From d52b6a3c3595a4fdde4cfb2d2d9eda51baad9c28 Mon Sep 17 00:00:00 2001 From: danorel Date: Thu, 14 Jul 2022 18:47:19 +0300 Subject: [PATCH] fix(web-scripts): resolve sec issue with minimist, must use ^1.2.6 --- package.json | 3 ++ packages/web-scripts/package.json | 4 +-- yarn.lock | 49 ++++++++++++++++++++++++++----- 3 files changed, 46 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index ff200fa8..1bb1f73d 100644 --- a/package.json +++ b/package.json @@ -26,5 +26,8 @@ "husky": "^8.0.1", "lerna": "^5.1.8", "typescript": "^4.2.3" + }, + "resolutions": { + "minimist": "^1.2.6" } } diff --git a/packages/web-scripts/package.json b/packages/web-scripts/package.json index 95665391..172c28b5 100644 --- a/packages/web-scripts/package.json +++ b/packages/web-scripts/package.json @@ -42,9 +42,9 @@ "@types/react": "^18.0.15", "@types/react-dom": "^18.0.6", "commander": "^6.1.0", - "commitizen": "^4.2.3", + "commitizen": "^4.2.4", "cross-spawn-promise": "^0.10.1", - "cz-conventional-changelog": "^3.0.2", + "cz-conventional-changelog": "^3.3.0", "debug": "^4.1.1", "eslint": "^8.10.0", "jest": "^28.1.2", diff --git a/yarn.lock b/yarn.lock index 23fbd4e4..8adaa7c9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2204,6 +2204,11 @@ dependencies: "@sinonjs/commons" "^1.7.0" +"@spotify/eslint-config-base@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/eslint-config-base/-/eslint-config-base-13.0.1.tgz#91471028de6426a1f1a5cc06aa9aeb6d8c85565f" + integrity sha512-7dC5zMJpNud9UBCHVk/IWfZOXKyuRkcyopHzTJi3xsfmZcZvi0jTSVIf7sv8315lpjmqroVZoUdKbxZFkZcZpA== + "@spotify/eslint-config-oss@^1.0.0": version "1.0.2" resolved "https://registry.yarnpkg.com/@spotify/eslint-config-oss/-/eslint-config-oss-1.0.2.tgz#b0e56e549c78dcdd79063ce48521f10c3420f701" @@ -2211,6 +2216,39 @@ dependencies: eslint-plugin-notice "^0.9.10" +"@spotify/eslint-config-react@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/eslint-config-react/-/eslint-config-react-13.0.1.tgz#f309f5d3c53ef1e2c7c6ce05f76ee681970112c3" + integrity sha512-gyC0CtJ2H9K57HyQG5/RcMsJiB6qmVbBHOHWukZcPLfYtwkK201kgMjHrVfJXoSN+mJxcWhDVPxqe+eA7LHshQ== + +"@spotify/eslint-config-typescript@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/eslint-config-typescript/-/eslint-config-typescript-13.0.1.tgz#47801a66d5569074a110f4422eba60aafc6bd7f8" + integrity sha512-1wLQFyN2H2v+rn/mytA2PGzmGxOmdZdcKBpNyW+4z0qJydpvavp2SeBj/X+FEbwKoYBoUdG9QLr40eLQh1ZHZA== + +"@spotify/eslint-plugin@^13.0.0": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/eslint-plugin/-/eslint-plugin-13.0.1.tgz#46789dbbbae4a5154197d678d498e93e6930cd4f" + integrity sha512-N5mipnByFPrCFLhYXgevNGGgiqzmk7mGrvm58Gh2iobzvPi6pLtGS0R//Jg5cXydYnJ5wupK1zAxuG3AD1lULQ== + +"@spotify/prettier-config@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/prettier-config/-/prettier-config-13.0.1.tgz#0fdceb3d4ab543259ce6adc0ec1d10e34898b812" + integrity sha512-oVd4hjx2+y0MeUdk1l+ItwVLwlrDlvTlGwXBWMMzPYc7DLyxuxFvDfoHGkAQkrikfAgtdnzxrW6u9a8ywUqdfw== + +"@spotify/tsconfig@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/tsconfig/-/tsconfig-13.0.1.tgz#c9495476ff36e9b8a6e47870e489a9755488666d" + integrity sha512-gwF13n4WEsfOneHbIzmJuOrmeuusSdFzT7mxEEFsxPEeoLuFDGW6Gahf1qUsdhFWlVbuIqVwN0GRczAdENUXuA== + +"@spotify/web-scripts-utils@^13.0.1": + version "13.0.1" + resolved "https://registry.yarnpkg.com/@spotify/web-scripts-utils/-/web-scripts-utils-13.0.1.tgz#73c944c84befc0fb0b1ccd414bb3f126100b0852" + integrity sha512-goL6BjMmFfsnFrxEYpZGU6qB4gRDpkK3H8+3av4AbLbbCgMJd652jCpnF93DY5dDeggK39uZv/FCjIKKIVA5Tg== + dependencies: + glob "^7.1.4" + read-pkg-up "^7.0.1" + "@tootallnate/once@1": version "1.1.2" resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82" @@ -3304,7 +3342,7 @@ commander@^9.3.0: resolved "https://registry.yarnpkg.com/commander/-/commander-9.3.0.tgz#f619114a5a2d2054e0d9ff1b31d5ccf89255e26b" integrity sha512-hv95iU5uXPbK83mjrJKuZyFM/LBAoCV/XhVGkS5Je6tl7sxr6A0ITMw5WoRV46/UaJ46Nllm3Xt7IaJhXTIkzw== -commitizen@^4.0.3, commitizen@^4.2.3: +commitizen@^4.0.3, commitizen@^4.2.4: version "4.2.4" resolved "https://registry.yarnpkg.com/commitizen/-/commitizen-4.2.4.tgz#a3e5b36bd7575f6bf6e7aa19dbbf06b0d8f37165" integrity sha512-LlZChbDzg3Ir3O2S7jSo/cgWp5/QwylQVr59K4xayVq8S4/RdKzSyJkghAiZZHfhh5t4pxunUoyeg0ml1q/7aw== @@ -3566,7 +3604,7 @@ cz-conventional-changelog@3.2.0: optionalDependencies: "@commitlint/load" ">6.1.1" -cz-conventional-changelog@^3.0.2: +cz-conventional-changelog@^3.3.0: version "3.3.0" resolved "https://registry.yarnpkg.com/cz-conventional-changelog/-/cz-conventional-changelog-3.3.0.tgz#9246947c90404149b3fe2cf7ee91acad3b7d22d2" integrity sha512-U466fIzU5U22eES5lTNiNbZ+d8dfcHcssH4o7QsdWaCcRs/feIPCxKYSWkYBNs5mny7MvEfwpTLWjvbm94hecw== @@ -6306,12 +6344,7 @@ minimist-options@4.1.0: is-plain-obj "^1.1.0" kind-of "^6.0.3" -minimist@1.2.5: - version "1.2.5" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" - integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== - -minimist@^1.2.0, minimist@^1.2.5: +minimist@1.2.5, minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6: version "1.2.6" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44" integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==