU5L/rp2N5SIPsdxaRsIv678+TZxZ0SRDJTm8JrxJMjE/XuiEZNEir3S8l0Fa3Ke339WI4qA==
spawndamnit@^3.0.1:
version "3.0.1"
resolved "https://registry.yarnpkg.com/spawndamnit/-/spawndamnit-3.0.1.tgz#44410235d3dc4e21f8e4f740ae3266e4486c2aed"
integrity sha512-MmnduQUuHCoFckZoWnXsTg7JaiLBJrKFj9UI2MbRPGaJeVpsLcVBu6P/IGZovziM/YBsellCmsprgNA+w0CzVg==
dependencies:
cross-spawn "^5.1.0"
signal-exit "^3.0.2"
cross-spawn "^7.0.5"
signal-exit "^4.0.1"

spdx-correct@^3.0.0:
version "3.1.1"
Expand Down Expand Up @@ -11008,13 +10982,6 @@ which-typed-array@^1.1.2, which-typed-array@^1.1.9:
has-tostringtag "^1.0.0"
is-typed-array "^1.1.10"

which@^1.2.9:
version "1.3.1"
resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a"
integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==
dependencies:
isexe "^2.0.0"

which@^2.0.1, which@^2.0.2:
version "2.0.2"
resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1"
Expand Down Expand Up @@ -11135,11 +11102,6 @@ y18n@^5.0.5:
resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==

yallist@^2.1.2:
version "2.1.2"
resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"
integrity sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==

yallist@^3.0.2:
version "3.1.1"
resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd"
Expand Down

0 comments on commit 972684b

Please sign in to comment.