Skip to content

Commit

Permalink
fix: add resolution for semver npm package to fix cve (#7353)
Browse files Browse the repository at this point in the history
  • Loading branch information
amrbashir authored Jul 4, 2023
1 parent 3065c8a commit 23b0e1b
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 26 deletions.
3 changes: 3 additions & 0 deletions tooling/api/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,8 @@
"typedoc-plugin-markdown": "3.15.3",
"typedoc-plugin-mdn-links": "3.0.3",
"typescript": "5.1.3"
},
"resolutions": {
"semver": ">=7.5.2"
}
}
20 changes: 4 additions & 16 deletions tooling/api/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1902,22 +1902,10 @@ safe-regex@^2.1.1:
dependencies:
regexp-tree "~0.1.1"

semver@^6.1.0, semver@^6.3.0:
version "6.3.0"
resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==

semver@^7.0.0, semver@^7.3.7:
version "7.3.7"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.7.tgz#12c5b649afdbf9049707796e22a4028814ce523f"
integrity sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==
dependencies:
lru-cache "^6.0.0"

semver@^7.3.8:
version "7.3.8"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798"
integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==
semver@>=7.5.2, semver@^6.1.0, semver@^6.3.0, semver@^7.0.0, semver@^7.3.7, semver@^7.3.8:
version "7.5.3"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e"
integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==
dependencies:
lru-cache "^6.0.0"

Expand Down
3 changes: 2 additions & 1 deletion tooling/cli/node/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@
"prettier": "2.8.8"
},
"resolutions": {
"json5": "2.2.3"
"json5": "2.2.3",
"semver": ">=7.5.2"
},
"engines": {
"node": ">= 10"
Expand Down
13 changes: 4 additions & 9 deletions tooling/cli/node/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2101,15 +2101,10 @@ safe-buffer@~5.1.1:
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==

semver@^6.0.0, semver@^6.3.0:
version "6.3.0"
resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==

semver@^7.3.5:
version "7.3.7"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.7.tgz#12c5b649afdbf9049707796e22a4028814ce523f"
integrity sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==
semver@>=7.5.2, semver@^6.0.0, semver@^6.3.0, semver@^7.3.5:
version "7.5.3"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e"
integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==
dependencies:
lru-cache "^6.0.0"

Expand Down

0 comments on commit 23b0e1b

Please sign in to comment.