From b659cd2c5edd4d45e5e351dc253e4ad94e68c91c Mon Sep 17 00:00:00 2001 From: olusegun odunukan Date: Wed, 6 Dec 2023 16:12:33 +0000 Subject: [PATCH 1/3] fix yarn audit issue --- package.json | 4 +- projects/ccd-case-ui-toolkit/package.json | 2 +- yarn-audit-known-issues | 8 +- yarn.lock | 190 +++++++++++++++++----- 4 files changed, 152 insertions(+), 52 deletions(-) diff --git a/package.json b/package.json index ca44dcccec..952e80125d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.0.0", + "version": "7.0.1", "engines": { "node": ">=18.17.0" }, @@ -159,7 +159,7 @@ "karma-spec-reporter": "0.0.34", "local-storage": "^2.0.0", "merge-stream": "^1.0.0", - "mocha": "^10.2.0", + "mocha": "^8.1.1", "multidep": "2.0.2", "ng-mocks": "^14.1.1", "ng-packagr": "^14.2.2", diff --git a/projects/ccd-case-ui-toolkit/package.json b/projects/ccd-case-ui-toolkit/package.json index dabdf2ee95..8870a22ad4 100644 --- a/projects/ccd-case-ui-toolkit/package.json +++ b/projects/ccd-case-ui-toolkit/package.json @@ -1,6 +1,6 @@ { "name": "@hmcts/ccd-case-ui-toolkit", - "version": "7.0.0", + "version": "7.0.1", "engines": { "node": ">=18.17.0" }, diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues index e0f4296ae2..77e27ccbf6 100644 --- a/yarn-audit-known-issues +++ b/yarn-audit-known-issues @@ -1,7 +1 @@ -➤ YN0035: Bad Request -➤ YN0035: Response Code: 400 (Bad Request) -➤ YN0035: Request Method: POST -➤ YN0035: Request URL: https://registry.yarnpkg.com/-/npm/v1/security/audits/quick - -➤ Errors happened when preparing the environment required to run this command. -➤ This might be caused by packages being missing from the lockfile, in which case running "yarn install" might help. +{"actions":[],"advisories":{"1088948":{"findings":[{"version":"9.6.0","paths":["json-server>update-notifier>latest-version>package-json>got"]}],"metadata":null,"vulnerable_versions":"<11.8.5","module_name":"got","severity":"moderate","github_advisory_id":"GHSA-pfrx-2q88-qq97","cves":["CVE-2022-33987"],"access":"public","patched_versions":">=11.8.5","cvss":{"score":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},"updated":"2023-01-27T05:05:01.000Z","recommendation":"Upgrade to version 11.8.5 or later","cwe":[],"found_by":null,"deleted":null,"id":1088948,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-33987\n- https://github.com/sindresorhus/got/pull/2047\n- https://github.com/sindresorhus/got/compare/v12.0.3...v12.1.0\n- https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc\n- https://github.com/sindresorhus/got/releases/tag/v11.8.5\n- https://github.com/sindresorhus/got/releases/tag/v12.1.0\n- https://github.com/advisories/GHSA-pfrx-2q88-qq97","created":"2022-06-19T00:00:21.000Z","reported_by":null,"title":"Got allows a redirect to a UNIX socket","npm_advisory_id":null,"overview":"The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.","url":"https://github.com/advisories/GHSA-pfrx-2q88-qq97"},"1089011":{"findings":[{"version":"3.1.20","paths":["json-server>nanoid"]}],"metadata":null,"vulnerable_versions":">=3.0.0 <3.1.31","module_name":"nanoid","severity":"moderate","github_advisory_id":"GHSA-qrpm-p2h7-hrv2","cves":["CVE-2021-23566"],"access":"public","patched_versions":">=3.1.31","cvss":{"score":5.5,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},"updated":"2023-01-27T05:02:09.000Z","recommendation":"Upgrade to version 3.1.31 or later","cwe":["CWE-200"],"found_by":null,"deleted":null,"id":1089011,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-23566\n- https://github.com/ai/nanoid/pull/328\n- https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575\n- https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444\n- https://snyk.io/vuln/SNYK-JS-NANOID-2332193\n- https://github.com/advisories/GHSA-qrpm-p2h7-hrv2","created":"2022-01-21T23:57:06.000Z","reported_by":null,"title":"Exposure of Sensitive Information to an Unauthorized Actor in nanoid","npm_advisory_id":null,"overview":"The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.","url":"https://github.com/advisories/GHSA-qrpm-p2h7-hrv2"},"1089189":{"findings":[{"version":"1.24.1","paths":["ngx-md>prismjs"]}],"metadata":null,"vulnerable_versions":"<1.25.0","module_name":"prismjs","severity":"moderate","github_advisory_id":"GHSA-hqhp-5p83-hx96","cves":["CVE-2021-3801"],"access":"public","patched_versions":">=1.25.0","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"updated":"2023-01-29T05:02:55.000Z","recommendation":"Upgrade to version 1.25.0 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1089189,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2021-3801\n- https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9\n- https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a\n- https://github.com/advisories/GHSA-hqhp-5p83-hx96","created":"2021-09-20T20:44:48.000Z","reported_by":null,"title":"prismjs Regular Expression Denial of Service vulnerability","npm_advisory_id":null,"overview":"Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU.","url":"https://github.com/advisories/GHSA-hqhp-5p83-hx96"},"1090424":{"findings":[{"version":"1.24.1","paths":["ngx-md>prismjs"]}],"metadata":null,"vulnerable_versions":">=1.14.0 <1.27.0","module_name":"prismjs","severity":"high","github_advisory_id":"GHSA-3949-f494-cm99","cves":["CVE-2022-23647"],"access":"public","patched_versions":">=1.27.0","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"},"updated":"2023-02-03T05:06:26.000Z","recommendation":"Upgrade to version 1.27.0 or later","cwe":["CWE-79"],"found_by":null,"deleted":null,"id":1090424,"references":"- https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99\n- https://nvd.nist.gov/vuln/detail/CVE-2022-23647\n- https://github.com/PrismJS/prism/pull/3341\n- https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c\n- https://github.com/advisories/GHSA-3949-f494-cm99","created":"2022-02-22T19:32:18.000Z","reported_by":null,"title":"Cross-site Scripting in Prism","npm_advisory_id":null,"overview":"### Impact\nPrism's [Command line plugin](https://prismjs.com/plugins/command-line/) can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.\n\nServer-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.\n\n### Patches\nThis bug has been fixed in v1.27.0.\n\n### Workarounds\nDo not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.\n\n### References\n- https://github.com/PrismJS/prism/pull/3341","url":"https://github.com/advisories/GHSA-3949-f494-cm99"},"1092972":{"findings":[{"version":"2.88.2","paths":["json-server>request"]}],"metadata":null,"vulnerable_versions":"<=2.88.2","module_name":"request","severity":"moderate","github_advisory_id":"GHSA-p8p7-x288-28g6","cves":["CVE-2023-28155"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"updated":"2023-08-14T20:53:47.000Z","recommendation":"None","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1092972,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://security.netapp.com/advisory/ntap-20230413-0007/\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","reported_by":null,"title":"Server-Side Request Forgery in Request","npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1094796":{"findings":[{"version":"7.22.8","paths":["@angular/localize>@babel/core>@babel/traverse","@angular/localize>@babel/core>@babel/helpers>@babel/traverse","@angular/localize>@angular/compiler-cli>@babel/core>@babel/helpers>@babel/traverse"]}],"metadata":null,"vulnerable_versions":"<7.23.2","module_name":"@babel/traverse","severity":"critical","github_advisory_id":"GHSA-67hx-6x53-jw92","cves":["CVE-2023-45133"],"access":"public","patched_versions":">=7.23.2","cvss":{"score":9.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},"updated":"2023-11-11T05:01:18.000Z","recommendation":"Upgrade to version 7.23.2 or later","cwe":["CWE-184","CWE-697"],"found_by":null,"deleted":null,"id":1094796,"references":"- https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\n- https://nvd.nist.gov/vuln/detail/CVE-2023-45133\n- https://github.com/babel/babel/pull/16033\n- https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\n- https://github.com/babel/babel/releases/tag/v7.23.2\n- https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\n- https://www.debian.org/security/2023/dsa-5528\n- https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\n- https://babeljs.io/blog/2023/10/16/cve-2023-45133\n- https://github.com/advisories/GHSA-67hx-6x53-jw92","created":"2023-10-16T13:55:36.000Z","reported_by":null,"title":"Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code","npm_advisory_id":null,"overview":"### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-runtime`\n- `@babel/preset-env` when using its [`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins) option\n- Any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`\n\nNo other plugins under the `@babel/` namespace are impacted, but third-party plugins might be.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/traverse@7.23.2`.\n\nBabel 6 does not receive security fixes anymore (see [Babel's security policy](https://github.com/babel/babel/security/policy)), hence there is no patch planned for `babel-traverse@6`.\n\n### Workarounds\n\n- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by deleting it from your package manager's lockfile and re-installing the dependencies. `@babel/core` >=7.23.2 will automatically pull in a non-vulnerable version.\n- If you cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above, upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:\n - `@babel/plugin-transform-runtime` v7.23.2\n - `@babel/preset-env` v7.23.2\n - `@babel/helper-define-polyfill-provider` v0.4.3\n - `babel-plugin-polyfill-corejs2` v0.4.6\n - `babel-plugin-polyfill-corejs3` v0.8.5\n - `babel-plugin-polyfill-es-shims` v0.10.0\n - `babel-plugin-polyfill-regenerator` v0.5.3","url":"https://github.com/advisories/GHSA-67hx-6x53-jw92"},"1095051":{"findings":[{"version":"0.7.0","paths":["marked","ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-rrrm-qjm4-v8hf","cves":["CVE-2022-21680"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:52.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-400","CWE-1333"],"found_by":null,"deleted":null,"id":1095051,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21680\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/markedjs/marked/releases/tag/v4.0.10\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","created":"2022-01-14T21:04:41.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `block.def` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from \"marked\";\n\nmarked.parse(`[x]:${' '.repeat(1500)}x ${' '.repeat(1500)} x`);\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf"},"1095052":{"findings":[{"version":"0.7.0","paths":["marked","ngx-md>marked"]}],"metadata":null,"vulnerable_versions":"<4.0.10","module_name":"marked","severity":"high","github_advisory_id":"GHSA-5v2h-r2cx-5xgj","cves":["CVE-2022-21681"],"access":"public","patched_versions":">=4.0.10","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2023-11-29T20:51:17.000Z","recommendation":"Upgrade to version 4.0.10 or later","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1095052,"references":"- https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj\n- https://nvd.nist.gov/vuln/detail/CVE-2022-21681\n- https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AIXDMC3CSHYW3YWVSQOXAWLUYQHAO5UX/\n- https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0\n- https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","created":"2022-01-14T21:04:46.000Z","reported_by":null,"title":"Inefficient Regular Expression Complexity in marked","npm_advisory_id":null,"overview":"### Impact\n\n_What kind of vulnerability is it?_\n\nDenial of service.\n\nThe regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings.\nPoC is the following.\n\n```javascript\nimport * as marked from 'marked';\n\nconsole.log(marked.parse(`[x]: x\n\n\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](\\\\[\\\\](`));\n```\n\n_Who is impacted?_\n\nAnyone who runs untrusted markdown through marked and does not use a worker with a time limit.\n\n### Patches\n\n_Has the problem been patched?_\n\nYes\n\n_What versions should users upgrade to?_\n\n4.0.10\n\n### Workarounds\n\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nDo not run untrusted markdown through marked or run marked on a [worker](https://marked.js.org/using_advanced#workers) thread and set a reasonable time limit to prevent draining resources.\n\n### References\n\n_Are there any links users can visit to find out more?_\n\n- https://marked.js.org/using_advanced#workers\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [marked](https://github.com/markedjs/marked)\n","url":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":4,"high":5,"critical":3},"dependencies":617,"devDependencies":2,"optionalDependencies":0,"totalDependencies":619}} diff --git a/yarn.lock b/yarn.lock index f5c2365f35..1c37d8b026 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3649,7 +3649,7 @@ __metadata: mem: ^6.0.0 merge-stream: ^1.0.0 minimist: 1.2.3 - mocha: ^10.2.0 + mocha: ^8.1.1 moment: ^2.29.1 moment-timezone: ^0.5.31 multidep: 2.0.2 @@ -7223,6 +7223,13 @@ __metadata: languageName: node linkType: hard +"@ungap/promise-all-settled@npm:1.1.2": + version: 1.1.2 + resolution: "@ungap/promise-all-settled@npm:1.1.2" + checksum: 08d37fdfa23a6fe8139f1305313562ebad973f3fac01bcce2773b2bda5bcb0146dfdcf3cb6a722cf0a5f2ca0bc56a827eac8f1e7b3beddc548f654addf1fc34c + languageName: node + linkType: hard + "@webassemblyjs/ast@npm:1.11.1": version: 1.11.1 resolution: "@webassemblyjs/ast@npm:1.11.1" @@ -8280,7 +8287,7 @@ __metadata: languageName: node linkType: hard -"anymatch@npm:^3.0.0, anymatch@npm:^3.0.3, anymatch@npm:~3.1.2": +"anymatch@npm:^3.0.0, anymatch@npm:^3.0.3, anymatch@npm:~3.1.1, anymatch@npm:~3.1.2": version: 3.1.3 resolution: "anymatch@npm:3.1.3" dependencies: @@ -10176,6 +10183,25 @@ __metadata: languageName: node linkType: hard +"chokidar@npm:3.5.1": + version: 3.5.1 + resolution: "chokidar@npm:3.5.1" + dependencies: + anymatch: ~3.1.1 + braces: ~3.0.2 + fsevents: ~2.3.1 + glob-parent: ~5.1.0 + is-binary-path: ~2.1.0 + is-glob: ~4.0.1 + normalize-path: ~3.0.0 + readdirp: ~3.5.0 + dependenciesMeta: + fsevents: + optional: true + checksum: b7774e6e3aeca084d39e8542041555a11452414c744122436101243f89580fad97154ae11525e46bfa816313ae32533e2a88e8587e4d50b14ea716a9e6538978 + languageName: node + linkType: hard + "chokidar@npm:3.5.3, chokidar@npm:>=3.0.0 <4.0.0, chokidar@npm:^3.0.0, chokidar@npm:^3.4.1, chokidar@npm:^3.4.2, chokidar@npm:^3.5.1, chokidar@npm:^3.5.2, chokidar@npm:^3.5.3": version: 3.5.3 resolution: "chokidar@npm:3.5.3" @@ -11519,7 +11545,7 @@ __metadata: languageName: node linkType: hard -"debug@npm:*, debug@npm:4, debug@npm:4.3.4, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.3.2, debug@npm:^4.3.3, debug@npm:^4.3.4, debug@npm:~4.3.1, debug@npm:~4.3.2": +"debug@npm:*, debug@npm:4, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.3.2, debug@npm:^4.3.3, debug@npm:^4.3.4, debug@npm:~4.3.1, debug@npm:~4.3.2": version: 4.3.4 resolution: "debug@npm:4.3.4" dependencies: @@ -11549,6 +11575,18 @@ __metadata: languageName: node linkType: hard +"debug@npm:4.3.1": + version: 4.3.1 + resolution: "debug@npm:4.3.1" + dependencies: + ms: 2.1.2 + peerDependenciesMeta: + supports-color: + optional: true + checksum: 2c3352e37d5c46b0d203317cd45ea0e26b2c99f2d9dfec8b128e6ceba90dfb65425f5331bf3020fe9929d7da8c16758e737f4f3bfc0fce6b8b3d503bae03298b + languageName: node + linkType: hard + "debug@npm:^3.0.0, debug@npm:^3.1.0, debug@npm:^3.2.6": version: 3.2.7 resolution: "debug@npm:3.2.7" @@ -14535,6 +14573,16 @@ __metadata: languageName: node linkType: hard +"fsevents@npm:~2.3.1": + version: 2.3.3 + resolution: "fsevents@npm:2.3.3" + dependencies: + node-gyp: latest + checksum: 11e6ea6fea15e42461fc55b4b0e4a0a3c654faa567f1877dbd353f39156f69def97a69936d1746619d656c4b93de2238bf731f6085a03a50cabf287c9d024317 + conditions: os=darwin + languageName: node + linkType: hard + "fsevents@patch:fsevents@^1.2.7#~builtin": version: 1.2.13 resolution: "fsevents@patch:fsevents@npm%3A1.2.13#~builtin::version=1.2.13&hash=d11327" @@ -14554,6 +14602,15 @@ __metadata: languageName: node linkType: hard +"fsevents@patch:fsevents@~2.3.1#~builtin": + version: 2.3.3 + resolution: "fsevents@patch:fsevents@npm%3A2.3.3#~builtin::version=2.3.3&hash=df0bf1" + dependencies: + node-gyp: latest + conditions: os=darwin + languageName: node + linkType: hard + "function-bind@npm:^1.1.1": version: 1.1.1 resolution: "function-bind@npm:1.1.1" @@ -14838,9 +14895,9 @@ __metadata: languageName: node linkType: hard -"glob@npm:7.2.0": - version: 7.2.0 - resolution: "glob@npm:7.2.0" +"glob@npm:7.1.6": + version: 7.1.6 + resolution: "glob@npm:7.1.6" dependencies: fs.realpath: ^1.0.0 inflight: ^1.0.4 @@ -14848,7 +14905,7 @@ __metadata: minimatch: ^3.0.4 once: ^1.3.0 path-is-absolute: ^1.0.0 - checksum: 78a8ea942331f08ed2e055cb5b9e40fe6f46f579d7fd3d694f3412fe5db23223d29b7fee1575440202e9a7ff9a72ab106a39fee39934c7bedafe5e5f8ae20134 + checksum: 351d549dd90553b87c2d3f90ce11aed9e1093c74130440e7ae0592e11bbcd2ce7f0ebb8ba6bfe63aaf9b62166a7f4c80cb84490ae5d78408bb2572bf7d4ee0a6 languageName: node linkType: hard @@ -15134,6 +15191,13 @@ __metadata: languageName: node linkType: hard +"growl@npm:1.10.5": + version: 1.10.5 + resolution: "growl@npm:1.10.5" + checksum: 4b86685de6831cebcbb19f93870bea624afee61124b0a20c49017013987cd129e73a8c4baeca295728f41d21265e1f859d25ef36731b142ca59c655fea94bb1a + languageName: node + linkType: hard + "gulp-cli@npm:^2.2.0": version: 2.3.0 resolution: "gulp-cli@npm:2.3.0" @@ -17580,7 +17644,18 @@ __metadata: languageName: node linkType: hard -"js-yaml@npm:4.1.0, js-yaml@npm:^4.1.0": +"js-yaml@npm:4.0.0": + version: 4.0.0 + resolution: "js-yaml@npm:4.0.0" + dependencies: + argparse: ^2.0.1 + bin: + js-yaml: bin/js-yaml.js + checksum: 931d6dddb3589fa272c8273366c6dffa99fd6bd26ac7b70f9bac925c28cb7ae352b964192df84f90ecd7a2ff50ab87e6d58e2148eb19c89aa155c73ed847ab92 + languageName: node + linkType: hard + +"js-yaml@npm:^4.1.0": version: 4.1.0 resolution: "js-yaml@npm:4.1.0" dependencies: @@ -18503,7 +18578,16 @@ __metadata: languageName: node linkType: hard -"log-symbols@npm:4.1.0, log-symbols@npm:^4.1.0": +"log-symbols@npm:4.0.0": + version: 4.0.0 + resolution: "log-symbols@npm:4.0.0" + dependencies: + chalk: ^4.0.0 + checksum: a7c1fb5cc504ff04422460dcae3a830002426432fbed81280c8a49f4c6f5ef244c28b987636bf1c871ba6866d7024713388be391e92c0d5af6a70598fcabc46b + languageName: node + linkType: hard + +"log-symbols@npm:^4.1.0": version: 4.1.0 resolution: "log-symbols@npm:4.1.0" dependencies: @@ -19404,35 +19488,39 @@ __metadata: languageName: node linkType: hard -"mocha@npm:^10.2.0": - version: 10.2.0 - resolution: "mocha@npm:10.2.0" +"mocha@npm:^8.1.1": + version: 8.4.0 + resolution: "mocha@npm:8.4.0" dependencies: + "@ungap/promise-all-settled": 1.1.2 ansi-colors: 4.1.1 browser-stdout: 1.3.1 - chokidar: 3.5.3 - debug: 4.3.4 + chokidar: 3.5.1 + debug: 4.3.1 diff: 5.0.0 escape-string-regexp: 4.0.0 find-up: 5.0.0 - glob: 7.2.0 + glob: 7.1.6 + growl: 1.10.5 he: 1.2.0 - js-yaml: 4.1.0 - log-symbols: 4.1.0 - minimatch: 5.0.1 + js-yaml: 4.0.0 + log-symbols: 4.0.0 + minimatch: 3.0.4 ms: 2.1.3 - nanoid: 3.3.3 - serialize-javascript: 6.0.0 + nanoid: 3.1.20 + serialize-javascript: 5.0.1 strip-json-comments: 3.1.1 supports-color: 8.1.1 - workerpool: 6.2.1 + which: 2.0.2 + wide-align: 1.1.3 + workerpool: 6.1.0 yargs: 16.2.0 yargs-parser: 20.2.4 yargs-unparser: 2.0.0 bin: _mocha: bin/_mocha - mocha: bin/mocha.js - checksum: 406c45eab122ffd6ea2003c2f108b2bc35ba036225eee78e0c784b6fa2c7f34e2b13f1dbacef55a4fdf523255d76e4f22d1b5aacda2394bd11666febec17c719 + mocha: bin/mocha + checksum: 4bcf00670580f009f9e20cc596cce5e2434d3562c468da783a8f935e38c4476435f12ecade43341cb8730b9d4987358038e76a075201d4bc51010927d3f8cd7c languageName: node linkType: hard @@ -19580,12 +19668,12 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:3.3.3": - version: 3.3.3 - resolution: "nanoid@npm:3.3.3" +"nanoid@npm:3.1.20": + version: 3.1.20 + resolution: "nanoid@npm:3.1.20" bin: nanoid: bin/nanoid.cjs - checksum: ada019402a07464a694553c61d2dca8a4353645a7d92f2830f0d487fedff403678a0bee5323a46522752b2eab95a0bc3da98b6cccaa7c0c55cd9975130e6d6f0 + checksum: f6246023d5d8313c2c16be05c18cdb189a6de50ab6418b513b34086eda4aabd12866b2cbe435548c760dc43cf11830b26b14b113afde47305398e3345795e433 languageName: node linkType: hard @@ -22658,6 +22746,15 @@ __metadata: languageName: node linkType: hard +"readdirp@npm:~3.5.0": + version: 3.5.0 + resolution: "readdirp@npm:3.5.0" + dependencies: + picomatch: ^2.2.1 + checksum: 6b1a9341e295e15d4fb40c010216cbcb6266587cd0b3ce7defabd66fa1b4e35f9fba3d64c2187fd38fadd01ccbfc5f1b33fdfb1da63b3cbf66224b7c6d75ce5a + languageName: node + linkType: hard + "readdirp@npm:~3.6.0": version: 3.6.0 resolution: "readdirp@npm:3.6.0" @@ -24896,7 +24993,7 @@ __metadata: languageName: node linkType: hard -"string-width@npm:^2.0.0, string-width@npm:^2.1.1": +"string-width@npm:^1.0.2 || 2, string-width@npm:^2.0.0, string-width@npm:^2.1.1": version: 2.1.1 resolution: "string-width@npm:2.1.1" dependencies: @@ -27527,25 +27624,25 @@ __metadata: languageName: node linkType: hard -"which@npm:^1.1.1, which@npm:^1.2.1, which@npm:^1.2.14, which@npm:^1.2.9, which@npm:^1.3.0": - version: 1.3.1 - resolution: "which@npm:1.3.1" +"which@npm:2.0.2, which@npm:^2.0.1, which@npm:^2.0.2": + version: 2.0.2 + resolution: "which@npm:2.0.2" dependencies: isexe: ^2.0.0 bin: - which: ./bin/which - checksum: f2e185c6242244b8426c9df1510e86629192d93c1a986a7d2a591f2c24869e7ffd03d6dac07ca863b2e4c06f59a4cc9916c585b72ee9fa1aa609d0124df15e04 + node-which: ./bin/node-which + checksum: 1a5c563d3c1b52d5f893c8b61afe11abc3bab4afac492e8da5bde69d550de701cf9806235f20a47b5c8fa8a1d6a9135841de2596535e998027a54589000e66d1 languageName: node linkType: hard -"which@npm:^2.0.1, which@npm:^2.0.2": - version: 2.0.2 - resolution: "which@npm:2.0.2" +"which@npm:^1.1.1, which@npm:^1.2.1, which@npm:^1.2.14, which@npm:^1.2.9, which@npm:^1.3.0": + version: 1.3.1 + resolution: "which@npm:1.3.1" dependencies: isexe: ^2.0.0 bin: - node-which: ./bin/node-which - checksum: 1a5c563d3c1b52d5f893c8b61afe11abc3bab4afac492e8da5bde69d550de701cf9806235f20a47b5c8fa8a1d6a9135841de2596535e998027a54589000e66d1 + which: ./bin/which + checksum: f2e185c6242244b8426c9df1510e86629192d93c1a986a7d2a591f2c24869e7ffd03d6dac07ca863b2e4c06f59a4cc9916c585b72ee9fa1aa609d0124df15e04 languageName: node linkType: hard @@ -27560,6 +27657,15 @@ __metadata: languageName: node linkType: hard +"wide-align@npm:1.1.3": + version: 1.1.3 + resolution: "wide-align@npm:1.1.3" + dependencies: + string-width: ^1.0.2 || 2 + checksum: d09c8012652a9e6cab3e82338d1874a4d7db2ad1bd19ab43eb744acf0b9b5632ec406bdbbbb970a8f4771a7d5ef49824d038ba70aa884e7723f5b090ab87134d + languageName: node + linkType: hard + "wide-align@npm:^1.1.2, wide-align@npm:^1.1.5": version: 1.1.5 resolution: "wide-align@npm:1.1.5" @@ -27642,10 +27748,10 @@ __metadata: languageName: node linkType: hard -"workerpool@npm:6.2.1": - version: 6.2.1 - resolution: "workerpool@npm:6.2.1" - checksum: c2c6eebbc5225f10f758d599a5c016fa04798bcc44e4c1dffb34050cd361d7be2e97891aa44419e7afe647b1f767b1dc0b85a5e046c409d890163f655028b09d +"workerpool@npm:6.1.0": + version: 6.1.0 + resolution: "workerpool@npm:6.1.0" + checksum: 519d03a4d008fd95ff9e1a583afe537e6a0eecd8250452044e390db3e1dc4ce91616a8ee6c4bba9a2fda38440c2666664c31b50b5a9fd05cc43c739df54d5781 languageName: node linkType: hard From c58dfee863ad2e2c0e28e84879236d9f8a9c861d Mon Sep 17 00:00:00 2001 From: olusegun odunukan Date: Wed, 6 Dec 2023 23:37:50 +0000 Subject: [PATCH 2/3] yarn audit fix yarn audit fix From aee75f95b86d6ee704810e67bb38475972e4ed1f Mon Sep 17 00:00:00 2001 From: olusegun odunukan Date: Thu, 7 Dec 2023 09:41:52 +0000 Subject: [PATCH 3/3] Update RELEASE-NOTES.md --- RELEASE-NOTES.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index e7a7f2a76c..c3940c5168 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,4 +1,10 @@ ## RELEASE NOTES +### Version 7.0.1 +**EXUI-1151** Angular 15 and Node 18 update + +### Version 7.0.0 +**EXUI-763** Angular 15 and Node 18 update + ### Version 6.19.15-restricted-case-access **EUI-8816** Restricted case access feature toggle functionality