From 96ccf3dfcafd040f6f91419ece602dc1da673493 Mon Sep 17 00:00:00 2001 From: Andreas Stassivik Date: Mon, 23 Dec 2019 14:40:58 -0800 Subject: [PATCH 1/3] npm update --- package-lock.json | 12 ++++++------ package.json | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 863c183..c42b84b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3181,9 +3181,9 @@ "dev": true }, "eslint": { - "version": "6.7.2", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-6.7.2.tgz", - "integrity": "sha512-qMlSWJaCSxDFr8fBPvJM9kJwbazrhNcBU3+DszDW1OlEwKBBRWsJc7NJFelvwQpanHCR14cOLD41x8Eqvo3Nng==", + "version": "6.8.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-6.8.0.tgz", + "integrity": "sha512-K+Iayyo2LtyYhDSYwz5D5QdWw0hCacNzyq1Y821Xna2xSJj7cijoLLYmLxTQgcgZ9mC61nryMy9S7GRbYpI5Ig==", "dev": true, "requires": { "@babel/code-frame": "^7.0.0", @@ -6503,9 +6503,9 @@ } }, "rollup": { - "version": "1.27.13", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-1.27.13.tgz", - "integrity": "sha512-hDi7M07MpmNSDE8YVwGVFA8L7n8jTLJ4lG65nMAijAyqBe//rtu4JdxjUBE7JqXfdpqxqDTbCDys9WcqdpsQvw==", + "version": "1.27.14", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-1.27.14.tgz", + "integrity": "sha512-DuDjEyn8Y79ALYXMt+nH/EI58L5pEw5HU9K38xXdRnxQhvzUTI/nxAawhkAHUQeudANQ//8iyrhVRHJBuR6DSQ==", "dev": true, "requires": { "@types/estree": "*", diff --git a/package.json b/package.json index 0cc8505..1e7bf03 100644 --- a/package.json +++ b/package.json @@ -42,13 +42,13 @@ "@babel/register": "^7.7.7", "babel-eslint": "^10.0.3", "chai": "^4.1.2", - "eslint": "^6.7.2", + "eslint": "^6.8.0", "eslint-config-airbnb": "^18.0.1", "eslint-plugin-import": "^2.19.1", "eslint-plugin-jsx-a11y": "^6.2.3", "eslint-plugin-react": "^7.17.0", "mocha": "^6.2.2", - "rollup": "^1.27.13", + "rollup": "^1.27.14", "rollup-plugin-babel": "^4.3.3", "rollup-plugin-commonjs": "^10.1.0", "rollup-plugin-node-builtins": "^2.1.2", From 2069b71dd2c40e3ceb1091466441a91541bc073d Mon Sep 17 00:00:00 2001 From: Andreas Stassivik Date: Mon, 23 Dec 2019 14:55:56 -0800 Subject: [PATCH 2/3] secure sub-dependency --- package-lock.json | 42 +++++++++++++++++++----------------------- package.json | 1 + 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/package-lock.json b/package-lock.json index c42b84b..f7eae6b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2397,37 +2397,24 @@ } }, "bl": { - "version": "0.8.2", - "resolved": "https://registry.npmjs.org/bl/-/bl-0.8.2.tgz", - "integrity": "sha1-yba8oI0bwuoA/Ir7Txpf0eHGbk4=", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/bl/-/bl-4.0.0.tgz", + "integrity": "sha512-QwQvAZZA1Bw1FWnhNj2X5lu+sPxxB2ITH3mqEqYyahN6JZR13ONjk+XiTnBaGEzMPUrAgOkaD68pBH1rvPRPsw==", "dev": true, "requires": { - "readable-stream": "~1.0.26" + "readable-stream": "^3.4.0" }, "dependencies": { - "isarray": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", - "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=", - "dev": true - }, "readable-stream": { - "version": "1.0.34", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz", - "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=", + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.4.0.tgz", + "integrity": "sha512-jItXPLmrSR8jmTRmRWJXCnGJsfy85mB3Wd/uINMXA65yrnFo0cPClFIUWzo2najVNSl+mx7/4W8ttlLWJe99pQ==", "dev": true, "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.1", - "isarray": "0.0.1", - "string_decoder": "~0.10.x" + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" } - }, - "string_decoder": { - "version": "0.10.31", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", - "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=", - "dev": true } } }, @@ -5218,6 +5205,15 @@ "xtend": "~3.0.0" }, "dependencies": { + "bl": { + "version": "0.8.2", + "resolved": "https://registry.npmjs.org/bl/-/bl-0.8.2.tgz", + "integrity": "sha1-yba8oI0bwuoA/Ir7Txpf0eHGbk4=", + "dev": true, + "requires": { + "readable-stream": "~1.0.26" + } + }, "isarray": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", diff --git a/package.json b/package.json index 1e7bf03..434e094 100644 --- a/package.json +++ b/package.json @@ -41,6 +41,7 @@ "@babel/preset-env": "^7.7.7", "@babel/register": "^7.7.7", "babel-eslint": "^10.0.3", + "bl": ">=0.9.5", "chai": "^4.1.2", "eslint": "^6.8.0", "eslint-config-airbnb": "^18.0.1", From f99becba60d395bd0e6217e594eae3734ef33ad8 Mon Sep 17 00:00:00 2001 From: Andreas Stassivik Date: Mon, 23 Dec 2019 15:01:45 -0800 Subject: [PATCH 3/3] repair memory exposure --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index f7eae6b..589fb73 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "implausible", - "version": "3.0.2", + "version": "3.0.3", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 434e094..c97a2bb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "implausible", - "version": "3.0.2", + "version": "3.0.3", "description": "Generate pseudorandom numbers and sample probability distributions with optional seed and choice of algorithm.", "keywords": [ "deterministic",