From 9271b2209b8d65ca93d99676be6fdf019f39cf70 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 18 Feb 2023 01:26:48 +0000 Subject: [PATCH] [CVE-2022-2499][backport 1.x] Resolve qs from 6.5.3 to 6.11.0 (#3451) (cherry picked from commit 9a4f6ad5746c79b883a6e9b6e0f2c97008aa31f2) Signed-off-by: github-actions[bot] --- package.json | 1 + yarn.lock | 12 +----------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index 7635ae3bfe3..edb5eb2273d 100644 --- a/package.json +++ b/package.json @@ -102,6 +102,7 @@ "**/node-jose/node-forge": "^0.10.0", "**/normalize-url": "^4.5.1", "**/prismjs": "^1.23.0", + "**/qs": "^6.11.0", "**/react-syntax-highlighter": "^15.3.1", "**/react-syntax-highlighter/**/highlight.js": "^10.4.1", "**/request": "^2.88.2", diff --git a/yarn.lock b/yarn.lock index 322355075ff..f6506199e96 100644 --- a/yarn.lock +++ b/yarn.lock @@ -16979,23 +16979,13 @@ puppeteer@^5.3.1: unbzip2-stream "^1.3.3" ws "^7.2.3" -qs@6.7.0, qs@^6.4.0: - version "6.7.0" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc" - integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ== - -qs@^6.11.0: +qs@6.7.0, qs@^6.11.0, qs@^6.4.0, qs@~6.5.2: version "6.11.0" resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a" integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q== dependencies: side-channel "^1.0.4" -qs@~6.5.2: - version "6.5.2" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36" - integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA== - query-string@^6.13.2: version "6.13.2" resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.13.2.tgz#3585aa9412c957cbd358fd5eaca7466f05586dda"