From 38c15c80361613703a64be0a9cee10ce4a687604 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 31 Jul 2022 23:39:33 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180 --- package.json | 4 ++-- yarn.lock | 54 +++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 43 insertions(+), 15 deletions(-) diff --git a/package.json b/package.json index 1f4a2479870d..c0d27a89ed85 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "@tryghost/social-urls": "0.1.14", "@tryghost/string": "0.1.13", "@tryghost/url-utils": "0.6.22", - "@tryghost/vhost-middleware": "1.0.9", + "@tryghost/vhost-middleware": "1.0.10", "@tryghost/zip": "1.1.4", "ajv": "6.12.6", "amperize": "0.6.1", @@ -125,7 +125,7 @@ "netjet": "1.4.0", "node-jose": "2.0.0", "nodemailer": "0.7.1", - "oembed-parser": "1.3.7", + "oembed-parser": "1.4.8", "path-match": "1.2.4", "probe-image-size": "5.0.0", "rss": "1.2.2", diff --git a/yarn.lock b/yarn.lock index a92d3baed0f0..f027aaa88c91 100644 --- a/yarn.lock +++ b/yarn.lock @@ -634,14 +634,10 @@ remark-footnotes "^1.0.0" unist-util-visit "^2.0.0" -"@tryghost/vhost-middleware@1.0.9": - version "1.0.9" - resolved "https://registry.yarnpkg.com/@tryghost/vhost-middleware/-/vhost-middleware-1.0.9.tgz#f4db3a8fbad98786eb69e8848c96d14197e6342f" - integrity sha512-E4CgU9DmVkoLcNzbeu9yfLg/vKHQXkw01om8MMTYV0LFhwDBXYWUoUSjJn+Il67+/zyjmDCL/l6hl+q+OsQBJg== - dependencies: - bluebird "3.7.2" - ghost-ignition "4.2.2" - lodash "4.17.20" +"@tryghost/vhost-middleware@1.0.10": + version "1.0.10" + resolved "https://registry.yarnpkg.com/@tryghost/vhost-middleware/-/vhost-middleware-1.0.10.tgz#17818bd1bf2606f56cc11271f4358a86c9b8626f" + integrity sha512-88pwLDGY0u1F9tFgTg/6lramGAs8LQDs/o08Km4qocM5sASHmwEAtIaC9kC97gnM3PIpya7Il1IRxVgQUt2yMg== "@tryghost/zip@1.1.4": version "1.1.4" @@ -2185,6 +2181,13 @@ create-error@~0.3.1: resolved "https://registry.yarnpkg.com/create-error/-/create-error-0.3.1.tgz#69810245a629e654432bf04377360003a5351a23" integrity sha1-aYECRaYp5lRDK/BDdzYAA6U1GiM= +cross-fetch@^3.1.4: + version "3.1.5" + resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.1.5.tgz#e1389f44d9e7ba767907f7af8454787952ab534f" + integrity sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw== + dependencies: + node-fetch "2.6.7" + cross-spawn@^5.0.1: version "5.1.0" resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-5.1.0.tgz#e8bd0efee58fcff6f8f94510a0a554bbfa235449" @@ -6476,6 +6479,13 @@ node-environment-flags@1.0.6: object.getownpropertydescriptors "^2.0.3" semver "^5.7.0" +node-fetch@2.6.7: + version "2.6.7" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" + node-fetch@^2.6.0: version "2.6.0" resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd" @@ -6757,12 +6767,12 @@ object.values@^1.1.0: function-bind "^1.1.1" has "^1.0.3" -oembed-parser@1.3.7: - version "1.3.7" - resolved "https://registry.yarnpkg.com/oembed-parser/-/oembed-parser-1.3.7.tgz#3741c238a383f595e84dc4f4f3f9c5f6f8d95c53" - integrity sha512-u+zIINgVUTMJ5wqs2dpoJhWZ+0yLmChB3wV4NDIT81cZtHlm0xcgR3JuvXdtgJDJK/1diHk3DQtv2zsjhdeEkA== +oembed-parser@1.4.8: + version "1.4.8" + resolved "https://registry.yarnpkg.com/oembed-parser/-/oembed-parser-1.4.8.tgz#a7961756358db0121c9bea1d66df889f9839f08f" + integrity sha512-9CKgXRcxg2geW/SgMJDHLZ/CTAfvdQNcBmbEvBkYX3CxvE/DFR2f/bW/PCmDWBonJ4bIJnN+dKJ46ZO+VFwNeQ== dependencies: - node-fetch "^2.6.0" + cross-fetch "^3.1.4" on-finished@^2.3.0, on-finished@~2.3.0: version "2.3.0" @@ -9076,6 +9086,11 @@ tr46@^2.0.2: dependencies: punycode "^2.1.1" +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + trim-trailing-lines@^1.0.0: version "1.1.3" resolved "https://registry.yarnpkg.com/trim-trailing-lines/-/trim-trailing-lines-1.1.3.tgz#7f0739881ff76657b7776e10874128004b625a94" @@ -9537,6 +9552,11 @@ web-resource-inliner@^5.0.0: node-fetch "^2.6.0" valid-data-url "^3.0.0" +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + webidl-conversions@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff" @@ -9573,6 +9593,14 @@ whatwg-mimetype@^2.3.0: resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g== +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + whatwg-url@^8.0.0: version "8.1.0" resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.1.0.tgz#c628acdcf45b82274ce7281ee31dd3c839791771"