Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address high vulnerabilities that no longer need to be ignored #96

Merged
merged 42 commits into from
Nov 20, 2024
Merged

Address high vulnerabilities that no longer need to be ignored #96

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
6128a4f
remove vulnerability in trivy ignore
ashleysmithTTD Nov 18, 2024
1f88351
updated version of cross spawn
ashleysmithTTD Nov 18, 2024
2c30683
revert yarn lock
ashleysmithTTD Nov 18, 2024
57db59c
semver vulnerability update
ashleysmithTTD Nov 18, 2024
d87fd50
add semver override
ashleysmithTTD Nov 19, 2024
e225720
npm i again with override
ashleysmithTTD Nov 19, 2024
49ece8b
updated yarn file with new versions;
ashleysmithTTD Nov 19, 2024
602ab2f
cross spawn version updated
ashleysmithTTD Nov 19, 2024
5d39816
match yarn sha integrity
ashleysmithTTD Nov 19, 2024
0d53c29
updated semver version in yarn lock
ashleysmithTTD Nov 19, 2024
f7669c8
semver verion 7 changes
ashleysmithTTD Nov 19, 2024
0022565
yarn lock semver version 7 change
ashleysmithTTD Nov 19, 2024
04d6f1e
yarn lock update
ashleysmithTTD Nov 19, 2024
809ab66
npm install
ashleysmithTTD Nov 19, 2024
2d58ed0
yarn lock updated
ashleysmithTTD Nov 19, 2024
1af1f7b
yarn file from main
ashleysmithTTD Nov 19, 2024
0a1eba8
cross spawn fix
ashleysmithTTD Nov 19, 2024
6239b01
cross spawn correct integrity
ashleysmithTTD Nov 19, 2024
5d7351e
semver version 5.7.2
ashleysmithTTD Nov 19, 2024
8337ae8
yarn version 7
ashleysmithTTD Nov 19, 2024
ddb6629
change to where semver version 7.0.0 is
ashleysmithTTD Nov 19, 2024
1850753
version 7.5.2
ashleysmithTTD Nov 19, 2024
05c817a
no need semver 7.0.0
ashleysmithTTD Nov 19, 2024
b2ccc20
simple update notifier update
ashleysmithTTD Nov 19, 2024
2815847
update simple update notifier version
ashleysmithTTD Nov 19, 2024
bc20ed0
simple udpate notifier update in yarn
ashleysmithTTD Nov 19, 2024
59b1fc4
added cross spawn and semver changes
ashleysmithTTD Nov 19, 2024
0ce6ee2
simple update correct link
ashleysmithTTD Nov 19, 2024
f4e89e5
reverted to previous working build
ashleysmithTTD Nov 19, 2024
cda1acb
Merge branch 'ans-UID2-4437-address-high-vulnerabilities' of https://…
ashleysmithTTD Nov 19, 2024
335eb38
reverting
ashleysmithTTD Nov 19, 2024
618d4fa
package revert
ashleysmithTTD Nov 19, 2024
2153de9
revert package lock
ashleysmithTTD Nov 19, 2024
3c3a96c
trying semver version 7 again
ashleysmithTTD Nov 19, 2024
1b482a0
change symbol
ashleysmithTTD Nov 19, 2024
3ce9359
semver 7.0
ashleysmithTTD Nov 19, 2024
78b797f
semver changes
ashleysmithTTD Nov 19, 2024
ba15d3b
added shasum
ashleysmithTTD Nov 19, 2024
0ad187a
different symbol
ashleysmithTTD Nov 19, 2024
45bea9f
remove dependency
ashleysmithTTD Nov 19, 2024
116bfee
remove dependency from yarn
ashleysmithTTD Nov 19, 2024
11c71f5
remove trivy ignore no longer needed
ashleysmithTTD Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions .trivyignore
View file
Open in desktop

This file was deleted.

82 changes: 5 additions & 77 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
"country-flag-icons": "^1.5.4",
"country-list-js": "^3.1.7",
"cross-env": "^7.0.3",
"cross-spawn": "^7.0.6",
"dotenv": "^16.0.3",
"express": "^4.18.2",
"express-basic-auth": "^1.2.0",
Expand All @@ -52,6 +53,7 @@
"morgan": "~1.9.1",
"nodemon": "^2.0.20",
"prom-client": "^13.1.0",
"semver": "^7.6.3",
"url-pattern": "^1.0.3",
"winston": "^3.3.3",
"zod": "^3.5.1"
Expand Down Expand Up @@ -81,5 +83,8 @@
"ts-jest": "^29.1.5",
"ts-node": "^10.0.0",
"typescript": "^4.3.4"
},
"overrides": {
"semver": "^7.6.3"
}
}
28 changes: 13 additions & 15 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1666,10 +1666,10 @@ cross-env@^7.0.3:
dependencies:
cross-spawn "^7.0.1"

cross-spawn@^7.0.1, cross-spawn@^7.0.2, cross-spawn@^7.0.3:
cross-spawn@^7.0.1, cross-spawn@^7.0.2, cross-spawn@^7.0.3, cross-spawn@^7.0.4, cross-spawn@^7.0.5, cross-spawn@^7.0.6:
version "7.0.3"
resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz"
integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz"
integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
dependencies:
path-key "^3.1.0"
shebang-command "^2.0.0"
Expand Down Expand Up @@ -4268,16 +4268,21 @@ [email protected], safe-buffer@~5.2.0:
resolved "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"
integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==

"semver@2 || 3 || 4 || 5", semver@^5.7.1:
version "5.7.1"
resolved "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz"
integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
"semver@2 || 3 || 4 || 5", semver@^5.7.2:
version "5.7.2"
resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz"
integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==

semver@^6.0.0, semver@^6.3.0, semver@^6.3.1:
version "6.3.1"
resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==

semver@^7.0.0:
version "7.5.2"
resolved "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb"
integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==

semver@^7.2.1, semver@^7.3.5:
version "7.6.3"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143"
Expand All @@ -4290,11 +4295,6 @@ semver@^7.5.3, semver@^7.5.4:
dependencies:
lru-cache "^6.0.0"

semver@~7.0.0:
version "7.0.0"
resolved "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz"
integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==

[email protected]:
version "0.19.0"
resolved "https://registry.yarnpkg.com/send/-/send-0.19.0.tgz#bbc5a388c8ea6c048967049dbeac0e4a3f09d7f8"
Expand Down Expand Up @@ -4403,8 +4403,6 @@ simple-update-notifier@^1.0.7:
version "1.0.7"
resolved "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.0.7.tgz"
integrity sha512-BBKgR84BJQJm6WjWFMHgLVuo61FBDSj1z/xSFUIozqO6wO7ii0JxCqlIud7Enr/+LhlbNI0whErq96P2qHNWew==
dependencies:
semver "~7.0.0"

sisteransi@^1.0.5:
version "1.0.5"
Expand Down Expand Up @@ -5013,4 +5011,4 @@ yocto-queue@^0.1.0:
zod@^3.5.1:
version "3.23.8"
resolved "https://registry.yarnpkg.com/zod/-/zod-3.23.8.tgz#e37b957b5d52079769fb8097099b592f0ef4067d"
integrity sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==
integrity sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==
Loading