From 6342fb272e326cff648169e00eab791856afde10 Mon Sep 17 00:00:00 2001 From: Romain Lenzotti Date: Tue, 23 Apr 2024 08:39:47 +0200 Subject: [PATCH] chore: update formidable to 3.2.4 to fix CVE-2022-29622 --- .../snippets/base/package.json | 3 +- package.json | 6 +- yarn.lock | 189 +++++++++++------- 3 files changed, 124 insertions(+), 74 deletions(-) diff --git a/docs/getting-started/snippets/base/package.json b/docs/getting-started/snippets/base/package.json index 52ccdec7c70..0da862948ee 100644 --- a/docs/getting-started/snippets/base/package.json +++ b/docs/getting-started/snippets/base/package.json @@ -52,7 +52,6 @@ "@types/request-promise": "4.1.45", "@types/sinon": "9.0.8", "@types/sinon-chai": "3.2.4", - "@types/supertest": "6.0.2", "chai": "4.2.0", "chai-as-promised": "7.1.1", "concurrently": "5.3.0", @@ -62,7 +61,7 @@ "rimraf": "3.0.0", "sinon": "9.0.3", "sinon-chai": "3.5.0", - "supertest": "6.0.0", + "supertest": "7.0.0", "ts-node": "9.0.0", "tslint": "6.1.3", "typescript": "4.9.5" diff --git a/package.json b/package.json index 805fe9d0377..9ad06bf98f8 100644 --- a/package.json +++ b/package.json @@ -130,7 +130,6 @@ "@types/sinon": "10.0.20", "@types/sinon-chai": "3.2.12", "@types/superagent": "4.1.24", - "@types/supertest": "6.0.2", "@typescript-eslint/eslint-plugin": "^5.62.0", "@typescript-eslint/parser": "^5.62.0", "chai": "4.4.1", @@ -158,7 +157,7 @@ "semantic-release-slack-bot": "4.0.2", "sinon": "13.0.2", "sinon-chai": "3.7.0", - "supertest": "6.2.2", + "supertest": "7.0.0", "ts-loader": "^9.4.2", "tslib": "2.6.1", "typescript": "4.9.5", @@ -185,7 +184,8 @@ ] }, "resolutions": { - "mongoose": "6.5.1" + "mongoose": "6.5.1", + "formidable": "3.2.4" }, "collective": { "type": "opencollective", diff --git a/yarn.lock b/yarn.lock index 760e83b5285..c184d91754a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7857,7 +7857,6 @@ __metadata: "@types/sinon": "npm:10.0.20" "@types/sinon-chai": "npm:3.2.12" "@types/superagent": "npm:4.1.24" - "@types/supertest": "npm:6.0.2" "@typescript-eslint/eslint-plugin": "npm:^5.62.0" "@typescript-eslint/parser": "npm:^5.62.0" ajv: "npm:8.12.0" @@ -7893,7 +7892,7 @@ __metadata: semantic-release-slack-bot: "npm:4.0.2" sinon: "npm:13.0.2" sinon-chai: "npm:3.7.0" - supertest: "npm:6.2.2" + supertest: "npm:7.0.0" ts-loader: "npm:^9.4.2" tslib: "npm:2.6.1" typescript: "npm:4.9.5" @@ -8539,13 +8538,6 @@ __metadata: languageName: node linkType: hard -"@types/cookiejar@npm:^2.1.5": - version: 2.1.5 - resolution: "@types/cookiejar@npm:2.1.5" - checksum: 10/04d5990e87b6387532d15a87d9ec9b2eb783039291193863751dcfd7fc723a3b3aa30ce4c06b03975cba58632e933772f1ff031af23eaa3ac7f94e71afa6e073 - languageName: node - linkType: hard - "@types/cookies@npm:*": version: 0.7.7 resolution: "@types/cookies@npm:0.7.7" @@ -9056,13 +9048,6 @@ __metadata: languageName: node linkType: hard -"@types/methods@npm:^1.1.4": - version: 1.1.4 - resolution: "@types/methods@npm:1.1.4" - checksum: 10/ad2a7178486f2fd167750f3eb920ab032a947ff2e26f55c86670a6038632d790b46f52e5b6ead5823f1e53fc68028f1e9ddd15cfead7903e04517c88debd72b1 - languageName: node - linkType: hard - "@types/micromatch@npm:^4.0.6": version: 4.0.6 resolution: "@types/micromatch@npm:4.0.6" @@ -9422,27 +9407,6 @@ __metadata: languageName: node linkType: hard -"@types/superagent@npm:^8.1.0": - version: 8.1.1 - resolution: "@types/superagent@npm:8.1.1" - dependencies: - "@types/cookiejar": "npm:^2.1.5" - "@types/methods": "npm:^1.1.4" - "@types/node": "npm:*" - checksum: 10/02b987833cf0d85da9b137fd296fe8ad25a470d60f7e9d81a6ed3f8f8a5d6bace8780816bd35885e2928f467e819a4aa509879a7da0f28018ab1453845eb91e2 - languageName: node - linkType: hard - -"@types/supertest@npm:6.0.2": - version: 6.0.2 - resolution: "@types/supertest@npm:6.0.2" - dependencies: - "@types/methods": "npm:^1.1.4" - "@types/superagent": "npm:^8.1.0" - checksum: 10/4b67fb2d1bfbb7ff0a7dfaaf190cdf2e0014522615fb2dc53c214bdac95b4ee42696dd1df13332c90a7765cc52934c9cc0c428bf0f9e8189167aef01042e7448 - languageName: node - linkType: hard - "@types/swagger-ui-dist@npm:^3.30.4": version: 3.30.4 resolution: "@types/swagger-ui-dist@npm:3.30.4" @@ -11985,6 +11949,19 @@ __metadata: languageName: node linkType: hard +"call-bind@npm:^1.0.7": + version: 1.0.7 + resolution: "call-bind@npm:1.0.7" + dependencies: + es-define-property: "npm:^1.0.0" + es-errors: "npm:^1.3.0" + function-bind: "npm:^1.1.2" + get-intrinsic: "npm:^1.2.4" + set-function-length: "npm:^1.2.1" + checksum: 10/cd6fe658e007af80985da5185bff7b55e12ef4c2b6f41829a26ed1eef254b1f1c12e3dfd5b2b068c6ba8b86aba62390842d81752e67dcbaec4f6f76e7113b6b7 + languageName: node + linkType: hard + "call-me-maybe@npm:^1.0.1": version: 1.0.1 resolution: "call-me-maybe@npm:1.0.1" @@ -13370,7 +13347,7 @@ __metadata: languageName: node linkType: hard -"cookiejar@npm:^2.1.3": +"cookiejar@npm:^2.1.4": version: 2.1.4 resolution: "cookiejar@npm:2.1.4" checksum: 10/4a184f5a0591df8b07d22a43ea5d020eacb4572c383e853a33361a99710437eaa0971716c688684075bbf695b484f5872e9e3f562382e46858716cb7fc8ce3f4 @@ -14013,6 +13990,17 @@ __metadata: languageName: node linkType: hard +"define-data-property@npm:^1.1.4": + version: 1.1.4 + resolution: "define-data-property@npm:1.1.4" + dependencies: + es-define-property: "npm:^1.0.0" + es-errors: "npm:^1.3.0" + gopd: "npm:^1.0.1" + checksum: 10/abdcb2505d80a53524ba871273e5da75e77e52af9e15b3aa65d8aad82b8a3a424dad7aee2cc0b71470ac7acf501e08defac362e8b6a73cdb4309f028061df4ae + languageName: node + linkType: hard + "define-lazy-prop@npm:^2.0.0": version: 2.0.0 resolution: "define-lazy-prop@npm:2.0.0" @@ -14828,6 +14816,22 @@ __metadata: languageName: node linkType: hard +"es-define-property@npm:^1.0.0": + version: 1.0.0 + resolution: "es-define-property@npm:1.0.0" + dependencies: + get-intrinsic: "npm:^1.2.4" + checksum: 10/f66ece0a887b6dca71848fa71f70461357c0e4e7249696f81bad0a1f347eed7b31262af4a29f5d726dc026426f085483b6b90301855e647aa8e21936f07293c6 + languageName: node + linkType: hard + +"es-errors@npm:^1.3.0": + version: 1.3.0 + resolution: "es-errors@npm:1.3.0" + checksum: 10/96e65d640156f91b707517e8cdc454dd7d47c32833aa3e85d79f24f9eb7ea85f39b63e36216ef0114996581969b59fe609a94e30316b08f5f4df1d44134cf8d5 + languageName: node + linkType: hard + "es-get-iterator@npm:^1.1.1": version: 1.1.2 resolution: "es-get-iterator@npm:1.1.2" @@ -16234,15 +16238,14 @@ __metadata: languageName: node linkType: hard -"formidable@npm:^2.0.1": - version: 2.0.1 - resolution: "formidable@npm:2.0.1" +"formidable@npm:3.2.4": + version: 3.2.4 + resolution: "formidable@npm:3.2.4" dependencies: dezalgo: "npm:1.0.3" hexoid: "npm:1.0.0" once: "npm:1.4.0" - qs: "npm:6.9.3" - checksum: 10/f0ad9266e61b0a3ebd301fa6efbc9ea5cbdcf7ef2fbd7f9f1122c9172e41d00323615597f0f5ac6b821cda3f32a6bdf4dc8e77ca61a3124ce5dcf17d69d5954a + checksum: 10/925a1510b3e4cd60da762e4a2e5fc9a0aa886e2626b245e7d717850afb7c0d33238d2486fb0d0abfc4d206f1d425cd8caf167591e52774da9bb8573053a4899f languageName: node linkType: hard @@ -16684,6 +16687,19 @@ __metadata: languageName: node linkType: hard +"get-intrinsic@npm:^1.2.4": + version: 1.2.4 + resolution: "get-intrinsic@npm:1.2.4" + dependencies: + es-errors: "npm:^1.3.0" + function-bind: "npm:^1.1.2" + has-proto: "npm:^1.0.1" + has-symbols: "npm:^1.0.3" + hasown: "npm:^2.0.0" + checksum: 10/85bbf4b234c3940edf8a41f4ecbd4e25ce78e5e6ad4e24ca2f77037d983b9ef943fd72f00f3ee97a49ec622a506b67db49c36246150377efcda1c9eb03e5f06d + languageName: node + linkType: hard + "get-package-type@npm:^0.1.0": version: 0.1.0 resolution: "get-package-type@npm:0.1.0" @@ -17420,6 +17436,15 @@ __metadata: languageName: node linkType: hard +"has-property-descriptors@npm:^1.0.2": + version: 1.0.2 + resolution: "has-property-descriptors@npm:1.0.2" + dependencies: + es-define-property: "npm:^1.0.0" + checksum: 10/2d8c9ab8cebb572e3362f7d06139a4592105983d4317e68f7adba320fe6ddfc8874581e0971e899e633fd5f72e262830edce36d5a0bc863dad17ad20572484b2 + languageName: node + linkType: hard + "has-proto@npm:^1.0.1": version: 1.0.1 resolution: "has-proto@npm:1.0.1" @@ -22094,7 +22119,7 @@ __metadata: languageName: node linkType: hard -"mime@npm:^2.5.0": +"mime@npm:2.6.0": version: 2.6.0 resolution: "mime@npm:2.6.0" bin: @@ -23848,7 +23873,7 @@ __metadata: languageName: node linkType: hard -"object-inspect@npm:^1.12.2": +"object-inspect@npm:^1.12.2, object-inspect@npm:^1.13.1": version: 1.13.1 resolution: "object-inspect@npm:1.13.1" checksum: 10/92f4989ed83422d56431bc39656d4c780348eb15d397ce352ade6b7fec08f973b53744bd41b94af021901e61acaf78fcc19e65bf464ecc0df958586a672700f0 @@ -25396,7 +25421,7 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.11.0, qs@npm:^6.10.1, qs@npm:^6.9.4": +"qs@npm:6.11.0, qs@npm:^6.9.4": version: 6.11.0 resolution: "qs@npm:6.11.0" dependencies: @@ -25405,13 +25430,6 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.9.3": - version: 6.9.3 - resolution: "qs@npm:6.9.3" - checksum: 10/259d06d089c3c677c40533f60b6434d168712c18d304319a7aa6d371a7bc0b029e98fe8fb2e768f0fd371f92891e4314ddedfe3f14a9b9ff5d98ef460dd8d309 - languageName: node - linkType: hard - "qs@npm:6.9.7": version: 6.9.7 resolution: "qs@npm:6.9.7" @@ -25428,6 +25446,15 @@ __metadata: languageName: node linkType: hard +"qs@npm:^6.11.0": + version: 6.12.1 + resolution: "qs@npm:6.12.1" + dependencies: + side-channel: "npm:^1.0.6" + checksum: 10/035bcad2a1ab0175bac7a74c904c15913bdac252834149ccff988c93a51de02642fe7be10e43058ba4dc4094bb28ce9b59d12b9e91d40997f445cfde3ecc1c29 + languageName: node + linkType: hard + "queue-microtask@npm:^1.2.2": version: 1.2.3 resolution: "queue-microtask@npm:1.2.3" @@ -26805,6 +26832,20 @@ __metadata: languageName: node linkType: hard +"set-function-length@npm:^1.2.1": + version: 1.2.2 + resolution: "set-function-length@npm:1.2.2" + dependencies: + define-data-property: "npm:^1.1.4" + es-errors: "npm:^1.3.0" + function-bind: "npm:^1.1.2" + get-intrinsic: "npm:^1.2.4" + gopd: "npm:^1.0.1" + has-property-descriptors: "npm:^1.0.2" + checksum: 10/505d62b8e088468917ca4e3f8f39d0e29f9a563b97dbebf92f4bd2c3172ccfb3c5b8e4566d5fcd00784a00433900e7cb8fbc404e2dbd8c3818ba05bb9d4a8a6d + languageName: node + linkType: hard + "set-value@npm:^2.0.0, set-value@npm:^2.0.1": version: 2.0.1 resolution: "set-value@npm:2.0.1" @@ -26886,6 +26927,18 @@ __metadata: languageName: node linkType: hard +"side-channel@npm:^1.0.6": + version: 1.0.6 + resolution: "side-channel@npm:1.0.6" + dependencies: + call-bind: "npm:^1.0.7" + es-errors: "npm:^1.3.0" + get-intrinsic: "npm:^1.2.4" + object-inspect: "npm:^1.13.1" + checksum: 10/eb10944f38cebad8ad643dd02657592fa41273ce15b8bfa928d3291aff2d30c20ff777cfe908f76ccc4551ace2d1245822fdc576657cce40e9066c638ca8fa4d + languageName: node + linkType: hard + "sift@npm:16.0.0": version: 16.0.0 resolution: "sift@npm:16.0.0" @@ -28051,32 +28104,30 @@ __metadata: languageName: node linkType: hard -"superagent@npm:^7.1.0": - version: 7.1.2 - resolution: "superagent@npm:7.1.2" +"superagent@npm:^9.0.1": + version: 9.0.2 + resolution: "superagent@npm:9.0.2" dependencies: component-emitter: "npm:^1.3.0" - cookiejar: "npm:^2.1.3" - debug: "npm:^4.3.3" + cookiejar: "npm:^2.1.4" + debug: "npm:^4.3.4" fast-safe-stringify: "npm:^2.1.1" form-data: "npm:^4.0.0" - formidable: "npm:^2.0.1" + formidable: "npm:^3.5.1" methods: "npm:^1.1.2" - mime: "npm:^2.5.0" - qs: "npm:^6.10.1" - readable-stream: "npm:^3.6.0" - semver: "npm:^7.3.5" - checksum: 10/f4adb4439c63a2ca0571c3ec414a89411d3baa26ef3243b3e489df97fe8aa0b0e1927d149da29d467e799dc0fcb131c4dd44f35cf98e50ef7d487fc447217ddc + mime: "npm:2.6.0" + qs: "npm:^6.11.0" + checksum: 10/d3c0c9051ceec84d5b431eaa410ad81bcd53255cea57af1fc66d683a24c34f3ba4761b411072a9bf489a70e3d5b586a78a0e6f2eac6a561067e7d196ddab0907 languageName: node linkType: hard -"supertest@npm:6.2.2": - version: 6.2.2 - resolution: "supertest@npm:6.2.2" +"supertest@npm:7.0.0": + version: 7.0.0 + resolution: "supertest@npm:7.0.0" dependencies: methods: "npm:^1.1.2" - superagent: "npm:^7.1.0" - checksum: 10/5715b1fb684af65f54f8e0571026f851c9a2425b571ec2407fe693cd8b7a0bdeb4b0d3998ab8564048261a903441ac43c18566a9f17ebb0f4178e2225b3337db + superagent: "npm:^9.0.1" + checksum: 10/73bf2a37e13856a1b3e6a37b9df5cec8e506aa0360a5f5ecd989d1f4b0edf168883e306012e81e371d5252c17d4c7bef4ba30633dbf3877cbf52fc7af51cca9b languageName: node linkType: hard