From 8dd7f6e1d4ac29b450a0af17d545ffd17038b005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Tue, 21 Mar 2023 14:49:27 +0100 Subject: [PATCH] fix(core): Force-upgrade `decode-uri-component` to address CVE-2022-38900 (#5734) [GitHub Advisory](https://github.com/advisories/GHSA-w573-4hg7-7wgq) --- package.json | 1 + pnpm-lock.yaml | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index e69c7a2986..b0488bc4f1 100644 --- a/package.json +++ b/package.json @@ -69,6 +69,7 @@ "@types/node": "^16.18.12", "browserslist": "^4.21.4", "chokidar": "3.5.2", + "decode-uri-component": "0.2.2", "ejs": "^3.1.8", "fork-ts-checker-webpack-plugin": "^6.0.4", "jsonwebtoken": "9.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e4d46590b1..6f3f94afec 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -8,6 +8,7 @@ overrides: '@types/node': ^16.18.12 browserslist: ^4.21.4 chokidar: 3.5.2 + decode-uri-component: 0.2.2 ejs: ^3.1.8 fork-ts-checker-webpack-plugin: ^6.0.4 jsonwebtoken: 9.0.0 @@ -9746,15 +9747,9 @@ packages: resolution: {integrity: sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==} dev: true - /decode-uri-component/0.2.0: - resolution: {integrity: sha512-hjf+xovcEn31w/EUYdTXQh/8smFL/dzYjohQGEIgjyNavaJfBY2p5F527Bo1VPATxv0VYTUC2bOcXvqFwk78Og==} - engines: {node: '>=0.10'} - dev: false - /decode-uri-component/0.2.2: resolution: {integrity: sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==} engines: {node: '>=0.10'} - dev: true /dedent/0.7.0: resolution: {integrity: sha512-Q6fKUPqnAHAyhiUgFU7BUzLiv0kd8saH9al7tnu5Q/okj6dnupxyTgFIBjVzJATdfIAm9NAsvXNzjaKa+bxVyA==} @@ -17491,7 +17486,7 @@ packages: resolution: {integrity: sha512-MplouLRDHBZSG9z7fpuAAcI7aAYjDLhtsiVZsevsfaHWDS2IDdORKbSd1kWUA+V4zyva/HZoSfpwnYMMQDhb0w==} engines: {node: '>=6'} dependencies: - decode-uri-component: 0.2.0 + decode-uri-component: 0.2.2 filter-obj: 1.1.0 split-on-first: 1.1.0 strict-uri-encode: 2.0.0