[engsys] upgrade protobufjs dependencies (#25366)

- `protobufjs` to v7.2.2 - `protobufjs-cli` to v1.1.1 This is to address a security warning about indirect dependency of `taffydb` (https://nvd.nist.gov/vuln/detail/CVE-2019-10790)
2023-03-27 13:56:39 -07:00 · 2023-03-27 13:56:39 -07:00 · 4e96139d92
--- a/common/config/rush/pnpm-lock.yaml
+++ b/common/config/rush/pnpm-lock.yaml
@ -734,7 +734,6 @@ packages:
  /@azure/ai-form-recognizer/3.1.0-beta.3:
    resolution: {integrity: sha512-+4QtFKNyxAmdqpcYjuAtmWKm/MuOe9kZsbpS9jA9h0YHzngNj5gc67AA4egV9BXOq9x+1phjYTNC/rxiOUr1uQ==}
    engines: {node: '>=8.0.0'}
-    deprecated: Please migrate to a supported (non-beta) version of this package
    dependencies:
      '@azure/core-auth': 1.4.0
      '@azure/core-http': 1.2.6
@ -1588,6 +1587,13 @@ packages:
      '@jridgewell/sourcemap-codec': 1.4.14
    dev: false

+  /@jsdoc/salty/0.2.5:
+    resolution: {integrity: sha512-TfRP53RqunNe2HBobVBJ0VLhK1HbfvBYeTC1ahnN64PWvyYyGebmMiPkuwvD9fpw2ZbkoPb8Q7mwy0aR8Z9rvw==}
+    engines: {node: '>=v12.0.0'}
+    dependencies:
+      lodash: 4.17.21
+    dev: false
+
  /@microsoft/api-extractor-model/7.26.4:
    resolution: {integrity: sha512-PDCgCzXDo+SLY5bsfl4bS7hxaeEtnXj7XtuzEE+BtALp7B5mK/NrS2kHWU69pohgsRmEALycQdaQPXoyT2i5MQ==}
    dependencies:
@ -2295,7 +2301,7 @@ packages:
    resolution: {integrity: sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==}
    dependencies:
      '@types/connect': 3.4.35
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/chai-as-promised/7.1.5:
@ -2317,7 +2323,7 @@ packages:
  /@types/connect/3.4.35:
    resolution: {integrity: sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/cookie/0.4.1:
@ -2327,7 +2333,7 @@ packages:
  /@types/cors/2.8.13:
    resolution: {integrity: sha512-RG8AStHlUiV5ysZQKq97copd2UmVYw3/pRMLefISZ3S1hK104Cwm7iLQ3fTKx+lsUH2CE8FlLaYeEA2LSeqYUA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/debug/4.1.7:
@ -2339,7 +2345,7 @@ packages:
  /@types/decompress/4.2.4:
    resolution: {integrity: sha512-/C8kTMRTNiNuWGl5nEyKbPiMv6HA+0RbEXzFhFBEzASM6+oa4tJro9b8nj7eRlOFfuLdzUU+DS/GPDlvvzMOhA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/eslint/8.4.10:
@ -2360,7 +2366,7 @@ packages:
  /@types/express-serve-static-core/4.17.33:
    resolution: {integrity: sha512-TPBqmR/HRYI3eC2E5hmiivIzv+bidAfXofM+sbonAGvyDhySGw9/PQZFt2BLOrjUUR++4eJVpx6KnLQK1Fk9tA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
      '@types/qs': 6.9.7
      '@types/range-parser': 1.2.4
    dev: false
@ -2377,13 +2383,13 @@ packages:
  /@types/fs-extra/8.1.2:
    resolution: {integrity: sha512-SvSrYXfWSc7R4eqnOzbQF4TZmfpNSM9FrSWLU3EUnWBuyZqNBOrv1B1JA3byUDPUl9z4Ab3jeZG2eDdySlgNMg==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/fs-extra/9.0.13:
    resolution: {integrity: sha512-nEnwB++1u5lVDM2UI4c1+5R+FYaKfaAzS4OococimjVm3nQw3TuzH5UNsocrcTBbhnerblyHj4A49qXbIiZdpA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/inquirer/8.2.6:
@ -2396,7 +2402,7 @@ packages:
  /@types/is-buffer/2.0.0:
    resolution: {integrity: sha512-0f7N/e3BAz32qDYvgB4d2cqv1DqUwvGxHkXsrucICn8la1Vb6Yl6Eg8mPScGwUiqHJeE7diXlzaK+QMA9m4Gxw==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/json-schema/7.0.11:
@ -2410,13 +2416,13 @@ packages:
  /@types/jsonwebtoken/9.0.1:
    resolution: {integrity: sha512-c5ltxazpWabia/4UzhIoaDcIza4KViOQhdbjRlfcIGVnsE3c3brkz9Z+F/EeJIECOQP7W7US2hNE930cWWkPiw==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/jws/3.2.5:
    resolution: {integrity: sha512-xGTxZH34xOryaTN8CMsvhh9lfNqFuHiMoRvsLYWQdBJHqiECyfInXVl2eK8Jz2emxZWMIn5RBlmr3oDVPeWujw==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/linkify-it/3.0.2:
@ -2463,7 +2469,7 @@ packages:
  /@types/node-fetch/2.6.2:
    resolution: {integrity: sha512-DHqhlq5jeESLy19TYhLakJ07kNumXWjcDdxXsLUMJZ6ue8VZJj4kLPQVE/2mdHh3xZziNF1xppu5lwmS53HR+A==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
      form-data: 3.0.1
    dev: false

@ -2510,7 +2516,7 @@ packages:
  /@types/resolve/1.17.1:
    resolution: {integrity: sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/semaphore/1.1.1:
@ -2525,7 +2531,7 @@ packages:
    resolution: {integrity: sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==}
    dependencies:
      '@types/mime': 3.0.1
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/sinon/10.0.13:
@ -2547,13 +2553,13 @@ packages:
  /@types/stoppable/1.1.1:
    resolution: {integrity: sha512-b8N+fCADRIYYrGZOcmOR8ZNBOqhktWTB/bMUl5LvGtT201QKJZOOH5UsFyI3qtteM6ZAJbJqZoBcLqqxKIwjhw==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/through/0.0.30:
    resolution: {integrity: sha512-FvnCJljyxhPM3gkRgWmxmDZyAQSiBQQWLI0A0VFL0K7W1oRUrPJSqNO0NvTnLkBcotdlp3lKvaT0JrnyRDkzOg==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/tough-cookie/4.0.2:
@ -2567,13 +2573,13 @@ packages:
  /@types/tunnel/0.0.1:
    resolution: {integrity: sha512-AOqu6bQu5MSWwYvehMXLukFHnupHrpZ8nvgae5Ggie9UwzDR1CCwoXgSSWNZJuyOlCdfdsWMA5F2LlmvyoTv8A==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/tunnel/0.0.3:
    resolution: {integrity: sha512-sOUTGn6h1SfQ+gbgqC364jLFBw2lnFqkgF3q0WovEHRLMrVD1sd5aufqi/aJObLekJO+Aq5z646U4Oxy6shXMA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/underscore/1.11.4:
@ -2591,19 +2597,19 @@ packages:
  /@types/ws/7.4.7:
    resolution: {integrity: sha512-JQbbmxZTZehdc2iszGKs5oC3NFnjeay7mtAWrdt7qNtAVK0g19muApzAy4bm9byz79xa2ZnO/BOBC2R8RC5Lww==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/ws/8.5.4:
    resolution: {integrity: sha512-zdQDHKUgcX/zBc4GrwsE/7dVdAD8JR4EuiAXiiUhhfyIJXXb2+PrGshFyeXWQPMmmZ2XxgaqclgpIC7eTXc1mg==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/xml2js/0.4.11:
    resolution: {integrity: sha512-JdigeAKmCyoJUiQljjr7tQG3if9NkqGUgwEUqBvV0N7LM4HyQk7UXCnusRa1lnvXAEYJ8mw8GtZWioagNztOwA==}
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false

  /@types/yargs-parser/21.0.0:
@ -2620,7 +2626,7 @@ packages:
    resolution: {integrity: sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==}
    requiresBuild: true
    dependencies:
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
    dev: false
    optional: true

@ -3690,7 +3696,7 @@ packages:
    resolution: {integrity: sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==}
    deprecated: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    dependencies:
-      ms: 2.1.1
+      ms: 2.1.3
    dev: false

  /debug/3.2.7:
@ -3979,7 +3985,7 @@ packages:
    dependencies:
      '@types/cookie': 0.4.1
      '@types/cors': 2.8.13
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
      accepts: 1.3.8
      base64id: 2.0.0
      cookie: 0.4.2
@ -5003,7 +5009,7 @@ packages:
      fs.realpath: 1.0.0
      inflight: 1.0.6
      inherits: 2.0.4
-      minimatch: 3.0.4
+      minimatch: 3.1.2
      once: 1.4.0
      path-is-absolute: 1.0.1
    dev: false
@ -5793,12 +5799,13 @@ packages:
    resolution: {integrity: sha512-aBE4n43IPvjaddScbvWRA2YlTzKEynHzu7MqOyTipdHucf/VxS63ViCjxYRg86M8Rxwbt/GfzHl1kKERkt45fQ==}
    dev: false

-  /jsdoc/3.6.11:
-    resolution: {integrity: sha512-8UCU0TYeIYD9KeLzEcAu2q8N/mx9O3phAGl32nmHlE0LpaJL71mMkP4d+QE5zWfNt50qheHtOZ0qoxVrsX5TUg==}
+  /jsdoc/4.0.2:
+    resolution: {integrity: sha512-e8cIg2z62InH7azBBi3EsSEqrKx+nUtAS5bBcYTSpZFA+vhNPyhv8PTFZ0WsjOPDj04/dOLlm08EDcQJDqaGQg==}
    engines: {node: '>=12.0.0'}
    hasBin: true
    dependencies:
      '@babel/parser': 7.21.3
+      '@jsdoc/salty': 0.2.5
      '@types/markdown-it': 12.2.3
      bluebird: 3.7.2
      catharsis: 0.9.0
@ -5811,7 +5818,6 @@ packages:
      mkdirp: 1.0.4
      requizzle: 0.2.4
      strip-json-comments: 3.1.1
-      taffydb: 2.6.2
      underscore: 1.13.6
    dev: false

@ -7376,8 +7382,8 @@ packages:
    engines: {node: '>= 8'}
    dev: false

-  /protobufjs-cli/1.0.2_protobufjs@7.1.2:
-    resolution: {integrity: sha512-cz9Pq9p/Zs7okc6avH20W7QuyjTclwJPgqXG11jNaulfS3nbVisID8rC+prfgq0gbZE0w9LBFd1OKFF03kgFzg==}
+  /protobufjs-cli/1.1.1_protobufjs@7.2.3:
+    resolution: {integrity: sha512-VPWMgIcRNyQwWUv8OLPyGQ/0lQY/QTQAVN5fh+XzfDwsVw1FZ2L3DM/bcBf8WPiRz2tNpaov9lPZfNcmNo6LXA==}
    engines: {node: '>=12.0.0'}
    hasBin: true
    peerDependencies:
@ -7388,16 +7394,16 @@ packages:
      espree: 9.5.0
      estraverse: 5.3.0
      glob: 8.1.0
-      jsdoc: 3.6.11
+      jsdoc: 4.0.2
      minimist: 1.2.8
-      protobufjs: 7.1.2
+      protobufjs: 7.2.3
      semver: 7.3.8
      tmp: 0.2.1
      uglify-js: 3.17.4
    dev: false

-  /protobufjs/7.1.2:
-    resolution: {integrity: sha512-4ZPTPkXCdel3+L81yw3dG6+Kq3umdWKh7Dc7GW/CpNk4SX3hK58iPCWeCyhVTDrbkNeKrYNZ7EojM5WDaEWTLQ==}
+  /protobufjs/7.2.3:
+    resolution: {integrity: sha512-TtpvOqwB5Gdz/PQmOjgsrGH1nHjAQVCN7JG4A6r1sXRWESL5rNMAiRcBQlCAdKxZcAbstExQePYG8xof/JVRgg==}
    engines: {node: '>=12.0.0'}
    requiresBuild: true
    dependencies:
@ -7411,7 +7417,7 @@ packages:
      '@protobufjs/path': 1.1.2
      '@protobufjs/pool': 1.1.0
      '@protobufjs/utf8': 1.1.0
-      '@types/node': 14.18.41
+      '@types/node': 18.15.10
      long: 5.2.1
    dev: false

@ -8443,10 +8449,6 @@ packages:
      strip-ansi: 6.0.1
    dev: false

-  /taffydb/2.6.2:
-    resolution: {integrity: sha512-y3JaeRSplks6NYQuCOj3ZFMO3j60rTwbuKCvZxsAraGYH2epusatvZ0baZYA01WsGqJBq/Dl6vOrMUJqyMj8kA==}
-    dev: false
-
  /tar-fs/2.1.1:
    resolution: {integrity: sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng==}
    dependencies:
@ -19960,7 +19962,7 @@ packages:
    dev: false

  file:projects/web-pubsub-client-protobuf.tgz:
-    resolution: {integrity: sha512-17AKnMrHM1QYJcu4JfcucR//o2Exrbe695Ksei8azvLUWQWBbuaQ/2KhXyAjBeacYcQ5TrlzZv5NsqA+YBm/yg==, tarball: file:projects/web-pubsub-client-protobuf.tgz}
+    resolution: {integrity: sha512-tdbP8BnHzZgG4ADR6cN6QM6251BmY6O38fg48ZoNZ5m/IekON5f060RZrIURL6U98bee0n41JJbSP0/Jid8OyQ==, tarball: file:projects/web-pubsub-client-protobuf.tgz}
    name: '@rush-temp/web-pubsub-client-protobuf'
    version: 0.0.0
    dependencies:
@ -20001,8 +20003,8 @@ packages:
      mock-socket: 9.2.1
      nyc: 15.1.0
      prettier: 2.8.7
-      protobufjs: 7.1.2
-      protobufjs-cli: 1.0.2_protobufjs@7.1.2
+      protobufjs: 7.2.3
+      protobufjs-cli: 1.1.1_protobufjs@7.2.3
      puppeteer: 19.8.0_typescript@4.8.4
      rimraf: 3.0.2
      sinon: 9.2.4
--- a/sdk/web-pubsub/web-pubsub-client-protobuf/package.json
+++ b/sdk/web-pubsub/web-pubsub-client-protobuf/package.json
@ -63,7 +63,7 @@
    "tslib": "^2.2.0",
    "@azure/logger": "^1.0.0",
    "@azure/web-pubsub-client": "1.0.0-beta.2",
-    "protobufjs": "~7.1.2",
+    "protobufjs": "~7.2.2",
    "long": "^5.2.1"
  },
  "devDependencies": {
@ -111,7 +111,7 @@
    "mock-socket": "^9.1.5",
    "util": "^0.12.1",
    "@types/ws": "^7.4.5",
-    "protobufjs-cli": "1.0.2",
+    "protobufjs-cli": "^1.1.1",
    "copyfiles": "2.4.1"
  },
  "//sampleConfiguration": {