From 80d97a93326406e09776156daf72e3caa03ae25a Mon Sep 17 00:00:00 2001 From: gitphill Date: Tue, 29 Nov 2022 09:18:37 +0000 Subject: [PATCH] fix: escape child process arguments --- package-lock.json | 96 ++++++++++++++++++++++++++--------------------- package.json | 12 +++--- 2 files changed, 60 insertions(+), 48 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9958d20b81..b0a624e196 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,8 +20,8 @@ "@snyk/docker-registry-v2-client": "^2.7.3", "@snyk/fix": "file:packages/snyk-fix", "@snyk/gemfile": "1.2.0", - "@snyk/snyk-cocoapods-plugin": "2.5.2", - "@snyk/snyk-hex-plugin": "1.1.4", + "@snyk/snyk-cocoapods-plugin": "2.5.3", + "@snyk/snyk-hex-plugin": "1.1.6", "@types/jest-json-schema": "^6.1.1", "@types/marked": "^4.0.0", "abbrev": "^1.1.1", @@ -66,18 +66,18 @@ "semver": "^6.0.0", "snyk-config": "4.0.0", "snyk-cpp-plugin": "2.20.1", - "snyk-docker-plugin": "^5.6.4", + "snyk-docker-plugin": "5.6.5", "snyk-go-plugin": "^1.19.4", "snyk-gradle-plugin": "3.24.6", "snyk-module": "3.1.0", - "snyk-mvn-plugin": "2.31.2", + "snyk-mvn-plugin": "2.31.3", "snyk-nodejs-lockfile-parser": "1.44.0", "snyk-nuget-plugin": "1.23.5", "snyk-php-plugin": "1.9.2", "snyk-policy": "^1.25.0", - "snyk-python-plugin": "1.24.1", + "snyk-python-plugin": "1.24.2", "snyk-resolve-deps": "4.7.3", - "snyk-sbt-plugin": "2.16.1", + "snyk-sbt-plugin": "2.16.2", "strip-ansi": "^5.2.0", "tar": "^6.1.2", "uuid": "^8.3.2", @@ -2234,13 +2234,14 @@ } }, "node_modules/@snyk/snyk-cocoapods-plugin": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/@snyk/snyk-cocoapods-plugin/-/snyk-cocoapods-plugin-2.5.2.tgz", - "integrity": "sha512-WHhnwyoGOhjFOjBXqUfszD84SErrtjHjium/4xFbqKpEE+yuwxs8OwV/S29BtxhYiGtjpD1azv5QtH30VUMl0A==", + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/@snyk/snyk-cocoapods-plugin/-/snyk-cocoapods-plugin-2.5.3.tgz", + "integrity": "sha512-BMaE6jB2r57X6G8woGDhd+YjZ20kptRB+uXrpRFHf2PB+zQR2Ej5Vv8WKRkCCEK4Esi8hu/07b2HJiFX9DlR/A==", "dependencies": { "@snyk/cli-interface": "^2.11.0", "@snyk/cocoapods-lockfile-parser": "3.6.2", "@snyk/dep-graph": "^1.23.1", + "shescape": "1.6.1", "source-map-support": "^0.5.7", "tslib": "^2.0.0" }, @@ -2293,13 +2294,14 @@ } }, "node_modules/@snyk/snyk-hex-plugin": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/@snyk/snyk-hex-plugin/-/snyk-hex-plugin-1.1.4.tgz", - "integrity": "sha512-kLfFGckSmyKe667UGPyWzR/H7/Trkt4fD8O/ktElOx1zWgmivpLm0Symb4RCfEmz9irWv+N6zIKRrfSNdytcPQ==", + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/@snyk/snyk-hex-plugin/-/snyk-hex-plugin-1.1.6.tgz", + "integrity": "sha512-6pe8O72QKiRCmS2X5sPZ0YUdE6F246GY1mNifNvU3upeTJWS3TRkhZ8P7vrIZ/Eo6o94hItUekB94aQwGq2s6A==", "dependencies": { "@snyk/dep-graph": "^1.28.0", "@snyk/mix-parser": "^1.1.1", "debug": "^4.3.1", + "shescape": "1.6.1", "tmp": "^0.0.33", "tslib": "^2.0.0", "upath": "2.0.1" @@ -16482,9 +16484,9 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-docker-plugin": { - "version": "5.6.4", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-5.6.4.tgz", - "integrity": "sha512-cdzJT747CN66TkU+3zBlJ3V7X1X404YB3TYnJTvxg4DL/0kZ9LvVpZ2AXWlGtd/lcr91gO/O//dAsl4tJwKUFg==", + "version": "5.6.5", + "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-5.6.5.tgz", + "integrity": "sha512-JOBkAaUaJBXj4xQ7Dc/tNQZBSaY8g3BHm/sAkyABSVs0g/vpX8rZkqcr1MhTP5jFsDL5TYVinD+coAR31k2j3A==", "dependencies": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.3.0", @@ -16500,6 +16502,7 @@ "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", "semver": "^7.3.4", + "shescape": "1.6.1", "snyk-nodejs-lockfile-parser": "1.40.0", "snyk-poetry-lockfile-parser": "^1.1.7", "tar-stream": "^2.1.0", @@ -16909,15 +16912,16 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-mvn-plugin": { - "version": "2.31.2", - "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.31.2.tgz", - "integrity": "sha512-/yqn40AYWxI4UKTEpDTa1xRi3NcSSjfEMzoD0Jlc0qI/z+mRMjRsJjxske38LLOcDeUsoPfSQNv97DUpMedDgA==", + "version": "2.31.3", + "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.31.3.tgz", + "integrity": "sha512-VX/KnqXLRycRQDowOtGuJru4b52wCMpfNIoZDneOqJBSLlZZ0Rb/KNueUtJbT2vm6fZln5bdEXEoME3GX/6bPw==", "dependencies": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.23.1", "debug": "^4.1.1", "glob": "^7.1.6", "needle": "^2.5.0", + "shescape": "1.6.1", "tslib": "^2.4.0" } }, @@ -17206,12 +17210,13 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-python-plugin": { - "version": "1.24.1", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.24.1.tgz", - "integrity": "sha512-u52RAf9T20NsiDLZ798whQLQ/2lWZdDRRFT2GYqyl7oLr5yUD2+SG14d7Phy+ca4Vn7vwKbIQpxXwtUlbRKmVw==", + "version": "1.24.2", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.24.2.tgz", + "integrity": "sha512-jzCBREfDGYLizRse8dFdZwx09tCh4p2z5HdA2zwdHj9Rl+LOKQUMrvr1elZGSt244WYqR3rdsObztrh3mDPWVQ==", "dependencies": { "@snyk/cli-interface": "^2.11.2", "@snyk/dep-graph": "^1.28.1", + "shescape": "1.6.1", "snyk-poetry-lockfile-parser": "^1.1.7", "tmp": "0.2.1" } @@ -17306,12 +17311,13 @@ "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=" }, "node_modules/snyk-sbt-plugin": { - "version": "2.16.1", - "resolved": "https://registry.npmjs.org/snyk-sbt-plugin/-/snyk-sbt-plugin-2.16.1.tgz", - "integrity": "sha512-SUgPMLmHYa76iwM875tP/8K/10gzZfTPUEJsCkI0bA8TQPimiFDqyrB1mhNLo2NPV8YnqIHwFZgx56ibwywPKQ==", + "version": "2.16.2", + "resolved": "https://registry.npmjs.org/snyk-sbt-plugin/-/snyk-sbt-plugin-2.16.2.tgz", + "integrity": "sha512-aeciSOwj6GFLV9NdBrTvtbPoa5SxEWUSZaFC0MQYtaHMfCvQlLWSbcxjK4cqaCp31472tT63C9AKPla/ycn+5g==", "dependencies": { "debug": "^4.1.1", "semver": "^6.1.2", + "shescape": "1.6.1", "tmp": "^0.1.0", "tree-kill": "^1.2.2", "tslib": "^1.10.0" @@ -21784,13 +21790,14 @@ } }, "@snyk/snyk-cocoapods-plugin": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/@snyk/snyk-cocoapods-plugin/-/snyk-cocoapods-plugin-2.5.2.tgz", - "integrity": "sha512-WHhnwyoGOhjFOjBXqUfszD84SErrtjHjium/4xFbqKpEE+yuwxs8OwV/S29BtxhYiGtjpD1azv5QtH30VUMl0A==", + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/@snyk/snyk-cocoapods-plugin/-/snyk-cocoapods-plugin-2.5.3.tgz", + "integrity": "sha512-BMaE6jB2r57X6G8woGDhd+YjZ20kptRB+uXrpRFHf2PB+zQR2Ej5Vv8WKRkCCEK4Esi8hu/07b2HJiFX9DlR/A==", "requires": { "@snyk/cli-interface": "^2.11.0", "@snyk/cocoapods-lockfile-parser": "3.6.2", "@snyk/dep-graph": "^1.23.1", + "shescape": "1.6.1", "source-map-support": "^0.5.7", "tslib": "^2.0.0" }, @@ -21832,13 +21839,14 @@ } }, "@snyk/snyk-hex-plugin": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/@snyk/snyk-hex-plugin/-/snyk-hex-plugin-1.1.4.tgz", - "integrity": "sha512-kLfFGckSmyKe667UGPyWzR/H7/Trkt4fD8O/ktElOx1zWgmivpLm0Symb4RCfEmz9irWv+N6zIKRrfSNdytcPQ==", + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/@snyk/snyk-hex-plugin/-/snyk-hex-plugin-1.1.6.tgz", + "integrity": "sha512-6pe8O72QKiRCmS2X5sPZ0YUdE6F246GY1mNifNvU3upeTJWS3TRkhZ8P7vrIZ/Eo6o94hItUekB94aQwGq2s6A==", "requires": { "@snyk/dep-graph": "^1.28.0", "@snyk/mix-parser": "^1.1.1", "debug": "^4.3.1", + "shescape": "1.6.1", "tmp": "^0.0.33", "tslib": "^2.0.0", "upath": "2.0.1" @@ -32842,9 +32850,9 @@ } }, "snyk-docker-plugin": { - "version": "5.6.4", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-5.6.4.tgz", - "integrity": "sha512-cdzJT747CN66TkU+3zBlJ3V7X1X404YB3TYnJTvxg4DL/0kZ9LvVpZ2AXWlGtd/lcr91gO/O//dAsl4tJwKUFg==", + "version": "5.6.5", + "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-5.6.5.tgz", + "integrity": "sha512-JOBkAaUaJBXj4xQ7Dc/tNQZBSaY8g3BHm/sAkyABSVs0g/vpX8rZkqcr1MhTP5jFsDL5TYVinD+coAR31k2j3A==", "requires": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.3.0", @@ -32860,6 +32868,7 @@ "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", "semver": "^7.3.4", + "shescape": "1.6.1", "snyk-nodejs-lockfile-parser": "1.40.0", "snyk-poetry-lockfile-parser": "^1.1.7", "tar-stream": "^2.1.0", @@ -33182,15 +33191,16 @@ } }, "snyk-mvn-plugin": { - "version": "2.31.2", - "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.31.2.tgz", - "integrity": "sha512-/yqn40AYWxI4UKTEpDTa1xRi3NcSSjfEMzoD0Jlc0qI/z+mRMjRsJjxske38LLOcDeUsoPfSQNv97DUpMedDgA==", + "version": "2.31.3", + "resolved": "https://registry.npmjs.org/snyk-mvn-plugin/-/snyk-mvn-plugin-2.31.3.tgz", + "integrity": "sha512-VX/KnqXLRycRQDowOtGuJru4b52wCMpfNIoZDneOqJBSLlZZ0Rb/KNueUtJbT2vm6fZln5bdEXEoME3GX/6bPw==", "requires": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.23.1", "debug": "^4.1.1", "glob": "^7.1.6", "needle": "^2.5.0", + "shescape": "1.6.1", "tslib": "^2.4.0" }, "dependencies": { @@ -33445,12 +33455,13 @@ } }, "snyk-python-plugin": { - "version": "1.24.1", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.24.1.tgz", - "integrity": "sha512-u52RAf9T20NsiDLZ798whQLQ/2lWZdDRRFT2GYqyl7oLr5yUD2+SG14d7Phy+ca4Vn7vwKbIQpxXwtUlbRKmVw==", + "version": "1.24.2", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.24.2.tgz", + "integrity": "sha512-jzCBREfDGYLizRse8dFdZwx09tCh4p2z5HdA2zwdHj9Rl+LOKQUMrvr1elZGSt244WYqR3rdsObztrh3mDPWVQ==", "requires": { "@snyk/cli-interface": "^2.11.2", "@snyk/dep-graph": "^1.28.1", + "shescape": "1.6.1", "snyk-poetry-lockfile-parser": "^1.1.7", "tmp": "0.2.1" }, @@ -33534,12 +33545,13 @@ } }, "snyk-sbt-plugin": { - "version": "2.16.1", - "resolved": "https://registry.npmjs.org/snyk-sbt-plugin/-/snyk-sbt-plugin-2.16.1.tgz", - "integrity": "sha512-SUgPMLmHYa76iwM875tP/8K/10gzZfTPUEJsCkI0bA8TQPimiFDqyrB1mhNLo2NPV8YnqIHwFZgx56ibwywPKQ==", + "version": "2.16.2", + "resolved": "https://registry.npmjs.org/snyk-sbt-plugin/-/snyk-sbt-plugin-2.16.2.tgz", + "integrity": "sha512-aeciSOwj6GFLV9NdBrTvtbPoa5SxEWUSZaFC0MQYtaHMfCvQlLWSbcxjK4cqaCp31472tT63C9AKPla/ycn+5g==", "requires": { "debug": "^4.1.1", "semver": "^6.1.2", + "shescape": "1.6.1", "tmp": "^0.1.0", "tree-kill": "^1.2.2", "tslib": "^1.10.0" diff --git a/package.json b/package.json index 658ab7d94d..904566404f 100644 --- a/package.json +++ b/package.json @@ -67,8 +67,8 @@ "@snyk/docker-registry-v2-client": "^2.7.3", "@snyk/fix": "file:packages/snyk-fix", "@snyk/gemfile": "1.2.0", - "@snyk/snyk-cocoapods-plugin": "2.5.2", - "@snyk/snyk-hex-plugin": "1.1.4", + "@snyk/snyk-cocoapods-plugin": "2.5.3", + "@snyk/snyk-hex-plugin": "1.1.6", "@types/jest-json-schema": "^6.1.1", "@types/marked": "^4.0.0", "abbrev": "^1.1.1", @@ -113,18 +113,18 @@ "semver": "^6.0.0", "snyk-config": "4.0.0", "snyk-cpp-plugin": "2.20.1", - "snyk-docker-plugin": "^5.6.4", + "snyk-docker-plugin": "5.6.5", "snyk-go-plugin": "^1.19.4", "snyk-gradle-plugin": "3.24.6", "snyk-module": "3.1.0", - "snyk-mvn-plugin": "2.31.2", + "snyk-mvn-plugin": "2.31.3", "snyk-nodejs-lockfile-parser": "1.44.0", "snyk-nuget-plugin": "1.23.5", "snyk-php-plugin": "1.9.2", "snyk-policy": "^1.25.0", - "snyk-python-plugin": "1.24.1", + "snyk-python-plugin": "1.24.2", "snyk-resolve-deps": "4.7.3", - "snyk-sbt-plugin": "2.16.1", + "snyk-sbt-plugin": "2.16.2", "strip-ansi": "^5.2.0", "tar": "^6.1.2", "uuid": "^8.3.2",