From c0ad889fad54b738f075dada13768ef1ea0f973c Mon Sep 17 00:00:00 2001 From: Anjali Singh <150343275+v-singhanjal@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:07:07 +0530 Subject: [PATCH] chore: Added resolutions in package.json file to resolve CG Alerts (#2172) #### Details Updated resolutions for package [express](https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx), [serve-static](https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p) and [send](https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg). ##### Motivation [CG Work Items](https://dev.azure.com/mseng/1ES/_queries/query/894c54da-1edd-4c5c-ae4d-38903314430c/) ##### Context #### Pull request checklist - [x] Addresses an existing issue: Fixes #0000 - [ ] Added relevant unit test for your changes. (`yarn test`) - [ ] Verified code coverage for the changes made. Check coverage report at: `/test-results/unit/coverage` - [ ] Ran precheckin (`yarn precheckin`) --------- Co-authored-by: Jeevani Chinthala --- package.json | 25 +++++----- yarn.lock | 136 +++++---------------------------------------------- 2 files changed, 25 insertions(+), 136 deletions(-) diff --git a/package.json b/package.json index 7195c502f..a8c607b39 100644 --- a/package.json +++ b/package.json @@ -71,15 +71,18 @@ "webpack": "^5.94.0", "webpack-cli": "^5.1.4" }, - "resolutions": { - "y18n@^4.0.0": "^5.0.5", - "tough-cookie": "^4.1.3", - "hosted-git-info@^2.1.4": "^3.0.8", - "ansi-regex@^4.1.0": "^5.0.1", - "cosmiconfig@^7.0.1": "^8.1.3", - "pac-resolver": "^7.0.1", - "socks": "^2.8.3", - "ws": "^8.17.1", - "path-to-regexp": "^1.9.0" - } + "resolutions": { + "y18n@^4.0.0": "^5.0.5", + "tough-cookie": "^4.1.3", + "hosted-git-info@^2.1.4": "^3.0.8", + "ansi-regex@^4.1.0": "^5.0.1", + "cosmiconfig@^7.0.1": "^8.1.3", + "pac-resolver": "^7.0.1", + "socks": "^2.8.3", + "ws": "^8.17.1", + "path-to-regexp": "^1.9.0", + "express": "^4.20.0", + "serve-static": "^1.16.0", + "send": "^0.19.0" + } } diff --git a/yarn.lock b/yarn.lock index ec7300fb9..901de5002 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7190,26 +7190,6 @@ __metadata: languageName: node linkType: hard -"body-parser@npm:1.20.2": - version: 1.20.2 - resolution: "body-parser@npm:1.20.2" - dependencies: - bytes: 3.1.2 - content-type: ~1.0.5 - debug: 2.6.9 - depd: 2.0.0 - destroy: 1.2.0 - http-errors: 2.0.0 - iconv-lite: 0.4.24 - on-finished: 2.4.1 - qs: 6.11.0 - raw-body: 2.5.2 - type-is: ~1.6.18 - unpipe: 1.0.0 - checksum: 14d37ec638ab5c93f6099ecaed7f28f890d222c650c69306872e00b9efa081ff6c596cd9afb9930656aae4d6c4e1c17537bea12bb73c87a217cb3cfea8896737 - languageName: node - linkType: hard - "body-parser@npm:1.20.3": version: 1.20.3 resolution: "body-parser@npm:1.20.3" @@ -10343,45 +10323,6 @@ __metadata: languageName: node linkType: hard -"express@npm:^4.17.3": - version: 4.19.2 - resolution: "express@npm:4.19.2" - dependencies: - accepts: ~1.3.8 - array-flatten: 1.1.1 - body-parser: 1.20.2 - content-disposition: 0.5.4 - content-type: ~1.0.4 - cookie: 0.6.0 - cookie-signature: 1.0.6 - debug: 2.6.9 - depd: 2.0.0 - encodeurl: ~1.0.2 - escape-html: ~1.0.3 - etag: ~1.8.1 - finalhandler: 1.2.0 - fresh: 0.5.2 - http-errors: 2.0.0 - merge-descriptors: 1.0.1 - methods: ~1.1.2 - on-finished: 2.4.1 - parseurl: ~1.3.3 - path-to-regexp: 0.1.7 - proxy-addr: ~2.0.7 - qs: 6.11.0 - range-parser: ~1.2.1 - safe-buffer: 5.2.1 - send: 0.18.0 - serve-static: 1.15.0 - setprototypeof: 1.2.0 - statuses: 2.0.1 - type-is: ~1.6.18 - utils-merge: 1.0.1 - vary: ~1.1.2 - checksum: 212dbd6c2c222a96a61bc927639c95970a53b06257080bb9e2838adb3bffdb966856551fdad1ab5dd654a217c35db94f987d0aa88d48fb04d306340f5f34dca5 - languageName: node - linkType: hard - "express@npm:^4.20.0": version: 4.21.0 resolution: "express@npm:4.21.0" @@ -10660,21 +10601,6 @@ __metadata: languageName: node linkType: hard -"finalhandler@npm:1.2.0": - version: 1.2.0 - resolution: "finalhandler@npm:1.2.0" - dependencies: - debug: 2.6.9 - encodeurl: ~1.0.2 - escape-html: ~1.0.3 - on-finished: 2.4.1 - parseurl: ~1.3.3 - statuses: 2.0.1 - unpipe: ~1.0.0 - checksum: 92effbfd32e22a7dff2994acedbd9bcc3aa646a3e919ea6a53238090e87097f8ef07cced90aa2cc421abdf993aefbdd5b00104d55c7c5479a8d00ed105b45716 - languageName: node - linkType: hard - "finalhandler@npm:1.3.1": version: 1.3.1 resolution: "finalhandler@npm:1.3.1" @@ -14841,13 +14767,6 @@ __metadata: languageName: node linkType: hard -"merge-descriptors@npm:1.0.1": - version: 1.0.1 - resolution: "merge-descriptors@npm:1.0.1" - checksum: 5abc259d2ae25bb06d19ce2b94a21632583c74e2a9109ee1ba7fd147aa7362b380d971e0251069f8b3eb7d48c21ac839e21fa177b335e82c76ec172e30c31a26 - languageName: node - linkType: hard - "merge-descriptors@npm:1.0.3": version: 1.0.3 resolution: "merge-descriptors@npm:1.0.3" @@ -17497,15 +17416,6 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.11.0, qs@npm:^6.9.1": - version: 6.11.0 - resolution: "qs@npm:6.11.0" - dependencies: - side-channel: ^1.0.4 - checksum: 6e1f29dd5385f7488ec74ac7b6c92f4d09a90408882d0c208414a34dd33badc1a621019d4c799a3df15ab9b1d0292f97c1dd71dc7c045e69f81a8064e5af7297 - languageName: node - linkType: hard - "qs@npm:6.13.0": version: 6.13.0 resolution: "qs@npm:6.13.0" @@ -17515,6 +17425,15 @@ __metadata: languageName: node linkType: hard +"qs@npm:^6.9.1": + version: 6.11.0 + resolution: "qs@npm:6.11.0" + dependencies: + side-channel: ^1.0.4 + checksum: 6e1f29dd5385f7488ec74ac7b6c92f4d09a90408882d0c208414a34dd33badc1a621019d4c799a3df15ab9b1d0292f97c1dd71dc7c045e69f81a8064e5af7297 + languageName: node + linkType: hard + "querystringify@npm:^2.1.1": version: 2.2.0 resolution: "querystringify@npm:2.2.0" @@ -18670,28 +18589,7 @@ __metadata: languageName: node linkType: hard -"send@npm:0.18.0": - version: 0.18.0 - resolution: "send@npm:0.18.0" - dependencies: - debug: 2.6.9 - depd: 2.0.0 - destroy: 1.2.0 - encodeurl: ~1.0.2 - escape-html: ~1.0.3 - etag: ~1.8.1 - fresh: 0.5.2 - http-errors: 2.0.0 - mime: 1.6.0 - ms: 2.1.3 - on-finished: 2.4.1 - range-parser: ~1.2.1 - statuses: 2.0.1 - checksum: 74fc07ebb58566b87b078ec63e5a3e41ecd987e4272ba67b7467e86c6ad51bc6b0b0154133b6d8b08a2ddda360464f71382f7ef864700f34844a76c8027817a8 - languageName: node - linkType: hard - -"send@npm:0.19.0": +"send@npm:^0.19.0": version: 0.19.0 resolution: "send@npm:0.19.0" dependencies: @@ -18772,19 +18670,7 @@ __metadata: languageName: node linkType: hard -"serve-static@npm:1.15.0": - version: 1.15.0 - resolution: "serve-static@npm:1.15.0" - dependencies: - encodeurl: ~1.0.2 - escape-html: ~1.0.3 - parseurl: ~1.3.3 - send: 0.18.0 - checksum: af57fc13be40d90a12562e98c0b7855cf6e8bd4c107fe9a45c212bf023058d54a1871b1c89511c3958f70626fff47faeb795f5d83f8cf88514dbaeb2b724464d - languageName: node - linkType: hard - -"serve-static@npm:1.16.2, serve-static@npm:^1.16.0": +"serve-static@npm:^1.16.0": version: 1.16.2 resolution: "serve-static@npm:1.16.2" dependencies: