From 9c0c6b0685ce7a7464862a5c53bdce44cad310b8 Mon Sep 17 00:00:00 2001 From: DeepSource Bot Date: Thu, 13 Feb 2025 09:14:02 +0000 Subject: [PATCH] =?UTF-8?q?fix(deps):=20update=20npm/cross-spawn=20from=20?= =?UTF-8?q?7.0.3=20=E2=86=92=207.0.5=20fix(deps):=20update=20npm/cross-spa?= =?UTF-8?q?wn=20from=207.0.3=20=E2=86=92=207.0.5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This pull request addresses security vulnerabilities in this repository by updating dependencies to a safe version. We recommend manually auditing the package manifest files to verify the fixes. ### Upgrade Summary **cross-spawn**: 7.0.3 → 7.0.5 - Fixes [CVE-2024-21538](https://nvd.nist.gov/vuln/detail/CVE-2024-21538) (High severity) - References: - [https://nvd.nist.gov/vuln/detail/CVE-2024-21538](https://nvd.nist.gov/vuln/detail/CVE-2024-21538) - [https://github.com/moxystudio/node-cross-spawn/issues/165](https://github.com/moxystudio/node-cross-spawn/issues/165) - [https://github.com/moxystudio/node-cross-spawn/pull/160](https://github.com/moxystudio/node-cross-spawn/pull/160) - [https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff](https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff) - [https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f](https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f) - [https://github.com/moxystudio/node-cross-spawn/commit/d35c865b877d2f9ded7c1ed87521c2fdb689c8dd](https://github.com/moxystudio/node-cross-spawn/commit/d35c865b877d2f9ded7c1ed87521c2fdb689c8dd) - [https://github.com/moxystudio/node-cross-spawn](https://github.com/moxystudio/node-cross-spawn) - [https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349](https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349) - [https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230](https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230) --- 🤖 This pull request was automatically generated by DeepSource SCA. To view all vulnerabilities in this repository, please visit the [dashboard](https://app.deepsource.one/gh/anto-deepsource/phaser/dependencies/). --- package-lock.json | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7fa3795184..6640a0f27a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -977,14 +977,14 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", "dev": true, "dependencies": { + "which": "^2.0.1", "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" + "shebang-command": "^2.0.0" }, "engines": { "node": ">= 8" @@ -4355,15 +4355,11 @@ } }, "cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", "dev": true, - "requires": { - "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" - } + "requires": {"which":"^2.0.1","path-key":"^3.1.0","shebang-command":"^2.0.0"} }, "debug": { "version": "4.3.4",