From 075690f6124e111164b7c6516cbf31fc07ab23cd Mon Sep 17 00:00:00 2001 From: Daniel Neilson Date: Mon, 17 May 2021 18:25:53 +0000 Subject: [PATCH] chore(deps): avoid vulnerable hosted-git-info@3.0.x --- package.json | 7 ++++++- yarn.lock | 32 ++++++++++++++++++++++++++++---- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index db95941fd..b420d791e 100644 --- a/package.json +++ b/package.json @@ -108,9 +108,14 @@ "typescript": "~4.2.4" }, "resolutions-netmask-comment": "transitive dep from proxy-agent 4.0.1 & pac-resolver 4.1.0, which are transitive deps from CDK. Remove the forced resolution when able.", + "resolutions-hosted-git-info": "transitive dep from conventional-changelog-cli@2.1.1 and lerna@4.0.0. hosted-git-info v3.0.0 - v3.0.7 contain a security vulnerability. It is safe to remove/update overrides as long as we stay out of the vulnerable window", "resolutions": { "netmask": "^2.0.1", - "pac-resolver": "^4.2.0" + "pac-resolver": "^4.2.0", + "**/get-pkg-repo/**/hosted-git-info": "^2.1.4", + "**/git-raw-commits/**/hosted-git-info": "^2.1.4", + "**/read-pkg-up/**/hosted-git-info": "^2.1.4", + "hosted-git-info": "^3.0.8" }, "workspaces": { "packages": [ diff --git a/yarn.lock b/yarn.lock index f23686cea..f8f5e8961 100644 --- a/yarn.lock +++ b/yarn.lock @@ -507,6 +507,13 @@ "@aws-cdk/region-info" "1.102.0" constructs "^3.3.69" +"@aws-cdk/aws-imagebuilder@1.102.0": + version "1.102.0" + resolved "https://registry.yarnpkg.com/@aws-cdk/aws-imagebuilder/-/aws-imagebuilder-1.102.0.tgz#148aeaaa56f8e2b6df2dded3c784170a1d92e2a0" + integrity sha512-4jpzhroeywd63Mt8BEjvONToWg3t4ZWk0PKKPpANKdnaPRtlOAbzeJzAimOLA7wkLnv8N+rUtCZwh+oC/GruVQ== + dependencies: + "@aws-cdk/core" "1.102.0" + "@aws-cdk/aws-kinesis@1.102.0": version "1.102.0" resolved "https://registry.yarnpkg.com/@aws-cdk/aws-kinesis/-/aws-kinesis-1.102.0.tgz#2b2fde0bc16354a89a1c3056559e45d0fd270793" @@ -4031,6 +4038,11 @@ crc32-stream@^4.0.1: crc-32 "^1.2.0" readable-stream "^3.4.0" +create-require@^1.1.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" + integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== + cross-spawn@^4: version "4.0.2" resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-4.0.2.tgz#7b9247621c23adfdd3856004a823cbe397424d41" @@ -5667,10 +5679,10 @@ hosted-git-info@^2.1.4: resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.8.9.tgz#dffc0bf9a21c02209090f2aa69429e1414daf3f9" integrity sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw== -hosted-git-info@^3.0.6: - version "3.0.7" - resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-3.0.7.tgz#a30727385ea85acfcee94e0aad9e368c792e036c" - integrity sha512-fWqc0IcuXs+BmE9orLDyVykAG9GJtGLGuZAAqgcckPgv5xad4AcXGIv8galtQvlwutxSlaMcdw7BUtq2EIvqCQ== +hosted-git-info@^3.0.6, hosted-git-info@^3.0.8: + version "3.0.8" + resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-3.0.8.tgz#6e35d4cc87af2c5f816e4cb9ce350ba87a3f370d" + integrity sha512-aXpmwoOhRBrw6X3j0h5RloK4x1OzsxMPyxqIHyNfSe2pypkVTZFpEiRoSipPEPlMrh0HW/XsjkJ5WgnCirpNUw== dependencies: lru-cache "^6.0.0" @@ -10422,6 +10434,18 @@ ts-node@^8.0.2: source-map-support "^0.5.17" yn "3.1.1" +ts-node@^9.1.1: + version "9.1.1" + resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-9.1.1.tgz#51a9a450a3e959401bda5f004a72d54b936d376d" + integrity sha512-hPlt7ZACERQGf03M253ytLY3dHbGNGrAq9qIHWUY9XHYl1z7wYngSr3OQ5xmui8o2AaxsONxIzjafLUiWBo1Fg== + dependencies: + arg "^4.1.0" + create-require "^1.1.0" + diff "^4.0.1" + make-error "^1.1.1" + source-map-support "^0.5.17" + yn "3.1.1" + tsame@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/tsame/-/tsame-2.0.1.tgz#70410ddbefcd29c61e2d68549b3347b0444d613f"