From 7bdb860911c83e13ddb47236fb02129d51f72c28 Mon Sep 17 00:00:00 2001 From: Ekjot <43255916+ekjotmultani@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:13:24 -0800 Subject: [PATCH] chore(dependency): updated cross-spawn package to fix security issue (#5727) --- infra-gen2/package-lock.json | 8 ++++---- infra-gen2/package.json | 3 ++- infra/pnpm-lock.yaml | 8 ++++---- .../amplify_outputs_mapping/app/package-lock.json | 14 +++++++------- .../amplify_outputs_mapping/app/package.json | 4 ++++ 5 files changed, 21 insertions(+), 16 deletions(-) diff --git a/infra-gen2/package-lock.json b/infra-gen2/package-lock.json index d518307579..af86191d84 100644 --- a/infra-gen2/package-lock.json +++ b/infra-gen2/package-lock.json @@ -24501,7 +24501,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^6.0.1", "human-signals": "^4.3.0", "is-stream": "^3.0.0", @@ -24982,7 +24982,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^8.0.1", "human-signals": "^5.0.0", "is-stream": "^3.0.0", @@ -25197,7 +25197,7 @@ "dev": true, "license": "ISC", "dependencies": { - "cross-spawn": "^7.0.0", + "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" }, "engines": { @@ -27936,7 +27936,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^6.0.0", "human-signals": "^2.1.0", "is-stream": "^2.0.0", diff --git a/infra-gen2/package.json b/infra-gen2/package.json index 0080a3855c..aaddb5abc8 100644 --- a/infra-gen2/package.json +++ b/infra-gen2/package.json @@ -28,6 +28,7 @@ "typescript": "^5.5.4" }, "overrides": { - "fast-xml-parser": "^4.4.1" + "fast-xml-parser": "^4.4.1", + "cross-spawn": "^7.0.6" } } diff --git a/infra/pnpm-lock.yaml b/infra/pnpm-lock.yaml index 456aa1cabb..110634935d 100644 --- a/infra/pnpm-lock.yaml +++ b/infra/pnpm-lock.yaml @@ -1181,8 +1181,8 @@ packages: create-require@1.1.1: resolution: {integrity: sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==} - cross-spawn@7.0.3: - resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==} + cross-spawn@7.0.6: + resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==} engines: {node: '>= 8'} data-uri-to-buffer@4.0.1: @@ -3830,7 +3830,7 @@ snapshots: create-require@1.1.1: {} - cross-spawn@7.0.3: + cross-spawn@7.0.6: dependencies: path-key: 3.1.1 shebang-command: 2.0.0 @@ -3909,7 +3909,7 @@ snapshots: execa@5.1.1: dependencies: - cross-spawn: 7.0.3 + cross-spawn: 7.0.6 get-stream: 6.0.1 human-signals: 2.1.0 is-stream: 2.0.1 diff --git a/packages/amplify_core/test/config/amplify_outputs_mapping/app/package-lock.json b/packages/amplify_core/test/config/amplify_outputs_mapping/app/package-lock.json index e831d6c60d..e28001149e 100644 --- a/packages/amplify_core/test/config/amplify_outputs_mapping/app/package-lock.json +++ b/packages/amplify_core/test/config/amplify_outputs_mapping/app/package-lock.json @@ -15357,9 +15357,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "license": "MIT", "dependencies": { @@ -15530,7 +15530,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^6.0.1", "human-signals": "^4.3.0", "is-stream": "^3.0.0", @@ -15980,7 +15980,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^8.0.1", "human-signals": "^5.0.0", "is-stream": "^3.0.0", @@ -16196,7 +16196,7 @@ "dev": true, "license": "ISC", "dependencies": { - "cross-spawn": "^7.0.0", + "cross-spawn": "^7.0.6", "signal-exit": "^4.0.1" }, "engines": { @@ -18810,7 +18810,7 @@ "dev": true, "license": "MIT", "dependencies": { - "cross-spawn": "^7.0.3", + "cross-spawn": "^7.0.6", "get-stream": "^6.0.0", "human-signals": "^2.1.0", "is-stream": "^2.0.0", diff --git a/packages/amplify_core/test/config/amplify_outputs_mapping/app/package.json b/packages/amplify_core/test/config/amplify_outputs_mapping/app/package.json index 6edabe5ed0..7b648cfcae 100644 --- a/packages/amplify_core/test/config/amplify_outputs_mapping/app/package.json +++ b/packages/amplify_core/test/config/amplify_outputs_mapping/app/package.json @@ -18,6 +18,10 @@ "@aws-amplify/backend-cli": "1.0.4", "tsx": "^4.10.5", "typescript": "^5.4.5" + + }, + "overrides": { + "cross-spawn": "^7.0.6" } } \ No newline at end of file