From 9c554fd8cd1e9aeb8eb122ccfa3c78d12af4097a Mon Sep 17 00:00:00 2001 From: Ruy Adorno Date: Tue, 24 Mar 2020 15:57:50 -0400 Subject: [PATCH] update-notifier@2.5.0 --- node_modules/deep-extend/CHANGELOG.md | 8 +++ node_modules/deep-extend/README.md | 2 - node_modules/deep-extend/package.json | 29 ++++++----- node_modules/is-ci/.travis.yml | 7 --- node_modules/is-ci/README.md | 29 ++--------- node_modules/is-ci/package.json | 22 ++++---- node_modules/is-ci/test.js | 19 ------- node_modules/is-retry-allowed/index.js | 4 +- node_modules/is-retry-allowed/package.json | 14 +++--- .../rc/node_modules/minimist/example/parse.js | 2 +- .../rc/node_modules/minimist/index.js | 15 ++++-- .../rc/node_modules/minimist/package.json | 12 ++--- .../rc/node_modules/minimist/readme.markdown | 32 ++++++------ .../rc/node_modules/minimist/test/bool.js | 12 +++++ .../rc/node_modules/minimist/test/proto.js | 44 ++++++++++++++++ node_modules/rc/package.json | 16 +++--- node_modules/registry-auth-token/.npmignore | 6 +++ node_modules/registry-auth-token/CHANGELOG.md | 6 +++ node_modules/registry-auth-token/index.js | 25 ++++++---- node_modules/registry-auth-token/package.json | 12 ++--- .../test/auth-token.test.js | 36 +++++++++++++ node_modules/registry-auth-token/yarn.lock | 20 +++++--- node_modules/update-notifier/package.json | 14 +++--- node_modules/widest-line/index.js | 7 ++- node_modules/widest-line/package.json | 12 ++--- package-lock.json | 50 +++++++++---------- 26 files changed, 272 insertions(+), 183 deletions(-) delete mode 100644 node_modules/is-ci/.travis.yml delete mode 100644 node_modules/is-ci/test.js create mode 100644 node_modules/rc/node_modules/minimist/test/proto.js create mode 100644 node_modules/registry-auth-token/.npmignore diff --git a/node_modules/deep-extend/CHANGELOG.md b/node_modules/deep-extend/CHANGELOG.md index 3932f8f024e5e..dd13ec1311b2b 100644 --- a/node_modules/deep-extend/CHANGELOG.md +++ b/node_modules/deep-extend/CHANGELOG.md @@ -1,6 +1,14 @@ Changelog ========= +v0.6.0 +------ + +- Updated "devDependencies" versions to fix vulnerability alerts +- Dropped support of io.js and node.js v0.12.x and lower since new versions of + "devDependencies" couldn't work with those old node.js versions + (minimal supported version of node.js now is v4.0.0) + v0.5.1 ------ diff --git a/node_modules/deep-extend/README.md b/node_modules/deep-extend/README.md index cf84f70dedcbe..67c7fc085903b 100644 --- a/node_modules/deep-extend/README.md +++ b/node_modules/deep-extend/README.md @@ -7,8 +7,6 @@ Recursive object extending. [![NPM](https://nodei.co/npm/deep-extend.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/deep-extend/) -[![NPM](https://nodei.co/npm-dl/deep-extend.png?height=3)](https://nodei.co/npm/deep-extend/) - Install ------- diff --git a/node_modules/deep-extend/package.json b/node_modules/deep-extend/package.json index 3aaa6742ff9e2..15386bcffeaaf 100644 --- a/node_modules/deep-extend/package.json +++ b/node_modules/deep-extend/package.json @@ -1,27 +1,27 @@ { - "_from": "deep-extend@^0.5.1", - "_id": "deep-extend@0.5.1", + "_from": "deep-extend@^0.6.0", + "_id": "deep-extend@0.6.0", "_inBundle": false, - "_integrity": "sha512-N8vBdOa+DF7zkRrDCsaOXoCs/E2fJfx9B9MrKnnSiHNh4ws7eSys6YQE4KvT1cecKmOASYQBhbKjeuDD9lT81w==", + "_integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", "_location": "/deep-extend", "_phantomChildren": {}, "_requested": { "type": "range", "registry": true, - "raw": "deep-extend@^0.5.1", + "raw": "deep-extend@^0.6.0", "name": "deep-extend", "escapedName": "deep-extend", - "rawSpec": "^0.5.1", + "rawSpec": "^0.6.0", "saveSpec": null, - "fetchSpec": "^0.5.1" + "fetchSpec": "^0.6.0" }, "_requiredBy": [ "/rc" ], - "_resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.5.1.tgz", - "_shasum": "b894a9dd90d3023fbf1c55a394fb858eb2066f1f", - "_spec": "deep-extend@^0.5.1", - "_where": "/Users/rebecca/code/npm/node_modules/rc", + "_resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "_shasum": "c4fa7c95404a17a9c3e8ca7e1537312b736330ac", + "_spec": "deep-extend@^0.6.0", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/rc", "author": { "name": "Viacheslav Lotsmanov", "email": "lotsmanov89@gmail.com" @@ -51,12 +51,11 @@ "deprecated": false, "description": "Recursive object extending", "devDependencies": { - "mocha": "2.2.1", - "should": "5.2.0" + "mocha": "5.2.0", + "should": "13.2.1" }, "engines": { - "iojs": ">=1.0.0", - "node": ">=0.10.0" + "node": ">=4.0.0" }, "files": [ "index.js", @@ -89,5 +88,5 @@ "scripts": { "test": "mocha" }, - "version": "0.5.1" + "version": "0.6.0" } diff --git a/node_modules/is-ci/.travis.yml b/node_modules/is-ci/.travis.yml deleted file mode 100644 index 21f721050948b..0000000000000 --- a/node_modules/is-ci/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: node_js -node_js: -- '6' -- '5' -- '4' -- '0.12' -- '0.10' diff --git a/node_modules/is-ci/README.md b/node_modules/is-ci/README.md index 0e49db91bbe4c..bc3840a220cfb 100644 --- a/node_modules/is-ci/README.md +++ b/node_modules/is-ci/README.md @@ -6,12 +6,13 @@ server. Please [open an issue](https://github.com/watson/is-ci/issues) if your CI server isn't properly detected :) +[![npm](https://img.shields.io/npm/v/is-ci.svg)](https://www.npmjs.com/package/is-ci) [![Build status](https://travis-ci.org/watson/is-ci.svg?branch=master)](https://travis-ci.org/watson/is-ci) [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://github.com/feross/standard) ## Installation -``` +```bash npm install is-ci --save ``` @@ -36,34 +37,14 @@ There's a few ways to do that: - Or provide the full path to the executable, e.g. `./node_modules/.bin/is-ci` -``` +```bash is-ci && echo "This is a CI server" ``` ## Supported CI tools -Officially supported CI servers: - -- [Travis CI](http://travis-ci.org) -- [CircleCI](http://circleci.com) -- [Jenkins CI](https://jenkins-ci.org) -- [Hudson](http://hudson-ci.org) -- [Bamboo](https://www.atlassian.com/software/bamboo) -- [TeamCity](https://www.jetbrains.com/teamcity/) -- [Team Foundation Server](https://www.visualstudio.com/en-us/products/tfs-overview-vs.aspx) -- [GitLab CI](https://about.gitlab.com/gitlab-ci/) -- [Codeship](https://codeship.com) -- [Drone.io](https://drone.io) -- [Magnum CI](https://magnum-ci.com) -- [Semaphore](https://semaphoreci.com) -- [AppVeyor](http://www.appveyor.com) -- [Buildkite](https://buildkite.com) -- [TaskCluster](http://docs.taskcluster.net) -- [GoCD](https://www.go.cd/) -- [Bitbucket Pipelines](https://bitbucket.org/product/features/pipelines) - -Other CI tools using environment variables like `BUILD_ID` or `CI` would be detected as well. +Refer to [ci-info](https://github.com/watson/ci-info#supported-ci-tools) docs for all supported CI's ## License -MIT +[MIT](LICENSE) diff --git a/node_modules/is-ci/package.json b/node_modules/is-ci/package.json index e87ba5d7fd903..344aa2a1f5952 100644 --- a/node_modules/is-ci/package.json +++ b/node_modules/is-ci/package.json @@ -1,8 +1,8 @@ { "_from": "is-ci@^1.0.10", - "_id": "is-ci@1.1.0", + "_id": "is-ci@1.2.1", "_inBundle": false, - "_integrity": "sha512-c7TnwxLePuqIlxHgr7xtxzycJPegNHFuIrBkwbf8hc58//+Op1CqFkyS+xnIMkwn9UsJIwc174BIjkyBmSpjKg==", + "_integrity": "sha512-s6tfsaQaQi3JNciBH6shVqEDvhGut0SUXr31ag8Pd8BBbVVlcGfWhpPmEOoM6RJ5TFhbypvf5yyRw/VXW1IiWg==", "_location": "/is-ci", "_phantomChildren": {}, "_requested": { @@ -18,10 +18,10 @@ "_requiredBy": [ "/update-notifier" ], - "_resolved": "https://registry.npmjs.org/is-ci/-/is-ci-1.1.0.tgz", - "_shasum": "247e4162e7860cebbdaf30b774d6b0ac7dcfe7a5", + "_resolved": "https://registry.npmjs.org/is-ci/-/is-ci-1.2.1.tgz", + "_shasum": "e3779c8ee17fccf428488f6e281187f2e632841c", "_spec": "is-ci@^1.0.10", - "_where": "/Users/rebecca/code/npm/node_modules/update-notifier", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/update-notifier", "author": { "name": "Thomas Watson Steen", "email": "w@tson.dk", @@ -35,17 +35,17 @@ }, "bundleDependencies": false, "coordinates": [ - 56.0093252, - 11.9592058 + 55.778255, + 12.593033 ], "dependencies": { - "ci-info": "^1.0.0" + "ci-info": "^1.5.0" }, "deprecated": false, - "description": "Detect if your code is running on a CI server", + "description": "Detect if the current environment is a CI server", "devDependencies": { "clear-require": "^1.0.1", - "standard": "^10.0.3" + "standard": "^11.0.1" }, "homepage": "https://github.com/watson/is-ci", "keywords": [ @@ -65,5 +65,5 @@ "scripts": { "test": "standard && node test.js" }, - "version": "1.1.0" + "version": "1.2.1" } diff --git a/node_modules/is-ci/test.js b/node_modules/is-ci/test.js deleted file mode 100644 index a9938bbdb8ecf..0000000000000 --- a/node_modules/is-ci/test.js +++ /dev/null @@ -1,19 +0,0 @@ -'use strict' - -var assert = require('assert') -var clearRequire = require('clear-require') - -process.env.CI = 'true' - -var isCI = require('./') -assert(isCI) - -delete process.env.CI -delete process.env.CONTINUOUS_INTEGRATION -delete process.env.BUILD_NUMBER -delete process.env.TRAVIS - -clearRequire('./') -clearRequire('ci-info') -isCI = require('./') -assert(!isCI) diff --git a/node_modules/is-retry-allowed/index.js b/node_modules/is-retry-allowed/index.js index 663ee338fce94..3bab6c16b26b9 100644 --- a/node_modules/is-retry-allowed/index.js +++ b/node_modules/is-retry-allowed/index.js @@ -6,7 +6,9 @@ var WHITELIST = [ 'EADDRINUSE', 'ESOCKETTIMEDOUT', 'ECONNREFUSED', - 'EPIPE' + 'EPIPE', + 'EHOSTUNREACH', + 'EAI_AGAIN' ]; var BLACKLIST = [ diff --git a/node_modules/is-retry-allowed/package.json b/node_modules/is-retry-allowed/package.json index e494bb3f7841a..7bae1606a740c 100644 --- a/node_modules/is-retry-allowed/package.json +++ b/node_modules/is-retry-allowed/package.json @@ -1,8 +1,8 @@ { "_from": "is-retry-allowed@^1.0.0", - "_id": "is-retry-allowed@1.1.0", + "_id": "is-retry-allowed@1.2.0", "_inBundle": false, - "_integrity": "sha1-EaBgVotnM5REAz0BJaYaINVk+zQ=", + "_integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==", "_location": "/is-retry-allowed", "_phantomChildren": {}, "_requested": { @@ -18,10 +18,10 @@ "_requiredBy": [ "/got" ], - "_resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", - "_shasum": "11a060568b67339444033d0125a61a20d564fb34", + "_resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", + "_shasum": "d778488bd0a4666a3be8a1482b9f2baafedea8b4", "_spec": "is-retry-allowed@^1.0.0", - "_where": "/Users/rebecca/code/npm/node_modules/got", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/got", "author": { "name": "Vsevolod Strukchinsky", "email": "floatdrop@gmail.com", @@ -33,7 +33,7 @@ "bundleDependencies": false, "dependencies": {}, "deprecated": false, - "description": "My prime module", + "description": "Is retry allowed for Error?", "devDependencies": { "ava": "^0.8.0", "xo": "^0.12.1" @@ -55,5 +55,5 @@ "scripts": { "test": "xo && ava" }, - "version": "1.1.0" + "version": "1.2.0" } diff --git a/node_modules/rc/node_modules/minimist/example/parse.js b/node_modules/rc/node_modules/minimist/example/parse.js index abff3e8ee8f5e..f7c8d49807f32 100644 --- a/node_modules/rc/node_modules/minimist/example/parse.js +++ b/node_modules/rc/node_modules/minimist/example/parse.js @@ -1,2 +1,2 @@ var argv = require('../')(process.argv.slice(2)); -console.dir(argv); +console.log(argv); diff --git a/node_modules/rc/node_modules/minimist/index.js b/node_modules/rc/node_modules/minimist/index.js index 6a0559d58133a..d2afe5e4d4056 100644 --- a/node_modules/rc/node_modules/minimist/index.js +++ b/node_modules/rc/node_modules/minimist/index.js @@ -68,12 +68,21 @@ module.exports = function (args, opts) { function setKey (obj, keys, value) { var o = obj; - keys.slice(0,-1).forEach(function (key) { + for (var i = 0; i < keys.length-1; i++) { + var key = keys[i]; + if (key === '__proto__') return; if (o[key] === undefined) o[key] = {}; + if (o[key] === Object.prototype || o[key] === Number.prototype + || o[key] === String.prototype) o[key] = {}; + if (o[key] === Array.prototype) o[key] = []; o = o[key]; - }); + } var key = keys[keys.length - 1]; + if (key === '__proto__') return; + if (o === Object.prototype || o === Number.prototype + || o === String.prototype) o = {}; + if (o === Array.prototype) o = []; if (o[key] === undefined || flags.bools[key] || typeof o[key] === 'boolean') { o[key] = value; } @@ -171,7 +180,7 @@ module.exports = function (args, opts) { setArg(key, args[i+1], arg); i++; } - else if (args[i+1] && /true|false/.test(args[i+1])) { + else if (args[i+1] && /^(true|false)$/.test(args[i+1])) { setArg(key, args[i+1] === 'true', arg); i++; } diff --git a/node_modules/rc/node_modules/minimist/package.json b/node_modules/rc/node_modules/minimist/package.json index e22b6fc47a309..86e9c8ee28bd2 100644 --- a/node_modules/rc/node_modules/minimist/package.json +++ b/node_modules/rc/node_modules/minimist/package.json @@ -1,8 +1,8 @@ { "_from": "minimist@^1.2.0", - "_id": "minimist@1.2.0", + "_id": "minimist@1.2.5", "_inBundle": false, - "_integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=", + "_integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "_location": "/rc/minimist", "_phantomChildren": {}, "_requested": { @@ -18,10 +18,10 @@ "_requiredBy": [ "/rc" ], - "_resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", - "_shasum": "a35008b20f41383eec1fb914f4cd5df79a264284", + "_resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "_shasum": "67d66014b66a6a8aaa0c083c5fd58df4e4e97602", "_spec": "minimist@^1.2.0", - "_where": "/Users/rebecca/code/npm/node_modules/rc", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/rc", "author": { "name": "James Halliday", "email": "mail@substack.net", @@ -69,5 +69,5 @@ "opera/12" ] }, - "version": "1.2.0" + "version": "1.2.5" } diff --git a/node_modules/rc/node_modules/minimist/readme.markdown b/node_modules/rc/node_modules/minimist/readme.markdown index 30a74cf8c158d..5fd97ab11ee9d 100644 --- a/node_modules/rc/node_modules/minimist/readme.markdown +++ b/node_modules/rc/node_modules/minimist/readme.markdown @@ -5,15 +5,11 @@ parse argument options This module is the guts of optimist's argument parser without all the fanciful decoration. -[![browser support](https://ci.testling.com/substack/minimist.png)](http://ci.testling.com/substack/minimist) - -[![build status](https://secure.travis-ci.org/substack/minimist.png)](http://travis-ci.org/substack/minimist) - # example ``` js var argv = require('minimist')(process.argv.slice(2)); -console.dir(argv); +console.log(argv); ``` ``` @@ -33,6 +29,13 @@ $ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz beep: 'boop' } ``` +# security + +Previous versions had a prototype pollution bug that could cause privilege +escalation in some circumstances when handling untrusted user input. + +Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 + # methods ``` js @@ -65,19 +68,20 @@ argument names to use as aliases first non-option * `opts['--']` - when true, populate `argv._` with everything before the `--` and `argv['--']` with everything after the `--`. Here's an example: + + ``` + > require('./')('one two three -- four five --six'.split(' '), { '--': true }) + { _: [ 'one', 'two', 'three' ], + '--': [ 'four', 'five', '--six' ] } + ``` + + Note that with `opts['--']` set, parsing for arguments still stops after the + `--`. + * `opts.unknown` - a function which is invoked with a command line parameter not defined in the `opts` configuration object. If the function returns `false`, the unknown option is not added to `argv`. -``` -> require('./')('one two three -- four five --six'.split(' '), { '--': true }) -{ _: [ 'one', 'two', 'three' ], - '--': [ 'four', 'five', '--six' ] } -``` - -Note that with `opts['--']` set, parsing for arguments still stops after the -`--`. - # install With [npm](https://npmjs.org) do: diff --git a/node_modules/rc/node_modules/minimist/test/bool.js b/node_modules/rc/node_modules/minimist/test/bool.js index 14b0717cefd5e..5f7dbde16cc91 100644 --- a/node_modules/rc/node_modules/minimist/test/bool.js +++ b/node_modules/rc/node_modules/minimist/test/bool.js @@ -164,3 +164,15 @@ test('boolean --boool=false', function (t) { t.same(parsed.boool, false); t.end(); }); + +test('boolean using something similar to true', function (t) { + var opts = { boolean: 'h' }; + var result = parse(['-h', 'true.txt'], opts); + var expected = { + h: true, + '_': ['true.txt'] + }; + + t.same(result, expected); + t.end(); +}); \ No newline at end of file diff --git a/node_modules/rc/node_modules/minimist/test/proto.js b/node_modules/rc/node_modules/minimist/test/proto.js new file mode 100644 index 0000000000000..8649107ecba1f --- /dev/null +++ b/node_modules/rc/node_modules/minimist/test/proto.js @@ -0,0 +1,44 @@ +var parse = require('../'); +var test = require('tape'); + +test('proto pollution', function (t) { + var argv = parse(['--__proto__.x','123']); + t.equal({}.x, undefined); + t.equal(argv.__proto__.x, undefined); + t.equal(argv.x, undefined); + t.end(); +}); + +test('proto pollution (array)', function (t) { + var argv = parse(['--x','4','--x','5','--x.__proto__.z','789']); + t.equal({}.z, undefined); + t.deepEqual(argv.x, [4,5]); + t.equal(argv.x.z, undefined); + t.equal(argv.x.__proto__.z, undefined); + t.end(); +}); + +test('proto pollution (number)', function (t) { + var argv = parse(['--x','5','--x.__proto__.z','100']); + t.equal({}.z, undefined); + t.equal((4).z, undefined); + t.equal(argv.x, 5); + t.equal(argv.x.z, undefined); + t.end(); +}); + +test('proto pollution (string)', function (t) { + var argv = parse(['--x','abc','--x.__proto__.z','def']); + t.equal({}.z, undefined); + t.equal('...'.z, undefined); + t.equal(argv.x, 'abc'); + t.equal(argv.x.z, undefined); + t.end(); +}); + +test('proto pollution (constructor)', function (t) { + var argv = parse(['--constructor.prototype.y','123']); + t.equal({}.y, undefined); + t.equal(argv.y, undefined); + t.end(); +}); diff --git a/node_modules/rc/package.json b/node_modules/rc/package.json index ba78e395b45d4..db6599e664b74 100644 --- a/node_modules/rc/package.json +++ b/node_modules/rc/package.json @@ -1,8 +1,8 @@ { "_from": "rc@^1.1.6", - "_id": "rc@1.2.7", + "_id": "rc@1.2.8", "_inBundle": false, - "_integrity": "sha512-LdLD8xD4zzLsAT5xyushXDNscEjB7+2ulnl8+r1pnESlYtlJtVSoCMBGr30eDRJ3+2Gq89jK9P9e4tCEH1+ywA==", + "_integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", "_location": "/rc", "_phantomChildren": {}, "_requested": { @@ -19,17 +19,17 @@ "/registry-auth-token", "/registry-url" ], - "_resolved": "https://registry.npmjs.org/rc/-/rc-1.2.7.tgz", - "_shasum": "8a10ca30d588d00464360372b890d06dacd02297", + "_resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "_shasum": "cd924bf5200a075b83c188cd6b9e211b7fc0d3ed", "_spec": "rc@^1.1.6", - "_where": "/Users/rebecca/code/npm/node_modules/registry-auth-token", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/registry-auth-token", "author": { "name": "Dominic Tarr", "email": "dominic.tarr@gmail.com", "url": "dominictarr.com" }, "bin": { - "rc": "./cli.js" + "rc": "cli.js" }, "browser": "browser.js", "bugs": { @@ -37,7 +37,7 @@ }, "bundleDependencies": false, "dependencies": { - "deep-extend": "^0.5.1", + "deep-extend": "^0.6.0", "ini": "~1.3.0", "minimist": "^1.2.0", "strip-json-comments": "~2.0.1" @@ -61,5 +61,5 @@ "scripts": { "test": "set -e; node test/test.js; node test/ini.js; node test/nested-env-vars.js" }, - "version": "1.2.7" + "version": "1.2.8" } diff --git a/node_modules/registry-auth-token/.npmignore b/node_modules/registry-auth-token/.npmignore new file mode 100644 index 0000000000000..4196028460bfc --- /dev/null +++ b/node_modules/registry-auth-token/.npmignore @@ -0,0 +1,6 @@ +.editorconfig +.eslintignore +.eslintrc +.travis.yml +npm-debug.log +coverage diff --git a/node_modules/registry-auth-token/CHANGELOG.md b/node_modules/registry-auth-token/CHANGELOG.md index 75f7b6f2f7071..20e82e870ef45 100644 --- a/node_modules/registry-auth-token/CHANGELOG.md +++ b/node_modules/registry-auth-token/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes will be documented in this file. +## [3.4.0] - 2019-03-20 + +### Changes + +- Enabled legacy auth token to be read from environment variable (Martin Flodin) + ## [3.3.2] - 2018-01-26 ### Changes diff --git a/node_modules/registry-auth-token/index.js b/node_modules/registry-auth-token/index.js index d68f7eeb4bc72..f8c6216eab9cd 100644 --- a/node_modules/registry-auth-token/index.js +++ b/node_modules/registry-auth-token/index.js @@ -52,10 +52,13 @@ function getRegistryAuthInfo (checkUrl, options) { } function getLegacyAuthInfo (npmrc) { - if (npmrc._auth) { - return {token: npmrc._auth, type: 'Basic'} + if (!npmrc._auth) { + return undefined } - return undefined + + var token = replaceEnvironmentVariable(npmrc._auth) + + return {token: token, type: 'Basic'} } function normalizePath (path) { @@ -80,15 +83,19 @@ function getAuthInfoForUrl (regUrl, npmrc) { return undefined } +function replaceEnvironmentVariable (token) { + return token.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) { + return process.env[envVar] + }) +} + function getBearerToken (tok) { if (!tok) { return undefined } - // check if bearer token - var token = tok.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) { - return process.env[envVar] - }) + // check if bearer token is set as environment variable + var token = replaceEnvironmentVariable(tok) return {token: token, type: 'Bearer'} } @@ -100,9 +107,7 @@ function getTokenForUsernameAndPassword (username, password) { // passwords are base64 encoded, so we need to decode it // See https://github.com/npm/npm/blob/v3.10.6/lib/config/set-credentials-by-uri.js#L26 - var pass = decodeBase64(password.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) { - return process.env[envVar] - })) + var pass = decodeBase64(replaceEnvironmentVariable(password)) // a basic auth token is base64 encoded 'username:password' // See https://github.com/npm/npm/blob/v3.10.6/lib/config/get-credentials-by-uri.js#L70 diff --git a/node_modules/registry-auth-token/package.json b/node_modules/registry-auth-token/package.json index 3be95088b858d..dd090a836b569 100644 --- a/node_modules/registry-auth-token/package.json +++ b/node_modules/registry-auth-token/package.json @@ -1,8 +1,8 @@ { "_from": "registry-auth-token@^3.0.1", - "_id": "registry-auth-token@3.3.2", + "_id": "registry-auth-token@3.4.0", "_inBundle": false, - "_integrity": "sha512-JL39c60XlzCVgNrO+qq68FoNb56w/m7JYvGR2jT5iR1xBrUA3Mfx5Twk5rqTThPmQKMWydGmq8oFtDlxfrmxnQ==", + "_integrity": "sha512-4LM6Fw8eBQdwMYcES4yTnn2TqIasbXuwDx3um+QRs7S55aMKCBKBxvPXl2RiUjHwuJLTyYfxSpmfSAjQpcuP+A==", "_location": "/registry-auth-token", "_phantomChildren": {}, "_requested": { @@ -18,10 +18,10 @@ "_requiredBy": [ "/package-json" ], - "_resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-3.3.2.tgz", - "_shasum": "851fd49038eecb586911115af845260eec983f20", + "_resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-3.4.0.tgz", + "_shasum": "d7446815433f5d5ed6431cd5dca21048f66b397e", "_spec": "registry-auth-token@^3.0.1", - "_where": "/Users/rebecca/code/npm/node_modules/package-json", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/package-json", "author": { "name": "Espen Hovlandsdal", "email": "espen@hovlandsdal.com" @@ -70,5 +70,5 @@ "coverage/**" ] }, - "version": "3.3.2" + "version": "3.4.0" } diff --git a/node_modules/registry-auth-token/test/auth-token.test.js b/node_modules/registry-auth-token/test/auth-token.test.js index 824d1bf92e6de..5db6f5a192890 100644 --- a/node_modules/registry-auth-token/test/auth-token.test.js +++ b/node_modules/registry-auth-token/test/auth-token.test.js @@ -50,6 +50,42 @@ describe('auth-token', function () { done() }) }) + + it('should return legacy auth token defined by reference to an environment variable (with curly braces)', function (done) { + var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__' + var content = [ + '_auth=${' + environmentVariable + '}', + 'registry=http://registry.foobar.eu/' + ].join('\n') + + process.env[environmentVariable] = 'foobar' + + fs.writeFile(npmRcPath, content, function (err) { + var getAuthToken = requireUncached('../index') + assert(!err, err) + assert.deepEqual(getAuthToken(), {token: 'foobar', type: 'Basic'}) + delete process.env[environmentVariable] + done() + }) + }) + + it('should return legacy auth token defined by reference to an environment variable (without curly braces)', function (done) { + var environmentVariable = '__REGISTRY_AUTH_TOKEN_NPM_TOKEN__' + var content = [ + '_auth=$' + environmentVariable, + 'registry=http://registry.foobar.eu/' + ].join('\n') + + process.env[environmentVariable] = 'foobar' + + fs.writeFile(npmRcPath, content, function (err) { + var getAuthToken = requireUncached('../index') + assert(!err, err) + assert.deepEqual(getAuthToken(), {token: 'foobar', type: 'Basic'}) + delete process.env[environmentVariable] + done() + }) + }) }) describe('bearer token', function () { diff --git a/node_modules/registry-auth-token/yarn.lock b/node_modules/registry-auth-token/yarn.lock index 23f7b13a76681..46c1357274cf6 100644 --- a/node_modules/registry-auth-token/yarn.lock +++ b/node_modules/registry-auth-token/yarn.lock @@ -234,9 +234,9 @@ decamelize@^1.0.0: version "1.2.0" resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" -deep-extend@~0.4.0: - version "0.4.2" - resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.4.2.tgz#48b699c27e334bf89f10892be432f6e4c7d34a7f" +deep-extend@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac" deep-is@~0.1.3: version "0.1.3" @@ -1197,11 +1197,11 @@ progress@^1.1.8: version "1.1.8" resolved "https://registry.yarnpkg.com/progress/-/progress-1.1.8.tgz#e260c78f6161cdd9b0e56cc3e0a85de17c7a57be" -rc@^1.1.6: - version "1.2.4" - resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.4.tgz#a0f606caae2a3b862bbd0ef85482c0125b315fa3" +rc@^1.2.8: + version "1.2.8" + resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" dependencies: - deep-extend "~0.4.0" + deep-extend "^0.6.0" ini "~1.3.0" minimist "^1.2.0" strip-json-comments "~2.0.1" @@ -1290,7 +1290,11 @@ rx-lite@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/rx-lite/-/rx-lite-3.1.2.tgz#19ce502ca572665f3b647b10939f97fd1615f102" -safe-buffer@^5.0.1, safe-buffer@~5.1.0, safe-buffer@~5.1.1: +safe-buffer@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" + +safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" diff --git a/node_modules/update-notifier/package.json b/node_modules/update-notifier/package.json index 836b3df254027..c2c81fb3c7d73 100644 --- a/node_modules/update-notifier/package.json +++ b/node_modules/update-notifier/package.json @@ -1,10 +1,4 @@ { - "_args": [ - [ - "update-notifier@2.5.0", - "/Users/rebecca/code/npm" - ] - ], "_from": "update-notifier@2.5.0", "_id": "update-notifier@2.5.0", "_inBundle": false, @@ -22,12 +16,14 @@ "fetchSpec": "2.5.0" }, "_requiredBy": [ + "#USER", "/", "/libnpx" ], "_resolved": "https://registry.npmjs.org/update-notifier/-/update-notifier-2.5.0.tgz", - "_spec": "2.5.0", - "_where": "/Users/rebecca/code/npm", + "_shasum": "d0744593e13f161e406acb1d9408b72cad08aff6", + "_spec": "update-notifier@2.5.0", + "_where": "/Users/ruyadorno/Documents/workspace/cli", "author": { "name": "Sindre Sorhus", "email": "sindresorhus@gmail.com", @@ -36,6 +32,7 @@ "bugs": { "url": "https://github.com/yeoman/update-notifier/issues" }, + "bundleDependencies": false, "dependencies": { "boxen": "^1.2.1", "chalk": "^2.0.1", @@ -48,6 +45,7 @@ "semver-diff": "^2.0.0", "xdg-basedir": "^3.0.0" }, + "deprecated": false, "description": "Update notifications for your CLI app", "devDependencies": { "ava": "*", diff --git a/node_modules/widest-line/index.js b/node_modules/widest-line/index.js index 173cec4f296bb..a9865d00abd91 100644 --- a/node_modules/widest-line/index.js +++ b/node_modules/widest-line/index.js @@ -1,5 +1,8 @@ 'use strict'; const stringWidth = require('string-width'); -module.exports = input => Math.max.apply(null, input.split('\n').map(x => stringWidth(x))); - +module.exports = input => { + let max = 0; + for (const s of input.split('\n')) max = Math.max(max, stringWidth(s)); + return max; +}; diff --git a/node_modules/widest-line/package.json b/node_modules/widest-line/package.json index 2eb1d53fc9a60..fc4bcfcbeb83c 100644 --- a/node_modules/widest-line/package.json +++ b/node_modules/widest-line/package.json @@ -1,8 +1,8 @@ { "_from": "widest-line@^2.0.0", - "_id": "widest-line@2.0.0", + "_id": "widest-line@2.0.1", "_inBundle": false, - "_integrity": "sha1-AUKk6KJD+IgsAjOqDgKBqnYVInM=", + "_integrity": "sha512-Ba5m9/Fa4Xt9eb2ELXt77JxVDV8w7qQrH0zS/TWSJdLyAwQjWoOzpzj5lwVftDz6n/EOu3tNACS84v509qwnJA==", "_location": "/widest-line", "_phantomChildren": {}, "_requested": { @@ -18,10 +18,10 @@ "_requiredBy": [ "/boxen" ], - "_resolved": "https://registry.npmjs.org/widest-line/-/widest-line-2.0.0.tgz", - "_shasum": "0142a4e8a243f8882c0233aa0e0281aa76152273", + "_resolved": "https://registry.npmjs.org/widest-line/-/widest-line-2.0.1.tgz", + "_shasum": "7438764730ec7ef4381ce4df82fb98a53142a3fc", "_spec": "widest-line@^2.0.0", - "_where": "/Users/rebecca/code/npm/node_modules/boxen", + "_where": "/Users/ruyadorno/Documents/workspace/cli/node_modules/boxen", "author": { "name": "Sindre Sorhus", "email": "sindresorhus@gmail.com", @@ -82,5 +82,5 @@ "scripts": { "test": "xo && ava" }, - "version": "2.0.0" + "version": "2.0.1" } diff --git a/package-lock.json b/package-lock.json index 872c4b47f1d27..4e30a6e0d41c9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1179,9 +1179,9 @@ "dev": true }, "deep-extend": { - "version": "0.5.1", - "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.5.1.tgz", - "integrity": "sha512-N8vBdOa+DF7zkRrDCsaOXoCs/E2fJfx9B9MrKnnSiHNh4ws7eSys6YQE4KvT1cecKmOASYQBhbKjeuDD9lT81w==" + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==" }, "deep-is": { "version": "0.1.3", @@ -1770,7 +1770,7 @@ "dependencies": { "get-stream": { "version": "3.0.0", - "resolved": "http://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" } } @@ -2365,7 +2365,7 @@ "dependencies": { "get-stream": { "version": "3.0.0", - "resolved": "http://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" } } @@ -2696,11 +2696,11 @@ "integrity": "sha512-r5p9sxJjYnArLjObpjA4xu5EKI3CuKHkJXMhT7kwbpUyIFD1n5PMAsoPvWnvtZiNz7LjkYDRZhd7FlI0eMijEA==" }, "is-ci": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-1.1.0.tgz", - "integrity": "sha512-c7TnwxLePuqIlxHgr7xtxzycJPegNHFuIrBkwbf8hc58//+Op1CqFkyS+xnIMkwn9UsJIwc174BIjkyBmSpjKg==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-1.2.1.tgz", + "integrity": "sha512-s6tfsaQaQi3JNciBH6shVqEDvhGut0SUXr31ag8Pd8BBbVVlcGfWhpPmEOoM6RJ5TFhbypvf5yyRw/VXW1IiWg==", "requires": { - "ci-info": "^1.0.0" + "ci-info": "^1.5.0" }, "dependencies": { "ci-info": { @@ -2784,9 +2784,9 @@ "dev": true }, "is-retry-allowed": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", - "integrity": "sha1-EaBgVotnM5REAz0BJaYaINVk+zQ=" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", + "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==" }, "is-stream": { "version": "1.1.0", @@ -4869,20 +4869,20 @@ "integrity": "sha1-77/cdA+a0FQwRCassYNBLMi5ltQ=" }, "rc": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.7.tgz", - "integrity": "sha512-LdLD8xD4zzLsAT5xyushXDNscEjB7+2ulnl8+r1pnESlYtlJtVSoCMBGr30eDRJ3+2Gq89jK9P9e4tCEH1+ywA==", + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", "requires": { - "deep-extend": "^0.5.1", + "deep-extend": "^0.6.0", "ini": "~1.3.0", "minimist": "^1.2.0", "strip-json-comments": "~2.0.1" }, "dependencies": { "minimist": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", - "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=" + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" } } }, @@ -4981,9 +4981,9 @@ } }, "registry-auth-token": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-3.3.2.tgz", - "integrity": "sha512-JL39c60XlzCVgNrO+qq68FoNb56w/m7JYvGR2jT5iR1xBrUA3Mfx5Twk5rqTThPmQKMWydGmq8oFtDlxfrmxnQ==", + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-3.4.0.tgz", + "integrity": "sha512-4LM6Fw8eBQdwMYcES4yTnn2TqIasbXuwDx3um+QRs7S55aMKCBKBxvPXl2RiUjHwuJLTyYfxSpmfSAjQpcuP+A==", "requires": { "rc": "^1.1.6", "safe-buffer": "^5.0.1" @@ -6472,9 +6472,9 @@ } }, "widest-line": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-2.0.0.tgz", - "integrity": "sha1-AUKk6KJD+IgsAjOqDgKBqnYVInM=", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-2.0.1.tgz", + "integrity": "sha512-Ba5m9/Fa4Xt9eb2ELXt77JxVDV8w7qQrH0zS/TWSJdLyAwQjWoOzpzj5lwVftDz6n/EOu3tNACS84v509qwnJA==", "requires": { "string-width": "^2.1.1" }