Skip to content

Commit 1175238

Browse files
twrichardstwrichards
authored
Merge pull request #392 from guardian/sh/address-tar-vulnerable-dependency
Bumps ts-node-dev to latest and adds resolution for vulnerable tar de…
2 parents d0dc0de + 9c47fbf commit 1175238

File tree

8 files changed

+69
-81
lines changed

8 files changed

+69
-81
lines changed

archiver-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
},
1212
"devDependencies": {
1313
"@aws-sdk/client-lambda": "^3.995.0",
14-
"ts-node-dev": "^1.0.0"
14+
"ts-node-dev": "^2.0.0"
1515
},
1616
"dependencies": {
1717
"postgres": "^3.2.4"

bootstrapping-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
"jest": "^29.3.1",
2323
"ts-jest": "^29.0.3",
2424
"ts-node": "^10.9.1",
25-
"ts-node-dev": "^1.0.0"
25+
"ts-node-dev": "^2.0.0"
2626
},
2727
"dependencies": {
2828
"@codegenie/serverless-express": "^4.16.0",

database-bridge-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
"watch": "ts-node-dev --respawn run.ts"
1111
},
1212
"devDependencies": {
13-
"ts-node-dev": "^1.0.0"
13+
"ts-node-dev": "^2.0.0"
1414
},
1515
"dependencies": {
1616
"postgres": "^3.2.4"

email-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
"@aws-sdk/client-lambda": "^3.995.0",
1414
"@aws-sdk/client-ses": "^3.995.0",
1515
"@types/react": "16.9.56",
16-
"ts-node-dev": "^1.0.0"
16+
"ts-node-dev": "^2.0.0"
1717
},
1818
"dependencies": {
1919
"postgres": "^3.2.4",

notifications-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
},
1212
"devDependencies": {
1313
"@types/web-push": "^3.3.2",
14-
"ts-node-dev": "^1.1.8"
14+
"ts-node-dev": "^2.0.0"
1515
},
1616
"dependencies": {
1717
"web-push": "^3.5.0"

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@
6363
},
6464
"resolutions": {
6565
"cdk@1.0.0/cross-spawn": "^7.0.5",
66-
"client@1.0.0/cross-spawn": "^7.0.5"
66+
"client@1.0.0/cross-spawn": "^7.0.5",
67+
"tar": "^7.5.9"
6768
},
6869
"lint-staged": {
6970
"**/*.{ts, tsx}": "eslint --fix",

users-refresher-lambda/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
"devDependencies": {
1414
"@aws-sdk/client-s3": "^3.995.0",
1515
"@types/iniparser": "^0.0.29",
16-
"ts-node-dev": "^1.0.0"
16+
"ts-node-dev": "^2.0.0"
1717
},
1818
"dependencies": {
1919
"@googleapis/admin": "9.0.1",

yarn.lock

Lines changed: 61 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -3955,6 +3955,15 @@ __metadata:
39553955
languageName: node
39563956
linkType: hard
39573957

3958+
"@isaacs/fs-minipass@npm:^4.0.0":
3959+
version: 4.0.1
3960+
resolution: "@isaacs/fs-minipass@npm:4.0.1"
3961+
dependencies:
3962+
minipass: "npm:^7.0.4"
3963+
checksum: 10c0/c25b6dc1598790d5b55c0947a9b7d111cfa92594db5296c3b907e2f533c033666f692a3939eadac17b1c7c40d362d0b0635dc874cbfe3e70db7c2b07cc97a5d2
3964+
languageName: node
3965+
linkType: hard
3966+
39583967
"@istanbuljs/load-nyc-config@npm:^1.0.0":
39593968
version: 1.1.0
39603969
resolution: "@istanbuljs/load-nyc-config@npm:1.1.0"
@@ -6726,7 +6735,7 @@ __metadata:
67266735
dependencies:
67276736
"@aws-sdk/client-lambda": "npm:^3.995.0"
67286737
postgres: "npm:^3.2.4"
6729-
ts-node-dev: "npm:^1.0.0"
6738+
ts-node-dev: "npm:^2.0.0"
67306739
languageName: unknown
67316740
linkType: soft
67326741

@@ -7270,7 +7279,7 @@ __metadata:
72707279
jose: "npm:^4.3.7"
72717280
ts-jest: "npm:^29.0.3"
72727281
ts-node: "npm:^10.9.1"
7273-
ts-node-dev: "npm:^1.0.0"
7282+
ts-node-dev: "npm:^2.0.0"
72747283
languageName: unknown
72757284
linkType: soft
72767285

@@ -7622,10 +7631,10 @@ __metadata:
76227631
languageName: node
76237632
linkType: hard
76247633

7625-
"chownr@npm:^2.0.0":
7626-
version: 2.0.0
7627-
resolution: "chownr@npm:2.0.0"
7628-
checksum: 10c0/594754e1303672171cc04e50f6c398ae16128eb134a88f801bf5354fd96f205320f23536a045d9abd8b51024a149696e51231565891d4efdab8846021ecf88e6
7634+
"chownr@npm:^3.0.0":
7635+
version: 3.0.0
7636+
resolution: "chownr@npm:3.0.0"
7637+
checksum: 10c0/43925b87700f7e3893296c8e9c56cc58f926411cce3a6e5898136daaf08f08b9a8eb76d37d3267e707d0dcc17aed2e2ebdf5848c0c3ce95cf910a919935c1b10
76297638
languageName: node
76307639
linkType: hard
76317640

@@ -8304,7 +8313,7 @@ __metadata:
83048313
resolution: "database-bridge-lambda@workspace:database-bridge-lambda"
83058314
dependencies:
83068315
postgres: "npm:^3.2.4"
8307-
ts-node-dev: "npm:^1.0.0"
8316+
ts-node-dev: "npm:^2.0.0"
83088317
languageName: unknown
83098318
linkType: soft
83108319

@@ -8741,7 +8750,7 @@ __metadata:
87418750
preact-render-to-string: "npm:^6.0.3"
87428751
react: "npm:@preact/compat@*"
87438752
react-dom: "npm:@preact/compat@*"
8744-
ts-node-dev: "npm:^1.0.0"
8753+
ts-node-dev: "npm:^2.0.0"
87458754
languageName: unknown
87468755
linkType: soft
87478756

@@ -9909,15 +9918,6 @@ __metadata:
99099918
languageName: node
99109919
linkType: hard
99119920

9912-
"fs-minipass@npm:^2.0.0":
9913-
version: 2.1.0
9914-
resolution: "fs-minipass@npm:2.1.0"
9915-
dependencies:
9916-
minipass: "npm:^3.0.0"
9917-
checksum: 10c0/703d16522b8282d7299337539c3ed6edddd1afe82435e4f5b76e34a79cd74e488a8a0e26a636afc2440e1a23b03878e2122e3a2cfe375a5cf63c37d92b86a004
9918-
languageName: node
9919-
linkType: hard
9920-
99219921
"fs-minipass@npm:^3.0.0":
99229922
version: 3.0.3
99239923
resolution: "fs-minipass@npm:3.0.3"
@@ -12766,7 +12766,7 @@ __metadata:
1276612766
languageName: node
1276712767
linkType: hard
1276812768

12769-
"minimist@npm:^1.2.0, minimist@npm:^1.2.5":
12769+
"minimist@npm:^1.2.0, minimist@npm:^1.2.5, minimist@npm:^1.2.6":
1277012770
version: 1.2.8
1277112771
resolution: "minimist@npm:1.2.8"
1277212772
checksum: 10c0/19d3fcdca050087b84c2029841a093691a91259a47def2f18222f41e7645a0b7c44ef4b40e88a1e58a40c84d2ef0ee6047c55594d298146d0eb3f6b737c20ce6
@@ -12833,21 +12833,14 @@ __metadata:
1283312833
languageName: node
1283412834
linkType: hard
1283512835

12836-
"minipass@npm:^5.0.0":
12837-
version: 5.0.0
12838-
resolution: "minipass@npm:5.0.0"
12839-
checksum: 10c0/a91d8043f691796a8ac88df039da19933ef0f633e3d7f0d35dcd5373af49131cf2399bfc355f41515dc495e3990369c3858cd319e5c2722b4753c90bf3152462
12840-
languageName: node
12841-
linkType: hard
12842-
12843-
"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.0.2, minipass@npm:^7.0.3, minipass@npm:^7.1.2":
12844-
version: 7.1.2
12845-
resolution: "minipass@npm:7.1.2"
12846-
checksum: 10c0/b0fd20bb9fb56e5fa9a8bfac539e8915ae07430a619e4b86ff71f5fc757ef3924b23b2c4230393af1eda647ed3d75739e4e0acb250a6b1eb277cf7f8fe449557
12836+
"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.0.2, minipass@npm:^7.0.3, minipass@npm:^7.0.4, minipass@npm:^7.1.2":
12837+
version: 7.1.3
12838+
resolution: "minipass@npm:7.1.3"
12839+
checksum: 10c0/539da88daca16533211ea5a9ee98dc62ff5742f531f54640dd34429e621955e91cc280a91a776026264b7f9f6735947629f920944e9c1558369e8bf22eb33fbb
1284712840
languageName: node
1284812841
linkType: hard
1284912842

12850-
"minizlib@npm:^2.1.1, minizlib@npm:^2.1.2":
12843+
"minizlib@npm:^2.1.2":
1285112844
version: 2.1.2
1285212845
resolution: "minizlib@npm:2.1.2"
1285312846
dependencies:
@@ -12857,7 +12850,16 @@ __metadata:
1285712850
languageName: node
1285812851
linkType: hard
1285912852

12860-
"mkdirp@npm:^1.0.3, mkdirp@npm:^1.0.4":
12853+
"minizlib@npm:^3.1.0":
12854+
version: 3.1.0
12855+
resolution: "minizlib@npm:3.1.0"
12856+
dependencies:
12857+
minipass: "npm:^7.1.2"
12858+
checksum: 10c0/5aad75ab0090b8266069c9aabe582c021ae53eb33c6c691054a13a45db3b4f91a7fb1bd79151e6b4e9e9a86727b522527c0a06ec7d45206b745d54cd3097bcec
12859+
languageName: node
12860+
linkType: hard
12861+
12862+
"mkdirp@npm:^1.0.4":
1286112863
version: 1.0.4
1286212864
resolution: "mkdirp@npm:1.0.4"
1286312865
bin:
@@ -13092,7 +13094,7 @@ __metadata:
1309213094
resolution: "notifications-lambda@workspace:notifications-lambda"
1309313095
dependencies:
1309413096
"@types/web-push": "npm:^3.3.2"
13095-
ts-node-dev: "npm:^1.1.8"
13097+
ts-node-dev: "npm:^2.0.0"
1309613098
web-push: "npm:^3.5.0"
1309713099
languageName: unknown
1309813100
linkType: soft
@@ -15676,17 +15678,16 @@ __metadata:
1567615678
languageName: node
1567715679
linkType: hard
1567815680

15679-
"tar@npm:^6.1.11, tar@npm:^6.1.2":
15680-
version: 6.2.1
15681-
resolution: "tar@npm:6.2.1"
15681+
"tar@npm:^7.5.9":
15682+
version: 7.5.9
15683+
resolution: "tar@npm:7.5.9"
1568215684
dependencies:
15683-
chownr: "npm:^2.0.0"
15684-
fs-minipass: "npm:^2.0.0"
15685-
minipass: "npm:^5.0.0"
15686-
minizlib: "npm:^2.1.1"
15687-
mkdirp: "npm:^1.0.3"
15688-
yallist: "npm:^4.0.0"
15689-
checksum: 10c0/a5eca3eb50bc11552d453488344e6507156b9193efd7635e98e867fab275d527af53d8866e2370cd09dfe74378a18111622ace35af6a608e5223a7d27fe99537
15685+
"@isaacs/fs-minipass": "npm:^4.0.0"
15686+
chownr: "npm:^3.0.0"
15687+
minipass: "npm:^7.1.2"
15688+
minizlib: "npm:^3.1.0"
15689+
yallist: "npm:^5.0.0"
15690+
checksum: 10c0/e870beb1b2477135ca2abe86b2d18f7b35d0a4e3a37bbc523d3b8f7adca268dfab543f26528a431d569897f8c53a7cac745cdfbc4411c2f89aeeacc652b81b0a
1569015691
languageName: node
1569115692
linkType: hard
1569215693

@@ -15938,19 +15939,19 @@ __metadata:
1593815939
languageName: node
1593915940
linkType: hard
1594015941

15941-
"ts-node-dev@npm:^1.0.0, ts-node-dev@npm:^1.1.8":
15942-
version: 1.1.8
15943-
resolution: "ts-node-dev@npm:1.1.8"
15942+
"ts-node-dev@npm:^2.0.0":
15943+
version: 2.0.0
15944+
resolution: "ts-node-dev@npm:2.0.0"
1594415945
dependencies:
1594515946
chokidar: "npm:^3.5.1"
1594615947
dynamic-dedupe: "npm:^0.3.0"
15947-
minimist: "npm:^1.2.5"
15948+
minimist: "npm:^1.2.6"
1594815949
mkdirp: "npm:^1.0.4"
1594915950
resolve: "npm:^1.0.0"
1595015951
rimraf: "npm:^2.6.1"
1595115952
source-map-support: "npm:^0.5.12"
1595215953
tree-kill: "npm:^1.2.2"
15953-
ts-node: "npm:^9.0.0"
15954+
ts-node: "npm:^10.4.0"
1595415955
tsconfig: "npm:^7.0.0"
1595515956
peerDependencies:
1595615957
node-notifier: "*"
@@ -15961,7 +15962,7 @@ __metadata:
1596115962
bin:
1596215963
ts-node-dev: lib/bin.js
1596315964
tsnd: lib/bin.js
15964-
checksum: 10c0/72d17b916ead2b3a1a8ec123bc093b0fb2363af54722fed1a5305336ccdfb716125ec6f14c29a11958d360a4d1f726ef5c9d3033093999ab2e7cdff11c0075f5
15965+
checksum: 10c0/34f81407ede9284eccf47139e22bc85511c6d70e2b8dfae91c917ababc09ba947cc0791549ee7b2e5a69d26de40eedb23c6bdb4fac689ed07a302813bf966faa
1596515966
languageName: node
1596615967
linkType: hard
1596715968

@@ -15985,9 +15986,9 @@ __metadata:
1598515986
languageName: node
1598615987
linkType: hard
1598715988

15988-
"ts-node@npm:^10.9.1":
15989-
version: 10.9.1
15990-
resolution: "ts-node@npm:10.9.1"
15989+
"ts-node@npm:^10.4.0, ts-node@npm:^10.9.1":
15990+
version: 10.9.2
15991+
resolution: "ts-node@npm:10.9.2"
1599115992
dependencies:
1599215993
"@cspotcode/source-map-support": "npm:^0.8.0"
1599315994
"@tsconfig/node10": "npm:^1.0.7"
@@ -16019,28 +16020,7 @@ __metadata:
1601916020
ts-node-script: dist/bin-script.js
1602016021
ts-node-transpile-only: dist/bin-transpile.js
1602116022
ts-script: dist/bin-script-deprecated.js
16022-
checksum: 10c0/95187932fb83f3901e22546bd2feeac7d2feb4f412f42ac3a595f049a23e8dcf70516dffb51866391228ea2dbcfaea039e250fb2bb334d48a86ab2b6aea0ae2d
16023-
languageName: node
16024-
linkType: hard
16025-
16026-
"ts-node@npm:^9.0.0":
16027-
version: 9.1.1
16028-
resolution: "ts-node@npm:9.1.1"
16029-
dependencies:
16030-
arg: "npm:^4.1.0"
16031-
create-require: "npm:^1.1.0"
16032-
diff: "npm:^4.0.1"
16033-
make-error: "npm:^1.1.1"
16034-
source-map-support: "npm:^0.5.17"
16035-
yn: "npm:3.1.1"
16036-
peerDependencies:
16037-
typescript: ">=2.7"
16038-
bin:
16039-
ts-node: dist/bin.js
16040-
ts-node-script: dist/bin-script.js
16041-
ts-node-transpile-only: dist/bin-transpile.js
16042-
ts-script: dist/bin-script-deprecated.js
16043-
checksum: 10c0/e0f904090aba4b3496fdfca640cfd92c1f5a41fa303b0ccb40f49be160699687a97a4dd5f57200646a3b83528952611d1c5ad5804ee25f338b017e7b1c13f0f4
16023+
checksum: 10c0/5f29938489f96982a25ba650b64218e83a3357d76f7bede80195c65ab44ad279c8357264639b7abdd5d7e75fc269a83daa0e9c62fd8637a3def67254ecc9ddc2
1604416024
languageName: node
1604516025
linkType: hard
1604616026

@@ -16413,7 +16393,7 @@ __metadata:
1641316393
"@types/iniparser": "npm:^0.0.29"
1641416394
iniparser: "npm:^1.0.5"
1641516395
postgres: "npm:^3.2.4"
16416-
ts-node-dev: "npm:^1.0.0"
16396+
ts-node-dev: "npm:^2.0.0"
1641716397
languageName: unknown
1641816398
linkType: soft
1641916399

@@ -17043,6 +17023,13 @@ __metadata:
1704317023
languageName: node
1704417024
linkType: hard
1704517025

17026+
"yallist@npm:^5.0.0":
17027+
version: 5.0.0
17028+
resolution: "yallist@npm:5.0.0"
17029+
checksum: 10c0/a499c81ce6d4a1d260d4ea0f6d49ab4da09681e32c3f0472dee16667ed69d01dae63a3b81745a24bd78476ec4fcf856114cb4896ace738e01da34b2c42235416
17030+
languageName: node
17031+
linkType: hard
17032+
1704617033
"yaml-ast-parser@npm:^0.0.43":
1704717034
version: 0.0.43
1704817035
resolution: "yaml-ast-parser@npm:0.0.43"

0 commit comments

Comments
 (0)