From f753c3f506e939d35f07362551c9fd7fe1a25b5b Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Fri, 28 Jul 2023 18:37:20 +0200 Subject: [PATCH 1/3] fix: upgrade tar from 6.1.11 to 6.1.15 (#1397) Snyk has created this PR to upgrade tar from 6.1.11 to 6.1.15. See this package in npm: https://www.npmjs.com/package/tar See this project in Snyk: https://app.snyk.io/org/0x2b3bfa0/project/c72874ff-26c3-4f42-abed-4a4ce462ebbf?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot Co-authored-by: Daniel Barnes --- package-lock.json | 30 +++++++++++++++++++++++------- package.json | 2 +- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5883e82db..823448f35 100644 --- a/package-lock.json +++ b/package-lock.json @@ -39,7 +39,7 @@ "simple-git": "^3.16.0", "strip-ansi": "^6.0.1", "strip-url-auth": "^1.0.1", - "tar": "^6.1.11", + "tar": "^6.1.15", "tempy": "^0.6.0", "timestring": "^6.0.0", "unist-util-visit": "^2.0.3", @@ -6772,18 +6772,27 @@ "license": "MIT" }, "node_modules/tar": { - "version": "6.1.11", - "license": "ISC", + "version": "6.1.15", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.1.15.tgz", + "integrity": "sha512-/zKt9UyngnxIT/EAGYuxaMYgOIJiP81ab9ZfkILq4oNLPFX50qyYmu7jRj9qeXoxmJHjGlbH0+cm2uy1WCs10A==", "dependencies": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", - "minipass": "^3.0.0", + "minipass": "^5.0.0", "minizlib": "^2.1.1", "mkdirp": "^1.0.3", "yallist": "^4.0.0" }, "engines": { - "node": ">= 10" + "node": ">=10" + } + }, + "node_modules/tar/node_modules/minipass": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", + "engines": { + "node": ">=8" } }, "node_modules/tar/node_modules/yallist": { @@ -11943,16 +11952,23 @@ "dev": true }, "tar": { - "version": "6.1.11", + "version": "6.1.15", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.1.15.tgz", + "integrity": "sha512-/zKt9UyngnxIT/EAGYuxaMYgOIJiP81ab9ZfkILq4oNLPFX50qyYmu7jRj9qeXoxmJHjGlbH0+cm2uy1WCs10A==", "requires": { "chownr": "^2.0.0", "fs-minipass": "^2.0.0", - "minipass": "^3.0.0", + "minipass": "^5.0.0", "minizlib": "^2.1.1", "mkdirp": "^1.0.3", "yallist": "^4.0.0" }, "dependencies": { + "minipass": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==" + }, "yallist": { "version": "4.0.0" } diff --git a/package.json b/package.json index 22f639ef8..26aef8037 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "simple-git": "^3.16.0", "strip-ansi": "^6.0.1", "strip-url-auth": "^1.0.1", - "tar": "^6.1.11", + "tar": "^6.1.15", "tempy": "^0.6.0", "timestring": "^6.0.0", "unist-util-visit": "^2.0.3", From 32e0cb85e11e30c7b712cd8ebad06711b4a3bec3 Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Fri, 28 Jul 2023 22:55:53 +0200 Subject: [PATCH 2/3] fix: upgrade node-fetch from 2.6.7 to 2.6.11 (#1395) Snyk has created this PR to upgrade node-fetch from 2.6.7 to 2.6.11. See this package in npm: https://www.npmjs.com/package/node-fetch See this project in Snyk: https://app.snyk.io/org/0x2b3bfa0/project/c72874ff-26c3-4f42-abed-4a4ce462ebbf?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot Co-authored-by: Daniel Barnes --- package-lock.json | 11 +++++++---- package.json | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 823448f35..17423b9e6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -29,7 +29,7 @@ "is-docker": "2.2.1", "js-base64": "^3.7.2", "kebabcase-keys": "^1.0.0", - "node-fetch": "^2.6.5", + "node-fetch": "^2.6.11", "node-ssh": "^12.0.0", "os-name": "^5.0.1", "proxy-agent": "^5.0.0", @@ -5547,8 +5547,9 @@ } }, "node_modules/node-fetch": { - "version": "2.6.7", - "license": "MIT", + "version": "2.6.11", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.11.tgz", + "integrity": "sha512-4I6pdBY1EthSqDmJkiNk3JIT8cswwR9nfeW/cPdUagJYEQG7R95WRH74wpz7ma8Gh/9dI9FP+OU+0E4FvtA55w==", "dependencies": { "whatwg-url": "^5.0.0" }, @@ -11198,7 +11199,9 @@ "version": "2.0.2" }, "node-fetch": { - "version": "2.6.7", + "version": "2.6.11", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.11.tgz", + "integrity": "sha512-4I6pdBY1EthSqDmJkiNk3JIT8cswwR9nfeW/cPdUagJYEQG7R95WRH74wpz7ma8Gh/9dI9FP+OU+0E4FvtA55w==", "requires": { "whatwg-url": "^5.0.0" }, diff --git a/package.json b/package.json index 26aef8037..80e7445e4 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "is-docker": "2.2.1", "js-base64": "^3.7.2", "kebabcase-keys": "^1.0.0", - "node-fetch": "^2.6.5", + "node-fetch": "^2.6.11", "node-ssh": "^12.0.0", "os-name": "^5.0.1", "proxy-agent": "^5.0.0", From 3be0f4c648d65d9a174df4f97cb25bdcf23c7185 Mon Sep 17 00:00:00 2001 From: Helio Machado <0x2b3bfa0+git@googlemail.com> Date: Sat, 29 Jul 2023 20:40:51 +0200 Subject: [PATCH 3/3] fix: upgrade semver from 7.5.2 to 7.5.4 (#1411) Snyk has created this PR to upgrade semver from 7.5.2 to 7.5.4. See this package in npm: https://www.npmjs.com/package/semver See this project in Snyk: https://app.snyk.io/org/0x2b3bfa0/project/c72874ff-26c3-4f42-abed-4a4ce462ebbf?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 17423b9e6..80d6d83ad 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35,7 +35,7 @@ "proxy-agent": "^5.0.0", "pseudoexec": "^0.2.0", "remark": "^13.0.0", - "semver": "^7.5.2", + "semver": "^7.5.4", "simple-git": "^3.16.0", "strip-ansi": "^6.0.1", "strip-url-auth": "^1.0.1", @@ -6376,9 +6376,9 @@ } }, "node_modules/semver": { - "version": "7.5.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", - "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dependencies": { "lru-cache": "^6.0.0" }, @@ -11706,9 +11706,9 @@ } }, "semver": { - "version": "7.5.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", - "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "requires": { "lru-cache": "^6.0.0" }, diff --git a/package.json b/package.json index 80e7445e4..88be601a9 100644 --- a/package.json +++ b/package.json @@ -93,7 +93,7 @@ "proxy-agent": "^5.0.0", "pseudoexec": "^0.2.0", "remark": "^13.0.0", - "semver": "^7.5.2", + "semver": "^7.5.4", "simple-git": "^3.16.0", "strip-ansi": "^6.0.1", "strip-url-auth": "^1.0.1",