Skip to content

Commit 1ebacbb

Browse files
ecraig12345ecraig12345
authored
Unpin deps for security issues (#1191)
1 parent 082c493 commit 1ebacbb

3 files changed

Lines changed: 27 additions & 24 deletions

File tree

change/beachball-1f57b8fe-15cf-4c81-b9f4-e6bc14b90f70.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
{
2+
"type": "none",
3+
"comment": "Unpin deps for security issues",
4+
"packageName": "beachball",
5+
"email": "elcraig@microsoft.com",
6+
"dependentChangeType": "none"
7+
}

package.json

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,10 @@
9595
"resolutions": {
9696
"@types/node": "^14.0.0",
9797
"**/lodash": "4.17.23",
98+
"**/body-parser/qs": "^6.14.2",
99+
"**/express/qs": "^6.14.2",
100+
"**/@cypress/request/qs": "^6.14.2",
101+
"**/verdaccio/handlebars": "^4.7.9",
98102
"**/verdaccio/js-yaml": "^4.1.0",
99103
"**/verdaccio/validator": "^13.15.22",
100104
"**/@verdaccio/config/js-yaml": "^4.1.0",
@@ -108,10 +112,9 @@
108112
},
109113
"resolutions": {
110114
"**/lodash": "Unpin due to security issue",
111-
"**/verdaccio/js-yaml": "Unpin js-yaml due to security issue",
112-
"**/verdaccio/validator": "Unpin validator due to security issue",
113-
"**/@verdaccio/config/js-yaml": "Unpin js-yaml due to security issue",
114-
"**/@verdaccio/url/validator": "Unpin validator due to security issue"
115+
"**/*/qs": "Unpin due to security issue",
116+
"**/verdaccio/*": "Unpin due to security issues",
117+
"**/@verdaccio/*/*": "Unpin due to security issues"
115118
}
116119
}
117120
}

yarn.lock

Lines changed: 13 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1391,9 +1391,9 @@ body-parser@1.20.1:
13911391
unpipe "1.0.0"
13921392

13931393
brace-expansion@^1.1.7:
1394-
version "1.1.12"
1395-
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843"
1396-
integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==
1394+
version "1.1.13"
1395+
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.13.tgz#d37875c01dc9eff988dd49d112a57cb67b54efe6"
1396+
integrity sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==
13971397
dependencies:
13981398
balanced-match "^1.0.0"
13991399
concat-map "0.0.1"
@@ -2584,10 +2584,10 @@ graphemer@^1.4.0:
25842584
resolved "https://registry.yarnpkg.com/graphemer/-/graphemer-1.4.0.tgz#fb2f1d55e0e3a1849aeffc90c4fa0dd53a0e66c6"
25852585
integrity sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==
25862586

2587-
handlebars@4.7.8:
2588-
version "4.7.8"
2589-
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.8.tgz#41c42c18b1be2365439188c77c6afae71c0cd9e9"
2590-
integrity sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==
2587+
handlebars@4.7.8, handlebars@^4.7.9:
2588+
version "4.7.9"
2589+
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.9.tgz#6f139082ab58dc4e5a0e51efe7db5ae890d56a0f"
2590+
integrity sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==
25912591
dependencies:
25922592
minimist "^1.2.5"
25932593
neo-async "^2.6.2"
@@ -4164,19 +4164,12 @@ pure-rand@^6.0.0:
41644164
resolved "https://registry.yarnpkg.com/pure-rand/-/pure-rand-6.1.0.tgz#d173cf23258231976ccbdb05247c9787957604f2"
41654165
integrity sha512-bVWawvoZoBYpp6yIoQtQXHZjmz35RSVHnUOTefl8Vcjr8snTPY1wnpSPMWekcFwbxI6gtmT7rSYPFvz71ldiOA==
41664166

4167-
qs@6.10.4:
4168-
version "6.10.4"
4169-
resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.4.tgz#6a3003755add91c0ec9eacdc5f878b034e73f9e7"
4170-
integrity sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==
4167+
qs@6.10.4, qs@6.11.0, qs@^6.14.2:
4168+
version "6.15.0"
4169+
resolved "https://registry.yarnpkg.com/qs/-/qs-6.15.0.tgz#db8fd5d1b1d2d6b5b33adaf87429805f1909e7b3"
4170+
integrity sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==
41714171
dependencies:
4172-
side-channel "^1.0.4"
4173-
4174-
qs@6.11.0:
4175-
version "6.11.0"
4176-
resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
4177-
integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
4178-
dependencies:
4179-
side-channel "^1.0.4"
4172+
side-channel "^1.1.0"
41804173

41814174
querystringify@^2.1.1:
41824175
version "2.2.0"
@@ -4485,7 +4478,7 @@ side-channel-weakmap@^1.0.2:
44854478
object-inspect "^1.13.3"
44864479
side-channel-map "^1.0.1"
44874480

4488-
side-channel@^1.0.4:
4481+
side-channel@^1.1.0:
44894482
version "1.1.0"
44904483
resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.1.0.tgz#c3fcff9c4da932784873335ec9765fa94ff66bc9"
44914484
integrity sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==

0 commit comments

Comments
 (0)