From 10792847aad9feba3cb5694cbfd2553766b16e39 Mon Sep 17 00:00:00 2001 From: Dan Grebb Date: Thu, 28 Mar 2024 19:38:53 -0400 Subject: [PATCH] chore(back): address CVEs --- back/package.json | 5 ++++- back/pnpm-lock.yaml | 35 +++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/back/package.json b/back/package.json index d2ae35c3..cc5892ec 100644 --- a/back/package.json +++ b/back/package.json @@ -43,7 +43,10 @@ }, "pnpm": { "overrides": { - "vite@<5.0.12": ">=5.0.12" + "vite@<5.0.12": ">=5.0.12", + "webpack-dev-middleware@<6.1.2": ">=6.1.2", + "follow-redirects@<1.15.6": ">=1.15.6", + "sanitize-html@<2.12.1": ">=2.12.1" } } } diff --git a/back/pnpm-lock.yaml b/back/pnpm-lock.yaml index bce242ea..2a2b8098 100644 --- a/back/pnpm-lock.yaml +++ b/back/pnpm-lock.yaml @@ -6,6 +6,9 @@ settings: overrides: vite@<5.0.12: '>=5.0.12' + webpack-dev-middleware@<6.1.2: '>=6.1.2' + follow-redirects@<1.15.6: '>=1.15.6' + sanitize-html@<2.12.1: '>=2.12.1' dependencies: '@strapi/plugin-color-picker': @@ -3240,7 +3243,7 @@ packages: read-pkg-up: 7.0.1 resolve-from: 5.0.0 rimraf: 3.0.2 - sanitize-html: 2.11.0 + sanitize-html: 2.13.0 semver: 7.5.4 sift: 16.0.1 slate: 0.94.1 @@ -3253,7 +3256,7 @@ packages: vite: 5.1.4 webpack: 5.90.3(esbuild@0.19.11) webpack-bundle-analyzer: 4.10.1 - webpack-dev-middleware: 6.1.1(webpack@5.90.3) + webpack-dev-middleware: 7.1.1(webpack@5.90.3) webpack-hot-middleware: 2.26.0 yup: 0.32.9 transitivePeerDependencies: @@ -5088,7 +5091,7 @@ packages: /axios@1.6.0(debug@4.3.4): resolution: {integrity: sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==} dependencies: - follow-redirects: 1.15.5(debug@4.3.4) + follow-redirects: 1.15.6(debug@4.3.4) form-data: 4.0.0 proxy-from-env: 1.1.0 transitivePeerDependencies: @@ -7073,8 +7076,8 @@ packages: resolution: {integrity: sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==} dev: false - /follow-redirects@1.15.5(debug@4.3.4): - resolution: {integrity: sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==} + /follow-redirects@1.15.6(debug@4.3.4): + resolution: {integrity: sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==} engines: {node: '>=4.0'} peerDependencies: debug: '*' @@ -7265,7 +7268,7 @@ packages: dependencies: debug: 4.3.4(supports-color@5.5.0) decompress-response: 7.0.0 - follow-redirects: 1.15.5(debug@4.3.4) + follow-redirects: 1.15.6(debug@4.3.4) into-stream: 6.0.0 is-plain-object: 5.0.0 is-retry-allowed: 2.2.0 @@ -9014,6 +9017,13 @@ packages: fs-monkey: 1.0.5 dev: false + /memfs@4.8.0: + resolution: {integrity: sha512-fcs7trFxZlOMadmTw5nyfOwS3il9pr3y+6xzLfXNwmuR/D0i4wz6rJURxArAbcJDGalbpbMvQ/IFI0NojRZgRg==} + engines: {node: '>= 4.0.0'} + dependencies: + tslib: 2.6.2 + dev: false + /memoize-one@5.2.1: resolution: {integrity: sha512-zYiwtZUcYyXKo/np96AGZAckk+FWWsUdJ3cHGGmld7+AhvcWmQyGCYUh1hc4Q/pkOhb65dQR/pqCyK0cOaHz4Q==} dev: false @@ -10990,8 +11000,8 @@ packages: resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==} dev: false - /sanitize-html@2.11.0: - resolution: {integrity: sha512-BG68EDHRaGKqlsNjJ2xUB7gpInPA8gVx/mvjO743hZaeMCZ2DwzW7xvsqZ+KNU4QKwj86HJ3uu2liISf2qBBUA==} + /sanitize-html@2.13.0: + resolution: {integrity: sha512-Xff91Z+4Mz5QiNSLdLWwjgBDm5b1RU6xBT0+12rapjiaR7SwfRdjw8f+6Rir2MXKLrDicRFHdb51hGOAxmsUIA==} dependencies: deepmerge: 4.3.1 escape-string-regexp: 4.0.0 @@ -12343,9 +12353,9 @@ packages: - utf-8-validate dev: false - /webpack-dev-middleware@6.1.1(webpack@5.90.3): - resolution: {integrity: sha512-y51HrHaFeeWir0YO4f0g+9GwZawuigzcAdRNon6jErXy/SqV/+O6eaVAzDqE6t3e3NpGeR5CS+cCDaTC+V3yEQ==} - engines: {node: '>= 14.15.0'} + /webpack-dev-middleware@7.1.1(webpack@5.90.3): + resolution: {integrity: sha512-NmRVq4AvRQs66dFWyDR4GsFDJggtSi2Yn38MXLk0nffgF9n/AIP4TFBg2TQKYaRAN4sHuKOTiz9BnNCENDLEVA==} + engines: {node: '>= 18.12.0'} peerDependencies: webpack: ^5.0.0 peerDependenciesMeta: @@ -12353,8 +12363,9 @@ packages: optional: true dependencies: colorette: 2.0.20 - memfs: 3.5.3 + memfs: 4.8.0 mime-types: 2.1.35 + on-finished: 2.4.1 range-parser: 1.2.1 schema-utils: 4.2.0 webpack: 5.90.3(esbuild@0.19.11)