зеркало из https://github.com/mozilla/fxa.git
chore(deps): resolve protobufjs to versions that don't allow prototype pollution
Because: * Versions of protobufjs <6.11.4 and <7.2.4 are causing security alerts This commit: * Resolve protobufjs version 6 to use v6.11.4 or newer * Resolve protobufjs version 7 to use v7.2.4 or newer * Ran yarn set resolution manually to force yarn.lock update Co-authored-by: Ben Bangert <ben@groovie.org>
This commit is contained in:
Родитель
d544c27380
Коммит
856980609e
|
@ -204,7 +204,7 @@
|
|||
"moment:>2.0.0 <3": ">=2.29.4",
|
||||
"node-forge": ">=1.3.0",
|
||||
"plist": "^3.0.6",
|
||||
"protobufjs:>6.0.0 <7": ">=6.11.3",
|
||||
"protobufjs:>6.0.0 <7": ">=6.11.4",
|
||||
"tap/typescript": "^4.5.2",
|
||||
"terser:>4.0.0 <5": ">=4.8.1",
|
||||
"terser:>5 <6": ">=5.14.2",
|
||||
|
|
28
yarn.lock
28
yarn.lock
|
@ -51260,8 +51260,8 @@ fsevents@~2.1.1:
|
|||
linkType: hard
|
||||
|
||||
"protobufjs@npm:6.11.3, protobufjs@npm:^6.10.0, protobufjs@npm:^6.11.2, protobufjs@npm:^6.11.3, protobufjs@npm:^6.8.8":
|
||||
version: 6.11.3
|
||||
resolution: "protobufjs@npm:6.11.3"
|
||||
version: 6.11.4
|
||||
resolution: "protobufjs@npm:6.11.4"
|
||||
dependencies:
|
||||
"@protobufjs/aspromise": ^1.1.2
|
||||
"@protobufjs/base64": ^1.1.2
|
||||
|
@ -51279,31 +51279,11 @@ fsevents@~2.1.1:
|
|||
bin:
|
||||
pbjs: bin/pbjs
|
||||
pbts: bin/pbts
|
||||
checksum: 4a6ce1964167e4c45c53fd8a312d7646415c777dd31b4ba346719947b88e61654912326101f927da387d6b6473ab52a7ea4f54d6f15d63b31130ce28e2e15070
|
||||
checksum: b2fc6a01897b016c2a7e43a854ab4a3c57080f61be41e552235436e7a730711b8e89e47cb4ae52f0f065b5ab5d5989fc932f390337ce3a8ccf07203415700850
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"protobufjs@npm:^7.0.0":
|
||||
version: 7.1.2
|
||||
resolution: "protobufjs@npm:7.1.2"
|
||||
dependencies:
|
||||
"@protobufjs/aspromise": ^1.1.2
|
||||
"@protobufjs/base64": ^1.1.2
|
||||
"@protobufjs/codegen": ^2.0.4
|
||||
"@protobufjs/eventemitter": ^1.1.0
|
||||
"@protobufjs/fetch": ^1.1.0
|
||||
"@protobufjs/float": ^1.0.2
|
||||
"@protobufjs/inquire": ^1.1.0
|
||||
"@protobufjs/path": ^1.1.2
|
||||
"@protobufjs/pool": ^1.1.0
|
||||
"@protobufjs/utf8": ^1.1.0
|
||||
"@types/node": ">=13.7.0"
|
||||
long: ^5.0.0
|
||||
checksum: ae41669b1b0372fb1d49f506f2d1f2b0fb3dc3cece85987b17bcb544e4cef7c8d27f480486cdec324146ad0a5d22a327166a7ea864a9b3e49cc3c92a5d3f6500
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"protobufjs@npm:^7.2.3":
|
||||
"protobufjs@npm:^7.0.0, protobufjs@npm:^7.2.3":
|
||||
version: 7.2.5
|
||||
resolution: "protobufjs@npm:7.2.5"
|
||||
dependencies:
|
||||
|
|
Загрузка…
Ссылка в новой задаче