fix(core): Upgrade sqlite3 to address CVE-2022-43441 (#5732)

[GitHub Advisory](https://github.com/advisories/GHSA-jqv5-7xpx-qj74)
2024-11-09 22:24:05 -08:00 · 2023-03-21 09:48:22 +01:00 · 2023-03-21 09:48:22 +01:00 · fd81c74251
parent 564bc03d3f
commit fd81c74251
2 changed files with 18 additions and 37 deletions
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -195,7 +195,7 @@
    "semver": "^7.3.8",
    "shelljs": "^0.8.5",
    "source-map-support": "^0.5.21",
-    "sqlite3": "^5.1.4",
+    "sqlite3": "^5.1.6",
    "sse-channel": "^4.0.0",
    "swagger-ui-express": "^4.3.0",
    "syslog-client": "^1.1.1",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -237,7 +237,7 @@ importers:
      semver: ^7.3.8
      shelljs: ^0.8.5
      source-map-support: ^0.5.21
-      sqlite3: ^5.1.4
+      sqlite3: ^5.1.6
      sse-channel: ^4.0.0
      swagger-ui-express: ^4.3.0
      syslog-client: ^1.1.1
@ -334,12 +334,12 @@ importers:
      semver: 7.3.8
      shelljs: 0.8.5
      source-map-support: 0.5.21
-      sqlite3: 5.1.4
+      sqlite3: 5.1.6
      sse-channel: 4.0.0
      swagger-ui-express: 4.5.0_express@4.18.2
      syslog-client: 1.1.1
      typedi: 0.10.0_syy565ld7euwcedfbmx53j2qc4
-      typeorm: 0.3.12_pgelcv6ef3switkrteavpif3pq
+      typeorm: 0.3.12_xhn75toxsyq5eybpqzthgymf2a
      uuid: 8.3.2
      validator: 13.7.0
      winston: 3.8.2
@ -1302,7 +1302,7 @@ packages:
      '@types/node-fetch': 2.6.2
      '@types/tunnel': 0.0.3
      form-data: 4.0.0
-      node-fetch: 2.6.7
+      node-fetch: 2.6.8
      process: 0.11.10
      tough-cookie: 4.1.2
      tslib: 2.5.0
@ -3673,12 +3673,12 @@ packages:
      detect-libc: 2.0.1
      https-proxy-agent: 5.0.1
      make-dir: 3.1.0
-      node-fetch: 2.6.7
+      node-fetch: 2.6.8
      nopt: 5.0.0
      npmlog: 5.0.1
      rimraf: 3.0.2
      semver: 7.3.8
-      tar: 6.1.11
+      tar: 6.1.13
    transitivePeerDependencies:
      - encoding
      - supports-color
@ -7661,7 +7661,7 @@ packages:
      core-js: 3.27.2
      handlebars: 4.7.7
      lodash.uniqby: 4.7.0
-      node-fetch: 2.6.7
+      node-fetch: 2.6.8
      parse-github-url: 1.0.2
      regenerator-runtime: 0.13.9
      semver: 6.3.0
@ -15062,7 +15062,7 @@ packages:
      https-proxy-agent: 5.0.1
      is-lambda: 1.0.1
      lru-cache: 6.0.0
-      minipass: 3.3.4
+      minipass: 3.3.6
      minipass-collect: 1.0.2
      minipass-fetch: 1.4.1
      minipass-flush: 1.0.5
@ -15331,7 +15331,7 @@ packages:
    resolution: {integrity: sha512-CGH1eblLq26Y15+Azk7ey4xh0J/XfJfrCox5LDJiKqI2Q2iwOLOKrlmIaODiSQS8d18jalF6y2K2ePUm0CmShw==}
    engines: {node: '>=8'}
    dependencies:
-      minipass: 3.3.4
+      minipass: 3.3.6
      minipass-sized: 1.0.3
      minizlib: 2.1.2
    optionalDependencies:
@ -15359,17 +15359,10 @@ packages:
    resolution: {integrity: sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==}
    engines: {node: '>=8'}
    dependencies:
-      minipass: 3.3.4
+      minipass: 3.3.6
    dev: false
    optional: true

-  /minipass/3.3.4:
-    resolution: {integrity: sha512-I9WPbWHCGu8W+6k1ZiGpPu0GkoKBeorkfKNuAFBNS1HNFJvke82sxvI5bzcCNpWPorkOO5QQ+zomzzwRxejXiw==}
-    engines: {node: '>=8'}
-    dependencies:
-      yallist: 4.0.0
-    dev: false
-
  /minipass/3.3.6:
    resolution: {integrity: sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==}
    engines: {node: '>=8'}
@ -15795,6 +15788,7 @@ packages:
        optional: true
    dependencies:
      whatwg-url: 5.0.0
+    dev: true

  /node-fetch/2.6.8:
    resolution: {integrity: sha512-RZ6dBYuj8dRSfxpUSu+NsdF1dpPpluJxwOp+6IoDp/sH2QNDSvurYsAa+F1WxY2RjA1iP93xhcsUoYbF2XBqVg==}
@ -15806,7 +15800,6 @@ packages:
        optional: true
    dependencies:
      whatwg-url: 5.0.0
-    dev: true

  /node-forge/1.3.1:
    resolution: {integrity: sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==}
@ -15831,7 +15824,7 @@ packages:
      npmlog: 6.0.2
      rimraf: 3.0.2
      semver: 7.3.8
-      tar: 6.1.11
+      tar: 6.1.13
      which: 2.0.2
    transitivePeerDependencies:
      - bluebird
@ -18934,8 +18927,8 @@ packages:
    resolution: {integrity: sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug==}
    dev: false

-  /sqlite3/5.1.4:
-    resolution: {integrity: sha512-i0UlWAzPlzX3B5XP2cYuhWQJsTtlMD6obOa1PgeEQ4DHEXUuyJkgv50I3isqZAP5oFc2T8OFvakmDh2W6I+YpA==}
+  /sqlite3/5.1.6:
+    resolution: {integrity: sha512-olYkWoKFVNSSSQNvxVUfjiVbz3YtBwTJj+mfV5zpHmqW3sELx2Cf4QCdirMelhM5Zh+KDVaKgQHqCxrqiWHybw==}
    requiresBuild: true
    peerDependenciesMeta:
      node-gyp:
@ -18943,7 +18936,7 @@ packages:
    dependencies:
      '@mapbox/node-pre-gyp': 1.0.10
      node-addon-api: 4.3.0
-      tar: 6.1.11
+      tar: 6.1.13
    optionalDependencies:
      node-gyp: 8.4.1
    transitivePeerDependencies:
@ -19528,18 +19521,6 @@ packages:
      readable-stream: 3.6.0
    dev: true

-  /tar/6.1.11:
-    resolution: {integrity: sha512-an/KZQzQUkZCkuoAA64hM92X0Urb6VpRhAFllDzz44U2mcD5scmT3zBc4VgVpkugF580+DQn8eAFSyoQt0tznA==}
-    engines: {node: '>= 10'}
-    dependencies:
-      chownr: 2.0.0
-      fs-minipass: 2.1.0
-      minipass: 3.3.4
-      minizlib: 2.1.2
-      mkdirp: 1.0.4
-      yallist: 4.0.0
-    dev: false
-
  /tar/6.1.13:
    resolution: {integrity: sha512-jdIBIN6LTIe2jqzay/2vtYLlBHa3JF42ot3h1dW8Q0PaAG4v8rm0cvpVePtau5C6OKXGGcgO9q2AMNSWxiLqKw==}
    engines: {node: '>=10'}
@ -20243,7 +20224,7 @@ packages:
    dev: false
    patched: true

-  /typeorm/0.3.12_pgelcv6ef3switkrteavpif3pq:
+  /typeorm/0.3.12_xhn75toxsyq5eybpqzthgymf2a:
    resolution: {integrity: sha512-sYSxBmCf1nJLLTcYtwqZ+lQIRtLPyUoO93rHTOKk9vJCyT4UfRtU7oRsJvfvKP3nnZTD1hzz2SEy2zwPEN6OyA==}
    engines: {node: '>= 12.9.0'}
    hasBin: true
@ -20317,7 +20298,7 @@ packages:
      pg: 8.8.0
      reflect-metadata: 0.1.13
      sha.js: 2.4.11
-      sqlite3: 5.1.4
+      sqlite3: 5.1.6
      tslib: 2.5.0
      uuid: 9.0.0
      xml2js: 0.4.23