From 4a3d811e7ad8f4be0af0c897f8934342ebeb4e1a Mon Sep 17 00:00:00 2001 From: Xevion Date: Mon, 9 Nov 2020 10:14:50 -0600 Subject: [PATCH 1/9] update node-forge dependency vulnerability --- client/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/client/package.json b/client/package.json index d693d24..8458f8e 100644 --- a/client/package.json +++ b/client/package.json @@ -25,6 +25,7 @@ "vue-router": "^3.2.0", "vue-scrollto": "^2.18.2", "vue-server-renderer": "^2.6.11", + "node-forge": ">=0.10.0", "vuex": "^3.5.1" }, "devDependencies": { From 201163eaf2bc0d56d501b51b3d17d958d1236778 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Nov 2020 16:15:43 +0000 Subject: [PATCH 2/9] Bump node-forge from 0.9.0 to 0.10.0 in /client Bumps [node-forge](https://github.com/digitalbazaar/forge) from 0.9.0 to 0.10.0. - [Release notes](https://github.com/digitalbazaar/forge/releases) - [Changelog](https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/0.9.0...0.10.0) Signed-off-by: dependabot[bot] --- client/package-lock.json | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 46f8316..3adfae2 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -7930,10 +7930,9 @@ "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" }, "node-forge": { - "version": "0.9.0", - "resolved": "https://registry.npm.taobao.org/node-forge/download/node-forge-0.9.0.tgz", - "integrity": "sha1-1iQFDtu0SHStyhK7mlLsY8t4JXk=", - "dev": true + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", + "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==" }, "node-ipc": { "version": "9.1.1", @@ -9979,6 +9978,14 @@ "dev": true, "requires": { "node-forge": "0.9.0" + }, + "dependencies": { + "node-forge": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz", + "integrity": "sha512-7ASaDa3pD+lJ3WvXFsxekJQelBKRpne+GOVbLbtHYdd7pFspyeuJHnWfLplGf3SwKGbfs/aYl5V/JCIaHVUKKQ==", + "dev": true + } } }, "semver": { From 382301d72c5e279307421b13aac49182efd09aa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Jan 2021 08:45:32 +0000 Subject: [PATCH 3/9] Bump axios from 0.18.1 to 0.21.1 in /client Bumps [axios](https://github.com/axios/axios) from 0.18.1 to 0.21.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v0.18.1...v0.21.1) Signed-off-by: dependabot[bot] --- client/package-lock.json | 40 +++++----------------------------------- client/package.json | 2 +- 2 files changed, 6 insertions(+), 36 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..9daef78 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -2479,40 +2479,11 @@ "dev": true }, "axios": { - "version": "0.18.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.18.1.tgz", - "integrity": "sha512-0BfJq4NSfQXd+SkFdrvFbG7addhYSBA2mQwISr46pD6E5iqkWg02RAs8vyTT/j0RTnoYmeXauBuSv1qKwR179g==", + "version": "0.21.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz", + "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==", "requires": { - "follow-redirects": "1.5.10", - "is-buffer": "^2.0.2" - }, - "dependencies": { - "debug": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", - "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", - "requires": { - "ms": "2.0.0" - } - }, - "follow-redirects": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", - "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", - "requires": { - "debug": "=3.1.0" - } - }, - "is-buffer": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.4.tgz", - "integrity": "sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A==" - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - } + "follow-redirects": "^1.10.0" } }, "babel-eslint": { @@ -5798,8 +5769,7 @@ "follow-redirects": { "version": "1.12.1", "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.12.1.tgz?cache=0&sync_timestamp=1592518600310&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Ffollow-redirects%2Fdownload%2Ffollow-redirects-1.12.1.tgz", - "integrity": "sha1-3lSmIFMRuT1gOY68Ac9wFWgjErY=", - "dev": true + "integrity": "sha1-3lSmIFMRuT1gOY68Ac9wFWgjErY=" }, "for-in": { "version": "1.0.2", diff --git a/client/package.json b/client/package.json index 8458f8e..09afc0c 100644 --- a/client/package.json +++ b/client/package.json @@ -12,7 +12,7 @@ "@fortawesome/free-solid-svg-icons": "^5.14.0", "@fortawesome/vue-fontawesome": "^2.0.0", "algoliasearch": "^4.3.1", - "axios": ">=0.18.1", + "axios": ">=0.21.1", "bootstrap": "^4.3.1", "bootstrap-vue": "^2.16.0", "core-js": "^3.6.5", From 4bb51d8009e24537890fba2841caa4ec5c197362 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Mar 2021 04:18:49 +0000 Subject: [PATCH 4/9] Bump elliptic from 6.5.3 to 6.5.4 in /client Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] --- client/package-lock.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..34ad1ff 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -4674,24 +4674,24 @@ "dev": true }, "elliptic": { - "version": "6.5.3", - "resolved": "https://registry.npm.taobao.org/elliptic/download/elliptic-6.5.3.tgz?cache=0&sync_timestamp=1592492827851&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Felliptic%2Fdownload%2Felliptic-6.5.3.tgz", - "integrity": "sha1-y1nrLv2vc6C9eMzXAVpirW4Pk9Y=", + "version": "6.5.4", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", + "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", "dev": true, "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", + "bn.js": "^4.11.9", + "brorand": "^1.1.0", "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" + "hmac-drbg": "^1.0.1", + "inherits": "^2.0.4", + "minimalistic-assert": "^1.0.1", + "minimalistic-crypto-utils": "^1.0.1" }, "dependencies": { "bn.js": { - "version": "4.11.9", - "resolved": "https://registry.npm.taobao.org/bn.js/download/bn.js-4.11.9.tgz", - "integrity": "sha1-JtVWgpRY+dHoH8SJUkk9C6NQeCg=", + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", + "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", "dev": true } } From 30eaa4673d0f801737779c41b0736b97cc41fec7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Apr 2021 06:22:26 +0000 Subject: [PATCH 5/9] Bump y18n from 4.0.0 to 4.0.1 in /client Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] --- client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..1e7c012 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -12432,9 +12432,9 @@ "dev": true }, "y18n": { - "version": "4.0.0", - "resolved": "https://registry.npm.taobao.org/y18n/download/y18n-4.0.0.tgz", - "integrity": "sha1-le+U+F7MgdAHwmThkKEg8KPIVms=", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==", "dev": true }, "yallist": { From 864aa33b55c7ca964425664f045f925bb48b4e46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Apr 2021 19:44:12 +0000 Subject: [PATCH 6/9] Bump ssri from 6.0.1 to 6.0.2 in /client Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) Signed-off-by: dependabot[bot] --- client/package-lock.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..dc3044a 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -1749,8 +1749,8 @@ }, "ssri": { "version": "7.1.0", - "resolved": "https://registry.npm.taobao.org/ssri/download/ssri-7.1.0.tgz?cache=0&sync_timestamp=1581989445149&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fssri%2Fdownload%2Fssri-7.1.0.tgz", - "integrity": "sha1-ksJBv23oI2W1x/tL126XVSLhKU0=", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-7.1.0.tgz", + "integrity": "sha512-77/WrDZUWocK0mvA5NTRQyveUf+wsrIc6vyrxpS8tVvYBcX215QbafrJR3KtkpskIzoFLqqNuuYQvxaMjXJ/0g==", "dev": true, "requires": { "figgy-pudding": "^3.5.1", @@ -10582,9 +10582,9 @@ } }, "ssri": { - "version": "6.0.1", - "resolved": "https://registry.npm.taobao.org/ssri/download/ssri-6.0.1.tgz?cache=0&sync_timestamp=1581989445149&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fssri%2Fdownload%2Fssri-6.0.1.tgz", - "integrity": "sha1-KjxBso3UW2K2Nnbst0ABJlrp7dg=", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.2.tgz", + "integrity": "sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==", "dev": true, "requires": { "figgy-pudding": "^3.5.1" From 95a6474d8ea643b87f37aed89251da057d601daf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 May 2021 06:06:21 +0000 Subject: [PATCH 7/9] Bump url-parse from 1.4.7 to 1.5.1 in /client Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.1. - [Release notes](https://github.com/unshiftio/url-parse/releases) - [Commits](https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.1) Signed-off-by: dependabot[bot] --- client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..5d3d12f 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -11391,9 +11391,9 @@ } }, "url-parse": { - "version": "1.4.7", - "resolved": "https://registry.npm.taobao.org/url-parse/download/url-parse-1.4.7.tgz", - "integrity": "sha1-qKg1NejACjFuQDpdtKwbm4U64ng=", + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.1.tgz", + "integrity": "sha512-HOfCOUJt7iSYzEx/UqgtwKRMC6EU91NFhsCHMv9oM03VJcVo2Qrp8T8kI9D7amFf1cu+/3CEhgb3rF9zL7k85Q==", "dev": true, "requires": { "querystringify": "^2.1.1", From 3ec5f2ba248aab69e4b44ebc95df7c40dcd3cde3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 May 2021 21:44:02 +0000 Subject: [PATCH 8/9] Bump lodash from 4.17.19 to 4.17.21 in /client Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21) Signed-off-by: dependabot[bot] --- client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..442bfbb 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -7391,9 +7391,9 @@ } }, "lodash": { - "version": "4.17.19", - "resolved": "https://registry.npm.taobao.org/lodash/download/lodash-4.17.19.tgz?cache=0&sync_timestamp=1594229125892&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Flodash%2Fdownload%2Flodash-4.17.19.tgz", - "integrity": "sha1-5I3e2+MLMyF4PFtDAfvTU7weSks=", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "dev": true }, "lodash._reinterpolate": { From 5aafddcfe92829be8feee871eac23b6c848d0d48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 May 2021 22:02:42 +0000 Subject: [PATCH 9/9] Bump hosted-git-info from 2.8.8 to 2.8.9 in /client Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9) Signed-off-by: dependabot[bot] --- client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index 3adfae2..714915f 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -6215,9 +6215,9 @@ "dev": true }, "hosted-git-info": { - "version": "2.8.8", - "resolved": "https://registry.npm.taobao.org/hosted-git-info/download/hosted-git-info-2.8.8.tgz?cache=0&sync_timestamp=1594428119675&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fhosted-git-info%2Fdownload%2Fhosted-git-info-2.8.8.tgz", - "integrity": "sha1-dTm9S8Hg4KiVgVouAmJCCxKFhIg=", + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", "dev": true }, "hpack.js": {