From ac58636aaeae605be915a5bade5d0e10ad79d919 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 22 Jun 2023 02:36:22 +0000 Subject: [PATCH] fix: workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json & workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 --- .../package-lock.json | 49 ++++++++++++++++--- .../package.json | 2 +- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json b/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json index 4a4e27710a536..f19a40cc3ecae 100644 --- a/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json +++ b/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package-lock.json @@ -9,7 +9,18 @@ "version": "1.0.0", "dependencies": { "mkdirp": "^1.0.4", - "semver": "^7.3.2" + "semver": "^7.5.2" + } + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" } }, "node_modules/mkdirp": { @@ -24,27 +35,51 @@ } }, "node_modules/semver": { - "version": "7.3.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz", - "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==", + "version": "7.5.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", + "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", + "dependencies": { + "lru-cache": "^6.0.0" + }, "bin": { "semver": "bin/semver.js" }, "engines": { "node": ">=10" } + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" } }, "dependencies": { + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "requires": { + "yallist": "^4.0.0" + } + }, "mkdirp": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" }, "semver": { - "version": "7.3.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz", - "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==" + "version": "7.5.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", + "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", + "requires": { + "lru-cache": "^6.0.0" + } + }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" } } } diff --git a/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json b/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json index fd011ef2f26ca..1e293d84cdbd4 100644 --- a/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json +++ b/workspaces/arborist/test/fixtures/dep-installed-without-bin-link/package.json @@ -3,7 +3,7 @@ "version": "1.0.0", "description": "has some deps without bins linked, for rebuilding", "dependencies": { - "semver": "^7.3.2", + "semver": "^7.5.2", "mkdirp": "^1.0.4" } }