From 43bab3b87ce12147ca1e37c3cc0dad6d7316f452 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 18:18:02 +0000 Subject: [PATCH] fix: script/vsts/package.json & script/vsts/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 --- script/vsts/package-lock.json | 84 +++++++++++++++-------------------- script/vsts/package.json | 4 +- 2 files changed, 38 insertions(+), 50 deletions(-) diff --git a/script/vsts/package-lock.json b/script/vsts/package-lock.json index cbdd54ee57f..f85801ceac0 100644 --- a/script/vsts/package-lock.json +++ b/script/vsts/package-lock.json @@ -11,9 +11,9 @@ "download": "^7.1.0", "glob": "7.0.3", "pr-changelog": "^0.3.4", - "publish-release": "^1.6.0", + "publish-release": "^1.6.1", "request": "^2.87.0", - "request-promise-native": "^1.0.5", + "request-promise-native": "^1.0.9", "semver": "5.3.0", "yargs": "4.8.1" } @@ -2229,9 +2229,9 @@ } }, "node_modules/lodash": { - "version": "4.17.10", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz", - "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "node_modules/lodash.assign": { "version": "4.2.0", @@ -2828,15 +2828,15 @@ "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==" }, "node_modules/publish-release": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/publish-release/-/publish-release-1.6.0.tgz", - "integrity": "sha512-t+NFXTQN/VDTg9yJ8Uv5ZWQ7Ud1T5W1tPW+bmuo4g6uYVQTVNiwwRF6Td3EtXFTOafpEXJQEZqGG7IvIJwLwIg==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/publish-release/-/publish-release-1.6.1.tgz", + "integrity": "sha512-HpL1MwQzJL/zciYnlWAM8P2h8HFkMF3BUnE6Go0Hcy5bZ5dJTHA8bE9VZOabaUHCqVcrMNR8fZOpCWz4x5xZNA==", "dependencies": { "async": "^0.9.0", "ghauth": "^2.0.0", "github-url-to-object": "^1.4.2", "inquirer": "^0.8.2", - "lodash": "^3.6.0", + "lodash": "^4.17.15", "mime": "^1.3.4", "minimist": "^1.1.1", "pkginfo": "^0.3.0", @@ -2850,11 +2850,6 @@ "publish-release": "bin/publish-release" } }, - "node_modules/publish-release/node_modules/lodash": { - "version": "3.10.1", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz", - "integrity": "sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y=" - }, "node_modules/punycode": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", @@ -3065,11 +3060,11 @@ } }, "node_modules/request-promise-core": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.1.tgz", - "integrity": "sha1-Pu4AssWqgyOc+wTFcA2jb4HNCLY=", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.4.tgz", + "integrity": "sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==", "dependencies": { - "lodash": "^4.13.1" + "lodash": "^4.17.19" }, "engines": { "node": ">=0.10.0" @@ -3079,14 +3074,14 @@ } }, "node_modules/request-promise-native": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.5.tgz", - "integrity": "sha1-UoF3D2jgyXGeUWP9P6tIIhX0/aU=", + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.9.tgz", + "integrity": "sha512-wcW+sIUiWnKgNY0dqCpOZkUbF/I+YPi+f09JZIDa39Ec+q82CpSYniDp+ISgTTbKmnpJWASeJBPZmoxH84wt3g==", "deprecated": "request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142", "dependencies": { - "request-promise-core": "1.1.1", - "stealthy-require": "^1.1.0", - "tough-cookie": ">=2.3.3" + "request-promise-core": "1.1.4", + "stealthy-require": "^1.1.1", + "tough-cookie": "^2.3.3" }, "engines": { "node": ">=0.12.0" @@ -5658,9 +5653,9 @@ } }, "lodash": { - "version": "4.17.10", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz", - "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash.assign": { "version": "4.2.0", @@ -6119,15 +6114,15 @@ "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==" }, "publish-release": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/publish-release/-/publish-release-1.6.0.tgz", - "integrity": "sha512-t+NFXTQN/VDTg9yJ8Uv5ZWQ7Ud1T5W1tPW+bmuo4g6uYVQTVNiwwRF6Td3EtXFTOafpEXJQEZqGG7IvIJwLwIg==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/publish-release/-/publish-release-1.6.1.tgz", + "integrity": "sha512-HpL1MwQzJL/zciYnlWAM8P2h8HFkMF3BUnE6Go0Hcy5bZ5dJTHA8bE9VZOabaUHCqVcrMNR8fZOpCWz4x5xZNA==", "requires": { "async": "^0.9.0", "ghauth": "^2.0.0", "github-url-to-object": "^1.4.2", "inquirer": "^0.8.2", - "lodash": "^3.6.0", + "lodash": "^4.17.15", "mime": "^1.3.4", "minimist": "^1.1.1", "pkginfo": "^0.3.0", @@ -6136,13 +6131,6 @@ "request": "^2.54.0", "single-line-log": "^0.4.1", "string-editor": "^0.1.0" - }, - "dependencies": { - "lodash": { - "version": "3.10.1", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz", - "integrity": "sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y=" - } } }, "punycode": { @@ -6320,21 +6308,21 @@ } }, "request-promise-core": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.1.tgz", - "integrity": "sha1-Pu4AssWqgyOc+wTFcA2jb4HNCLY=", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.4.tgz", + "integrity": "sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==", "requires": { - "lodash": "^4.13.1" + "lodash": "^4.17.19" } }, "request-promise-native": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.5.tgz", - "integrity": "sha1-UoF3D2jgyXGeUWP9P6tIIhX0/aU=", + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.9.tgz", + "integrity": "sha512-wcW+sIUiWnKgNY0dqCpOZkUbF/I+YPi+f09JZIDa39Ec+q82CpSYniDp+ISgTTbKmnpJWASeJBPZmoxH84wt3g==", "requires": { - "request-promise-core": "1.1.1", - "stealthy-require": "^1.1.0", - "tough-cookie": ">=2.3.3" + "request-promise-core": "1.1.4", + "stealthy-require": "^1.1.1", + "tough-cookie": "^2.3.3" } }, "require-directory": { diff --git a/script/vsts/package.json b/script/vsts/package.json index 463bb18335e..ddcd60da3f8 100644 --- a/script/vsts/package.json +++ b/script/vsts/package.json @@ -7,9 +7,9 @@ "download": "^7.1.0", "glob": "7.0.3", "pr-changelog": "^0.3.4", - "publish-release": "^1.6.0", + "publish-release": "^1.6.1", "request": "^2.87.0", - "request-promise-native": "^1.0.5", + "request-promise-native": "^1.0.9", "semver": "5.3.0", "yargs": "4.8.1" }