Skip to content

Commit e8d9c65

Browse files
alexforsythalexforsyth
authored
fix: bump verdeccio - dompurify for sec review (#2114)
1 parent 49e2d61 commit e8d9c65

File tree

2 files changed

+68
-80
lines changed

2 files changed

+68
-80
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,4 +118,4 @@
118118
],
119119
"**/*.{ts,js,md,json}": "prettier --write"
120120
}
121-
}
121+
}

yarn.lock

Lines changed: 67 additions & 79 deletions
Original file line numberDiff line numberDiff line change
@@ -1877,27 +1877,27 @@
18771877
dependencies:
18781878
lockfile "1.0.4"
18791879

1880-
"@verdaccio/[email protected].4":
1881-
version "9.7.4"
1882-
resolved "https://registry.yarnpkg.com/@verdaccio/local-storage/-/local-storage-9.7.4.tgz#3ffaa41fc850758296c9f243d765372a2e5e4ea2"
1883-
integrity sha512-Wj0mJ6FTLGma+nDxpAWJkg7yY0WLh0sUm94juqY9eyWSqOWdv1QvduE9lvl0vh890/QbrlqzxPqxTxeZwsndTA==
1880+
"@verdaccio/[email protected].5":
1881+
version "9.7.5"
1882+
resolved "https://registry.yarnpkg.com/@verdaccio/local-storage/-/local-storage-9.7.5.tgz#c7d71adef9ccc616fe1316507eeaf46f4ee35d29"
1883+
integrity sha512-Hur5GGvy6L7lrKmITC+t+VgdRuUGA1Y2/j3DC726NC0obtOlNsOkXTPQTUgSlvao0KnnHSzfm1+MZ7ZlwCMYew==
18841884
dependencies:
18851885
"@verdaccio/commons-api" "^9.7.1"
18861886
"@verdaccio/file-locking" "^9.7.2"
18871887
"@verdaccio/streams" "^9.7.2"
18881888
async "3.2.0"
18891889
level "5.0.1"
1890-
lodash "4.17.20"
1890+
lodash "4.17.21"
18911891
mkdirp "0.5.5"
18921892

1893-
"@verdaccio/[email protected].3":
1894-
version "9.7.3"
1895-
resolved "https://registry.yarnpkg.com/@verdaccio/readme/-/readme-9.7.3.tgz#0d6e407883600c42e51f262971e7da8d525886e6"
1896-
integrity sha512-86Zv46Qpcx0d0YRutFPhPH4OhGSljUJyhkxk3H/bCzzw8hGEvM1Du2y8kzfAS9qUsX8Qux97vfxxz6+RpBdU1w==
1893+
"@verdaccio/[email protected].5":
1894+
version "9.7.5"
1895+
resolved "https://registry.yarnpkg.com/@verdaccio/readme/-/readme-9.7.5.tgz#80d13a7686e00a815c1ada8accfb2e6f841e2620"
1896+
integrity sha512-1CXqpXHCcmrCzFk++Cs7S1gcj/pSSUozVIuUPNrnp+GWAbM+kmalC1H6mpYCK2zR8jA3EkwLSyPbzK21E/B4tQ==
18971897
dependencies:
1898-
dompurify "2.0.8"
1898+
dompurify "^2.2.6"
18991899
jsdom "15.2.1"
1900-
marked "1.1.1"
1900+
marked "^2.0.1"
19011901

19021902
"@verdaccio/[email protected]", "@verdaccio/streams@^9.7.2":
19031903
version "9.7.2"
@@ -3940,10 +3940,10 @@ dateformat@^3.0.0:
39403940
resolved "https://registry.yarnpkg.com/dateformat/-/dateformat-3.0.3.tgz#a6e37499a4d9a9cf85ef5872044d62901c9889ae"
39413941
integrity sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q==
39423942

3943-
[email protected].3:
3944-
version "1.10.3"
3945-
resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.10.3.tgz#cf3357c8e7f508432826371672ebf376cb7d619b"
3946-
integrity sha512-/2fdLN987N8Ki7Id8BUN2nhuiRyxTLumQnSQf9CNncFCyqFsSKb9TNhzRYcC8K8eJSJOKvbvkImo/MKKhNi4iw==
3943+
[email protected].4:
3944+
version "1.10.4"
3945+
resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.10.4.tgz#8e544a9b8683f61783f570980a8a80eaf54ab1e2"
3946+
integrity sha512-RI/Hh4kqRc1UKLOAf/T5zdMMX5DQIlDxwUe3wSyMMnEbGunnpENCdbUgM+dW7kXidZqCttBrmw7BhN4TMddkCw==
39473947

39483948
[email protected], debug@^2.2.0, debug@^2.3.3:
39493949
version "2.6.9"
@@ -4229,10 +4229,10 @@ domexception@^2.0.1:
42294229
dependencies:
42304230
webidl-conversions "^5.0.0"
42314231

4232-
dompurify@2.0.8:
4233-
version "2.0.8"
4234-
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.0.8.tgz#6ef89d2d227d041af139c7b01d9f67ed59c2eb3c"
4235-
integrity sha512-vIOSyOXkMx81ghEalh4MLBtDHMx1bhKlaqHDMqM2yeitJ996SLOk5mGdDpI9ifJAgokred8Rmu219fX4OltqXw==
4232+
dompurify@^2.2.6:
4233+
version "2.2.6"
4234+
resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.2.6.tgz#54945dc5c0b45ce5ae228705777e8e59d7b2edc4"
4235+
integrity sha512-7b7ZArhhH0SP6W2R9cqK6RjaU82FZ2UPM7RO8qN1b1wyvC/NY1FNWcX1Pu00fFOAnzEORtwXe4bPaClg6pUybQ==
42364236

42374237
dot-prop@^4.2.0:
42384238
version "4.2.1"
@@ -4435,12 +4435,7 @@ env-paths@^2.2.0:
44354435
resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.0.tgz#cdca557dc009152917d6166e2febe1f039685e43"
44364436
integrity sha512-6u0VYSCo/OW6IoD5WCLLy9JUGARbamfSavcNXry/eu8aHVFei6CD3Sw+VGX5alea1i9pgPHW0mbu6Xj0uBh7gA==
44374437

4438-
[email protected]:
4439-
version "7.7.3"
4440-
resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.7.3.tgz#4b2d8622e3e7366afb8091b23ed95569ea0208cc"
4441-
integrity sha512-46+j5QxbPWza0PB1i15nZx0xQ4I/EfQxg9J8Had3b408SV63nEtor2e+oiY63amTo9KTuh2a3XLObNwduxYwwA==
4442-
4443-
envinfo@^7.3.1:
4438+
[email protected], envinfo@^7.3.1:
44444439
version "7.7.4"
44454440
resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.7.4.tgz#c6311cdd38a0e86808c1c9343f667e4267c4a320"
44464441
integrity sha512-TQXTYFVVwwluWSFis6K2XKxgrD22jEv0FTuLCQI+OjH7rn93+iY0fSSFM5lrSxFY+H1+B0/cvvlamr3UsBivdQ==
@@ -5627,19 +5622,7 @@ growly@^1.3.0:
56275622
resolved "https://registry.yarnpkg.com/growly/-/growly-1.3.0.tgz#f10748cbe76af964b7c96c93c6bcc28af120c081"
56285623
integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=
56295624

5630-
[email protected]:
5631-
version "4.7.6"
5632-
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.6.tgz#d4c05c1baf90e9945f77aa68a7a219aa4a7df74e"
5633-
integrity sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==
5634-
dependencies:
5635-
minimist "^1.2.5"
5636-
neo-async "^2.6.0"
5637-
source-map "^0.6.1"
5638-
wordwrap "^1.0.0"
5639-
optionalDependencies:
5640-
uglify-js "^3.1.4"
5641-
5642-
handlebars@^4.7.6:
5625+
[email protected], handlebars@^4.7.6:
56435626
version "4.7.7"
56445627
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
56455628
integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
@@ -7371,10 +7354,10 @@ kind-of@^6.0.0, kind-of@^6.0.2, kind-of@^6.0.3:
73717354
resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
73727355
integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
73737356

7374-
[email protected].3:
7375-
version "4.1.3"
7376-
resolved "https://registry.yarnpkg.com/kleur/-/kleur-4.1.3.tgz#8d262a56d79a137ee1b706e967c0b08a7fef4f4c"
7377-
integrity sha512-H1tr8QP2PxFTNwAFM74Mui2b6ovcY9FoxJefgrwxY+OCJcq01k5nvhf4M/KnizzrJvLRap5STUy7dgDV35iUBw==
7357+
[email protected].4:
7358+
version "4.1.4"
7359+
resolved "https://registry.yarnpkg.com/kleur/-/kleur-4.1.4.tgz#8c202987d7e577766d039a8cd461934c01cda04d"
7360+
integrity sha512-8QADVssbrFjivHWQU7KkMgptGTl6WAcSdlbBPY4uNF+mWr6DGcKrvY2w4FQJoXch7+fKMjj0dRrL75vk3k23OA==
73787361

73797362
kleur@^3.0.3:
73807363
version "3.0.3"
@@ -7731,7 +7714,12 @@ lodash.uniq@^4.5.0:
77317714
resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
77327715
integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=
77337716

7734-
[email protected], [email protected], lodash@^4.17.12, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.2.1:
7717+
[email protected], lodash@^4.17.19:
7718+
version "4.17.21"
7719+
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
7720+
integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
7721+
7722+
[email protected], lodash@^4.17.12, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.2.1:
77357723
version "4.17.20"
77367724
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52"
77377725
integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==
@@ -7891,15 +7879,10 @@ map-visit@^1.0.0:
78917879
dependencies:
78927880
object-visit "^1.0.0"
78937881

7894-
[email protected]:
7895-
version "1.1.1"
7896-
resolved "https://registry.yarnpkg.com/marked/-/marked-1.1.1.tgz#e5d61b69842210d5df57b05856e0c91572703e6a"
7897-
integrity sha512-mJzT8D2yPxoPh7h0UXkB+dBj4FykPJ2OIfxAWeIHrvoHDkFxukV/29QxoFQoPM6RLEwhIFdJpmKBlqVM3s2ZIw==
7898-
7899-
[email protected]:
7900-
version "1.2.7"
7901-
resolved "https://registry.yarnpkg.com/marked/-/marked-1.2.7.tgz#6e14b595581d2319cdcf033a24caaf41455a01fb"
7902-
integrity sha512-No11hFYcXr/zkBvL6qFmAp1z6BKY3zqLMHny/JN/ey+al7qwCM2+CMBL9BOgqMxZU36fz4cCWfn2poWIf7QRXA==
7882+
[email protected], marked@^2.0.1:
7883+
version "2.0.1"
7884+
resolved "https://registry.yarnpkg.com/marked/-/marked-2.0.1.tgz#5e7ed7009bfa5c95182e4eb696f85e948cefcee3"
7885+
integrity sha512-5+/fKgMv2hARmMW7DOpykr2iLhl0NgjyELk5yn92iE7z8Se1IS9n3UsFm86hFXIkvMBmVxki8+ckcpjBeyo/hw==
79037886

79047887
marked@^1.1.1:
79057888
version "1.2.9"
@@ -8039,29 +8022,29 @@ miller-rabin@^4.0.0:
80398022
bn.js "^4.0.0"
80408023
brorand "^1.0.1"
80418024

8042-
[email protected]:
8043-
version "1.45.0"
8044-
resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.45.0.tgz#cceeda21ccd7c3a745eba2decd55d4b73e7879ea"
8045-
integrity sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w==
8046-
8047-
"mime-db@>= 1.43.0 < 2":
8025+
[email protected], "mime-db@>= 1.43.0 < 2":
80488026
version "1.46.0"
80498027
resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.46.0.tgz#6267748a7f799594de3cbc8cde91def349661cee"
80508028
integrity sha512-svXaP8UQRZ5K7or+ZmfNhg2xX3yKDMUzqadsSqi4NCH/KomcH75MAMYAGVlvXn4+b/xOPhS3I2uHKRUzvjY7BQ==
80518029

80528030
mime-types@^2.1.12, mime-types@~2.1.19, mime-types@~2.1.24:
8053-
version "2.1.28"
8054-
resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.28.tgz#1160c4757eab2c5363888e005273ecf79d2a0ecd"
8055-
integrity sha512-0TO2yJ5YHYr7M2zzT7gDU1tbwHxEUWBCLt0lscSNpcdAfFyJOVEpRYNS7EXVcTLNj/25QO8gulHC5JtTzSE2UQ==
8031+
version "2.1.29"
8032+
resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.29.tgz#1d4ab77da64b91f5f72489df29236563754bb1b2"
8033+
integrity sha512-Y/jMt/S5sR9OaqteJtslsFZKWOIIqMACsJSiHghlCAyhf7jfVYjKBmLiX8OgpWeW+fjJ2b+Az69aPFPkUOY6xQ==
80568034
dependencies:
8057-
mime-db "1.45.0"
8035+
mime-db "1.46.0"
80588036

80598037
[email protected]:
80608038
version "1.6.0"
80618039
resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
80628040
integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
80638041

8064-
[email protected], mime@^2.4.4, mime@^2.4.5:
8042+
[email protected]:
8043+
version "2.5.2"
8044+
resolved "https://registry.yarnpkg.com/mime/-/mime-2.5.2.tgz#6e3dc6cc2b9510643830e5f19d5cb753da5eeabe"
8045+
integrity sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg==
8046+
8047+
mime@^2.4.4, mime@^2.4.5:
80658048
version "2.5.0"
80668049
resolved "https://registry.yarnpkg.com/mime/-/mime-2.5.0.tgz#2b4af934401779806ee98026bb42e8c1ae1876b1"
80678050
integrity sha512-ft3WayFSFUVBuJj7BMLKAQcSlItKtfjsKDDsii3rqFDAZ7t11zRe8ASw/GlmivGwVUYtwkQrxiGGpL6gFvB0ag==
@@ -11366,9 +11349,9 @@ [email protected]:
1136611349
integrity sha512-YUxzMjJ5T71w6a8WWVcMGM6YWOTX27rCoIQgLXiWaxqXSx9D7DNjiGWn1aJIRSQ5qr0xuhra77bSIh6voR/46Q==
1136711350

1136811351
uglify-js@^3.1.4:
11369-
version "3.12.8"
11370-
resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.12.8.tgz#a82e6e53c9be14f7382de3d068ef1e26e7d4aaf8"
11371-
integrity sha512-fvBeuXOsvqjecUtF/l1dwsrrf5y2BCUk9AOJGzGcm6tE7vegku5u/YvqjyDaAGr422PLoLnrxg3EnRvTqsdC1w==
11352+
version "3.13.0"
11353+
resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.13.0.tgz#66ed69f7241f33f13531d3d51d5bcebf00df7f69"
11354+
integrity sha512-TWYSWa9T2pPN4DIJYbU9oAjQx+5qdV5RUDxwARg8fmJZrD/V27Zj0JngW5xg1DFz42G0uDYl2XhzF6alSzD62w==
1137211355

1137311356
[email protected]:
1137411357
version "0.0.6"
@@ -11625,13 +11608,13 @@ [email protected]:
1162511608
unix-crypt-td-js "1.1.4"
1162611609

1162711610
verdaccio@^4.7.2:
11628-
version "4.11.0"
11629-
resolved "https://registry.yarnpkg.com/verdaccio/-/verdaccio-4.11.0.tgz#7211cdb34d9856e4c44f2956069dd541428c1785"
11630-
integrity sha512-9mNILk0MLcd1e2EHhHVQHaiAIqYxr828Bu9ZDDXBEEA1jRNDqkwqdqr2zFfaTb0rRAfAqiorq/VvB4pNyJXWHQ==
11611+
version "4.11.3"
11612+
resolved "https://registry.yarnpkg.com/verdaccio/-/verdaccio-4.11.3.tgz#99041c814f3ad9cd47d19b78ef632f78ce770b0f"
11613+
integrity sha512-wyE1NLf9b3bGGPSVWkWT6zlBSeVrxIJt12ugfLSXufWlhUVWrOb0LqmQvlY4D9a0aJR1V9+fDO7XZt5E1i0CDA==
1163111614
dependencies:
1163211615
"@verdaccio/commons-api" "9.7.1"
11633-
"@verdaccio/local-storage" "9.7.4"
11634-
"@verdaccio/readme" "9.7.3"
11616+
"@verdaccio/local-storage" "9.7.5"
11617+
"@verdaccio/readme" "9.7.5"
1163511618
"@verdaccio/streams" "9.7.2"
1163611619
"@verdaccio/ui-theme" "1.15.1"
1163711620
JSONStream "1.3.5"
@@ -11642,18 +11625,18 @@ verdaccio@^4.7.2:
1164211625
compression "1.7.4"
1164311626
cookies "0.8.0"
1164411627
cors "2.8.5"
11645-
dayjs "1.10.3"
11646-
envinfo "7.7.3"
11628+
dayjs "1.10.4"
11629+
envinfo "7.7.4"
1164711630
express "4.17.1"
11648-
handlebars "4.7.6"
11631+
handlebars "4.7.7"
1164911632
http-errors "1.8.0"
1165011633
js-yaml "3.14.1"
1165111634
jsonwebtoken "8.5.1"
11652-
kleur "4.1.3"
11653-
lodash "4.17.20"
11635+
kleur "4.1.4"
11636+
lodash "4.17.21"
1165411637
lunr-mutable-indexes "2.3.2"
11655-
marked "1.2.7"
11656-
mime "2.5.0"
11638+
marked "2.0.1"
11639+
mime "2.5.2"
1165711640
minimatch "3.0.4"
1165811641
mkdirp "0.5.5"
1165911642
mv "2.1.1"
@@ -12023,7 +12006,12 @@ [email protected]:
1202312006
dependencies:
1202412007
mkdirp "^0.5.1"
1202512008

12026-
ws@^7.0.0, ws@^7.2.3, ws@~7.4.2:
12009+
ws@^7.0.0:
12010+
version "7.4.4"
12011+
resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.4.tgz#383bc9742cb202292c9077ceab6f6047b17f2d59"
12012+
integrity sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw==
12013+
12014+
ws@^7.2.3, ws@~7.4.2:
1202712015
version "7.4.3"
1202812016
resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.3.tgz#1f9643de34a543b8edb124bdcbc457ae55a6e5cd"
1202912017
integrity sha512-hr6vCR76GsossIRsr8OLR9acVVm1jyfEWvhbNjtgPOrfvAlKzvyeg/P6r8RuDjRyrcQoPQT7K0DGEPc7Ae6jzA==

0 commit comments

Comments
 (0)