From 115e10cf55e36ac23dc761e4b6635ecaac4b1afd Mon Sep 17 00:00:00 2001 From: Bas Strooband Date: Wed, 15 May 2019 11:43:23 +0200 Subject: [PATCH] Revert tar resolution Revert the tar resolution because the vulnerability is patched in node-tar. https://github.com/npm/node-tar/issues/212 --- theme/package-lock.json | 103 ++++++++++++++++++++++++---------------- theme/package.json | 3 -- 2 files changed, 63 insertions(+), 43 deletions(-) diff --git a/theme/package-lock.json b/theme/package-lock.json index eacfec52ee..ebb8f2f07e 100644 --- a/theme/package-lock.json +++ b/theme/package-lock.json @@ -4139,7 +4139,9 @@ }, "chownr": { "version": "1.1.1", - "bundled": true + "bundled": true, + "dev": true, + "optional": true }, "code-point-at": { "version": "1.1.0", @@ -4195,6 +4197,8 @@ "fs-minipass": { "version": "1.2.5", "bundled": true, + "dev": true, + "optional": true, "requires": { "minipass": "^2.2.1" } @@ -4307,11 +4311,15 @@ }, "minimist": { "version": "0.0.8", - "bundled": true + "bundled": true, + "dev": true, + "optional": true }, "minipass": { "version": "2.3.5", "bundled": true, + "dev": true, + "optional": true, "requires": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" @@ -4320,6 +4328,8 @@ "minizlib": { "version": "1.2.1", "bundled": true, + "dev": true, + "optional": true, "requires": { "minipass": "^2.2.1" } @@ -4327,6 +4337,8 @@ "mkdirp": { "version": "0.5.1", "bundled": true, + "dev": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -4362,12 +4374,8 @@ "npmlog": "^4.0.2", "rc": "^1.2.7", "rimraf": "^2.6.1", - "semver": "^5.3.0" - }, - "dependencies": { - "tar": { - "version": "4.4.2" - } + "semver": "^5.3.0", + "tar": "^4" } }, "nopt": { @@ -4509,7 +4517,9 @@ }, "safe-buffer": { "version": "5.1.2", - "bundled": true + "bundled": true, + "dev": true, + "optional": true }, "safer-buffer": { "version": "2.1.2", @@ -4577,16 +4587,19 @@ "optional": true }, "tar": { + "version": "4.4.8", + "bundled": true, + "dev": true, + "optional": true, "requires": { - "chownr": "^1.0.1", + "chownr": "^1.1.1", "fs-minipass": "^1.2.5", - "minipass": "^2.2.4", - "minizlib": "^1.1.0", + "minipass": "^2.3.4", + "minizlib": "^1.1.1", "mkdirp": "^0.5.0", "safe-buffer": "^5.1.2", "yallist": "^3.0.2" - }, - "version": "4.4.2" + } }, "util-deprecate": { "version": "1.0.2", @@ -4611,14 +4624,16 @@ }, "yallist": { "version": "3.0.3", - "bundled": true + "bundled": true, + "dev": true, + "optional": true } } }, "fstream": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz", - "integrity": "sha1-XB+x8RdHcRTwYyoOtLcbPLD9MXE=", + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz", + "integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg==", "dev": true, "requires": { "graceful-fs": "^4.1.2", @@ -4693,9 +4708,9 @@ "dev": true }, "get-stdin": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", - "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", + "integrity": "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g=", "dev": true }, "get-stream": { @@ -6149,12 +6164,6 @@ "supports-color": "^2.0.0" } }, - "get-stdin": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.1.tgz", - "integrity": "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g=", - "dev": true - }, "supports-color": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", @@ -7390,9 +7399,9 @@ "dev": true }, "neo-async": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.0.tgz", - "integrity": "sha512-MFh0d/Wa7vkKO3Y3LlacqAEeHK0mckVqzDieUKTT+KGxi+zIpeVsFxymkIiRpbpDziHc290Xr9A1O4Om7otoRA==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.1.tgz", + "integrity": "sha512-iyam8fBuCUpWeKPGpaNMetEocMt364qkCsfL9JuhjXX6dRnguRVOfk2GZaDpPjcOKiiXCPINZC1GczQ7iTq3Zw==", "dev": true }, "next-tick": { @@ -7423,6 +7432,7 @@ "request": "^2.87.0", "rimraf": "2", "semver": "~5.3.0", + "tar": "^2.0.0", "which": "1" }, "dependencies": { @@ -7431,9 +7441,6 @@ "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz", "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8=", "dev": true - }, - "tar": { - "version": "4.4.2" } } }, @@ -7525,6 +7532,12 @@ "which": "^1.2.9" } }, + "get-stdin": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", + "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", + "dev": true + }, "supports-color": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", @@ -10318,6 +10331,14 @@ "dev": true, "requires": { "get-stdin": "^4.0.1" + }, + "dependencies": { + "get-stdin": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", + "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", + "dev": true + } } }, "strip-json-comments": { @@ -10721,13 +10742,15 @@ } }, "tar": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/tar/-/tar-2.2.2.tgz", + "integrity": "sha512-FCEhQ/4rE1zYv9rYXJw/msRqsnmlje5jHP6huWeBZ704jUTy02c5AZyWujpMR1ax6mVw9NyJMfuK2CMDWVIfgA==", "dev": true, "requires": { "block-stream": "*", - "fstream": "^1.0.2", + "fstream": "^1.0.12", "inherits": "2" - }, - "version": "4.4.2" + } }, "terser": { "version": "3.17.0", @@ -11129,9 +11152,9 @@ "dev": true }, "uglify-js": { - "version": "3.5.6", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.5.6.tgz", - "integrity": "sha512-YDKRX8F0Y+Jr7LhoVk0n4G7ltR3Y7qFAj+DtVBthlOgCcIj1hyMigCfousVfn9HKmvJ+qiFlLDwaHx44/e5ZKw==", + "version": "3.5.12", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.5.12.tgz", + "integrity": "sha512-KeQesOpPiZNgVwJj8Ge3P4JYbQHUdZzpx6Fahy6eKAYRSV4zhVmLXoC+JtOeYxcHCHTve8RG1ZGdTvpeOUM26Q==", "dev": true, "optional": true, "requires": { @@ -11848,4 +11871,4 @@ } } } -} \ No newline at end of file +} diff --git a/theme/package.json b/theme/package.json index 4e2744caab..b5edc1918a 100644 --- a/theme/package.json +++ b/theme/package.json @@ -51,8 +51,5 @@ "font-awesome-sass": "^4.7.0", "js-cookie": "^2.1.3", "tippy.js": "^2.5.2" - }, - "resolutions": { - "tar": "4.4.2" } }