From 6d9b1f4246264ae886aca46a07607447441ebaa1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 15 Jan 2021 00:24:33 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424 --- package.json | 2 +- yarn.lock | 66 ++++++++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/package.json b/package.json index 00e987a..88d54ad 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "description": "simple tool to backup github user repos to and aws s3 bucket", "main": "index.js", "dependencies": { - "aws-sdk": "^2.82.0", + "aws-sdk": "^2.814.0", "bluebird": "^3.5.0", "dotenv": "^4.0.0", "github": "^9.2.0", diff --git a/yarn.lock b/yarn.lock index a1d1ad1..db0e2d0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -30,20 +30,20 @@ asynckit@^0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" -aws-sdk@^2.82.0: - version "2.149.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.149.0.tgz#76f53722a7780bdb3191e83f27c10108c6fe9813" +aws-sdk@^2.814.0: + version "2.828.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.828.0.tgz#6aa599c3582f219568f41fb287eb65753e4a9234" + integrity sha512-JoDujGdncSIF9ka+XFZjop/7G+fNGucwPwYj7OHYMmFIOV5p7YmqomdbVmH/vIzd988YZz8oLOinWc4jM6vvhg== dependencies: - buffer "4.9.1" - crypto-browserify "1.0.9" - events "^1.1.1" + buffer "4.9.2" + events "1.1.1" + ieee754 "1.1.13" jmespath "0.15.0" querystring "0.2.0" sax "1.2.1" url "0.10.3" - uuid "3.1.0" - xml2js "0.4.17" - xmlbuilder "4.2.1" + uuid "3.3.2" + xml2js "0.4.19" aws-sign2@~0.7.0: version "0.7.0" @@ -79,9 +79,10 @@ boom@5.x.x: dependencies: hoek "4.x.x" -buffer@4.9.1: - version "4.9.1" - resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.1.tgz#6d1bb601b07a4efced97094132093027c95bc298" +buffer@4.9.2: + version "4.9.2" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.2.tgz#230ead344002988644841ab0244af8c44bbe3ef8" + integrity sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg== dependencies: base64-js "^1.0.2" ieee754 "^1.1.4" @@ -111,10 +112,6 @@ cryptiles@3.x.x: dependencies: boom "5.x.x" -crypto-browserify@1.0.9: - version "1.0.9" - resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-1.0.9.tgz#cc5449685dfb85eb11c9828acc7cb87ab5bbfcc0" - dashdash@^1.12.0: version "1.14.1" resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0" @@ -141,9 +138,10 @@ ecc-jsbn@~0.1.1: dependencies: jsbn "~0.1.0" -events@^1.1.1: +events@1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924" + integrity sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ= extend@3, extend@~3.0.0, extend@~3.0.1: version "3.0.1" @@ -235,6 +233,11 @@ https-proxy-agent@^1.0.0: debug "2" extend "3" +ieee754@1.1.13: + version "1.1.13" + resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.13.tgz#ec168558e95aa181fd87d37f55c32bbcb6708b84" + integrity sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg== + ieee754@^1.1.4: version "1.1.8" resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.8.tgz#be33d40ac10ef1926701f6f08a2d86fbfd1ad3e4" @@ -280,10 +283,6 @@ jsprim@^1.2.2: json-schema "0.2.3" verror "1.10.0" -lodash@^4.0.0: - version "4.17.4" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae" - mime-db@~1.30.0: version "1.30.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.30.0.tgz#74c643da2dd9d6a45399963465b26d5ca7d71f01" @@ -424,7 +423,12 @@ url@0.10.3: punycode "1.3.2" querystring "0.2.0" -uuid@3.1.0, uuid@^3.1.0: +uuid@3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.3.2.tgz#1b4af4955eb3077c501c23872fc6513811587131" + integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA== + +uuid@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.1.0.tgz#3dd3d3e790abc24d7b0d3a034ffababe28ebbc04" @@ -436,15 +440,15 @@ verror@1.10.0: core-util-is "1.0.2" extsprintf "^1.2.0" -xml2js@0.4.17: - version "0.4.17" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.17.tgz#17be93eaae3f3b779359c795b419705a8817e868" +xml2js@0.4.19: + version "0.4.19" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" + integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q== dependencies: sax ">=0.6.0" - xmlbuilder "^4.1.0" + xmlbuilder "~9.0.1" -xmlbuilder@4.2.1, xmlbuilder@^4.1.0: - version "4.2.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-4.2.1.tgz#aa58a3041a066f90eaa16c2f5389ff19f3f461a5" - dependencies: - lodash "^4.0.0" +xmlbuilder@~9.0.1: + version "9.0.7" + resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" + integrity sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0=