From f12644a1f99537009da7ef8bcfc6a17168fcb018 Mon Sep 17 00:00:00 2001 From: "Darryl L. Pierce" Date: Sat, 9 Oct 2021 10:45:52 -0400 Subject: [PATCH] Security upgrade to set-value@^4.0.1 [CVE-2021-23440] --- comixed-webui/package.json | 1 + comixed-webui/yarn.lock | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/comixed-webui/package.json b/comixed-webui/package.json index 68eb6acc3..536cfce27 100644 --- a/comixed-webui/package.json +++ b/comixed-webui/package.json @@ -74,6 +74,7 @@ "object-path": "^0.11.8", "postcss": "^7.0.36", "rxjs": "~6.5.5", + "set-value": "^4.0.1", "socket.io": "^2.4", "sockjs-client": "^1.5.0", "ssri": "^8.0.1", diff --git a/comixed-webui/yarn.lock b/comixed-webui/yarn.lock index a40c89df7..cd2454f23 100644 --- a/comixed-webui/yarn.lock +++ b/comixed-webui/yarn.lock @@ -4955,6 +4955,11 @@ is-plain-object@^2.0.3, is-plain-object@^2.0.4: dependencies: isobject "^3.0.1" +is-primitive@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/is-primitive/-/is-primitive-3.0.1.tgz#98c4db1abff185485a657fc2905052b940524d05" + integrity sha512-GljRxhWvlCNRfZyORiH77FwdFwGcMO620o37EOYC0ORWdq+WYNVqW0w2Juzew4M+L81l6/QS3t5gkkihyRqv9w== + is-regex@^1.0.4, is-regex@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.1.tgz#c6f98aacc546f6cec5468a07b7b153ab564a57b9" @@ -7899,6 +7904,14 @@ set-value@^2.0.0, set-value@^2.0.1: is-plain-object "^2.0.3" split-string "^3.0.1" +set-value@^4.0.1: + version "4.1.0" + resolved "https://registry.yarnpkg.com/set-value/-/set-value-4.1.0.tgz#aa433662d87081b75ad88a4743bd450f044e7d09" + integrity sha512-zTEg4HL0RwVrqcWs3ztF+x1vkxfm0lP+MQQFPiMJTKVceBwEV0A569Ou8l9IYQG8jOZdMVI1hGsc0tmeD2o/Lw== + dependencies: + is-plain-object "^2.0.4" + is-primitive "^3.0.1" + setimmediate@^1.0.4: version "1.0.5" resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"