Skip to content

Commit c3a7584

Browse files
KocalKocal
committed
minor #1275 Update some dev-dependencies to fix vulnerability issues (Kocal)
This PR was squashed before being merged into the main branch. Discussion ---------- Update some dev-dependencies to fix vulnerability issues We have some vulnerability alerts raised by Dependabot https://github.com/symfony/webpack-encore/security/dependabot?q=is%3Aopen+manifest%3Ayarn.lock The PR won't impact the end users, they probably already updated the dependencies themselves, it's only some maintenance... :) The following dependencies are updated to their patched version: - `braces` - `webpack-dev-middleware` - `express` - `follow-redirects` The following dependencies are **not updated**, as it requires major updates that can break user-land: - `ws`, used by `webpack-dev-server` (need one major update) - ``@adobe`/css-tools`, used by `stylus` (needs **three** major updates) - `tough-cookie` and `request`, used by the archived package `zombie`, there are no new releases, so we must find a replacment - `vue-template-compiler`, we must drop Vue 2 support before Commits ------- 4b517b9 fix(deps): update "typescript" lowest supported version to ^4.3.2 0a38699 security(deps): upgrade follow-redirects to 1.15.6, see https://github.com/symfony/webpack-encore/security/dependabot/104 5f94552 security(deps): upgrade express to 4.19.2, see https://github.com/symfony/webpack-encore/security/dependabot/106 0c6b9a2 security(deps): upgrade webpack-dev-middleware to 5.3.4, see https://github.com/symfony/webpack-encore/security/dependabot/105 501f2cd security(deps): upgrade braces to 3.0.3, see https://github.com/symfony/webpack-encore/security/dependabot/107
2 parents bf6c352 + 4b517b9 commit c3a7584

File tree

2 files changed

+55
-40
lines changed

2 files changed

+55
-40
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,7 @@
9393
"svelte": "^3.50.0 || ^4.2.2",
9494
"svelte-loader": "^3.1.0",
9595
"ts-loader": "^9.0.0",
96-
"typescript": "^4.2.2 || ^5.0.0",
96+
"typescript": "^4.3.2 || ^5.0.0",
9797
"vue": "^3.2.14",
9898
"vue-loader": "^17.0.0",
9999
"vue-template-compiler": "^2.5",

yarn.lock

Lines changed: 54 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -2226,21 +2226,21 @@ bluebird@^3.5.1:
22262226
resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
22272227
integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
22282228

2229-
body-parser@1.20.1:
2230-
version "1.20.1"
2231-
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668"
2232-
integrity sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==
2229+
body-parser@1.20.2:
2230+
version "1.20.2"
2231+
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.2.tgz#6feb0e21c4724d06de7ff38da36dad4f57a747fd"
2232+
integrity sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==
22332233
dependencies:
22342234
bytes "3.1.2"
2235-
content-type "~1.0.4"
2235+
content-type "~1.0.5"
22362236
debug "2.6.9"
22372237
depd "2.0.0"
22382238
destroy "1.2.0"
22392239
http-errors "2.0.0"
22402240
iconv-lite "0.4.24"
22412241
on-finished "2.4.1"
22422242
qs "6.11.0"
2243-
raw-body "2.5.1"
2243+
raw-body "2.5.2"
22442244
type-is "~1.6.18"
22452245
unpipe "1.0.0"
22462246

@@ -2273,11 +2273,11 @@ brace-expansion@^2.0.1:
22732273
balanced-match "^1.0.0"
22742274

22752275
braces@^3.0.2, braces@~3.0.2:
2276-
version "3.0.2"
2277-
resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
2278-
integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
2276+
version "3.0.3"
2277+
resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
2278+
integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
22792279
dependencies:
2280-
fill-range "^7.0.1"
2280+
fill-range "^7.1.1"
22812281

22822282
browser-process-hrtime@^1.0.0:
22832283
version "1.0.0"
@@ -2413,7 +2413,7 @@ check-error@^1.0.3:
24132413
dependencies:
24142414
get-func-name "^2.0.2"
24152415

2416-
chokidar@3.5.3, "chokidar@>=3.0.0 <4.0.0", chokidar@^3.5.3:
2416+
chokidar@3.5.3:
24172417
version "3.5.3"
24182418
resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd"
24192419
integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==
@@ -2428,6 +2428,21 @@ chokidar@3.5.3, "chokidar@>=3.0.0 <4.0.0", chokidar@^3.5.3:
24282428
optionalDependencies:
24292429
fsevents "~2.3.2"
24302430

2431+
"chokidar@>=3.0.0 <4.0.0", chokidar@^3.5.3:
2432+
version "3.6.0"
2433+
resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b"
2434+
integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==
2435+
dependencies:
2436+
anymatch "~3.1.2"
2437+
braces "~3.0.2"
2438+
glob-parent "~5.1.2"
2439+
is-binary-path "~2.1.0"
2440+
is-glob "~4.0.1"
2441+
normalize-path "~3.0.0"
2442+
readdirp "~3.6.0"
2443+
optionalDependencies:
2444+
fsevents "~2.3.2"
2445+
24312446
chrome-trace-event@^1.0.2:
24322447
version "1.0.3"
24332448
resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz#1015eced4741e15d06664a957dbbf50d041e26ac"
@@ -2577,7 +2592,7 @@ content-disposition@0.5.4:
25772592
dependencies:
25782593
safe-buffer "5.2.1"
25792594

2580-
content-type@~1.0.4:
2595+
content-type@~1.0.4, content-type@~1.0.5:
25812596
version "1.0.5"
25822597
resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.5.tgz#8b773162656d1d1086784c8f23a54ce6d73d7918"
25832598
integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==
@@ -2597,10 +2612,10 @@ cookie-signature@1.0.6:
25972612
resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
25982613
integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==
25992614

2600-
cookie@0.5.0:
2601-
version "0.5.0"
2602-
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
2603-
integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
2615+
cookie@0.6.0:
2616+
version "0.6.0"
2617+
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
2618+
integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
26042619

26052620
copy-anything@^2.0.1:
26062621
version "2.0.6"
@@ -3485,16 +3500,16 @@ execa@^5.0.0:
34853500
strip-final-newline "^2.0.0"
34863501

34873502
express@^4.17.3:
3488-
version "4.18.2"
3489-
resolved "https://registry.yarnpkg.com/express/-/express-4.18.2.tgz#3fabe08296e930c796c19e3c516979386ba9fd59"
3490-
integrity sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==
3503+
version "4.19.2"
3504+
resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465"
3505+
integrity sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==
34913506
dependencies:
34923507
accepts "~1.3.8"
34933508
array-flatten "1.1.1"
3494-
body-parser "1.20.1"
3509+
body-parser "1.20.2"
34953510
content-disposition "0.5.4"
34963511
content-type "~1.0.4"
3497-
cookie "0.5.0"
3512+
cookie "0.6.0"
34983513
cookie-signature "1.0.6"
34993514
debug "2.6.9"
35003515
depd "2.0.0"
@@ -3615,10 +3630,10 @@ file-loader@^6.0.0:
36153630
loader-utils "^2.0.0"
36163631
schema-utils "^3.0.0"
36173632

3618-
fill-range@^7.0.1:
3619-
version "7.0.1"
3620-
resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
3621-
integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
3633+
fill-range@^7.1.1:
3634+
version "7.1.1"
3635+
resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
3636+
integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
36223637
dependencies:
36233638
to-regex-range "^5.0.1"
36243639

@@ -3694,9 +3709,9 @@ flatted@^3.2.9:
36943709
integrity sha512-36yxDn5H7OFZQla0/jFJmbIKTdZAQHngCedGxiMmpNfEZM0sdEeT+WczLQrjK6D7o2aiyLYDnkw0R3JK0Qv1RQ==
36953710

36963711
follow-redirects@^1.0.0:
3697-
version "1.15.5"
3698-
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020"
3699-
integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==
3712+
version "1.15.6"
3713+
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b"
3714+
integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==
37003715

37013716
for-each@^0.3.3:
37023717
version "0.3.3"
@@ -5917,10 +5932,10 @@ range-parser@^1.2.1, range-parser@~1.2.1:
59175932
resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
59185933
integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
59195934

5920-
raw-body@2.5.1:
5921-
version "2.5.1"
5922-
resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.1.tgz#fe1b1628b181b700215e5fd42389f98b71392857"
5923-
integrity sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==
5935+
raw-body@2.5.2:
5936+
version "2.5.2"
5937+
resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.2.tgz#99febd83b90e08975087e8f1f9419a149366b68a"
5938+
integrity sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==
59245939
dependencies:
59255940
bytes "3.1.2"
59265941
http-errors "2.0.0"
@@ -6918,10 +6933,10 @@ typed-array-length@^1.0.4:
69186933
for-each "^0.3.3"
69196934
is-typed-array "^1.1.9"
69206935

6921-
"typescript@^4.2.2 || ^5.0.0":
6922-
version "5.3.3"
6923-
resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.3.3.tgz#b3ce6ba258e72e6305ba66f5c9b452aaee3ffe37"
6924-
integrity sha512-pXWcraxM0uxAS+tN0AG/BF2TyqmHO014Z070UsJ+pFvYuRSq8KH8DmWpnbXe0pEPDHXZV3FcAbJkijJ5oNEnWw==
6936+
"typescript@^4.3.2 || ^5.0.0":
6937+
version "5.5.4"
6938+
resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.4.tgz#d9852d6c82bad2d2eda4fd74a5762a8f5909e9ba"
6939+
integrity sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==
69256940

69266941
uglify-js@^3.1.4:
69276942
version "3.17.4"
@@ -7117,9 +7132,9 @@ webidl-conversions@^4.0.2:
71177132
webpack-merge "^5.7.3"
71187133

71197134
webpack-dev-middleware@^5.3.1:
7120-
version "5.3.3"
7121-
resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz#efae67c2793908e7311f1d9b06f2a08dcc97e51f"
7122-
integrity sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==
7135+
version "5.3.4"
7136+
resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz#eb7b39281cbce10e104eb2b8bf2b63fce49a3517"
7137+
integrity sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==
71237138
dependencies:
71247139
colorette "^2.0.10"
71257140
memfs "^3.4.3"

0 commit comments

Comments
 (0)