From a3e277490ca585420caf4433337286b968b6f811 Mon Sep 17 00:00:00 2001 From: Perry Mitchell Date: Sat, 9 Dec 2023 22:53:29 +0200 Subject: [PATCH] Update buttercup - fix CVE-2023-41646 Fixes #1258 --- package-lock.json | 83 ++++++++++++++++++++++++++++++++--------------- package.json | 2 +- 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/package-lock.json b/package-lock.json index bde833eb..4e0b6b39 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "@buttercup/secure-file-host": "^0.3.0", "@electron/remote": "^2.0.8", "auto-launch": "^5.0.6", - "buttercup": "^7.3.0", + "buttercup": "^7.4.0", "debounce": "^1.2.1", "debounce-promise": "^3.1.2", "delayable-setinterval": "^0.1.1", @@ -5811,11 +5811,11 @@ } }, "node_modules/buttercup": { - "version": "7.3.0", - "resolved": "https://registry.npmjs.org/buttercup/-/buttercup-7.3.0.tgz", - "integrity": "sha512-jDjVZd0lKCdqE9K7vNHFAO2aX+diYNyhetaFSMxJleBSzu3HgiXKrDf1rIxjnA4zDaUdEwu/mix7hY++EbimXQ==", + "version": "7.4.0", + "resolved": "https://registry.npmjs.org/buttercup/-/buttercup-7.4.0.tgz", + "integrity": "sha512-iEEy5vb4eW3JqGkKtdgsNKxgbXaEEdkWcJPfHrZfuHtrmN+qKVQ8cJ7/WpQkgmqvRtV0O344KusrmEurKn9TLw==", "dependencies": { - "@buttercup/channel-queue": "^1.3.0", + "@buttercup/channel-queue": "^1.4.0", "@buttercup/dropbox-client": "^2.2.0", "@buttercup/googledrive-client": "^2.3.0", "crypto-random-string": "^5.0.0", @@ -5826,7 +5826,7 @@ "fuse.js": "^6.6.2", "global": "^4.4.0", "hash.js": "^1.1.7", - "iocane": "^5.1.1", + "iocane": "^5.2.0", "is-promise": "^4.0.0", "layerr": "^2.0.1", "pako": "^1.0.11", @@ -5834,7 +5834,7 @@ "pify": "^6.1.0", "url-join": "^5.0.0", "uuid": "^9.0.1", - "webdav": "^5.3.0" + "webdav": "^5.3.1" }, "engines": { "node": ">=14" @@ -10497,15 +10497,30 @@ } }, "node_modules/iocane": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/iocane/-/iocane-5.1.1.tgz", - "integrity": "sha512-YEk2QSy8LepTL7FzsklYRHaXmfiXrQOpyT8vjCCwcCwwxJ1cRLrotn0XhImG4+pJi2p4Bw0DZP5ns3HJMFQtAw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/iocane/-/iocane-5.2.0.tgz", + "integrity": "sha512-hjAVM9Hx/KOqj9TOSupzJv04BKOHqjed4V3TSvJK5s0NGAIH9nYgCX4Iqy8OczzIyrjv79T8WYfXzwSy+y9saQ==", "dependencies": { "duplexer": "^0.1.2", - "pbkdf2": "~3.0.17", + "pbkdf2": "^3.1.2", "stream-each": "^1.2.3" } }, + "node_modules/iocane/node_modules/pbkdf2": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.1.2.tgz", + "integrity": "sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==", + "dependencies": { + "create-hash": "^1.1.2", + "create-hmac": "^1.1.4", + "ripemd160": "^2.0.1", + "safe-buffer": "^5.0.1", + "sha.js": "^2.4.8" + }, + "engines": { + "node": ">=0.12" + } + }, "node_modules/ip": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.0.tgz", @@ -19203,9 +19218,9 @@ } }, "node_modules/webdav": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/webdav/-/webdav-5.3.0.tgz", - "integrity": "sha512-xRu/URZGCxDPXmT+9Gu6tNGvlETBwjcuz69lx/6Qlq/0q3Gu2GSVyRt+mP0vTlLFfaY3xZ5O/SPTQ578tC/45Q==", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/webdav/-/webdav-5.3.1.tgz", + "integrity": "sha512-wzZdTHtMuSIXqHGBznc8FM2L94Mc/17Tbn9ppoMybRO0bjWOSIeScdVXWX5qqHsg00EjfiOcwMqGFx6ghIhccQ==", "dependencies": { "@buttercup/fetch": "^0.1.1", "base-64": "^1.0.0", @@ -24519,11 +24534,11 @@ } }, "buttercup": { - "version": "7.3.0", - "resolved": "https://registry.npmjs.org/buttercup/-/buttercup-7.3.0.tgz", - "integrity": "sha512-jDjVZd0lKCdqE9K7vNHFAO2aX+diYNyhetaFSMxJleBSzu3HgiXKrDf1rIxjnA4zDaUdEwu/mix7hY++EbimXQ==", + "version": "7.4.0", + "resolved": "https://registry.npmjs.org/buttercup/-/buttercup-7.4.0.tgz", + "integrity": "sha512-iEEy5vb4eW3JqGkKtdgsNKxgbXaEEdkWcJPfHrZfuHtrmN+qKVQ8cJ7/WpQkgmqvRtV0O344KusrmEurKn9TLw==", "requires": { - "@buttercup/channel-queue": "^1.3.0", + "@buttercup/channel-queue": "^1.4.0", "@buttercup/dropbox-client": "^2.2.0", "@buttercup/googledrive-client": "^2.3.0", "crypto-random-string": "^5.0.0", @@ -24534,7 +24549,7 @@ "fuse.js": "^6.6.2", "global": "^4.4.0", "hash.js": "^1.1.7", - "iocane": "^5.1.1", + "iocane": "^5.2.0", "is-promise": "^4.0.0", "layerr": "^2.0.1", "pako": "^1.0.11", @@ -24542,7 +24557,7 @@ "pify": "^6.1.0", "url-join": "^5.0.0", "uuid": "^9.0.1", - "webdav": "^5.3.0" + "webdav": "^5.3.1" }, "dependencies": { "eventemitter3": { @@ -28095,13 +28110,27 @@ "integrity": "sha512-CYdFeFexxhv/Bcny+Q0BfOV+ltRlJcd4BBZBYFX/O0u4npJrgZtIcjokegtiSMAvlMTJ+Koq0GBCc//3bueQxw==" }, "iocane": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/iocane/-/iocane-5.1.1.tgz", - "integrity": "sha512-YEk2QSy8LepTL7FzsklYRHaXmfiXrQOpyT8vjCCwcCwwxJ1cRLrotn0XhImG4+pJi2p4Bw0DZP5ns3HJMFQtAw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/iocane/-/iocane-5.2.0.tgz", + "integrity": "sha512-hjAVM9Hx/KOqj9TOSupzJv04BKOHqjed4V3TSvJK5s0NGAIH9nYgCX4Iqy8OczzIyrjv79T8WYfXzwSy+y9saQ==", "requires": { "duplexer": "^0.1.2", - "pbkdf2": "~3.0.17", + "pbkdf2": "^3.1.2", "stream-each": "^1.2.3" + }, + "dependencies": { + "pbkdf2": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.1.2.tgz", + "integrity": "sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==", + "requires": { + "create-hash": "^1.1.2", + "create-hmac": "^1.1.4", + "ripemd160": "^2.0.1", + "safe-buffer": "^5.0.1", + "sha.js": "^2.4.8" + } + } } }, "ip": { @@ -34717,9 +34746,9 @@ "integrity": "sha512-e0MO3wdXWKrLbL0DgGnUV7WHVuw9OUvL4hjgnPkIeEvESk74gAITi5G606JtZPp39cd8HA9VQzCIvA49LpPN5Q==" }, "webdav": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/webdav/-/webdav-5.3.0.tgz", - "integrity": "sha512-xRu/URZGCxDPXmT+9Gu6tNGvlETBwjcuz69lx/6Qlq/0q3Gu2GSVyRt+mP0vTlLFfaY3xZ5O/SPTQ578tC/45Q==", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/webdav/-/webdav-5.3.1.tgz", + "integrity": "sha512-wzZdTHtMuSIXqHGBznc8FM2L94Mc/17Tbn9ppoMybRO0bjWOSIeScdVXWX5qqHsg00EjfiOcwMqGFx6ghIhccQ==", "requires": { "@buttercup/fetch": "^0.1.1", "base-64": "^1.0.0", diff --git a/package.json b/package.json index e1a6af8b..79652a45 100644 --- a/package.json +++ b/package.json @@ -203,7 +203,7 @@ "@buttercup/secure-file-host": "^0.3.0", "@electron/remote": "^2.0.8", "auto-launch": "^5.0.6", - "buttercup": "^7.3.0", + "buttercup": "^7.4.0", "debounce": "^1.2.1", "debounce-promise": "^3.1.2", "delayable-setinterval": "^0.1.1",