From d2a1d6e66c34d2c64f81a7f90b911d9cbbd89b88 Mon Sep 17 00:00:00 2001 From: Charles Santos Date: Thu, 2 Mar 2023 10:12:58 -0300 Subject: [PATCH] ENGINEERS-1066 fix eventsource vulnerability (#259) * ENGINEERS-1066 fix eventsource vulnerability * Update CHANGELOG.md --- CHANGELOG.md | 9 +++++++++ package.json | 2 +- yarn.lock | 46 +++++++++------------------------------------- 3 files changed, 19 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bbe507e..0d23bdb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,18 @@ ## [Unreleased] +### Fixed +- [ENGINEERS-1066] Dependabot reported vulnerabilities (eventsource) + ## [2.3.8] - 2023-03-02 +### Fixed +- [ENGINEERS-1066] Dependabot reported vulnerabilities (axios) + ## [2.3.7] - 2023-03-02 +### Fixed +- [ENGINEERS-1066] Dependabot reported vulnerabilities (json5) + ## [2.3.6] - 2023-03-02 ### Fixed diff --git a/package.json b/package.json index fa29bf4e..71c3ad05 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "husky": "^4.2.5", "lint-staged": "^13.1.2", "prettier": "^2.4.0", - "vtex": "3.0.0-beta-ci.3", + "vtex": "3.0.0-beta-ci.5", "xlsx": "^0.18.5" } } diff --git a/yarn.lock b/yarn.lock index 004c6716..73e29636 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3154,12 +3154,10 @@ eventemitter3@^3.1.0: resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-3.1.2.tgz#2d3d48f9c346698fce83a85d7d664e98535df6e7" integrity sha512-tvtQIeLVHjDkJYnzf2dgVMxfuSGJeM/7UCG17TT4EumTfNtF+0nebF/4zWOIkCreAbtNqhGEboB6BWrwqNaw4Q== -eventsource@~1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.0.7.tgz#8fbc72c93fcd34088090bc0a4e64f4b5cee6d8d0" - integrity sha512-4Ln17+vVT0k8aWq+t/bF5arcS3EpT9gYtW66EPacdj/mAFevznsnyoHLPy2BA8gbIQeIHoPsvwmfBftfcG//BQ== - dependencies: - original "^1.0.0" +eventsource@~1.1.1: + version "1.1.2" + resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.1.2.tgz#bc75ae1c60209e7cb1541231980460343eaea7c2" + integrity sha512-xAH3zWhgO2/3KIniEKYPr8plNSzlGINOUqYj0m0u7AB81iRw8b/3E73W6AuU+6klLbaSFmZnaETQ2lXPfAydrA== execa@4.1.0: version "4.1.0" @@ -5697,13 +5695,6 @@ ora@^4.0.3: strip-ansi "^6.0.0" wcwidth "^1.0.1" -original@^1.0.0: - version "1.0.2" - resolved "https://registry.yarnpkg.com/original/-/original-1.0.2.tgz#e442a61cffe1c5fd20a65f3261c26663b303f25f" - integrity sha512-hyBVl6iqqUOJ8FqRe+l/gS8H+kKYjrEndd5Pm1MfBtsEKA038HkkdbAl/72EAXGyonD/PFsvmVG+EvcIpliMBg== - dependencies: - url-parse "^1.4.3" - ospath@^1.2.2: version "1.2.2" resolved "https://registry.yarnpkg.com/ospath/-/ospath-1.2.2.tgz#1276639774a3f8ef2572f7fe4280e0ea4550c07b" @@ -6141,11 +6132,6 @@ querystring@^0.2.0: resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.1.tgz#40d77615bb09d16902a85c3e38aa8b5ed761c2dd" integrity sha512-wkvS7mL/JMugcup3/rMitHmd9ecIGd2lhFhK9N3UUQ450h66d1r3Y9nvXzQAW1Lq+wyx61k/1pfKS5KuKiyEbg== -querystringify@^2.1.1: - version "2.2.0" - resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.2.0.tgz#3345941b4153cb9d082d8eee4cda2016a9aef7f6" - integrity sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ== - queue-microtask@^1.2.2: version "1.2.3" resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" @@ -6382,11 +6368,6 @@ require-from-string@^2.0.2: resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== -requires-port@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff" - integrity sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ== - resolve-from@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" @@ -6798,7 +6779,6 @@ static-extend@^0.1.1, static-extend@^0.1.2: stats-lite@vtex/node-stats-lite#dist: version "2.2.0" - uid "1b0d39cc41ef7aaecfd541191f877887a2044797" resolved "https://codeload.github.com/vtex/node-stats-lite/tar.gz/1b0d39cc41ef7aaecfd541191f877887a2044797" dependencies: isnumber "~1.0.0" @@ -7457,14 +7437,6 @@ url-parse-lax@^3.0.0: dependencies: prepend-http "^2.0.0" -url-parse@^1.4.3: - version "1.5.10" - resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1" - integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ== - dependencies: - querystringify "^2.1.1" - requires-port "^1.0.0" - url-to-options@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/url-to-options/-/url-to-options-1.0.1.tgz#1505a03a289a48cbd7a434efbaeec5055f5633a9" @@ -7520,10 +7492,10 @@ verror@1.10.0: core-util-is "1.0.2" extsprintf "^1.2.0" -vtex@3.0.0-beta-ci.3: - version "3.0.0-beta-ci.3" - resolved "https://registry.yarnpkg.com/vtex/-/vtex-3.0.0-beta-ci.3.tgz#7072b362d91ed3bef0ec5a1311cbd4f2fb5e9220" - integrity sha512-UBczSO1UHBLK8Ey/wDZ58UKTjCM9bVGqS2mbRMz5kJpIg/as130hm81Y/EL1/NsciH0zWI2wsK+zKvWKwnHxmA== +vtex@3.0.0-beta-ci.5: + version "3.0.0-beta-ci.5" + resolved "https://registry.yarnpkg.com/vtex/-/vtex-3.0.0-beta-ci.5.tgz#42125a8ac22f255e950fe1f55d3df8a1a89a89de" + integrity sha512-bZMKo74sJkncYsihwEhZys7m9xHD5/c/o91AvXyE2GnIKquQSjAd8pSV/yGm09t3PL4pk19gXp3oEBAJg87Zmw== dependencies: "@oclif/command" "^1.8.0" "@oclif/config" "^1.17.0" @@ -7561,7 +7533,7 @@ vtex@3.0.0-beta-ci.3: detect-port "^1.3.0" diff "~3.5.0" enquirer "~2.3.2" - eventsource "~1.0.7" + eventsource "~1.1.1" extendable-error "~0.1.5" fs-extra "~7.0.0" get-stream "~4.0.0"