chore(release): 3.0.0

thetutlage · thetutlage · commit 801cf1b709f4 · 2020-10-04T16:28:52.000+05:30
diff --git a/npm-audit.html b/npm-audit.html
@@ -15,7 +15,7 @@
         href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@9.16.2/build/styles/atom-one-dark.min.css">
 
     <title>NPM Audit Report</title>
-    <meta name="description" content="47 known vulnerabilities found.">
+    <meta name="description" content="44 known vulnerabilities found.">
 
     <style>
         pre {
@@ -39,7 +39,7 @@ <h1 class="mt-5 text-center">NPM Audit Report</h1>
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            47
+                            44
                         </h5>
                         <p class="card-text">Known vulnerabilities</p>
                     </div>
@@ -55,7 +55,7 @@ <h5 class="card-title">
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            October 4th 2020, 10:32:11 am
+                            October 4th 2020, 10:58:55 am
                         </h5>
                         <p class="card-text">Last updated</p>
                     </div>
@@ -95,7 +95,7 @@ <h5 class="card-title">
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            47
+                            44
                         </h5>
                         <p class="card-text">
                             <span class="badge badge-primary">low</span>
@@ -128,20 +128,6 @@ <h5 class="card-title">
                         </tr>
                     </thead>
                     <tbody>
-                        <tr>
-                            <th scope="row">
-                                <a href="https://npmjs.com/advisories/1179" data-toggle="modal" data-target="#advisory-modal-1179">Prototype Pollution</a>
-                            </th>
-                            <td>
-                                <a href="https://npmjs.com/package/minimist" target="_blank"
-                                    rel="noopener">minimist</a>
-                            </td>
-                            <td data-order="4"><span
-                                    class="badge badge-primary">low</span></td>
-                            <td>
-                                CWE-471
-                            </td>
-                        </tr>
                         <tr>
                             <th scope="row">
                                 <a href="https://npmjs.com/advisories/1490" data-toggle="modal" data-target="#advisory-modal-1490">Validation Bypass</a>
@@ -156,90 +142,13 @@ <h5 class="card-title">
                                 CWE-20
                             </td>
                         </tr>
-                        <tr>
-                            <th scope="row">
-                                <a href="https://npmjs.com/advisories/1523" data-toggle="modal" data-target="#advisory-modal-1523">Prototype Pollution</a>
-                            </th>
-                            <td>
-                                <a href="https://npmjs.com/package/lodash" target="_blank"
-                                    rel="noopener">lodash</a>
-                            </td>
-                            <td data-order="4"><span
-                                    class="badge badge-primary">low</span></td>
-                            <td>
-                                CWE-471
-                                , CVE-2019-10744
-                            </td>
-                        </tr>
                     </tbody>
                 </table>
             </div>
         </div>
     </div>
 
 
-    <div class="modal" tabindex="-1" role="dialog" id="advisory-modal-1179">
-        <div class="modal-dialog modal-lg" role="document">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <h5 class="modal-title">
-                        <span class="badge badge-primary">low</span>
-                        Prototype Pollution
-                    </h5>
-                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
-                        <span aria-hidden="true">&times;</span>
-                    </button>
-                </div>
-                <div class="modal-body">
-                    <div class="row">
-                        <div class="col-md-6">
-                            <ul>
-                                <li>Module:
-                                    <a href="https://npmjs.com/package/minimist" target="_blank"
-                                        rel="noopener">minimist</a>
-                                </li>
-                                <li>Published: September 23rd 2019 </li>
-                                <li>Reported by: Checkmarx Research Team</li>
-                                <li>CWE-471</li>
-                            </ul>
-                        </div>
-                        <div class="col-md-6">
-                            <ul>
-                                <li>Vulnerable: &lt;0.2.1 || &gt;&#x3D;1.0.0 &lt;1.2.3</li>
-                                <li>Patched: &gt;&#x3D;0.2.1 &lt;1.0.0 || &gt;&#x3D;1.2.3</li>
-                                <li>Exploitability: 1</li>
-                            </ul>
-                        </div>
-                    </div>
-                    <h3>Overview</h3>
-                    <p class="card-text"><p>Affected versions of <code>minimist</code> are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of <code>Object</code>, causing the addition or modification of an existing property that will exist on all objects.<br>Parsing the argument <code>--__proto__.y=Polluted</code> adds a <code>y</code> property with value <code>Polluted</code> to all objects. The argument <code>--__proto__=Polluted</code> raises and uncaught error and crashes the application.<br>This is exploitable if attackers have control over the arguments being passed to <code>minimist</code>.</p>
-</p>
-
-                    <h3>Findings</h3>
-                    <ul>
-                        <li>@adonisjs/sink&gt;mrm-core&gt;minimist </li>
-                    </ul>
-
-                    <h3>Remediation</h3>
-                    <p class="card-text"><p>Upgrade to versions 0.2.1, 1.2.3 or later.</p>
-</p>
-                     
-                    <h3>References</h3>
-                    <p class="card-text"><ul>
-<li><a href="https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95">GitHub commit 1</a></li>
-<li><a href="https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94">GitHub commit 2</a></li>
-</ul>
-</p>
-                     
-                </div>
-                <div class="modal-footer">
-                    <a class="btn btn-raised mr-2 btn-primary" href="https://npmjs.com/advisories/1179" target="_blank" rel="noopener">More about
-                        this vulnerability</a>
-                    <button type="button" class="btn btn-raised btn-secondary" data-dismiss="modal">Close</button>
-                </div>
-            </div>
-        </div>
-    </div>
     <div class="modal" tabindex="-1" role="dialog" id="advisory-modal-1490">
         <div class="modal-dialog modal-lg" role="document">
             <div class="modal-content">
@@ -344,71 +253,6 @@ <h3>References</h3>
             </div>
         </div>
     </div>
-    <div class="modal" tabindex="-1" role="dialog" id="advisory-modal-1523">
-        <div class="modal-dialog modal-lg" role="document">
-            <div class="modal-content">
-                <div class="modal-header">
-                    <h5 class="modal-title">
-                        <span class="badge badge-primary">low</span>
-                        Prototype Pollution
-                    </h5>
-                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
-                        <span aria-hidden="true">&times;</span>
-                    </button>
-                </div>
-                <div class="modal-body">
-                    <div class="row">
-                        <div class="col-md-6">
-                            <ul>
-                                <li>Module:
-                                    <a href="https://npmjs.com/package/lodash" target="_blank"
-                                        rel="noopener">lodash</a>
-                                </li>
-                                <li>Published: May 20th 2020 </li>
-                                <li>Reported by: posix</li>
-                                <li>CWE-471</li>
-                                <li>CVE-2019-10744</li>
-                            </ul>
-                        </div>
-                        <div class="col-md-6">
-                            <ul>
-                                <li>Vulnerable: &lt;4.17.19</li>
-                                <li>Patched: &gt;&#x3D;4.17.19</li>
-                                <li>Exploitability: 3</li>
-                            </ul>
-                        </div>
-                    </div>
-                    <h3>Overview</h3>
-                    <p class="card-text"><p>Versions of <code>lodash</code> prior to 4.17.19 are vulnerable to Prototype Pollution.  The function <code>zipObjectDeep</code> allows a malicious user to modify the prototype of <code>Object</code> if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.  </p>
-<p>This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.</p>
-</p>
-
-                    <h3>Findings</h3>
-                    <ul>
-                        <li>@adonisjs/sink&gt;mrm-core&gt;lodash </li>
-                        <li>@adonisjs/sink&gt;mrm-core&gt;webpack-merge&gt;lodash </li>
-                    </ul>
-
-                    <h3>Remediation</h3>
-                    <p class="card-text"><p>Upgrade to version 4.17.19 or later.</p>
-</p>
-                     
-                    <h3>References</h3>
-                    <p class="card-text"><ul>
-<li><a href="https://hackerone.com/reports/712065">HackerOne Report</a></li>
-<li><a href="https://github.com/lodash/lodash/issues/4744">GitHub Issue</a></li>
-</ul>
-</p>
-                     
-                </div>
-                <div class="modal-footer">
-                    <a class="btn btn-raised mr-2 btn-primary" href="https://npmjs.com/advisories/1523" target="_blank" rel="noopener">More about
-                        this vulnerability</a>
-                    <button type="button" class="btn btn-raised btn-secondary" data-dismiss="modal">Close</button>
-                </div>
-            </div>
-        </div>
-    </div>
 
     <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
         integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@adonisjs/assembler",
-  "version": "2.1.5",
+  "version": "3.0.0",
   "description": "Core commands to compiler and build AdonisJs project",
   "main": "build/ace-manifest.json",
   "files": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@adonisjs/assembler",`
`3`		`- "version": "2.1.5",`
	`3`	`+ "version": "3.0.0",`
`4`	`4`	`"description": "Core commands to compiler and build AdonisJs project",`
`5`	`5`	`"main": "build/ace-manifest.json",`
`6`	`6`	`"files": [`