From dd385b04cc9535f37b8372b4256eb2c2facd6640 Mon Sep 17 00:00:00 2001 From: Christoph Nakazawa Date: Tue, 5 Mar 2019 16:21:24 +0900 Subject: [PATCH] Upgrade sane to 4.0.3 (#8048) A module called `merge` that is dependent on by transitive dependencies of `jest-haste-map` contains a vulnerability. With this PR, I am updating `sane` (the direct dependency) that will remove this vulnerability. Note that it is still part of the overall `yarn.lock` because of react-native depending on Metro depending on an older version of `jest-haste-map`. This will eventually be all upgraded in the future, but we gotta start somewhere :) --- packages/jest-haste-map/package.json | 2 +- packages/jest-haste-map/src/index.ts | 2 -- yarn.lock | 28 ++++++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/packages/jest-haste-map/package.json b/packages/jest-haste-map/package.json index 94385afbd229..61f8e3eec3c8 100644 --- a/packages/jest-haste-map/package.json +++ b/packages/jest-haste-map/package.json @@ -18,7 +18,7 @@ "jest-util": "^24.0.0", "jest-worker": "^24.0.0", "micromatch": "^3.1.10", - "sane": "^3.0.0" + "sane": "^4.0.3" }, "devDependencies": { "@types/fb-watchman": "^2.0.0", diff --git a/packages/jest-haste-map/src/index.ts b/packages/jest-haste-map/src/index.ts index 33e896b8b421..353003a041ae 100644 --- a/packages/jest-haste-map/src/index.ts +++ b/packages/jest-haste-map/src/index.ts @@ -781,8 +781,6 @@ class HasteMap extends EventEmitter { const Watcher: sane.Watcher = canUseWatchman && this._options.useWatchman ? WatchmanWatcher - : os.platform() === 'darwin' - ? sane.FSEventsWatcher : sane.NodeWatcher; const extensions = this._options.extensions; const ignorePattern = this._options.ignorePattern; diff --git a/yarn.lock b/yarn.lock index 8da8658b833f..34e1acc8f2b5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -873,6 +873,14 @@ lodash "^4.17.11" to-fast-properties "^2.0.0" +"@cnakazawa/watch@^1.0.3": + version "1.0.3" + resolved "https://registry.yarnpkg.com/@cnakazawa/watch/-/watch-1.0.3.tgz#099139eaec7ebf07a27c1786a3ff64f39464d2ef" + integrity sha512-r5160ogAvGyHsal38Kux7YYtodEKOj89RGb28ht1jh3SJb08VwRwAKKJL0bGb04Zd/3r9FL3BFIc3bBidYffCA== + dependencies: + exec-sh "^0.3.2" + minimist "^1.2.0" + "@lerna/add@3.13.1": version "3.13.1" resolved "https://registry.yarnpkg.com/@lerna/add/-/add-3.13.1.tgz#2cd7838857edb3b43ed73e3c21f69a20beb9b702" @@ -5404,6 +5412,11 @@ exec-sh@^0.2.0: dependencies: merge "^1.2.0" +exec-sh@^0.3.2: + version "0.3.2" + resolved "https://registry.yarnpkg.com/exec-sh/-/exec-sh-0.3.2.tgz#6738de2eb7c8e671d0366aea0b0db8c6f7d7391b" + integrity sha512-9sLAvzhI5nc8TpuQUh4ahMdCrWT00wPWz7j47/emR5+2qEfoZP5zzUXvx+vdx+H6ohhnsYC31iX04QLYJK8zTg== + execa@^0.10.0: version "0.10.0" resolved "https://registry.yarnpkg.com/execa/-/execa-0.10.0.tgz#ff456a8f53f90f8eccc71a96d11bdfc7f082cb50" @@ -11557,6 +11570,21 @@ sane@^3.0.0: optionalDependencies: fsevents "^1.2.3" +sane@^4.0.3: + version "4.0.3" + resolved "https://registry.yarnpkg.com/sane/-/sane-4.0.3.tgz#e878c3f19e25cc57fbb734602f48f8a97818b181" + integrity sha512-hSLkC+cPHiBQs7LSyXkotC3UUtyn8C4FMn50TNaacRyvBlI+3ebcxMpqckmTdtXVtel87YS7GXN3UIOj7NiGVQ== + dependencies: + "@cnakazawa/watch" "^1.0.3" + anymatch "^2.0.0" + capture-exit "^1.2.0" + exec-sh "^0.3.2" + execa "^1.0.0" + fb-watchman "^2.0.0" + micromatch "^3.1.4" + minimist "^1.1.1" + walker "~1.0.5" + sax@^1.2.4, sax@~1.2.1, sax@~1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"