ENGINEERS-1066 fix eventsource vulnerability (#259)

* ENGINEERS-1066 fix eventsource vulnerability * Update CHANGELOG.md
vtex-apps · Mar 2, 2023 · d2a1d6e · d2a1d6e
1 parent 930dbad
commit d2a1d6e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 38 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,18 @@
 ## [Unreleased]
 
+### Fixed
+- [ENGINEERS-1066] Dependabot reported vulnerabilities (eventsource)
+
 ## [2.3.8] - 2023-03-02
 
+### Fixed
+- [ENGINEERS-1066] Dependabot reported vulnerabilities (axios)
+
 ## [2.3.7] - 2023-03-02
 
+### Fixed
+- [ENGINEERS-1066] Dependabot reported vulnerabilities (json5)
+
 ## [2.3.6] - 2023-03-02
 
 ### Fixed

diff --git a/package.json b/package.json
@@ -53,7 +53,7 @@
     "husky": "^4.2.5",
     "lint-staged": "^13.1.2",
     "prettier": "^2.4.0",
-    "vtex": "3.0.0-beta-ci.3",
+    "vtex": "3.0.0-beta-ci.5",
     "xlsx": "^0.18.5"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -3154,12 +3154,10 @@ eventemitter3@^3.1.0:
   resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-3.1.2.tgz#2d3d48f9c346698fce83a85d7d664e98535df6e7"
   integrity sha512-tvtQIeLVHjDkJYnzf2dgVMxfuSGJeM/7UCG17TT4EumTfNtF+0nebF/4zWOIkCreAbtNqhGEboB6BWrwqNaw4Q==
 
-eventsource@~1.0.7:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.0.7.tgz#8fbc72c93fcd34088090bc0a4e64f4b5cee6d8d0"
-  integrity sha512-4Ln17+vVT0k8aWq+t/bF5arcS3EpT9gYtW66EPacdj/mAFevznsnyoHLPy2BA8gbIQeIHoPsvwmfBftfcG//BQ==
-  dependencies:
-    original "^1.0.0"
+eventsource@~1.1.1:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.1.2.tgz#bc75ae1c60209e7cb1541231980460343eaea7c2"
+  integrity sha512-xAH3zWhgO2/3KIniEKYPr8plNSzlGINOUqYj0m0u7AB81iRw8b/3E73W6AuU+6klLbaSFmZnaETQ2lXPfAydrA==
 
 [email protected]:
   version "4.1.0"
@@ -5697,13 +5695,6 @@ ora@^4.0.3:
     strip-ansi "^6.0.0"
     wcwidth "^1.0.1"
 
-original@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/original/-/original-1.0.2.tgz#e442a61cffe1c5fd20a65f3261c26663b303f25f"
-  integrity sha512-hyBVl6iqqUOJ8FqRe+l/gS8H+kKYjrEndd5Pm1MfBtsEKA038HkkdbAl/72EAXGyonD/PFsvmVG+EvcIpliMBg==
-  dependencies:
-    url-parse "^1.4.3"
-
 ospath@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/ospath/-/ospath-1.2.2.tgz#1276639774a3f8ef2572f7fe4280e0ea4550c07b"
@@ -6141,11 +6132,6 @@ querystring@^0.2.0:
   resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.1.tgz#40d77615bb09d16902a85c3e38aa8b5ed761c2dd"
   integrity sha512-wkvS7mL/JMugcup3/rMitHmd9ecIGd2lhFhK9N3UUQ450h66d1r3Y9nvXzQAW1Lq+wyx61k/1pfKS5KuKiyEbg==
 
-querystringify@^2.1.1:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.2.0.tgz#3345941b4153cb9d082d8eee4cda2016a9aef7f6"
-  integrity sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==
-
 queue-microtask@^1.2.2:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243"
@@ -6382,11 +6368,6 @@ require-from-string@^2.0.2:
   resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909"
   integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==
 
-requires-port@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff"
-  integrity sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==
-
 resolve-from@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6"
@@ -6798,7 +6779,6 @@ static-extend@^0.1.1, static-extend@^0.1.2:
 
 stats-lite@vtex/node-stats-lite#dist:
   version "2.2.0"
-  uid "1b0d39cc41ef7aaecfd541191f877887a2044797"
   resolved "https://codeload.github.com/vtex/node-stats-lite/tar.gz/1b0d39cc41ef7aaecfd541191f877887a2044797"
   dependencies:
     isnumber "~1.0.0"
@@ -7457,14 +7437,6 @@ url-parse-lax@^3.0.0:
   dependencies:
     prepend-http "^2.0.0"
 
-url-parse@^1.4.3:
-  version "1.5.10"
-  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1"
-  integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==
-  dependencies:
-    querystringify "^2.1.1"
-    requires-port "^1.0.0"
-
 url-to-options@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/url-to-options/-/url-to-options-1.0.1.tgz#1505a03a289a48cbd7a434efbaeec5055f5633a9"
@@ -7520,10 +7492,10 @@ [email protected]:
     core-util-is "1.0.2"
     extsprintf "^1.2.0"
 
-[email protected].3:
-  version "3.0.0-beta-ci.3"
-  resolved "https://registry.yarnpkg.com/vtex/-/vtex-3.0.0-beta-ci.3.tgz#7072b362d91ed3bef0ec5a1311cbd4f2fb5e9220"
-  integrity sha512-UBczSO1UHBLK8Ey/wDZ58UKTjCM9bVGqS2mbRMz5kJpIg/as130hm81Y/EL1/NsciH0zWI2wsK+zKvWKwnHxmA==
+[email protected].5:
+  version "3.0.0-beta-ci.5"
+  resolved "https://registry.yarnpkg.com/vtex/-/vtex-3.0.0-beta-ci.5.tgz#42125a8ac22f255e950fe1f55d3df8a1a89a89de"
+  integrity sha512-bZMKo74sJkncYsihwEhZys7m9xHD5/c/o91AvXyE2GnIKquQSjAd8pSV/yGm09t3PL4pk19gXp3oEBAJg87Zmw==
   dependencies:
     "@oclif/command" "^1.8.0"
     "@oclif/config" "^1.17.0"
@@ -7561,7 +7533,7 @@ [email protected]:
     detect-port "^1.3.0"
     diff "~3.5.0"
     enquirer "~2.3.2"
-    eventsource "~1.0.7"
+    eventsource "~1.1.1"
     extendable-error "~0.1.5"
     fs-extra "~7.0.0"
     get-stream "~4.0.0"