From 6fefd203856c26be0b59d811fd8f816e4e38bd2c Mon Sep 17 00:00:00 2001 From: saffi Date: Wed, 24 Mar 2021 15:16:40 +0200 Subject: [PATCH] use patch version modifier ~ - security lodash CR-3960 --- package.json | 10 +++++----- yarn.lock | 49 +++++++++++++++++++++++++++---------------------- 2 files changed, 32 insertions(+), 27 deletions(-) diff --git a/package.json b/package.json index ad6408e..42f9149 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codefresh-sdk", - "version": "1.9.20", + "version": "1.9.21", "description": "Codefresh_api_swagger_3_0_specification", "main": "index.js", "author": { @@ -17,7 +17,7 @@ "dependencies": { "@codefresh-io/cf-receiver": "0.0.1-alpha19", "bluebird": "^3.5.3", - "cf-errors": "^0.1.15", + "cf-errors": "^0.1.16", "compare-versions": "^3.4.0", "debug": "^4.1.1", "decompress": "^4.2.1", @@ -27,11 +27,11 @@ "fs-extra": "^7.0.1", "js-yaml": "^3.13.1", "jsonwebtoken": "^8.4.0", - "lodash": "4.17.20", + "lodash": "~4.17.20", "moment": "^2.24.0", "recursive-readdir": "^2.2.2", - "request": "2.88.2", - "request-promise": "4.2.6", + "request": "~2.88.2", + "request-promise": "~4.2.6", "requestretry": "^4.1.2", "swagger-client": "~3.12.2", "uniqid": "^5.2.0", diff --git a/yarn.lock b/yarn.lock index d4424d3..71408a0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -558,12 +558,12 @@ caseless@~0.12.0: version "0.12.0" resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" -cf-errors@^0.1.15: - version "0.1.15" - resolved "https://registry.yarnpkg.com/cf-errors/-/cf-errors-0.1.15.tgz#b55d03f1977e9677e3af7e7177ae0d901bafaf8a" - integrity sha512-gwhuKuBI7W/CuMpz+bxluWQRAuB3hvGbNcp46A/KcymgRnGKw2vLmIMHI2JaGpATMNdJh49ErocwVruM2UlJqw== +cf-errors@^0.1.16: + version "0.1.16" + resolved "https://registry.yarnpkg.com/cf-errors/-/cf-errors-0.1.16.tgz#03d0b050ac94762552792907b08bd39d1a012116" + integrity sha512-ewA6cTS+bVC32NCxIdEu/5HQ8zb09PV1ubdu0t2yPXs51K31gI78+XGEomVjaXdTbZcGBPVIWhFnG6R/U7K4IQ== dependencies: - lodash "4.17.20" + lodash "^4.17.21" chalk@^1.1.3: version "1.1.3" @@ -2583,11 +2583,6 @@ lodash.sortby@^4.7.0: version "4.7.0" resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" -lodash@4.17.20, lodash@^4.17.15, lodash@^4.17.19: - version "4.17.20" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52" - integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA== - lodash@^4.17.11, lodash@^4.17.4, lodash@^4.3.0: version "4.17.11" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" @@ -2596,6 +2591,16 @@ lodash@^4.17.14: version "4.17.15" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" +lodash@^4.17.15, lodash@^4.17.19: + version "4.17.20" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52" + integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA== + +lodash@^4.17.21, lodash@~4.17.20: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + loose-envify@^1.0.0: version "1.4.0" resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.4.0.tgz#71ee51fa7be4caec1a63839f7e682d8132d30caf" @@ -3352,7 +3357,7 @@ request-promise-native@^1.0.5: stealthy-require "^1.1.1" tough-cookie "^2.3.3" -request-promise@4.2.6: +request-promise@~4.2.6: version "4.2.6" resolved "https://registry.yarnpkg.com/request-promise/-/request-promise-4.2.6.tgz#7e7e5b9578630e6f598e3813c0f8eb342a27f0a2" integrity sha512-HCHI3DJJUakkOr8fNoCc73E5nU5bqITjOYFMDrKHYOXWXrgD/SBaC7LjwuPymUprRyuF06UK7hd/lMHkmUXglQ== @@ -3362,10 +3367,9 @@ request-promise@4.2.6: stealthy-require "^1.1.1" tough-cookie "^2.3.3" -request@2.88.2: - version "2.88.2" - resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3" - integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw== +request@^2.87.0: + version "2.88.0" + resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" dependencies: aws-sign2 "~0.7.0" aws4 "^1.8.0" @@ -3374,7 +3378,7 @@ request@2.88.2: extend "~3.0.2" forever-agent "~0.6.1" form-data "~2.3.2" - har-validator "~5.1.3" + har-validator "~5.1.0" http-signature "~1.2.0" is-typedarray "~1.0.0" isstream "~0.1.2" @@ -3384,13 +3388,14 @@ request@2.88.2: performance-now "^2.1.0" qs "~6.5.2" safe-buffer "^5.1.2" - tough-cookie "~2.5.0" + tough-cookie "~2.4.3" tunnel-agent "^0.6.0" uuid "^3.3.2" -request@^2.87.0: - version "2.88.0" - resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" +request@~2.88.2: + version "2.88.2" + resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3" + integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw== dependencies: aws-sign2 "~0.7.0" aws4 "^1.8.0" @@ -3399,7 +3404,7 @@ request@^2.87.0: extend "~3.0.2" forever-agent "~0.6.1" form-data "~2.3.2" - har-validator "~5.1.0" + har-validator "~5.1.3" http-signature "~1.2.0" is-typedarray "~1.0.0" isstream "~0.1.2" @@ -3409,7 +3414,7 @@ request@^2.87.0: performance-now "^2.1.0" qs "~6.5.2" safe-buffer "^5.1.2" - tough-cookie "~2.4.3" + tough-cookie "~2.5.0" tunnel-agent "^0.6.0" uuid "^3.3.2"