diff --git a/CHANGELOG.md b/CHANGELOG.md index eb6329a0b..34fd63269 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [6.3.2] - 2024-11-22 + +### Fixed +- Upgrade cross-spawn to v7.0.6 for vulnerability [CVE-2024-9506](https://github.com/advisories/GHSA-5j4c-8p2g-v4jx) + ## [6.3.1] - 2024-10-02 ### Fixed diff --git a/VERSION.txt b/VERSION.txt index 39ee137ba..f9da12e11 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -6.3.1 \ No newline at end of file +6.3.2 \ No newline at end of file diff --git a/deployment/cdk-solution-helper/package-lock.json b/deployment/cdk-solution-helper/package-lock.json index 220bebb26..b62a1d2a2 100644 --- a/deployment/cdk-solution-helper/package-lock.json +++ b/deployment/cdk-solution-helper/package-lock.json @@ -2027,10 +2027,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/constructs/cdk.json b/source/constructs/cdk.json index ea124a5ef..3c27b908c 100644 --- a/source/constructs/cdk.json +++ b/source/constructs/cdk.json @@ -2,7 +2,7 @@ "app": "npx ts-node --prefer-ts-exts bin/constructs.ts", "context": { "solutionId": "SO0023", - "solutionVersion": "custom-v6.3.0", + "solutionVersion": "custom-v6.3.2", "solutionName": "serverless-image-handler" } } \ No newline at end of file diff --git a/source/constructs/package-lock.json b/source/constructs/package-lock.json index 3f0daafba..18167533d 100644 --- a/source/constructs/package-lock.json +++ b/source/constructs/package-lock.json @@ -1,12 +1,12 @@ { "name": "constructs", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "constructs", - "version": "6.3.1", + "version": "6.3.2", "license": "Apache-2.0", "dependencies": { "metrics-utils": "file:../metrics-utils", @@ -35,6 +35,7 @@ }, "../metrics-utils": { "version": "0.1.0", + "license": "Apache-2.0", "dependencies": { "@aws-sdk/client-cloudwatch": "^3.637.0", "@aws-sdk/client-cloudwatch-logs": "^3.637.0", @@ -2163,11 +2164,13 @@ }, "node_modules/aws-cdk-lib/node_modules/@balena/dockerignore": { "version": "1.0.2", + "dev": true, "inBundle": true, "license": "Apache-2.0" }, "node_modules/aws-cdk-lib/node_modules/ajv": { "version": "8.16.0", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2183,6 +2186,7 @@ }, "node_modules/aws-cdk-lib/node_modules/ansi-regex": { "version": "5.0.1", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2191,6 +2195,7 @@ }, "node_modules/aws-cdk-lib/node_modules/ansi-styles": { "version": "4.3.0", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2205,6 +2210,7 @@ }, "node_modules/aws-cdk-lib/node_modules/astral-regex": { "version": "2.0.0", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2213,11 +2219,13 @@ }, "node_modules/aws-cdk-lib/node_modules/balanced-match": { "version": "1.0.2", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/brace-expansion": { "version": "1.1.11", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2227,6 +2235,7 @@ }, "node_modules/aws-cdk-lib/node_modules/case": { "version": "1.6.3", + "dev": true, "inBundle": true, "license": "(MIT OR GPL-3.0-or-later)", "engines": { @@ -2235,6 +2244,7 @@ }, "node_modules/aws-cdk-lib/node_modules/color-convert": { "version": "2.0.1", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2246,26 +2256,31 @@ }, "node_modules/aws-cdk-lib/node_modules/color-name": { "version": "1.1.4", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/concat-map": { "version": "0.0.1", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/emoji-regex": { "version": "8.0.0", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/fast-deep-equal": { "version": "3.1.3", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/fs-extra": { "version": "11.2.0", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2279,11 +2294,13 @@ }, "node_modules/aws-cdk-lib/node_modules/graceful-fs": { "version": "4.2.11", + "dev": true, "inBundle": true, "license": "ISC" }, "node_modules/aws-cdk-lib/node_modules/ignore": { "version": "5.3.1", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2292,6 +2309,7 @@ }, "node_modules/aws-cdk-lib/node_modules/is-fullwidth-code-point": { "version": "3.0.0", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2300,11 +2318,13 @@ }, "node_modules/aws-cdk-lib/node_modules/json-schema-traverse": { "version": "1.0.0", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/jsonfile": { "version": "6.1.0", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2316,6 +2336,7 @@ }, "node_modules/aws-cdk-lib/node_modules/jsonschema": { "version": "1.4.1", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2324,11 +2345,13 @@ }, "node_modules/aws-cdk-lib/node_modules/lodash.truncate": { "version": "4.4.2", + "dev": true, "inBundle": true, "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/mime-db": { "version": "1.52.0", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2337,6 +2360,7 @@ }, "node_modules/aws-cdk-lib/node_modules/mime-types": { "version": "2.1.35", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2348,6 +2372,7 @@ }, "node_modules/aws-cdk-lib/node_modules/minimatch": { "version": "3.1.2", + "dev": true, "inBundle": true, "license": "ISC", "dependencies": { @@ -2359,6 +2384,7 @@ }, "node_modules/aws-cdk-lib/node_modules/punycode": { "version": "2.3.1", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2367,6 +2393,7 @@ }, "node_modules/aws-cdk-lib/node_modules/require-from-string": { "version": "2.0.2", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2375,6 +2402,7 @@ }, "node_modules/aws-cdk-lib/node_modules/semver": { "version": "7.6.2", + "dev": true, "inBundle": true, "license": "ISC", "bin": { @@ -2386,6 +2414,7 @@ }, "node_modules/aws-cdk-lib/node_modules/slice-ansi": { "version": "4.0.0", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2402,6 +2431,7 @@ }, "node_modules/aws-cdk-lib/node_modules/string-width": { "version": "4.2.3", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2415,6 +2445,7 @@ }, "node_modules/aws-cdk-lib/node_modules/strip-ansi": { "version": "6.0.1", + "dev": true, "inBundle": true, "license": "MIT", "dependencies": { @@ -2426,6 +2457,7 @@ }, "node_modules/aws-cdk-lib/node_modules/table": { "version": "6.8.2", + "dev": true, "inBundle": true, "license": "BSD-3-Clause", "dependencies": { @@ -2441,6 +2473,7 @@ }, "node_modules/aws-cdk-lib/node_modules/universalify": { "version": "2.0.1", + "dev": true, "inBundle": true, "license": "MIT", "engines": { @@ -2449,6 +2482,7 @@ }, "node_modules/aws-cdk-lib/node_modules/uri-js": { "version": "4.4.1", + "dev": true, "inBundle": true, "license": "BSD-2-Clause", "dependencies": { @@ -2457,6 +2491,7 @@ }, "node_modules/aws-cdk-lib/node_modules/yaml": { "version": "1.10.2", + "dev": true, "inBundle": true, "license": "ISC", "engines": { @@ -2919,10 +2954,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/constructs/package.json b/source/constructs/package.json index 71cb7ce36..3a988134d 100644 --- a/source/constructs/package.json +++ b/source/constructs/package.json @@ -1,6 +1,6 @@ { "name": "constructs", - "version": "6.3.1", + "version": "6.3.2", "description": "Serverless Image Handler Constructs", "license": "Apache-2.0", "author": { diff --git a/source/constructs/test/__snapshots__/constructs.test.ts.snap b/source/constructs/test/__snapshots__/constructs.test.ts.snap index edd0040f0..e3dec7b3d 100644 --- a/source/constructs/test/__snapshots__/constructs.test.ts.snap +++ b/source/constructs/test/__snapshots__/constructs.test.ts.snap @@ -81,7 +81,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = ` "Config": { "AnonymousUsage": "Yes", "SolutionId": "S0ABC", - "Version": "v6.3.1", + "Version": "v6.3.2", }, }, }, @@ -408,7 +408,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = ` "Solutions:ApplicationType": "AWS-Solutions", "Solutions:SolutionID": "S0ABC", "Solutions:SolutionName": "sih", - "Solutions:SolutionVersion": "v6.3.1", + "Solutions:SolutionVersion": "v6.3.2", }, }, "Type": "AWS::ServiceCatalogAppRegistry::Application", @@ -1277,7 +1277,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = ` }, "S3Key": "Omitted to remove snapshot dependency on hash", }, - "Description": "sih (v6.3.1): Performs image edits and manipulations", + "Description": "sih (v6.3.2): Performs image edits and manipulations", "Environment": { "Variables": { "AUTO_WEBP": { @@ -1977,7 +1977,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = ` }, "S3Key": "Omitted to remove snapshot dependency on hash", }, - "Description": "sih (v6.3.1): Custom resource", + "Description": "sih (v6.3.2): Custom resource", "Environment": { "Variables": { "RETRY_SECONDS": "5", @@ -2583,7 +2583,7 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = ` "applicationType": "AWS-Solutions", "solutionID": "S0ABC", "solutionName": "sih", - "version": "v6.3.1", + "version": "v6.3.2", }, "Description": "Attribute group for solution information", "Name": { diff --git a/source/constructs/test/constructs.test.ts b/source/constructs/test/constructs.test.ts index bd61f06c9..4a2ae169d 100644 --- a/source/constructs/test/constructs.test.ts +++ b/source/constructs/test/constructs.test.ts @@ -11,14 +11,14 @@ test("Serverless Image Handler Stack Snapshot", () => { context: { solutionId: "SO0023", solutionName: "serverless-image-handler", - solutionVersion: "v6.3.1", + solutionVersion: "v6.3.2", }, }); const stack = new ServerlessImageHandlerStack(app, "TestStack", { solutionId: "S0ABC", solutionName: "sih", - solutionVersion: "v6.3.1", + solutionVersion: "v6.3.2", }); const template = Template.fromStack(stack); diff --git a/source/custom-resource/package-lock.json b/source/custom-resource/package-lock.json index f242c0bd5..91120c5a6 100644 --- a/source/custom-resource/package-lock.json +++ b/source/custom-resource/package-lock.json @@ -1,12 +1,12 @@ { "name": "custom-resource", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "custom-resource", - "version": "6.3.1", + "version": "6.3.2", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1529.0", @@ -1761,10 +1761,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/custom-resource/package.json b/source/custom-resource/package.json index 534173d4d..2784c9c15 100644 --- a/source/custom-resource/package.json +++ b/source/custom-resource/package.json @@ -1,6 +1,6 @@ { "name": "custom-resource", - "version": "6.3.1", + "version": "6.3.2", "private": true, "description": "Serverless Image Handler custom resource", "license": "Apache-2.0", diff --git a/source/demo-ui/package-lock.json b/source/demo-ui/package-lock.json index d9952ca4c..d0dfcce0c 100644 --- a/source/demo-ui/package-lock.json +++ b/source/demo-ui/package-lock.json @@ -1,12 +1,12 @@ { "name": "demo-ui", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "demo-ui", - "version": "6.3.1", + "version": "6.3.2", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { diff --git a/source/demo-ui/package.json b/source/demo-ui/package.json index 315d25468..82d435cbe 100644 --- a/source/demo-ui/package.json +++ b/source/demo-ui/package.json @@ -1,6 +1,6 @@ { "name": "demo-ui", - "version": "6.3.1", + "version": "6.3.2", "private": true, "description": "Serverless Image Handler demo ui", "license": "Apache-2.0", diff --git a/source/image-handler/package-lock.json b/source/image-handler/package-lock.json index 0b5a770aa..f57ed40bb 100644 --- a/source/image-handler/package-lock.json +++ b/source/image-handler/package-lock.json @@ -1,12 +1,12 @@ { "name": "image-handler", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "image-handler", - "version": "6.3.1", + "version": "6.3.2", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1529.0", @@ -1807,10 +1807,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/image-handler/package.json b/source/image-handler/package.json index ca940e5d7..a859b1027 100644 --- a/source/image-handler/package.json +++ b/source/image-handler/package.json @@ -1,6 +1,6 @@ { "name": "image-handler", - "version": "6.3.1", + "version": "6.3.2", "private": true, "description": "A Lambda function for performing on-demand image edits and manipulations.", "license": "Apache-2.0", diff --git a/source/metrics-utils/package-lock.json b/source/metrics-utils/package-lock.json index f06109bb7..7f6f534ae 100644 --- a/source/metrics-utils/package-lock.json +++ b/source/metrics-utils/package-lock.json @@ -7,6 +7,7 @@ "": { "name": "metrics-utils", "version": "0.1.0", + "license": "Apache-2.0", "dependencies": { "@aws-sdk/client-cloudwatch": "^3.637.0", "@aws-sdk/client-cloudwatch-logs": "^3.637.0", @@ -4187,10 +4188,11 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/package-lock.json b/source/package-lock.json index 9d714da53..783769605 100644 --- a/source/package-lock.json +++ b/source/package-lock.json @@ -1,12 +1,12 @@ { "name": "source", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "source", - "version": "6.3.1", + "version": "6.3.2", "license": "Apache-2.0", "devDependencies": { "@types/node": "^20.10.4", @@ -712,10 +712,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/package.json b/source/package.json index f23cd5b36..6af0d8a47 100644 --- a/source/package.json +++ b/source/package.json @@ -1,6 +1,6 @@ { "name": "source", - "version": "6.3.1", + "version": "6.3.2", "private": true, "description": "ESLint and prettier dependencies to be used within the solution", "license": "Apache-2.0", diff --git a/source/solution-utils/package-lock.json b/source/solution-utils/package-lock.json index b6e8b391f..ca7d6ade4 100644 --- a/source/solution-utils/package-lock.json +++ b/source/solution-utils/package-lock.json @@ -1,12 +1,12 @@ { "name": "solution-utils", - "version": "6.3.1", + "version": "6.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "solution-utils", - "version": "6.3.1", + "version": "6.3.2", "license": "Apache-2.0", "devDependencies": { "@types/jest": "^29.5.5", @@ -1641,10 +1641,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/source/solution-utils/package.json b/source/solution-utils/package.json index a2eb16319..6a2118cb9 100644 --- a/source/solution-utils/package.json +++ b/source/solution-utils/package.json @@ -1,6 +1,6 @@ { "name": "solution-utils", - "version": "6.3.1", + "version": "6.3.2", "private": true, "description": "Utilities to be used within this solution", "license": "Apache-2.0",