From 60d98ca6fac178c19e25053619c4c717b2af11e3 Mon Sep 17 00:00:00 2001 From: Peter Kurajsky Date: Thu, 16 May 2019 19:30:23 +0200 Subject: [PATCH] tar-version-vulnerability-fix (#538) --- .../luigi-sample-angular/package-lock.json | 47 +++++++----- .../luigi-sample-angular/package.json | 3 +- core/package-lock.json | 71 +++++++++++++++++-- core/package.json | 3 +- 4 files changed, 99 insertions(+), 25 deletions(-) diff --git a/core/examples/luigi-sample-angular/package-lock.json b/core/examples/luigi-sample-angular/package-lock.json index 960d4edec3..3ef7f6d7ba 100644 --- a/core/examples/luigi-sample-angular/package-lock.json +++ b/core/examples/luigi-sample-angular/package-lock.json @@ -2350,16 +2350,6 @@ } } }, - "@kyma-project/luigi-client": { - "version": "0.4.12-rc.2", - "resolved": "https://registry.npmjs.org/@kyma-project/luigi-client/-/luigi-client-0.4.12-rc.2.tgz", - "integrity": "sha512-+J0qdGbaz3WUHYcfX/t9uphoiDj3xvCIz6MGVNX15EQS+MwqNDWl1R8+Mw4rh/FYNxnv28k7nu3quqegmkb+/w==" - }, - "@kyma-project/luigi-core": { - "version": "0.4.12-rc.2", - "resolved": "https://registry.npmjs.org/@kyma-project/luigi-core/-/luigi-core-0.4.12-rc.2.tgz", - "integrity": "sha512-X38Msb/UHgzO/oBvjfiXoOMl463CLnPkD0qK8MA9BYz19fJHfKBC34B/usgKftUvU/tCE845J7yOjpiSNXUZ9w==" - }, "@ngtools/webpack": { "version": "7.3.9", "resolved": "https://registry.npmjs.org/@ngtools/webpack/-/webpack-7.3.9.tgz", @@ -8706,6 +8696,18 @@ "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8=", "dev": true, "optional": true + }, + "tar": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.2.tgz", + "integrity": "sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==", + "dev": true, + "optional": true, + "requires": { + "block-stream": "*", + "fstream": "^1.0.12", + "inherits": "2" + } } } }, @@ -11179,15 +11181,26 @@ "dev": true }, "tar": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.2.tgz", - "integrity": "sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==", + "version": "4.4.8", + "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.8.tgz", + "integrity": "sha512-LzHF64s5chPQQS0IYBn9IN5h3i98c12bo4NCO7e0sGM2llXQ3p2FGC5sdENN4cTW48O915Sh+x+EXx7XW96xYQ==", "dev": true, - "optional": true, "requires": { - "block-stream": "*", - "fstream": "^1.0.12", - "inherits": "2" + "chownr": "^1.1.1", + "fs-minipass": "^1.2.5", + "minipass": "^2.3.4", + "minizlib": "^1.1.1", + "mkdirp": "^0.5.0", + "safe-buffer": "^5.1.2", + "yallist": "^3.0.2" + }, + "dependencies": { + "yallist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", + "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "dev": true + } } }, "terser": { diff --git a/core/examples/luigi-sample-angular/package.json b/core/examples/luigi-sample-angular/package.json index c3376f77d3..0b40e6d7ae 100644 --- a/core/examples/luigi-sample-angular/package.json +++ b/core/examples/luigi-sample-angular/package.json @@ -58,6 +58,7 @@ "typescript": "~3.2.4", "webpack": "^4.27.1", "webpack-cli": "^3.2.3", - "webpack-dev-server": "^3.1.14" + "webpack-dev-server": "^3.1.14", + "tar": ">=4.4.2" } } diff --git a/core/package-lock.json b/core/package-lock.json index 4eb94bab71..2a72d97aac 100644 --- a/core/package-lock.json +++ b/core/package-lock.json @@ -3190,6 +3190,15 @@ "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", "dev": true }, + "fs-minipass": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.6.tgz", + "integrity": "sha512-crhvyXcMejjv3Z5d2Fa9sf5xLYVCF5O1c71QxbVnbLsmYMBEvDAftewesN/HhY03YRoA7zOMxjNGrF5svGaaeQ==", + "dev": true, + "requires": { + "minipass": "^2.2.1" + } + }, "fs-write-stream-atomic": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/fs-write-stream-atomic/-/fs-write-stream-atomic-1.0.10.tgz", @@ -5285,6 +5294,33 @@ "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", "dev": true }, + "minipass": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.3.5.tgz", + "integrity": "sha512-Gi1W4k059gyRbyVUZQ4mEqLm0YIUiGYfvxhF6SIlk3ui1WVxMTGfGdQ2SInh3PDrRTVvPKgULkpJtT4RH10+VA==", + "dev": true, + "requires": { + "safe-buffer": "^5.1.2", + "yallist": "^3.0.0" + }, + "dependencies": { + "yallist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", + "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "dev": true + } + } + }, + "minizlib": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.2.1.tgz", + "integrity": "sha512-7+4oTUOWKg7AuL3vloEWekXY2/D20cevzsrNT2kGWm+39J9hGTCBv8VI5Pm5lXZ/o3/mdR4f8rflAPhnQb8mPA==", + "dev": true, + "requires": { + "minipass": "^2.2.1" + } + }, "mississippi": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/mississippi/-/mississippi-2.0.0.tgz", @@ -5534,6 +5570,17 @@ "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz", "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8=", "dev": true + }, + "tar": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.2.tgz", + "integrity": "sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==", + "dev": true, + "requires": { + "block-stream": "*", + "fstream": "^1.0.12", + "inherits": "2" + } } } }, @@ -10762,14 +10809,26 @@ "dev": true }, "tar": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.2.tgz", - "integrity": "sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==", + "version": "4.4.8", + "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.8.tgz", + "integrity": "sha512-LzHF64s5chPQQS0IYBn9IN5h3i98c12bo4NCO7e0sGM2llXQ3p2FGC5sdENN4cTW48O915Sh+x+EXx7XW96xYQ==", "dev": true, "requires": { - "block-stream": "*", - "fstream": "^1.0.12", - "inherits": "2" + "chownr": "^1.1.1", + "fs-minipass": "^1.2.5", + "minipass": "^2.3.4", + "minizlib": "^1.1.1", + "mkdirp": "^0.5.0", + "safe-buffer": "^5.1.2", + "yallist": "^3.0.2" + }, + "dependencies": { + "yallist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.3.tgz", + "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==", + "dev": true + } } }, "tar-fs": { diff --git a/core/package.json b/core/package.json index c383e03e38..b2efbaef7d 100644 --- a/core/package.json +++ b/core/package.json @@ -33,7 +33,8 @@ "svelte-transitions": "^1.2.0", "url-loader": "^1.0.1", "webpack": "^4.11.1", - "webpack-cli": "^3.0.3" + "webpack-cli": "^3.0.3", + "tar": ">=4.4.2" }, "scripts": { "bundle": "webpack --display-error-details",