fix: update dependencies due to security vulnerabilities

lodash@3.0.1-0
verdaccio · Feb 11, 2019 · f6f014a · f6f014a
1 parent c4b1e15
commit f6f014a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 33 deletions.
diff --git a/package.json b/package.json
@@ -16,10 +16,10 @@
   },
   "dependencies": {
     "@verdaccio/file-locking": "0.0.8",
-    "@verdaccio/local-storage": "1.1.4",
+    "@verdaccio/local-storage": "1.1.6",
     "@verdaccio/streams": "1.0.0",
     "JSONStream": "1.3.5",
-    "async": "2.6.1",
+    "async": "3.0.1-0",
     "body-parser": "1.18.3",
     "bunyan": "1.8.12",
     "chalk": "2.4.2",
@@ -30,7 +30,7 @@
     "date-fns": "1.29.0",
     "express": "4.16.4",
     "global": "4.3.2",
-    "handlebars": "4.0.12",
+    "handlebars": "4.1.0",
     "http-errors": "1.7.1",
     "js-base64": "2.5.1",
     "js-string-escape": "1.0.1",

diff --git a/yarn.lock b/yarn.lock
@@ -237,13 +237,6 @@
   version "10.5.4"
   resolved "https://registry.npmjs.org/@types/node/-/node-10.5.4.tgz#6eccc158504357d1da91434d75e86acde94bb10b"
 
-"@verdaccio/file-locking@0.0.7":
-  version "0.0.7"
-  resolved "https://registry.npmjs.org/@verdaccio/file-locking/-/file-locking-0.0.7.tgz#5fd1b2bd391e54fa32d079002b5f7ba90844e344"
-  dependencies:
-    lockfile "1.0.3"
-    lodash "4.17.10"
-
 "@verdaccio/file-locking@0.0.8":
   version "0.0.8"
   resolved "https://registry.npmjs.org/@verdaccio/file-locking/-/file-locking-0.0.8.tgz#6acb62e17db2fa093f86158e4a1c0b2802a69359"
@@ -252,14 +245,14 @@
     lockfile "1.0.4"
     lodash "4.17.11"
 
-"@verdaccio/local-storage@1.1.4":
-  version "1.1.4"
-  resolved "https://registry.npmjs.org/@verdaccio/local-storage/-/local-storage-1.1.4.tgz#e40f0315fb1964cb4234e32f6526dc5c5a40d285"
-  integrity sha512-ocmot986URUER2DYXFM2iMqRTlO1so7tY2uxPF86+T9qOpvBS+TT2Q+ZwMyDJxe6f5GMAjpB19WFFFBq8k6LSA==
+"@verdaccio/local-storage@1.1.6":
+  version "1.1.6"
+  resolved "https://registry.npmjs.org/@verdaccio/local-storage/-/local-storage-1.1.6.tgz#961310552d1927178830aa00d9ad3cef1dd1deea"
+  integrity sha512-rSzugEK6GDenprvnbzR66LSwwpdvXkG7UUJQDQu7dFjlwcCFYJZ9vgOwSU2XJnxFH+ah+ngFIQFB/wTGzzK2gA==
   dependencies:
-    "@verdaccio/file-locking" "0.0.7"
+    "@verdaccio/file-locking" "0.0.8"
     "@verdaccio/streams" "1.0.0"
-    async "2.6.1"
+    async "3.0.1-0"
     http-errors "1.7.1"
     lodash "4.17.11"
     mkdirp "0.5.1"
@@ -745,16 +738,21 @@ async-validator@^1.8.1:
   dependencies:
     babel-runtime "6.x"
 
-async@2.6.1, async@^2.1.4, async@^2.5.0:
-  version "2.6.1"
-  resolved "https://registry.npmjs.org/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610"
-  dependencies:
-    lodash "^4.17.10"
+async@3.0.1-0:
+  version "3.0.1-0"
+  resolved "https://registry.npmjs.org/async/-/async-3.0.1-0.tgz#ca06713f91c3d9eea3e966ace4093f41ef89f200"
+  integrity sha512-b+lONkCWH/GCAIrU0j4m5zed5t+5dfjM2TbUSmKCagx6TZp2jQrNkGL7j1SUb0fF1yH6sKBiXC7Zid8Zj94O6A==
 
 async@^1.4.0, async@^1.5.2:
   version "1.5.2"
   resolved "https://registry.npmjs.org/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a"
 
+async@^2.1.4, async@^2.5.0:
+  version "2.6.1"
+  resolved "https://registry.npmjs.org/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610"
+  dependencies:
+    lodash "^4.17.10"
+
 asynckit@^0.4.0:
   version "0.4.0"
   resolved "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
@@ -4691,10 +4689,10 @@ handle-thing@^2.0.0:
   resolved "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.0.tgz#0e039695ff50c93fc288557d696f3c1dc6776754"
   integrity sha512-d4sze1JNC454Wdo2fkuyzCr6aHcbL6PGGuFAz0Li/NcOm1tCHGnWDRmJP85dh9IhQErTc2svWFEX5xHIOo//kQ==
 
-handlebars@4.0.12:
-  version "4.0.12"
-  resolved "https://registry.npmjs.org/handlebars/-/handlebars-4.0.12.tgz#2c15c8a96d46da5e266700518ba8cb8d919d5bc5"
-  integrity sha512-RhmTekP+FZL+XNhwS1Wf+bTTZpdLougwt5pcgA1tuz6Jcx0fpH/7z0qd71RKnZHBCxIRBHfBOnio4gViPemNzA==
+handlebars@4.1.0:
+  version "4.1.0"
+  resolved "https://registry.npmjs.org/handlebars/-/handlebars-4.1.0.tgz#0d6a6f34ff1f63cecec8423aa4169827bf787c3a"
+  integrity sha512-l2jRuU1NAWK6AW5qqcTATWQJvNPEwkM7NEKSiv/gqOsoSQbVoWyqVEY5GS+XPQ88zLNmqASRpzfdm8d79hJS+w==
   dependencies:
     async "^2.5.0"
     optimist "^0.6.1"
@@ -6308,10 +6306,6 @@ locate-path@^3.0.0:
     p-locate "^3.0.0"
     path-exists "^3.0.0"
 
-lockfile@1.0.3:
-  version "1.0.3"
-  resolved "https://registry.npmjs.org/lockfile/-/lockfile-1.0.3.tgz#2638fc39a0331e9cac1a04b71799931c9c50df79"
-
 lockfile@1.0.4:
   version "1.0.4"
   resolved "https://registry.npmjs.org/lockfile/-/lockfile-1.0.4.tgz#07f819d25ae48f87e538e6578b6964a4981a5609"
@@ -6435,15 +6429,15 @@ lodash.upperfirst@4.3.1:
   version "4.3.1"
   resolved "https://registry.npmjs.org/lodash.upperfirst/-/lodash.upperfirst-4.3.1.tgz#1365edf431480481ef0d1c68957a5ed99d49f7ce"
 
-lodash@4.17.10, lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@~4.17.10:
-  version "4.17.10"
-  resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7"
-
 lodash@4.17.11:
   version "4.17.11"
   resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
   integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
 
+lodash@^4.0.0, lodash@^4.13.1, lodash@^4.15.0, lodash@^4.17.10, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@~4.17.10:
+  version "4.17.10"
+  resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7"
+
 log-symbols@^2.0.0, log-symbols@^2.1.0:
   version "2.2.0"
   resolved "https://registry.npmjs.org/log-symbols/-/log-symbols-2.2.0.tgz#5740e1c5d6f0dfda4ad9323b5332107ef6b4c40a"