From 5a63eff0dc3f4adc76402f0517e3597480258061 Mon Sep 17 00:00:00 2001 From: Charles Lyding <19598772+clydin@users.noreply.github.com> Date: Tue, 4 Jun 2024 12:30:19 -0400 Subject: [PATCH] ci: use Github action-based dependency license checking Dependency know leverages the Github dependency review action instead of the previous custom solution. The action uses the Github dependency API to analyze dependencies. This not only should provide more accurate results but also lower the maintenance costs for the license checking. The initial allowed licenses list is based on the previous checker list with licenses that are no longer used removed. Action Documentation: https://github.com/actions/dependency-review-action --- .github/dependency-review-config.yml | 12 ++ .github/workflows/pr.yml | 4 + package.json | 4 - scripts/validate-licenses.mts | 121 ------------------- scripts/validate.mts | 5 - yarn.lock | 168 +++------------------------ 6 files changed, 30 insertions(+), 284 deletions(-) create mode 100644 .github/dependency-review-config.yml delete mode 100644 scripts/validate-licenses.mts diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml new file mode 100644 index 000000000000..94d363abe937 --- /dev/null +++ b/.github/dependency-review-config.yml @@ -0,0 +1,12 @@ +vulnerability_check: false +allow_licenses: + - '0BSD' + - 'Apache-2.0' + - 'BlueOak-1.0.0' + - 'BSD-2-Clause' + - 'BSD-3-Clause' + - 'CC-BY-4.0' + - 'ISC' + - 'MIT' + - 'Python-2.0' + - 'Unlicense' diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index effb45c8ab1b..7482842eb653 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -50,6 +50,10 @@ jobs: run: yarn ts-circular-deps check - name: Run Validation run: yarn -s admin validate + - name: Check Package Licenses + uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 + with: + config-file: './.github/dependency-review-config.yml' - name: Check tooling setup run: yarn -s check-tooling-setup - name: Check commit message diff --git a/package.json b/package.json index 868699e847df..2dbfc466fe81 100644 --- a/package.json +++ b/package.json @@ -95,7 +95,6 @@ "@types/jasmine": "~5.1.0", "@types/karma": "^6.3.0", "@types/less": "^3.0.3", - "@types/license-checker": "^25.0.6", "@types/loader-utils": "^2.0.0", "@types/lodash": "^4.17.0", "@types/node": "^18.13.0", @@ -106,7 +105,6 @@ "@types/resolve": "^1.17.1", "@types/semver": "^7.3.12", "@types/shelljs": "^0.8.11", - "@types/spdx-satisfies": "^0.1.2", "@types/tar": "^6.1.2", "@types/watchpack": "^2.4.4", "@types/yargs": "^17.0.20", @@ -157,7 +155,6 @@ "karma-source-map-support": "1.4.0", "less": "4.2.0", "less-loader": "12.2.0", - "license-checker": "^25.0.0", "license-webpack-plugin": "4.0.2", "lmdb": "3.0.11", "loader-utils": "3.2.2", @@ -193,7 +190,6 @@ "source-map": "0.7.4", "source-map-loader": "5.0.0", "source-map-support": "0.5.21", - "spdx-satisfies": "^5.0.0", "symbol-observable": "4.0.0", "tar": "^6.1.6", "terser": "5.31.0", diff --git a/scripts/validate-licenses.mts b/scripts/validate-licenses.mts deleted file mode 100644 index e382c95d31c4..000000000000 --- a/scripts/validate-licenses.mts +++ /dev/null @@ -1,121 +0,0 @@ -/** - * @license - * Copyright Google LLC All Rights Reserved. - * - * Use of this source code is governed by an MIT-style license that can be - * found in the LICENSE file at https://angular.io/license - */ - -import checker from 'license-checker'; -import * as path from 'node:path'; -import { fileURLToPath } from 'node:url'; -import spdxSatisfies from 'spdx-satisfies'; -import { packages } from './packages.mjs'; - -/** - * A general note on some black listed specific licenses: - * - CC0 - * This is not a valid license. It does not grant copyright of the code/asset, and does not - * resolve patents or other licensed work. The different claims also have no standing in court - * and do not provide protection to or from Google and/or third parties. - * We cannot use nor contribute to CC0 licenses. - * - Public Domain - * Same as CC0, it is not a valid license. - */ -const allowedLicenses = [ - // Regular valid open source licenses supported by Google. - 'MIT', - 'ISC', - 'Apache-2.0', - 'Python-2.0', - 'Artistic-2.0', - 'BlueOak-1.0.0', - - 'BSD-2-Clause', - 'BSD-3-Clause', - 'BSD-4-Clause', - - // All CC-BY licenses have a full copyright grant and attribution section. - 'CC-BY-3.0', - 'CC-BY-4.0', - - // Have a full copyright grant. Validated by opensource team. - 'Unlicense', - 'CC0-1.0', - '0BSD', -]; - -// Name variations of SPDX licenses that some packages have. -// Licenses not included in SPDX but accepted will be converted to MIT. -const licenseReplacements: { [key: string]: string } = { - // Official SPDX identifier has a dash - 'Apache 2.0': 'Apache-2.0', - // BSD is BSD-2-clause by default. - 'BSD': 'BSD-2-Clause', -}; - -// Specific packages to ignore, add a reason in a comment. Format: package-name@version. -const ignoredPackages = [ - // * Broken license fields - 'pako@1.0.11', // MIT but broken license in package.json -]; - -// Ignore own packages (all MIT) -for (const pkg of packages) { - const version = pkg.experimental ? '0.0.0-EXPERIMENTAL-PLACEHOLDER' : '0.0.0-PLACEHOLDER'; - ignoredPackages.push(`${pkg.name}@${version}`); -} - -// Find all folders directly under a `node_modules` that have a package.json. - -// Check if a license is accepted by an array of accepted licenses -function _passesSpdx(licenses: string[], accepted: string[]) { - try { - return spdxSatisfies(licenses.join(' AND '), accepted.join(' OR ')); - } catch { - return false; - } -} - -export default function (_options: {}): Promise { - return new Promise((resolve) => { - checker.init( - { start: path.join(fileURLToPath(import.meta.url), '../..'), excludePrivatePackages: true }, - // eslint-disable-next-line @typescript-eslint/no-explicit-any - (err: Error, json: any) => { - if (err) { - console.error(`Something happened:\n${err.message}`); - resolve(1); - } else { - console.info(`Testing ${Object.keys(json).length} packages.\n`); - - // Packages with bad licenses are those that neither pass SPDX nor are ignored. - const badLicensePackages = Object.keys(json) - .map((key) => ({ - id: key, - licenses: ([] as string[]) - .concat(json[key].licenses as string[]) - // `*` is used when the license is guessed. - .map((x) => x.replace(/\*$/, '')) - .map((x) => (x in licenseReplacements ? licenseReplacements[x] : x)), - })) - .filter((pkg) => !_passesSpdx(pkg.licenses, allowedLicenses)) - .filter((pkg) => !ignoredPackages.find((ignored) => ignored === pkg.id)); - - // Report packages with bad licenses - if (badLicensePackages.length > 0) { - console.error('Invalid package licences found:'); - badLicensePackages.forEach((pkg) => { - console.error(`${pkg.id}: ${JSON.stringify(pkg.licenses)}`); - }); - console.error(`\n${badLicensePackages.length} total packages with invalid licenses.`); - resolve(2); - } else { - console.info('All package licenses are valid.'); - resolve(0); - } - } - }, - ); - }); -} diff --git a/scripts/validate.mts b/scripts/validate.mts index a0191a4aa2c8..0ae571855a9f 100644 --- a/scripts/validate.mts +++ b/scripts/validate.mts @@ -8,7 +8,6 @@ import { execSync } from 'child_process'; import templates from './templates.mjs'; -import validateLicenses from './validate-licenses.mjs'; import validateUserAnalytics from './validate-user-analytics.mjs'; export default async function (options: { verbose: boolean }) { @@ -34,10 +33,6 @@ export default async function (options: { verbose: boolean }) { error = true; } - console.info(''); - console.info('Running license validation...'); - error = (await validateLicenses({})) != 0 || error; - console.info(''); console.info('Running User Analytics validation...'); error = (await validateUserAnalytics({})) != 0 || error; diff --git a/yarn.lock b/yarn.lock index 367cd843258b..b040fb621f83 100644 --- a/yarn.lock +++ b/yarn.lock @@ -68,7 +68,6 @@ "@angular/build-tooling@https://github.com/angular/dev-infra-private-build-tooling-builds.git#6dc56eace09095d66cfdb614f66514e4d1af1cfc": version "0.0.0-e805b4cfbbf04cf922ca279de2c49e2f778545ff" - uid "6dc56eace09095d66cfdb614f66514e4d1af1cfc" resolved "https://github.com/angular/dev-infra-private-build-tooling-builds.git#6dc56eace09095d66cfdb614f66514e4d1af1cfc" dependencies: "@angular/benchpress" "0.3.0" @@ -268,7 +267,6 @@ "@angular/ng-dev@https://github.com/angular/dev-infra-private-ng-dev-builds.git#68feef74970fb464f94ab21be85a314924499aa3": version "0.0.0-e805b4cfbbf04cf922ca279de2c49e2f778545ff" - uid "68feef74970fb464f94ab21be85a314924499aa3" resolved "https://github.com/angular/dev-infra-private-ng-dev-builds.git#68feef74970fb464f94ab21be85a314924499aa3" dependencies: "@octokit/rest" "20.1.1" @@ -4343,11 +4341,6 @@ resolved "https://registry.yarnpkg.com/@types/less/-/less-3.0.6.tgz#279b51245ba787c810a0d286226c5900cd5e6765" integrity sha512-PecSzorDGdabF57OBeQO/xFbAkYWo88g4Xvnsx7LRwqLC17I7OoKtA3bQB9uXkY6UkMWCOsA8HSVpaoitscdXw== -"@types/license-checker@^25.0.6": - version "25.0.6" - resolved "https://registry.yarnpkg.com/@types/license-checker/-/license-checker-25.0.6.tgz#c346285ee7e42bac58a4922059453f50a5d4175d" - integrity sha512-ju/75+YPkNE5vX1iPer+qtI1eI/LqJVYZgOsmSHI1iiEM1bQL5Gh1lEvyjR9T7ZXVE1FwJa2doWJEEmPNwbZkw== - "@types/loader-utils@^2.0.0": version "2.0.6" resolved "https://registry.yarnpkg.com/@types/loader-utils/-/loader-utils-2.0.6.tgz#cb1cf704c7eee4f01df8da3a90ba5929b77753df" @@ -4570,11 +4563,6 @@ resolved "https://registry.yarnpkg.com/@types/source-list-map/-/source-list-map-0.1.6.tgz#164e169dd061795b50b83c19e4d3be09f8d3a454" integrity sha512-5JcVt1u5HDmlXkwOD2nslZVllBBc7HDuOICfiZah2Z0is8M8g+ddAEawbmd3VjedfDHBzxCaXLs07QEmb7y54g== -"@types/spdx-satisfies@^0.1.2": - version "0.1.2" - resolved "https://registry.yarnpkg.com/@types/spdx-satisfies/-/spdx-satisfies-0.1.2.tgz#1c28c3ef21b350c188685a13e011ae94933db8f5" - integrity sha512-v8OtFJhx4gHvOktcvP1cdeAXYhUq1O5XP+NTxyZoxDSaKYGf3BFWb0P4Ik/JfRxsscKn8fDe4w9Obv92bNQ26Q== - "@types/ssri@*": version "7.1.5" resolved "https://registry.yarnpkg.com/@types/ssri/-/ssri-7.1.5.tgz#7147b5ba43957cb0f639a3309a3943fc1829d5e8" @@ -5290,7 +5278,7 @@ JSONStream@1.3.5: jsonparse "^1.2.0" through ">=2.2.7 <3" -abbrev@1, abbrev@^1.0.0, abbrev@~1.1.1: +abbrev@^1.0.0, abbrev@~1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8" integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q== @@ -5572,11 +5560,6 @@ array-buffer-byte-length@^1.0.1: call-bind "^1.0.5" is-array-buffer "^3.0.4" -array-find-index@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/array-find-index/-/array-find-index-1.0.2.tgz#df010aa1287e164bbda6f9723b0a96a1ec4187a1" - integrity sha512-M1HQyIXcBGtVywBt8WVdim+lrNaK7VHp99Qt5pSNziXznKHViIBbXWtfRTpEFpF/c4FdfxNAsCCwPp5phBYJtw== - array-flatten@1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2" @@ -6250,7 +6233,7 @@ chalk@^1.1.1, chalk@^1.1.3: strip-ansi "^3.0.0" supports-color "^2.0.0" -chalk@^2.4.1, chalk@^2.4.2: +chalk@^2.4.2: version "2.4.2" resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== @@ -8403,7 +8386,7 @@ glob@^6.0.1: once "^1.3.0" path-is-absolute "^1.0.0" -glob@^7.0.0, glob@^7.0.3, glob@^7.0.6, glob@^7.1.1, glob@^7.1.3, glob@^7.1.4, glob@^7.1.7: +glob@^7.0.0, glob@^7.0.3, glob@^7.0.6, glob@^7.1.3, glob@^7.1.4, glob@^7.1.7: version "7.2.3" resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== @@ -8607,11 +8590,6 @@ highlight.js@^11.8.0: resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-11.9.0.tgz#04ab9ee43b52a41a047432c8103e2158a1b8b5b0" integrity sha512-fJ7cW7fQGCYAkgv4CPfwFHrfd/cLS4Hau96JuJ+ZTOWhjnhoeN1ub1tFmALm/+lW5z4WCAuAV9bm05AP0mS6Gw== -hosted-git-info@^2.1.4: - version "2.8.9" - resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.8.9.tgz#dffc0bf9a21c02209090f2aa69429e1414daf3f9" - integrity sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw== - hosted-git-info@^5.0.0, hosted-git-info@^5.2.1: version "5.2.1" resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-5.2.1.tgz#0ba1c97178ef91f3ab30842ae63d6a272341156f" @@ -10048,22 +10026,6 @@ libnpmversion@^3.0.7: proc-log "^2.0.0" semver "^7.3.7" -license-checker@^25.0.0: - version "25.0.1" - resolved "https://registry.yarnpkg.com/license-checker/-/license-checker-25.0.1.tgz#4d14504478a5240a857bb3c21cd0491a00d761fa" - integrity sha512-mET5AIwl7MR2IAKYYoVBBpV0OnkKQ1xGj2IMMeEFIs42QAkEVjRtFZGWmQ28WeU7MP779iAgOaOy93Mn44mn6g== - dependencies: - chalk "^2.4.1" - debug "^3.1.0" - mkdirp "^0.5.1" - nopt "^4.0.1" - read-installed "~4.0.3" - semver "^5.5.0" - spdx-correct "^3.0.0" - spdx-expression-parse "^3.0.0" - spdx-satisfies "^4.0.0" - treeify "^1.1.0" - license-webpack-plugin@4.0.2: version "4.0.2" resolved "https://registry.yarnpkg.com/license-webpack-plugin/-/license-webpack-plugin-4.0.2.tgz#1e18442ed20b754b82f1adeff42249b81d11aec6" @@ -10657,7 +10619,7 @@ mkdirp@1.0.4, mkdirp@^1.0.3, mkdirp@^1.0.4: resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-1.0.4.tgz#3eb5ed62622756d79a5f0e2a221dfebad75c2f7e" integrity sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw== -mkdirp@^0.5.1, mkdirp@^0.5.5, mkdirp@^0.5.6, mkdirp@~0.5.1: +mkdirp@^0.5.5, mkdirp@^0.5.6, mkdirp@~0.5.1: version "0.5.6" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6" integrity sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw== @@ -10902,14 +10864,6 @@ node-releases@^2.0.14: resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.14.tgz#2ffb053bceb8b2be8495ece1ab6ce600c4461b0b" integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw== -nopt@^4.0.1: - version "4.0.3" - resolved "https://registry.yarnpkg.com/nopt/-/nopt-4.0.3.tgz#a375cad9d02fd921278d954c2254d5aa57e15e48" - integrity sha512-CvaGwVMztSMJLOeXPrez7fyfObdZqNUK1cPAEzLHrTybIua9pMdmmPR5YwtfNftIOMv3DPUhFaxsZMNTQO20Kg== - dependencies: - abbrev "1" - osenv "^0.1.4" - nopt@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/nopt/-/nopt-6.0.0.tgz#245801d8ebf409c6df22ab9d95b65e1309cdb16d" @@ -10924,16 +10878,6 @@ nopt@^7.0.0: dependencies: abbrev "^2.0.0" -normalize-package-data@^2.0.0: - version "2.5.0" - resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.5.0.tgz#e66db1838b200c1dfc233225d12cb36520e234a8" - integrity sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA== - dependencies: - hosted-git-info "^2.1.4" - resolve "^1.10.0" - semver "2 || 3 || 4 || 5" - validate-npm-package-license "^3.0.1" - normalize-package-data@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-4.0.1.tgz#b46b24e0616d06cadf9d5718b29b6d445a82a62c" @@ -11006,7 +10950,7 @@ npm-install-checks@^6.0.0: dependencies: semver "^7.1.1" -npm-normalize-package-bin@^1.0.0, npm-normalize-package-bin@^1.0.1: +npm-normalize-package-bin@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/npm-normalize-package-bin/-/npm-normalize-package-bin-1.0.1.tgz#6e79a41f23fd235c0623218228da7d9c23b8f6e2" integrity sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA== @@ -11413,24 +11357,11 @@ ordered-binary@^1.4.1: resolved "https://registry.yarnpkg.com/ordered-binary/-/ordered-binary-1.5.1.tgz#94ccbf14181711081ee23931db0dc3f58aaa0df6" integrity sha512-5VyHfHY3cd0iza71JepYG50My+YUbrFtGoUz2ooEydPyPM7Aai/JW098juLr+RG6+rDJuzNNTsEQu2DZa1A41A== -os-homedir@^1.0.0: - version "1.0.2" - resolved "https://registry.yarnpkg.com/os-homedir/-/os-homedir-1.0.2.tgz#ffbc4988336e0e833de0c168c7ef152121aa7fb3" - integrity sha512-B5JU3cabzk8c67mRRd3ECmROafjYMXbuzlwtqdM8IbS8ktlTix8aFGb2bAGKrSRIlnfKwovGUUr72JUPyOb6kQ== - -os-tmpdir@^1.0.0, os-tmpdir@~1.0.1, os-tmpdir@~1.0.2: +os-tmpdir@~1.0.1, os-tmpdir@~1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274" integrity sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g== -osenv@^0.1.4: - version "0.1.5" - resolved "https://registry.yarnpkg.com/osenv/-/osenv-0.1.5.tgz#85cdfafaeb28e8677f416e287592b5f3f49ea410" - integrity sha512-0CWcCECdMVc2Rw3U5w9ZjqX6ga6ubk1xDVKxtBQPK7wis/0F2r9T6k4ydGYhecl7YUBxBVxhL5oisPsNxAPe2g== - dependencies: - os-homedir "^1.0.0" - os-tmpdir "^1.0.0" - p-limit@^2.2.0: version "2.3.0" resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1" @@ -12291,20 +12222,6 @@ read-cmd-shim@^3.0.0: resolved "https://registry.yarnpkg.com/read-cmd-shim/-/read-cmd-shim-3.0.1.tgz#868c235ec59d1de2db69e11aec885bc095aea087" integrity sha512-kEmDUoYf/CDy8yZbLTmhB1X9kkjf9Q80PCNsDMb7ufrGd6zZSQA1+UyjrO+pZm5K/S4OXCWJeiIt1JA8kAsa6g== -read-installed@~4.0.3: - version "4.0.3" - resolved "https://registry.yarnpkg.com/read-installed/-/read-installed-4.0.3.tgz#ff9b8b67f187d1e4c29b9feb31f6b223acd19067" - integrity sha512-O03wg/IYuV/VtnK2h/KXEt9VIbMUFbk3ERG0Iu4FhLZw0EP0T9znqrYDGn6ncbEsXUFaUjiVAWXHzxwt3lhRPQ== - dependencies: - debuglog "^1.0.1" - read-package-json "^2.0.0" - readdir-scoped-modules "^1.0.0" - semver "2 || 3 || 4 || 5" - slide "~1.1.3" - util-extend "^1.0.1" - optionalDependencies: - graceful-fs "^4.1.2" - read-package-json-fast@^2.0.2, read-package-json-fast@^2.0.3: version "2.0.3" resolved "https://registry.yarnpkg.com/read-package-json-fast/-/read-package-json-fast-2.0.3.tgz#323ca529630da82cb34b36cc0b996693c98c2b83" @@ -12313,16 +12230,6 @@ read-package-json-fast@^2.0.2, read-package-json-fast@^2.0.3: json-parse-even-better-errors "^2.3.0" npm-normalize-package-bin "^1.0.1" -read-package-json@^2.0.0: - version "2.1.2" - resolved "https://registry.yarnpkg.com/read-package-json/-/read-package-json-2.1.2.tgz#6992b2b66c7177259feb8eaac73c3acd28b9222a" - integrity sha512-D1KmuLQr6ZSJS0tW8hf3WGpRlwszJOXZ3E8Yd/DNRaM5d+1wVRZdHlpGBLAuovjr28LbWvjpWkBHMxpRGGjzNA== - dependencies: - glob "^7.1.1" - json-parse-even-better-errors "^2.3.0" - normalize-package-data "^2.0.0" - npm-normalize-package-bin "^1.0.0" - read-package-json@^5.0.0, read-package-json@^5.0.2: version "5.0.2" resolved "https://registry.yarnpkg.com/read-package-json/-/read-package-json-5.0.2.tgz#b8779ccfd169f523b67208a89cc912e3f663f3fa" @@ -12373,7 +12280,7 @@ readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0, readable string_decoder "^1.1.1" util-deprecate "^1.0.1" -readdir-scoped-modules@^1.0.0, readdir-scoped-modules@^1.1.0: +readdir-scoped-modules@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/readdir-scoped-modules/-/readdir-scoped-modules-1.1.0.tgz#8d45407b4f870a0dcaebc0e28670d18e74514309" integrity sha512-asaikDeqAQg7JifRsZn1NJZXo9E+VwlyCfbkZhwyISinqk5zNS6266HS5kah6P0SaQKGF6SkNnZVHUzHFYxYDw== @@ -12550,7 +12457,7 @@ resolve-url-loader@5.0.0: postcss "^8.2.14" source-map "0.6.1" -resolve@1.22.8, resolve@^1.1.6, resolve@^1.10.0, resolve@^1.14.2, resolve@^1.19.0, resolve@^1.22.1, resolve@^1.22.4, resolve@~1.22.1: +resolve@1.22.8, resolve@^1.1.6, resolve@^1.14.2, resolve@^1.19.0, resolve@^1.22.1, resolve@^1.22.4, resolve@~1.22.1: version "1.22.8" resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.8.tgz#b6c87a9f2aa06dfab52e3d70ac8cde321fa5a48d" integrity sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw== @@ -12863,11 +12770,6 @@ selfsigned@^2.4.1: "@types/node-forge" "^1.3.0" node-forge "^1" -"semver@2 || 3 || 4 || 5", semver@^5.3.0, semver@^5.5.0, semver@^5.6.0: - version "5.7.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" - integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== - semver@5.6.0: version "5.6.0" resolved "https://registry.yarnpkg.com/semver/-/semver-5.6.0.tgz#7e74256fbaa49c75aa7c7a205cc22799cac80004" @@ -12890,6 +12792,11 @@ semver@7.6.2: resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13" integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w== +semver@^5.3.0, semver@^5.6.0: + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== + semver@^6.0.0, semver@^6.3.0, semver@^6.3.1: version "6.3.1" resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" @@ -13121,11 +13028,6 @@ slice-ansi@^4.0.0: astral-regex "^2.0.0" is-fullwidth-code-point "^3.0.0" -slide@~1.1.3: - version "1.1.6" - resolved "https://registry.yarnpkg.com/slide/-/slide-1.1.6.tgz#56eb027d65b4d2dce6cb2e2d32c4d4afc9e1d707" - integrity sha512-NwrtjCg+lZoqhFU8fOwl4ay2ei8PaqCBOUV3/ektPY9trO1yQ1oXEfmHAhKArUVUr/hOHvy5f6AdP17dCM0zMw== - smart-buffer@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" @@ -13285,15 +13187,6 @@ source-map@^0.5.6: resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc" integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ== -spdx-compare@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/spdx-compare/-/spdx-compare-1.0.0.tgz#2c55f117362078d7409e6d7b08ce70a857cd3ed7" - integrity sha512-C1mDZOX0hnu0ep9dfmuoi03+eOdDoz2yvK79RxbcrVEG1NO1Ph35yW102DHWKN4pk80nwCgeMmSY5L25VE4D9A== - dependencies: - array-find-index "^1.0.2" - spdx-expression-parse "^3.0.0" - spdx-ranges "^2.0.0" - spdx-correct@^3.0.0: version "3.2.0" resolved "https://registry.yarnpkg.com/spdx-correct/-/spdx-correct-3.2.0.tgz#4f5ab0668f0059e34f9c00dce331784a12de4e9c" @@ -13320,29 +13213,6 @@ spdx-license-ids@^3.0.0: resolved "https://registry.yarnpkg.com/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz#887da8aa73218e51a1d917502d79863161a93f9c" integrity sha512-sh8PWc/ftMqAAdFiBu6Fy6JUOYjqDJBJvIhpfDMyHrr0Rbp5liZqd4TjtQ/RgfLjKFZb+LMx5hpml5qOWy0qvg== -spdx-ranges@^2.0.0: - version "2.1.1" - resolved "https://registry.yarnpkg.com/spdx-ranges/-/spdx-ranges-2.1.1.tgz#87573927ba51e92b3f4550ab60bfc83dd07bac20" - integrity sha512-mcdpQFV7UDAgLpXEE/jOMqvK4LBoO0uTQg0uvXUewmEFhpiZx5yJSZITHB8w1ZahKdhfZqP5GPEOKLyEq5p8XA== - -spdx-satisfies@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/spdx-satisfies/-/spdx-satisfies-4.0.1.tgz#9a09a68d80f5f1a31cfaebb384b0c6009e4969fe" - integrity sha512-WVzZ/cXAzoNmjCWiEluEA3BjHp5tiUmmhn9MK+X0tBbR9sOqtC6UQwmgCNrAIZvNlMuBUYAaHYfb2oqlF9SwKA== - dependencies: - spdx-compare "^1.0.0" - spdx-expression-parse "^3.0.0" - spdx-ranges "^2.0.0" - -spdx-satisfies@^5.0.0: - version "5.0.1" - resolved "https://registry.yarnpkg.com/spdx-satisfies/-/spdx-satisfies-5.0.1.tgz#9feeb2524686c08e5f7933c16248d4fdf07ed6a6" - integrity sha512-Nwor6W6gzFp8XX4neaKQ7ChV4wmpSh2sSDemMFSzHxpTw460jxFYeOn+jq4ybnSSw/5sc3pjka9MQPouksQNpw== - dependencies: - spdx-compare "^1.0.0" - spdx-expression-parse "^3.0.0" - spdx-ranges "^2.0.0" - spdy-transport@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/spdy-transport/-/spdy-transport-3.0.0.tgz#00d4863a6400ad75df93361a1608605e5dcdcf31" @@ -13842,11 +13712,6 @@ tree-kill@1.2.2: resolved "https://registry.yarnpkg.com/tree-kill/-/tree-kill-1.2.2.tgz#4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc" integrity sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A== -treeify@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/treeify/-/treeify-1.1.0.tgz#4e31c6a463accd0943879f30667c4fdaff411bb8" - integrity sha512-1m4RA7xVAJrSGrrXGs0L3YTwyvBs2S8PbRHaLZAkFw7JR8oIFwYtysxlBZhYIa7xSyiYJKZ3iGrrk55cGA3i9A== - treeverse@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/treeverse/-/treeverse-2.0.0.tgz#036dcef04bc3fd79a9b79a68d4da03e882d8a9ca" @@ -14236,11 +14101,6 @@ util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1: resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== -util-extend@^1.0.1: - version "1.0.3" - resolved "https://registry.yarnpkg.com/util-extend/-/util-extend-1.0.3.tgz#a7c216d267545169637b3b6edc6ca9119e2ff93f" - integrity sha512-mLs5zAK+ctllYBj+iAQvlDCwoxU/WDOUaJkcFudeiAX6OajC6BKXJUa9a+tbtkC11dz2Ufb7h0lyvIOVn4LADA== - utils-merge@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" @@ -14284,7 +14144,7 @@ v8-to-istanbul@^9.0.1: "@types/istanbul-lib-coverage" "^2.0.1" convert-source-map "^2.0.0" -validate-npm-package-license@^3.0.1, validate-npm-package-license@^3.0.4: +validate-npm-package-license@^3.0.4: version "3.0.4" resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a" integrity sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==