From 091f37a2a2068440e2ae451fab17059149120554 Mon Sep 17 00:00:00 2001 From: Hans-Peter Herzog Date: Tue, 11 Dec 2018 12:23:21 +0100 Subject: [PATCH] TT#48646 Security: Fix possible prototype pollution attack in lodash Change-Id: I2ac72dca16f926f77e435b73a53324989929aaa6 --- npm-shrinkwrap.json | 467 +++++++++++++++++++++++++++++++++++++++++++- package.json | 2 +- 2 files changed, 465 insertions(+), 4 deletions(-) diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 2fc3afb4..7e0803bc 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -2384,6 +2384,460 @@ "resolved": "https://npm-registry.sipwise.com/fs.realpath/-/fs.realpath-1.0.0.tgz", "dev": true }, + "fsevents": { + "version": "1.2.4", + "from": "fsevents@>=1.0.0 <2.0.0", + "resolved": "https://npm-registry.sipwise.com/fsevents/-/fsevents-1.2.4.tgz", + "dev": true, + "optional": true, + "dependencies": { + "abbrev": { + "version": "1.1.1", + "from": "abbrev@1.1.1", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", + "dev": true, + "optional": true + }, + "ansi-regex": { + "version": "2.1.1", + "from": "ansi-regex@2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "dev": true + }, + "aproba": { + "version": "1.2.0", + "from": "aproba@1.2.0", + "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz", + "dev": true, + "optional": true + }, + "are-we-there-yet": { + "version": "1.1.4", + "from": "are-we-there-yet@1.1.4", + "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-1.1.4.tgz", + "dev": true, + "optional": true + }, + "balanced-match": { + "version": "1.0.0", + "from": "balanced-match@1.0.0", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "from": "brace-expansion@1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "dev": true + }, + "chownr": { + "version": "1.0.1", + "from": "chownr@1.0.1", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.0.1.tgz", + "dev": true, + "optional": true + }, + "code-point-at": { + "version": "1.1.0", + "from": "code-point-at@1.1.0", + "resolved": "https://registry.npmjs.org/code-point-at/-/code-point-at-1.1.0.tgz", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "from": "concat-map@0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "dev": true + }, + "console-control-strings": { + "version": "1.1.0", + "from": "console-control-strings@1.1.0", + "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz", + "dev": true + }, + "core-util-is": { + "version": "1.0.2", + "from": "core-util-is@1.0.2", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", + "dev": true, + "optional": true + }, + "debug": { + "version": "2.6.9", + "from": "debug@2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "dev": true, + "optional": true + }, + "deep-extend": { + "version": "0.5.1", + "from": "deep-extend@^0.5.1", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.5.1.tgz", + "dev": true, + "optional": true + }, + "delegates": { + "version": "1.0.0", + "from": "delegates@1.0.0", + "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz", + "dev": true, + "optional": true + }, + "detect-libc": { + "version": "1.0.3", + "from": "detect-libc@1.0.3", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz", + "dev": true, + "optional": true + }, + "fs-minipass": { + "version": "1.2.5", + "from": "fs-minipass@1.2.5", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-1.2.5.tgz", + "dev": true, + "optional": true + }, + "fs.realpath": { + "version": "1.0.0", + "from": "fs.realpath@1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "dev": true, + "optional": true + }, + "gauge": { + "version": "2.7.4", + "from": "gauge@2.7.4", + "resolved": "https://registry.npmjs.org/gauge/-/gauge-2.7.4.tgz", + "dev": true, + "optional": true + }, + "glob": { + "version": "7.1.2", + "from": "glob@7.1.2", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz", + "dev": true, + "optional": true + }, + "has-unicode": { + "version": "2.0.1", + "from": "has-unicode@2.0.1", + "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz", + "dev": true, + "optional": true + }, + "iconv-lite": { + "version": "0.4.21", + "from": "iconv-lite@0.4.21", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.21.tgz", + "dev": true, + "optional": true + }, + "ignore-walk": { + "version": "3.0.1", + "from": "ignore-walk@3.0.1", + "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-3.0.1.tgz", + "dev": true, + "optional": true + }, + "inflight": { + "version": "1.0.6", + "from": "inflight@1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "dev": true, + "optional": true + }, + "inherits": { + "version": "2.0.3", + "from": "inherits@2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "dev": true + }, + "ini": { + "version": "1.3.5", + "from": "ini@1.3.5", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz", + "dev": true, + "optional": true + }, + "is-fullwidth-code-point": { + "version": "1.0.0", + "from": "is-fullwidth-code-point@1.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz", + "dev": true + }, + "isarray": { + "version": "1.0.0", + "from": "isarray@1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "dev": true, + "optional": true + }, + "minimatch": { + "version": "3.0.4", + "from": "minimatch@3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "dev": true + }, + "minimist": { + "version": "0.0.8", + "from": "minimist@0.0.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", + "dev": true + }, + "minipass": { + "version": "2.2.4", + "from": "minipass@2.2.4", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.2.4.tgz", + "dev": true + }, + "minizlib": { + "version": "1.1.0", + "from": "minizlib@1.1.0", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-1.1.0.tgz", + "dev": true, + "optional": true + }, + "mkdirp": { + "version": "0.5.1", + "from": "mkdirp@0.5.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", + "dev": true + }, + "ms": { + "version": "2.0.0", + "from": "ms@2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "dev": true, + "optional": true + }, + "needle": { + "version": "2.2.0", + "from": "needle@2.2.0", + "resolved": "https://registry.npmjs.org/needle/-/needle-2.2.0.tgz", + "dev": true, + "optional": true + }, + "node-pre-gyp": { + "version": "0.10.0", + "from": "node-pre-gyp@^0.10.0", + "resolved": "https://registry.npmjs.org/node-pre-gyp/-/node-pre-gyp-0.10.0.tgz", + "dev": true, + "optional": true + }, + "nopt": { + "version": "4.0.1", + "from": "nopt@4.0.1", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.1.tgz", + "dev": true, + "optional": true + }, + "npm-bundled": { + "version": "1.0.3", + "from": "npm-bundled@1.0.3", + "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-1.0.3.tgz", + "dev": true, + "optional": true + }, + "npm-packlist": { + "version": "1.1.10", + "from": "npm-packlist@1.1.10", + "resolved": "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.1.10.tgz", + "dev": true, + "optional": true + }, + "npmlog": { + "version": "4.1.2", + "from": "npmlog@4.1.2", + "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-4.1.2.tgz", + "dev": true, + "optional": true + }, + "number-is-nan": { + "version": "1.0.1", + "from": "number-is-nan@1.0.1", + "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz", + "dev": true + }, + "object-assign": { + "version": "4.1.1", + "from": "object-assign@4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "dev": true, + "optional": true + }, + "once": { + "version": "1.4.0", + "from": "once@1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "dev": true + }, + "os-homedir": { + "version": "1.0.2", + "from": "os-homedir@1.0.2", + "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz", + "dev": true, + "optional": true + }, + "os-tmpdir": { + "version": "1.0.2", + "from": "os-tmpdir@1.0.2", + "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "dev": true, + "optional": true + }, + "osenv": { + "version": "0.1.5", + "from": "osenv@0.1.5", + "resolved": "https://registry.npmjs.org/osenv/-/osenv-0.1.5.tgz", + "dev": true, + "optional": true + }, + "path-is-absolute": { + "version": "1.0.1", + "from": "path-is-absolute@1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "dev": true, + "optional": true + }, + "process-nextick-args": { + "version": "2.0.0", + "from": "process-nextick-args@2.0.0", + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz", + "dev": true, + "optional": true + }, + "rc": { + "version": "1.2.7", + "from": "rc@1.2.7", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.7.tgz", + "dev": true, + "optional": true, + "dependencies": { + "minimist": { + "version": "1.2.0", + "from": "minimist@1.2.0", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", + "dev": true, + "optional": true + } + } + }, + "readable-stream": { + "version": "2.3.6", + "from": "readable-stream@2.3.6", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "dev": true, + "optional": true + }, + "rimraf": { + "version": "2.6.2", + "from": "rimraf@2.6.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz", + "dev": true, + "optional": true + }, + "safe-buffer": { + "version": "5.1.1", + "from": "safe-buffer@5.1.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz", + "dev": true + }, + "safer-buffer": { + "version": "2.1.2", + "from": "safer-buffer@2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "dev": true, + "optional": true + }, + "sax": { + "version": "1.2.4", + "from": "sax@1.2.4", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz", + "dev": true, + "optional": true + }, + "semver": { + "version": "5.5.0", + "from": "semver@5.5.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.0.tgz", + "dev": true, + "optional": true + }, + "set-blocking": { + "version": "2.0.0", + "from": "set-blocking@2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "dev": true, + "optional": true + }, + "signal-exit": { + "version": "3.0.2", + "from": "signal-exit@3.0.2", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz", + "dev": true, + "optional": true + }, + "string_decoder": { + "version": "1.1.1", + "from": "string_decoder@1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "dev": true, + "optional": true + }, + "string-width": { + "version": "1.0.2", + "from": "string-width@1.0.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz", + "dev": true + }, + "strip-ansi": { + "version": "3.0.1", + "from": "strip-ansi@3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "dev": true + }, + "strip-json-comments": { + "version": "2.0.1", + "from": "strip-json-comments@2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "dev": true, + "optional": true + }, + "tar": { + "version": "4.4.1", + "from": "tar@4.4.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-4.4.1.tgz", + "dev": true, + "optional": true + }, + "util-deprecate": { + "version": "1.0.2", + "from": "util-deprecate@1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "dev": true, + "optional": true + }, + "wide-align": { + "version": "1.1.2", + "from": "wide-align@1.1.2", + "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.2.tgz", + "dev": true, + "optional": true + }, + "wrappy": { + "version": "1.0.2", + "from": "wrappy@1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "dev": true + }, + "yallist": { + "version": "3.0.2", + "from": "yallist@3.0.2", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.2.tgz", + "dev": true + } + } + }, "function-bind": { "version": "1.1.1", "from": "function-bind@>=1.1.1 <2.0.0", @@ -3320,9 +3774,9 @@ "dev": true }, "lodash": { - "version": "4.17.4", - "from": "lodash@4.17.4", - "resolved": "https://npm-registry.sipwise.com/lodash/-/lodash-4.17.4.tgz", + "version": "4.17.11", + "from": "lodash@4.17.11", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", "dev": true }, "lodash.camelcase": { @@ -3631,6 +4085,13 @@ "resolved": "https://npm-registry.sipwise.com/mute-stream/-/mute-stream-0.0.7.tgz", "dev": true }, + "nan": { + "version": "2.11.1", + "from": "nan@>=2.9.2 <3.0.0", + "resolved": "https://npm-registry.sipwise.com/nan/-/nan-2.11.1.tgz", + "dev": true, + "optional": true + }, "nanomatch": { "version": "1.2.13", "from": "nanomatch@>=1.2.9 <2.0.0", diff --git a/package.json b/package.json index bca267f8..b9feaabc 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "karma-mocha": "^1.3.0", "karma-webpack": "^2.0.4", "load-script": "1.0.0", - "lodash": "4.17.4", + "lodash": "4.17.11", "mocha": "^4.0.0", "moment": "2.22.2", "opn": "^5.0.0",