Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update CryptoJS and run npm audit fix #451

Merged
merged 3 commits into from
Dec 5, 2023
Merged

fix: update CryptoJS and run npm audit fix #451

merged 3 commits into from
Dec 5, 2023

Conversation

zackdotcomputer
Copy link
Contributor

Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open a GitHub issue as a bug/feature request before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - Upgrade crypto-js as the current have critical vulneravility聽#446
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #446 馃

Updates CryptoJS's package.json version to ^4.2.0, resolving the CVE with it.

Relatedly, for development, there are several CVEs in the second-order dependencies of the dev tools. This runs npm audit fix to update those as well.

@wangela wangela changed the title Update CryptoJS and run npm audit fix fix: update CryptoJS and run npm audit fix Dec 5, 2023
@wangela
Copy link
Member

wangela commented Dec 5, 2023

Thanks for this fix, @zackdotcomputer! Please resolve merge conflicts with a new commit and we'll get this merged.

@zackdotcomputer
Copy link
Contributor Author

@wangela No problem. I've merged the root repo's main into this branch and resolved the conflicts.

@wangela wangela merged commit 60450d0 into googlemaps:main Dec 5, 2023
12 checks passed
github-actions bot pushed a commit that referenced this pull request Dec 5, 2023
@googlemaps-bot
fix: update CryptoJS and run npm audit fix (#451) 60450d0
c9ad74c
googlemaps-bot pushed a commit that referenced this pull request Dec 5, 2023
@semantic-release-bot
chore(release): 1.0.30 [skip ci]
7deabf2 
### [1.0.30](v1.0.29...v1.0.30) (2023-12-05)

### Bug Fixes

* update CryptoJS and run npm audit fix ([#451](#451)) ([60450d0](60450d0))

### Miscellaneous Chores

* **deps-dev:** bump @babel/preset-env from 7.20.2 to 7.21.4 ([#340](#340)) ([a50eacb](a50eacb))
* **deps-dev:** bump @babel/preset-env from 7.21.4 to 7.21.5 ([#351](#351)) ([af1074c](af1074c))
* **deps-dev:** bump @babel/preset-env from 7.21.5 to 7.22.2 ([#361](#361)) ([a2a2c79](a2a2c79))
* **deps-dev:** bump @babel/preset-env from 7.22.10 to 7.22.14 ([#408](#408)) ([caad6f9](caad6f9))
* **deps-dev:** bump @babel/preset-env from 7.22.14 to 7.22.15 ([#410](#410)) ([10ef692](10ef692))
* **deps-dev:** bump @babel/preset-env from 7.22.15 to 7.22.20 ([#414](#414)) ([dc45f5b](dc45f5b))
* **deps-dev:** bump @babel/preset-env from 7.22.2 to 7.22.4 ([#362](#362)) ([61f442f](61f442f))
* **deps-dev:** bump @babel/preset-env from 7.22.20 to 7.23.2 ([#429](#429)) ([e824914](e824914))
* **deps-dev:** bump @babel/preset-env from 7.22.4 to 7.22.5 ([#365](#365)) ([61f95cd](61f95cd))
* **deps-dev:** bump @babel/preset-env from 7.22.5 to 7.22.7 ([#376](#376)) ([45ca8fc](45ca8fc))
* **deps-dev:** bump @babel/preset-env from 7.22.7 to 7.22.9 ([#380](#380)) ([2f44775](2f44775))
* **deps-dev:** bump @babel/preset-env from 7.22.9 to 7.22.10 ([#401](#401)) ([f4d77eb](f4d77eb))
* **deps-dev:** bump @babel/preset-env from 7.23.2 to 7.23.3 ([#445](#445)) ([79a509e](79a509e))
* **deps-dev:** bump @babel/preset-env from 7.23.3 to 7.23.5 ([#452](#452)) ([5c923e6](5c923e6))
* **deps-dev:** bump @babel/traverse from 7.11.5 to 7.23.2 ([#430](#430)) ([32b3c15](32b3c15))
* **deps-dev:** bump @rollup/plugin-babel from 6.0.3 to 6.0.4 ([#424](#424)) ([34b16f2](34b16f2))
* **deps-dev:** bump @rollup/plugin-commonjs from 24.0.0 to 24.0.1 ([#319](#319)) ([bbe5cc7](bbe5cc7))
* **deps-dev:** bump @rollup/plugin-commonjs from 24.0.1 to 24.1.0 ([#346](#346)) ([18d8050](18d8050))
* **deps-dev:** bump @rollup/plugin-commonjs from 24.1.0 to 25.0.0 ([#356](#356)) ([7f5a27a](7f5a27a))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.0 to 25.0.1 ([#364](#364)) ([4045fc3](4045fc3))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.1 to 25.0.2 ([#370](#370)) ([6becb7c](6becb7c))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.2 to 25.0.3 ([#377](#377)) ([55e8181](55e8181))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.3 to 25.0.4 ([#388](#388)) ([7899823](7899823))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.4 to 25.0.5 ([#423](#423)) ([a779268](a779268))
* **deps-dev:** bump @rollup/plugin-commonjs from 25.0.5 to 25.0.7 ([#428](#428)) ([98f59ca](98f59ca))
* **deps-dev:** bump @rollup/plugin-typescript from 10.0.1 to 11.0.0 ([#313](#313)) ([589e716](589e716))
* **deps-dev:** bump @rollup/plugin-typescript from 11.0.0 to 11.1.0 ([#344](#344)) ([40d2a6b](40d2a6b))
* **deps-dev:** bump @rollup/plugin-typescript from 11.1.0 to 11.1.1 ([#357](#357)) ([820a468](820a468))
* **deps-dev:** bump @rollup/plugin-typescript from 11.1.1 to 11.1.2 ([#371](#371)) ([32850a1](32850a1))
* **deps-dev:** bump @rollup/plugin-typescript from 11.1.2 to 11.1.3 ([#405](#405)) ([838a39e](838a39e))
* **deps-dev:** bump @rollup/plugin-typescript from 11.1.3 to 11.1.4 ([#420](#420)) ([3eba710](3eba710))
* **deps-dev:** bump @rollup/plugin-typescript from 11.1.4 to 11.1.5 ([#425](#425)) ([b817fc1](b817fc1))
* **deps-dev:** bump @types/crypto-js from 4.1.1 to 4.1.2 ([#412](#412)) ([8677dc0](8677dc0))
* **deps-dev:** bump @types/crypto-js from 4.1.2 to 4.1.3 ([#434](#434)) ([8981d2f](8981d2f))
* **deps-dev:** bump @types/crypto-js from 4.1.3 to 4.2.1 ([#443](#443)) ([b50bbbc](b50bbbc))
* **deps-dev:** bump @types/node from 18.11.18 to 18.11.19 ([#322](#322)) ([725cbd0](725cbd0))
* **deps-dev:** bump @types/node from 18.11.19 to 18.13.0 ([#324](#324)) ([c7c26a6](c7c26a6))
* **deps-dev:** bump @types/node from 18.13.0 to 18.14.0 ([#327](#327)) ([6a511d7](6a511d7))
* **deps-dev:** bump @types/node from 18.14.0 to 18.14.2 ([#330](#330)) ([04fd1e3](04fd1e3))
* **deps-dev:** bump @types/node from 18.14.2 to 18.14.6 ([#331](#331)) ([10c2f4c](10c2f4c))
* **deps-dev:** bump @types/node from 18.14.6 to 18.15.1 ([#333](#333)) ([9c728ea](9c728ea))
* **deps-dev:** bump @types/node from 18.15.1 to 18.15.3 ([#334](#334)) ([b55daf2](b55daf2))
* **deps-dev:** bump @types/node from 18.15.10 to 18.15.11 ([#341](#341)) ([0965f0e](0965f0e))
* **deps-dev:** bump @types/node from 18.15.11 to 18.16.0 ([#348](#348)) ([81bbe18](81bbe18))
* **deps-dev:** bump @types/node from 18.15.3 to 18.15.10 ([#338](#338)) ([a2d842b](a2d842b))
* **deps-dev:** bump @types/node from 18.16.0 to 18.16.3 ([#352](#352)) ([45c7489](45c7489))
* **deps-dev:** bump @types/node from 18.16.3 to 20.1.0 ([#355](#355)) ([79ca2da](79ca2da))
* **deps-dev:** bump @types/node from 20.1.0 to 20.1.4 ([#358](#358)) ([c390e01](c390e01))
* **deps-dev:** bump @types/node from 20.1.4 to 20.2.3 ([#359](#359)) ([b5706e6](b5706e6))
* **deps-dev:** bump @types/node from 20.10.0 to 20.10.3 ([#454](#454)) ([0e26b0e](0e26b0e))
* **deps-dev:** bump @types/node from 20.2.3 to 20.2.5 ([#360](#360)) ([08cc5e7](08cc5e7))
* **deps-dev:** bump @types/node from 20.2.5 to 20.3.0 ([#367](#367)) ([839448e](839448e))
* **deps-dev:** bump @types/node from 20.3.0 to 20.3.1 ([#368](#368)) ([c6f3f11](c6f3f11))
* **deps-dev:** bump @types/node from 20.3.1 to 20.3.3 ([#372](#372)) ([6e37181](6e37181))
* **deps-dev:** bump @types/node from 20.3.3 to 20.4.1 ([#374](#374)) ([1e2ceef](1e2ceef))
* **deps-dev:** bump @types/node from 20.4.1 to 20.4.2 ([#379](#379)) ([8414aeb](8414aeb))
* **deps-dev:** bump @types/node from 20.4.2 to 20.4.4 ([#381](#381)) ([2ff32f8](2ff32f8))
* **deps-dev:** bump @types/node from 20.4.4 to 20.4.8 ([#385](#385)) ([cbcdad0](cbcdad0))
* **deps-dev:** bump @types/node from 20.4.8 to 20.5.0 ([#389](#389)) ([395ff1f](395ff1f))
* **deps-dev:** bump @types/node from 20.5.0 to 20.5.1 ([#399](#399)) ([70e1427](70e1427))
* **deps-dev:** bump @types/node from 20.5.1 to 20.5.7 ([#403](#403)) ([af714f2](af714f2))
* **deps-dev:** bump @types/node from 20.5.7 to 20.5.9 ([#407](#407)) ([f761dfd](f761dfd))
* **deps-dev:** bump @types/node from 20.5.9 to 20.6.0 ([#411](#411)) ([d4c4853](d4c4853))
* **deps-dev:** bump @types/node from 20.6.0 to 20.6.2 ([#415](#415)) ([3b52e73](3b52e73))
* **deps-dev:** bump @types/node from 20.6.2 to 20.6.5 ([#417](#417)) ([10b04d6](10b04d6))
* **deps-dev:** bump @types/node from 20.6.5 to 20.8.0 ([#421](#421)) ([5d2ee48](5d2ee48))
* **deps-dev:** bump @types/node from 20.8.0 to 20.8.3 ([#422](#422)) ([e39b24b](e39b24b))
* **deps-dev:** bump @types/node from 20.8.10 to 20.9.0 ([#444](#444)) ([496a148](496a148))
* **deps-dev:** bump @types/node from 20.8.3 to 20.8.6 ([#427](#427)) ([8175b34](8175b34))
* **deps-dev:** bump @types/node from 20.8.6 to 20.8.9 ([#439](#439)) ([a008ffe](a008ffe))
* **deps-dev:** bump @types/node from 20.8.9 to 20.8.10 ([#441](#441)) ([415fe5d](415fe5d))
* **deps-dev:** bump @types/node from 20.9.0 to 20.9.2 ([#448](#448)) ([fdf47cd](fdf47cd))
* **deps-dev:** bump @types/node from 20.9.2 to 20.10.0 ([#450](#450)) ([4931522](4931522))
* **deps-dev:** bump ansi-regex from 5.0.0 to 5.0.1 ([#394](#394)) ([d343e55](d343e55))
* **deps-dev:** bump core-js from 3.27.0 to 3.27.1 ([#311](#311)) ([6d55cce](6d55cce))
* **deps-dev:** bump core-js from 3.27.1 to 3.27.2 ([#320](#320)) ([7e715ba](7e715ba))
* **deps-dev:** bump core-js from 3.27.2 to 3.28.0 ([#326](#326)) ([a0bd94c](a0bd94c))
* **deps-dev:** bump core-js from 3.28.0 to 3.29.0 ([#329](#329)) ([d3a1950](d3a1950))
* **deps-dev:** bump core-js from 3.29.0 to 3.29.1 ([#335](#335)) ([2df95d7](2df95d7))
* **deps-dev:** bump core-js from 3.29.1 to 3.30.0 ([#342](#342)) ([79c1fcb](79c1fcb))
* **deps-dev:** bump core-js from 3.30.0 to 3.30.1 ([#345](#345)) ([892451f](892451f))
* **deps-dev:** bump core-js from 3.30.1 to 3.30.2 ([#353](#353)) ([0908d87](0908d87))
* **deps-dev:** bump core-js from 3.30.2 to 3.31.0 ([#366](#366)) ([dad9da3](dad9da3))
* **deps-dev:** bump core-js from 3.31.0 to 3.31.1 ([#375](#375)) ([42e9ccc](42e9ccc))
* **deps-dev:** bump core-js from 3.31.1 to 3.32.0 ([#384](#384)) ([377bff1](377bff1))
* **deps-dev:** bump core-js from 3.32.0 to 3.32.1 ([#400](#400)) ([0098dfa](0098dfa))
* **deps-dev:** bump core-js from 3.32.1 to 3.32.2 ([#409](#409)) ([bfe1fbb](bfe1fbb))
* **deps-dev:** bump core-js from 3.32.2 to 3.33.0 ([#419](#419)) ([73f7b97](73f7b97))
* **deps-dev:** bump core-js from 3.33.0 to 3.33.1 ([#435](#435)) ([aa25b94](aa25b94))
* **deps-dev:** bump core-js from 3.33.1 to 3.33.2 ([#440](#440)) ([25c67c4](25c67c4))
* **deps-dev:** bump core-js from 3.33.2 to 3.33.3 ([#447](#447)) ([aae22e3](aae22e3))
* **deps-dev:** bump decode-uri-component from 0.2.0 to 0.2.2 ([#390](#390)) ([61623bf](61623bf))
* **deps-dev:** bump eslint-config-prettier from 8.5.0 to 8.6.0 ([#316](#316)) ([882f816](882f816))
* **deps-dev:** bump eslint-config-prettier from 8.6.0 to 8.7.0 ([#332](#332)) ([ba8340e](ba8340e))
* **deps-dev:** bump eslint-config-prettier from 8.7.0 to 8.8.0 ([#339](#339)) ([54f4da8](54f4da8))
* **deps-dev:** bump eslint-config-prettier from 8.8.0 to 8.9.0 ([#382](#382)) ([1680cf6](1680cf6))
* **deps-dev:** bump eslint-config-prettier from 8.9.0 to 9.0.0 ([#386](#386)) ([8417cc2](8417cc2))
* **deps-dev:** bump eslint-config-prettier from 9.0.0 to 9.1.0 ([#453](#453)) ([cf61b20](cf61b20))
* **deps-dev:** bump eslint-plugin-jest from 27.2.0 to 27.2.1 ([#315](#315)) ([9a5c7ff](9a5c7ff))
* **deps-dev:** bump eslint-plugin-jest from 27.2.1 to 27.2.2 ([#369](#369)) ([ce065e5](ce065e5))
* **deps-dev:** bump eslint-plugin-jest from 27.2.2 to 27.2.3 ([#378](#378)) ([86c7af6](86c7af6))
* **deps-dev:** bump eslint-plugin-jest from 27.2.3 to 27.4.0 ([#416](#416)) ([5db7b75](5db7b75))
* **deps-dev:** bump eslint-plugin-jest from 27.4.0 to 27.4.2 ([#418](#418)) ([6af386d](6af386d))
* **deps-dev:** bump eslint-plugin-jest from 27.4.2 to 27.4.3 ([#433](#433)) ([8571b18](8571b18))
* **deps-dev:** bump eslint-plugin-jest from 27.4.3 to 27.6.0 ([#438](#438)) ([0f8f7c0](0f8f7c0))
* **deps-dev:** bump jsdom from 16.4.0 to 16.7.0 ([#393](#393)) ([636b458](636b458))
* **deps-dev:** bump json5 from 2.1.3 to 2.2.3 ([#396](#396)) ([f98fe77](f98fe77))
* **deps-dev:** bump minimist from 1.2.5 to 1.2.8 ([#392](#392)) ([724aad1](724aad1))
* **deps-dev:** bump prettier from 2.8.1 to 2.8.2 ([#314](#314)) ([eb6640d](eb6640d))
* **deps-dev:** bump prettier from 2.8.2 to 2.8.3 ([#318](#318)) ([04cf307](04cf307))
* **deps-dev:** bump prettier from 2.8.3 to 2.8.4 ([#325](#325)) ([0cf8f69](0cf8f69))
* **deps-dev:** bump prettier from 2.8.4 to 2.8.7 ([#337](#337)) ([68afb64](68afb64))
* **deps-dev:** bump prettier from 2.8.7 to 2.8.8 ([#349](#349)) ([858f868](858f868))
* **deps-dev:** bump typedoc from 0.23.23 to 0.23.24 ([#312](#312)) ([052d16e](052d16e))
* **deps-dev:** bump typedoc from 0.23.24 to 0.23.25 ([#323](#323)) ([03bd5d7](03bd5d7))
* **deps-dev:** bump typedoc from 0.23.25 to 0.23.26 ([#328](#328)) ([da7db54](da7db54))
* **deps-dev:** bump typedoc from 0.23.26 to 0.23.28 ([#336](#336)) ([d7961f9](d7961f9))
* **deps-dev:** bump typedoc from 0.23.28 to 0.24.1 ([#343](#343)) ([d35350e](d35350e))
* **deps-dev:** bump typedoc from 0.24.1 to 0.24.4 ([#347](#347)) ([39fb154](39fb154))
* **deps-dev:** bump typedoc from 0.24.4 to 0.24.6 ([#350](#350)) ([e46e213](e46e213))
* **deps-dev:** bump typedoc from 0.24.6 to 0.24.7 ([#354](#354)) ([5f0736c](5f0736c))
* **deps-dev:** bump typedoc from 0.24.7 to 0.24.8 ([#363](#363)) ([f2c7efd](f2c7efd))
* **deps-dev:** bump typedoc from 0.24.8 to 0.25.0 ([#404](#404)) ([90cf6db](90cf6db))
* **deps-dev:** bump typedoc from 0.25.0 to 0.25.1 ([#413](#413)) ([9d1a206](9d1a206))
* **deps-dev:** bump typedoc from 0.25.1 to 0.25.2 ([#426](#426)) ([226cafe](226cafe))
* **deps-dev:** bump typedoc from 0.25.2 to 0.25.3 ([#437](#437)) ([ff87819](ff87819))
* **deps-dev:** bump typedoc from 0.25.3 to 0.25.4 ([#449](#449)) ([df77632](df77632))
* **deps-dev:** bump typescript from 4.9.4 to 4.9.5 ([#321](#321)) ([bfe3afc](bfe3afc))
* **deps-dev:** bump word-wrap from 1.2.3 to 1.2.5 ([#391](#391)) ([893d281](893d281))
* **deps:** bump crypto-js from 4.1.1 to 4.2.0 ([#436](#436)) ([948d551](948d551))
* **deps:** bump lodash from 4.17.20 to 4.17.21 ([#431](#431)) ([e3a06e4](e3a06e4))
* update release.yml semantic release versions ([#455](#455)) ([b0dcf93](b0dcf93))
@googlemaps-bot
Copy link
Contributor

馃帀 This PR is included in version 1.0.30 馃帀

The release is available on:

Your semantic-release bot 馃摝馃殌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wangela wangela wangela approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade crypto-js as the current have critical vulneravility
3 participants
@zackdotcomputer @wangela @googlemaps-bot