From 3f7c1c6861e6037c7c7d0756847b0b3fb22a260d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" Date: Thu, 6 Dec 2018 05:47:59 +0000 Subject: [PATCH] [Security] Bump sshpk from 1.7.1 to 1.15.2 Bumps [sshpk](https://github.com/joyent/node-sshpk) from 1.7.1 to 1.15.2. **This update includes security fixes.** - [Release notes](https://github.com/joyent/node-sshpk/releases) - [Commits](https://github.com/joyent/node-sshpk/compare/v1.7.1...v1.15.2) Signed-off-by: dependabot[bot] --- yarn.lock | 97 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 43 deletions(-) diff --git a/yarn.lock b/yarn.lock index f530172..f9051fc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -981,20 +981,22 @@ asn1@0.1.11: resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.1.11.tgz#559be18376d08a4ec4dbe80877d27818639b2df7" integrity sha1-VZvhg3bQik7E2+gId9J4GGObLfc= -"asn1@>=0.2.3 <0.3.0": - version "0.2.3" - resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.3.tgz#dac8787713c9966849fc8180777ebe9c1ddf3b86" - integrity sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y= +asn1@~0.2.3: + version "0.2.4" + resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136" + integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg== + dependencies: + safer-buffer "~2.1.0" -assert-plus@0.1.x, assert-plus@^0.1.5: +assert-plus@^0.1.5: version "0.1.5" resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-0.1.5.tgz#ee74009413002d84cec7219c6ac811812e723160" integrity sha1-7nQAlBMALYTOxyGcasgRgS5yMWA= -"assert-plus@>=0.2.0 <0.3.0": - version "0.2.0" - resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-0.2.0.tgz#d74e1b87e7affc0db8aadb7021f3fe48101ab234" - integrity sha1-104bh+ev/A24qttwIfP+SBAasjQ= +assert-plus@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525" + integrity sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU= assign-symbols@^1.0.0: version "1.0.0" @@ -1685,6 +1687,13 @@ basic-auth@~2.0.0: dependencies: safe-buffer "5.1.2" +bcrypt-pbkdf@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" + integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4= + dependencies: + tweetnacl "^0.14.3" + better-assert@~1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/better-assert/-/better-assert-1.0.2.tgz#40866b9e1b9e0b55b481894311e68faffaebc522" @@ -3094,12 +3103,12 @@ dag-map@^2.0.2: resolved "https://registry.yarnpkg.com/dag-map/-/dag-map-2.0.2.tgz#9714b472de82a1843de2fba9b6876938cab44c68" integrity sha1-lxS0ct6CoYQ94vuptodpOMq0TGg= -"dashdash@>=1.10.1 <2.0.0": - version "1.10.1" - resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.10.1.tgz#0abf1af89a8f5129a81f18c2b35b21df22622f60" - integrity sha1-Cr8a+JqPUSmoHxjCs1sh3yJiL2A= +dashdash@^1.12.0: + version "1.14.1" + resolved "https://registry.yarnpkg.com/dashdash/-/dashdash-1.14.1.tgz#853cfa0f7cbe2fed5de20326b8dd581035f6e2f0" + integrity sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA= dependencies: - assert-plus "0.1.x" + assert-plus "^1.0.0" debug@*: version "2.2.0" @@ -3317,12 +3326,13 @@ duplexer3@^0.1.4: resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2" integrity sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI= -"ecc-jsbn@>=0.0.1 <1.0.0": - version "0.1.1" - resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz#0fc73a9ed5f0d53c38193398523ef7e543777505" - integrity sha1-D8c6ntXw1Tw4GTOYUj735UN3dQU= +ecc-jsbn@~0.1.1: + version "0.1.2" + resolved "https://registry.yarnpkg.com/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz#3a83a904e54353287874c564b7549386849a98c9" + integrity sha1-OoOpBOVDUyh4dMVkt1SThoSamMk= dependencies: jsbn "~0.1.0" + safer-buffer "^2.1.0" editions@^1.1.1: version "1.3.4" @@ -5015,6 +5025,13 @@ get-value@^2.0.3, get-value@^2.0.6: resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28" integrity sha1-3BXKHGcjh8p2vTesCjlbogQqLCg= +getpass@^0.1.1: + version "0.1.7" + resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa" + integrity sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo= + dependencies: + assert-plus "^1.0.0" + git-fetch-pack@^0.1.1: version "0.1.1" resolved "https://registry.yarnpkg.com/git-fetch-pack/-/git-fetch-pack-0.1.1.tgz#7703a32cf0db80f060d2766a34ac00d02cebcdf5" @@ -6069,13 +6086,6 @@ jju@^1.1.0: resolved "https://registry.yarnpkg.com/jju/-/jju-1.2.1.tgz#edf6ec20d5d668c80c2c00cea63f8a9422a4b528" integrity sha1-7fbsINXWaMgMLADOpj+KlCKktSg= -"jodid25519@>=1.0.0 <2.0.0": - version "1.0.2" - resolved "https://registry.yarnpkg.com/jodid25519/-/jodid25519-1.0.2.tgz#06d4912255093419477d425633606e0e90782967" - integrity sha1-BtSRIlUJNBlHfUJWM2BuDpB4KWc= - dependencies: - jsbn "~0.1.0" - jquery@^3.3.1, jquery@x.*: version "3.3.1" resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca" @@ -6117,7 +6127,7 @@ js-yaml@^3.12.0: argparse "^1.0.7" esprima "^4.0.0" -"jsbn@>=0.1.0 <0.2.0", jsbn@~0.1.0: +jsbn@~0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.0.tgz#650987da0dd74f4ebf5a11377a2aa2d273e97dfd" integrity sha1-ZQmH2g3XT06/WhE3eiqi0nPpff0= @@ -8904,7 +8914,7 @@ safe-regex@^1.1.0: dependencies: ret "~0.1.10" -safer-buffer@^2.1.0: +safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0: version "2.1.2" resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== @@ -9372,18 +9382,19 @@ sri-toolbox@^0.2.0: integrity sha1-p/6lw/3lXmdc8cjAbz67XCk1g14= sshpk@^1.7.0: - version "1.7.1" - resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.7.1.tgz#565e386c42a77e6062fbd14c0472ff21cd53398c" - integrity sha1-Vl44bEKnfmBi+9FMBHL/Ic1TOYw= - dependencies: - asn1 ">=0.2.3 <0.3.0" - assert-plus ">=0.2.0 <0.3.0" - dashdash ">=1.10.1 <2.0.0" - optionalDependencies: - ecc-jsbn ">=0.0.1 <1.0.0" - jodid25519 ">=1.0.0 <2.0.0" - jsbn ">=0.1.0 <0.2.0" - tweetnacl ">=0.13.0 <1.0.0" + version "1.15.2" + resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.15.2.tgz#c946d6bd9b1a39d0e8635763f5242d6ed6dcb629" + integrity sha512-Ra/OXQtuh0/enyl4ETZAfTaeksa6BXks5ZcjpSUNrjBr0DvrJKX+1fsKDPpT9TBXgHAFsa4510aNVgI8g/+SzA== + dependencies: + asn1 "~0.2.3" + assert-plus "^1.0.0" + bcrypt-pbkdf "^1.0.0" + dashdash "^1.12.0" + ecc-jsbn "~0.1.1" + getpass "^0.1.1" + jsbn "~0.1.0" + safer-buffer "^2.0.2" + tweetnacl "~0.14.0" static-extend@^0.1.1: version "0.1.2" @@ -9779,10 +9790,10 @@ tunnel-agent@~0.4.1: resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.4.2.tgz#1104e3f36ac87125c287270067d582d18133bfee" integrity sha1-EQTj82rIcSXChycAZ9WC0YEzv+4= -"tweetnacl@>=0.13.0 <1.0.0": - version "0.13.2" - resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.13.2.tgz#453161770469d45cd266c36404e2bc99a8fa9944" - integrity sha1-RTFhdwRp1FzSZsNkBOK8maj6mUQ= +tweetnacl@^0.14.3, tweetnacl@~0.14.0: + version "0.14.5" + resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" + integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= type-check@~0.3.2: version "0.3.2"