From c4f6c00fe3c55db667263d166f87973f57d1f371 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 21:22:26 +0000 Subject: [PATCH 1/2] fix(deps): update dependency readable-stream to v4 --- package-lock.json | 139 ++++++++++++++++++++++++++++++- packages/browserify/package.json | 2 +- packages/lavapack/package.json | 2 +- packages/perf/package.json | 2 +- 4 files changed, 139 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 14a36501e6..b417d478e3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4432,6 +4432,17 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/abort-controller": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz", + "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==", + "dependencies": { + "event-target-shim": "^5.0.0" + }, + "engines": { + "node": ">=6.5" + } + }, "node_modules/accepts": { "version": "1.3.8", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", @@ -9006,6 +9017,14 @@ "node": ">=0.10.0" } }, + "node_modules/event-target-shim": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", + "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==", + "engines": { + "node": ">=6" + } + }, "node_modules/eventemitter3": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz", @@ -18225,7 +18244,7 @@ "json-stable-stringify": "1.1.1", "lavamoat-core": "^15.2.1", "pify": "5.0.0", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "source-map": "0.7.4", "through2": "4.0.2" }, @@ -18244,6 +18263,44 @@ "node": "^16.20.0 || ^18.0.0 || ^20.0.0" } }, + "packages/browserify/node_modules/buffer": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", + "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.2.1" + } + }, + "packages/browserify/node_modules/readable-stream": { + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", + "dependencies": { + "abort-controller": "^3.0.0", + "buffer": "^6.0.3", + "events": "^3.3.0", + "process": "^0.11.10", + "string_decoder": "^1.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, "packages/core": { "name": "lavamoat-core", "version": "15.2.1", @@ -18276,7 +18333,7 @@ "json-stable-stringify": "1.1.1", "JSONStream": "1.3.5", "lavamoat-core": "^15.2.1", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "through2": "4.0.2", "umd": "3.0.3" }, @@ -18288,6 +18345,44 @@ "node": "^16.20.0 || ^18.0.0 || ^20.0.0" } }, + "packages/lavapack/node_modules/buffer": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", + "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.2.1" + } + }, + "packages/lavapack/node_modules/readable-stream": { + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", + "dependencies": { + "abort-controller": "^3.0.0", + "buffer": "^6.0.3", + "events": "^3.3.0", + "process": "^0.11.10", + "string_decoder": "^1.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, "packages/laverna": { "name": "@lavamoat/laverna", "version": "1.0.0", @@ -18339,7 +18434,7 @@ "dependencies": { "@endo/compartment-mapper": "1.1.2", "browserify": "17.0.0", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "ses": "1.3.0" }, "devDependencies": { @@ -18351,6 +18446,44 @@ "node": "^16.20.0 || ^18.0.0 || ^20.0.0" } }, + "packages/perf/node_modules/buffer": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", + "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.2.1" + } + }, + "packages/perf/node_modules/readable-stream": { + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", + "dependencies": { + "abort-controller": "^3.0.0", + "buffer": "^6.0.3", + "events": "^3.3.0", + "process": "^0.11.10", + "string_decoder": "^1.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, "packages/preinstall-always-fail": { "name": "@lavamoat/preinstall-always-fail", "version": "2.0.0", diff --git a/packages/browserify/package.json b/packages/browserify/package.json index ef125e9f66..5866ee18b2 100644 --- a/packages/browserify/package.json +++ b/packages/browserify/package.json @@ -38,7 +38,7 @@ "json-stable-stringify": "1.1.1", "lavamoat-core": "^15.2.1", "pify": "5.0.0", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "source-map": "0.7.4", "through2": "4.0.2" }, diff --git a/packages/lavapack/package.json b/packages/lavapack/package.json index 16af5e2a14..38f3f44969 100644 --- a/packages/lavapack/package.json +++ b/packages/lavapack/package.json @@ -34,7 +34,7 @@ "espree": "9.6.1", "json-stable-stringify": "1.1.1", "lavamoat-core": "^15.2.1", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "through2": "4.0.2", "umd": "3.0.3" }, diff --git a/packages/perf/package.json b/packages/perf/package.json index 47b4d93554..ecf00f09bf 100644 --- a/packages/perf/package.json +++ b/packages/perf/package.json @@ -25,7 +25,7 @@ "dependencies": { "@endo/compartment-mapper": "1.1.2", "browserify": "17.0.0", - "readable-stream": "3.6.2", + "readable-stream": "4.5.2", "ses": "1.3.0" }, "devDependencies": { From 480cd1104f4780eab41cd8edc13dcb28f0571e31 Mon Sep 17 00:00:00 2001 From: Christopher Hiller Date: Tue, 12 Mar 2024 14:44:51 -0700 Subject: [PATCH 2/2] chore(browserify): update test fixture policy --- .../secureBundling/lavamoat/node/policy.json | 113 ++++++++++++++---- 1 file changed, 88 insertions(+), 25 deletions(-) diff --git a/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json b/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json index 24c424db80..fe0b81fe86 100644 --- a/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json +++ b/packages/browserify/test/fixtures/secureBundling/lavamoat/node/policy.json @@ -128,12 +128,12 @@ "packages": { "@lavamoat/lavapack>combine-source-map": true, "@lavamoat/lavapack>espree": true, + "@lavamoat/lavapack>readable-stream": true, "@lavamoat/lavapack>umd": true, "browserify>JSONStream": true, "convert-source-map": true, "json-stable-stringify": true, "lavamoat-core": true, - "readable-stream": true, "through2": true } }, @@ -187,6 +187,29 @@ "@lavamoat/lavapack>espree>acorn": true } }, + "@lavamoat/lavapack>readable-stream": { + "builtin": { + "buffer.Blob": true, + "buffer.Buffer": true, + "events.EventEmitter": true, + "events.addAbortListener": true, + "stream": true, + "string_decoder.StringDecoder": true + }, + "globals": { + "AbortController": true, + "AbortSignal": true, + "AggregateError": true, + "Blob": true, + "ERR_INVALID_ARG_TYPE": true, + "process.env.READABLE_STREAM": true, + "queueMicrotask": true + }, + "packages": { + "browserify>process": true, + "readable-stream>abort-controller": true + } + }, "browser-resolve": { "builtin": { "fs.readFile": true, @@ -317,7 +340,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>browser-pack>through2>readable-stream>string_decoder": { @@ -384,7 +407,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>deps-sort>through2>readable-stream>safe-buffer": { @@ -423,7 +446,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>duplexer2>readable-stream>safe-buffer": { @@ -494,7 +517,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>insert-module-globals>through2>readable-stream>safe-buffer": { @@ -562,7 +585,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>labeled-stream-splicer>stream-splicer>readable-stream>safe-buffer": { @@ -647,7 +670,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>module-deps>readable-stream>safe-buffer": { @@ -687,7 +710,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>module-deps>stream-combiner2>readable-stream>safe-buffer": { @@ -733,6 +756,11 @@ "process.platform": true } }, + "browserify>process": { + "globals": { + "process": true + } + }, "browserify>read-only-stream": { "packages": { "browserify>read-only-stream>readable-stream": true @@ -759,7 +787,7 @@ "browserify>readable-stream>core-util-is": true, "browserify>readable-stream>process-nextick-args": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>read-only-stream>readable-stream>safe-buffer": { @@ -793,7 +821,7 @@ "browserify>string_decoder": true, "browserify>string_decoder>safe-buffer": true, "duplexify>inherits": true, - "readable-stream>util-deprecate": true + "keccak>readable-stream>util-deprecate": true } }, "browserify>readable-stream>core-util-is": { @@ -926,7 +954,7 @@ "concat-stream>buffer-from": true, "concat-stream>typedarray": true, "duplexify>inherits": true, - "readable-stream": true + "keccak>readable-stream": true } }, "concat-stream>buffer-from": { @@ -951,7 +979,7 @@ "duplexify>end-of-stream": true, "duplexify>inherits": true, "duplexify>stream-shift": true, - "readable-stream": true + "keccak>readable-stream": true } }, "duplexify>end-of-stream": { @@ -1029,6 +1057,30 @@ "json-stable-stringify>call-bind>es-define-property": true } }, + "keccak>readable-stream": { + "builtin": { + "buffer.Buffer": true, + "events.EventEmitter": true, + "stream": true, + "util": true + }, + "globals": { + "process.env.READABLE_STREAM": true, + "process.nextTick": true, + "process.stderr": true, + "process.stdout": true + }, + "packages": { + "duplexify>inherits": true, + "keccak>readable-stream>util-deprecate": true, + "readable-stream>string_decoder": true + } + }, + "keccak>readable-stream>util-deprecate": { + "builtin": { + "util.deprecate": true + } + }, "lavamoat-core": { "builtin": { "events": true, @@ -1261,21 +1313,37 @@ }, "readable-stream": { "builtin": { + "buffer.Blob": true, "buffer.Buffer": true, "events.EventEmitter": true, + "events.addAbortListener": true, "stream": true, - "util": true + "string_decoder.StringDecoder": true }, "globals": { + "AbortController": true, + "AbortSignal": true, + "AggregateError": true, + "Blob": true, + "ERR_INVALID_ARG_TYPE": true, "process.env.READABLE_STREAM": true, - "process.nextTick": true, - "process.stderr": true, - "process.stdout": true + "queueMicrotask": true }, "packages": { - "duplexify>inherits": true, - "readable-stream>string_decoder": true, - "readable-stream>util-deprecate": true + "browserify>process": true, + "readable-stream>abort-controller": true + } + }, + "readable-stream>abort-controller": { + "packages": { + "readable-stream>abort-controller>event-target-shim": true + } + }, + "readable-stream>abort-controller>event-target-shim": { + "globals": { + "Event": true, + "EventTarget": true, + "console": true } }, "readable-stream>string_decoder": { @@ -1288,11 +1356,6 @@ "buffer": true } }, - "readable-stream>util-deprecate": { - "builtin": { - "util.deprecate": true - } - }, "source-map-explorer>chalk>supports-color": { "builtin": { "os.release": true, @@ -1313,7 +1376,7 @@ }, "through2": { "packages": { - "readable-stream": true + "keccak>readable-stream": true } } }