diff --git a/build-tools/package.json b/build-tools/package.json index a717c2f3afec..d914c33f796d 100644 --- a/build-tools/package.json +++ b/build-tools/package.json @@ -154,7 +154,8 @@ "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", "mdast-util-to-hast: overridden to ^13.2.1 to fix a known vulnerability (unsanitized class attribute injection).", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "overrides": { "@types/glob>@types/minimatch": "~5.1.2", @@ -171,7 +172,8 @@ "oclif>@aws-sdk/client-s3": "-", "qs": "^6.15.0", "simple-git": "^3.32.3", - "sharp": "^0.34.5" + "sharp": "^0.34.5", + "tar": "^7.5.11" }, "updateConfig": { "ignoreDependencies": [ diff --git a/build-tools/packages/build-infrastructure/src/test/data/testRepo/pnpm-lock.yaml b/build-tools/packages/build-infrastructure/src/test/data/testRepo/pnpm-lock.yaml index 69ee7ea35644..8761db2b2b57 100644 --- a/build-tools/packages/build-infrastructure/src/test/data/testRepo/pnpm-lock.yaml +++ b/build-tools/packages/build-infrastructure/src/test/data/testRepo/pnpm-lock.yaml @@ -273,8 +273,8 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - js-yaml@3.14.1: - resolution: {integrity: sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==} + js-yaml@3.14.2: + resolution: {integrity: sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==} hasBin: true jsonfile@4.0.0: @@ -545,7 +545,7 @@ snapshots: '@changesets/parse@0.4.0': dependencies: '@changesets/types': 6.0.0 - js-yaml: 3.14.1 + js-yaml: 3.14.2 '@changesets/pre@2.0.1': dependencies: @@ -731,7 +731,7 @@ snapshots: isexe@2.0.0: {} - js-yaml@3.14.1: + js-yaml@3.14.2: dependencies: argparse: 1.0.10 esprima: 4.0.1 @@ -796,7 +796,7 @@ snapshots: read-yaml-file@1.1.0: dependencies: graceful-fs: 4.2.11 - js-yaml: 3.14.1 + js-yaml: 3.14.2 pify: 4.0.1 strip-bom: 3.0.0 diff --git a/build-tools/pnpm-lock.yaml b/build-tools/pnpm-lock.yaml index e02cd8530bf8..11862b86e7d4 100644 --- a/build-tools/pnpm-lock.yaml +++ b/build-tools/pnpm-lock.yaml @@ -20,6 +20,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 sharp: ^0.34.5 + tar: ^7.5.11 importers: @@ -1513,6 +1514,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@istanbuljs/schema@0.1.3': resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==} engines: {node: '>=8'} @@ -2498,6 +2503,10 @@ packages: resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} + chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} engines: {node: '>=6.0'} @@ -4467,6 +4476,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mkdirp@0.5.6: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true @@ -5464,9 +5477,9 @@ packages: resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==} engines: {node: '>=6'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} temp-dir@3.0.0: resolution: {integrity: sha512-nHc6S/bwIilKHNRgK/3jlhDoIHcp45YgyiwcAk46Tr0LfEqGBVpmiAyuiuxeVE44m3mXnEeVhaipLOEWmH+Njw==} @@ -5950,6 +5963,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.1: resolution: {integrity: sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==} engines: {node: '>= 14.6'} @@ -6873,6 +6890,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@istanbuljs/schema@0.1.3': {} '@jridgewell/gen-mapping@0.3.2': @@ -7912,7 +7933,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -7929,7 +7950,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 cacheable-lookup@7.0.0: {} @@ -8033,6 +8054,8 @@ snapshots: chownr@2.0.0: {} + chownr@3.0.0: {} + chrome-trace-event@1.0.3: {} ci-info@3.9.0: {} @@ -10381,6 +10404,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mkdirp@0.5.6: dependencies: minimist: 1.2.8 @@ -10492,7 +10519,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -10784,7 +10811,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.6.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -11578,14 +11605,13 @@ snapshots: tapable@2.3.0: {} - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 temp-dir@3.0.0: {} @@ -12074,6 +12100,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.1: {} yargs-parser@20.2.9: {} diff --git a/common/lib/common-utils/package.json b/common/lib/common-utils/package.json index 4edf463203db..26abec23cbda 100644 --- a/common/lib/common-utils/package.json +++ b/common/lib/common-utils/package.json @@ -160,7 +160,8 @@ "oclif includes some AWS-related features, but we don't use them, so we drop those dependencies entirely via pnpm overrides. This helps reduce lockfile churn since the deps release very frequently.", "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "overrides": { "js-yaml@<4": "^3.14.2", @@ -170,7 +171,8 @@ "oclif>@aws-sdk/client-s3": "-", "qs": "^6.15.0", "simple-git": "^3.32.3", - "sharp": "^0.33.2" + "sharp": "^0.33.2", + "tar": "^7.5.11" }, "patchedDependencies": { "@microsoft/api-extractor@7.52.11": "../../../patches/@microsoft__api-extractor@7.52.11.patch" diff --git a/common/lib/common-utils/pnpm-lock.yaml b/common/lib/common-utils/pnpm-lock.yaml index 022d09c1ce69..c595c011afbe 100644 --- a/common/lib/common-utils/pnpm-lock.yaml +++ b/common/lib/common-utils/pnpm-lock.yaml @@ -13,6 +13,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 sharp: ^0.33.2 + tar: ^7.5.11 patchedDependencies: '@microsoft/api-extractor@7.52.11': @@ -762,6 +763,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@istanbuljs/load-nyc-config@1.1.0': resolution: {integrity: sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==} engines: {node: '>=8'} @@ -2016,6 +2021,10 @@ packages: resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} + chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} engines: {node: '>=6.0'} @@ -4210,6 +4219,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mitt@3.0.1: resolution: {integrity: sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==} @@ -5343,10 +5356,9 @@ packages: tar-stream@3.1.7: resolution: {integrity: sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} terser-webpack-plugin@5.3.15: resolution: {integrity: sha512-PGkOdpRFK+rb1TzVz+msVhw4YMRT9txLF4kRqvJhGhCM324xuR3REBSHALN+l+sAhKUmz0aotnjp5D+P83mLhQ==} @@ -5861,6 +5873,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.2: resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==} engines: {node: '>= 14.6'} @@ -6693,6 +6709,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@istanbuljs/load-nyc-config@1.1.0': dependencies: camelcase: 5.3.1 @@ -8274,7 +8294,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -8292,7 +8312,7 @@ snapshots: p-map: 4.0.0 promise-inflight: 1.0.1 ssri: 10.0.3 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 transitivePeerDependencies: - bluebird @@ -8401,6 +8421,8 @@ snapshots: chownr@2.0.0: {} + chownr@3.0.0: {} + chrome-trace-event@1.0.3: {} chromium-bidi@0.8.0(devtools-protocol@0.0.1354347): @@ -11166,6 +11188,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mitt@3.0.1: {} mkdirp@0.5.6: @@ -11275,7 +11301,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -11597,7 +11623,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.4.0 ssri: 10.0.3 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -12550,14 +12576,13 @@ snapshots: fast-fifo: 1.3.2 streamx: 2.22.0 - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 terser-webpack-plugin@5.3.15(webpack@5.103.0): dependencies: @@ -13135,6 +13160,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.2: {} yargs-parser@20.2.9: {} diff --git a/common/lib/protocol-definitions/package.json b/common/lib/protocol-definitions/package.json index 165261838a70..c71c6c47719c 100644 --- a/common/lib/protocol-definitions/package.json +++ b/common/lib/protocol-definitions/package.json @@ -118,7 +118,8 @@ "oclif includes some AWS-related features, but we don't use them, so we drop those transitive dependencies entirely from the dependency graph. This helps reduce lockfile churn since the deps release very frequently.", "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "onlyBuiltDependencies": [ "core-js", @@ -140,7 +141,8 @@ "oclif>@aws-sdk/client-s3": "-", "qs": "^6.15.0", "simple-git": "^3.32.3", - "sharp": "^0.33.2" + "sharp": "^0.33.2", + "tar": "^7.5.11" }, "patchedDependencies": { "@microsoft/api-extractor@7.52.11": "../../../patches/@microsoft__api-extractor@7.52.11.patch" diff --git a/common/lib/protocol-definitions/pnpm-lock.yaml b/common/lib/protocol-definitions/pnpm-lock.yaml index 76344737019f..58df8550fb7a 100644 --- a/common/lib/protocol-definitions/pnpm-lock.yaml +++ b/common/lib/protocol-definitions/pnpm-lock.yaml @@ -12,6 +12,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 sharp: ^0.33.2 + tar: ^7.5.11 patchedDependencies: '@microsoft/api-extractor@7.52.11': @@ -513,6 +514,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@jridgewell/gen-mapping@0.3.3': resolution: {integrity: sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==} engines: {node: '>=6.0.0'} @@ -1382,6 +1387,10 @@ packages: resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} + chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} engines: {node: '>=6.0'} @@ -2814,6 +2823,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mkdirp@1.0.4: resolution: {integrity: sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==} engines: {node: '>=10'} @@ -3654,10 +3667,9 @@ packages: resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==} engines: {node: '>=6'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} terser-webpack-plugin@5.3.15: resolution: {integrity: sha512-PGkOdpRFK+rb1TzVz+msVhw4YMRT9txLF4kRqvJhGhCM324xuR3REBSHALN+l+sAhKUmz0aotnjp5D+P83mLhQ==} @@ -4019,6 +4031,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.2: resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==} engines: {node: '>= 14.6'} @@ -4645,6 +4661,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@jridgewell/gen-mapping@0.3.3': dependencies: '@jridgewell/set-array': 1.1.2 @@ -5665,7 +5685,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -5682,7 +5702,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 cacheable-lookup@7.0.0: {} @@ -5769,6 +5789,8 @@ snapshots: chownr@2.0.0: {} + chownr@3.0.0: {} + chrome-trace-event@1.0.3: {} ci-info@3.8.0: {} @@ -7412,6 +7434,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mkdirp@1.0.4: {} mkdirp@3.0.1: {} @@ -7477,7 +7503,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -7727,7 +7753,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.4.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -8381,14 +8407,13 @@ snapshots: tapable@2.3.0: {} - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 terser-webpack-plugin@5.3.15(webpack@5.103.0): dependencies: @@ -8754,6 +8779,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.2: {} yargs-parser@20.2.9: {} diff --git a/package.json b/package.json index 1c4d326cf28a..18e1ed2968d3 100644 --- a/package.json +++ b/package.json @@ -378,7 +378,7 @@ "oclif>@aws-sdk/client-cloudfront": "-", "oclif>@aws-sdk/client-s3": "-", "axios@<0.30.0": "^0.30.0", - "tar": ">=7.5.7" + "tar": "^7.5.11" }, "peerDependencyComments": [ "The react-split-pane package used by devtools-view has a peer dependency on React 16, but it doesn't seem to be maintained and it works fine with React 18. TODO: AB#18876", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0148c2795917..c2929f72f8e6 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,7 +32,7 @@ overrides: oclif>@aws-sdk/client-cloudfront: '-' oclif>@aws-sdk/client-s3: '-' axios@<0.30.0: ^0.30.0 - tar: '>=7.5.7' + tar: ^7.5.11 pnpmfileChecksum: sha256-UgK94jvekjDphs6M2itZJZ9CcCzYY0xcxZhNXJw7D28= @@ -2155,115 +2155,6 @@ importers: specifier: ^6.0.1 version: 6.0.1 - examples/benchmarks/odspsnapshotfetch-perftestapp: - dependencies: - '@fluidframework/core-utils': - specifier: workspace:~ - version: link:../../../packages/common/core-utils - '@fluidframework/driver-definitions': - specifier: workspace:~ - version: link:../../../packages/common/driver-definitions - '@fluidframework/driver-utils': - specifier: workspace:~ - version: link:../../../packages/loader/driver-utils - '@fluidframework/odsp-doclib-utils': - specifier: workspace:~ - version: link:../../../packages/utils/odsp-doclib-utils - '@fluidframework/odsp-driver': - specifier: workspace:~ - version: link:../../../packages/drivers/odsp-driver - '@fluidframework/odsp-urlresolver': - specifier: workspace:~ - version: link:../../../packages/drivers/odsp-urlResolver - '@fluidframework/telemetry-utils': - specifier: workspace:~ - version: link:../../../packages/utils/telemetry-utils - '@fluidframework/tool-utils': - specifier: workspace:~ - version: link:../../../packages/utils/tool-utils - express: - specifier: ^4.21.2 - version: 4.21.2 - webpack-dev-server: - specifier: ~4.15.2 - version: 4.15.2(webpack-cli@5.1.4)(webpack@5.103.0) - devDependencies: - '@biomejs/biome': - specifier: ~2.4.5 - version: 2.4.5 - '@fluid-tools/build-cli': - specifier: catalog:buildTools - version: 0.63.0(@types/node@20.19.30)(encoding@0.1.13)(webpack-cli@5.1.4) - '@fluidframework/build-common': - specifier: ^2.0.3 - version: 2.0.3 - '@fluidframework/build-tools': - specifier: catalog:buildTools - version: 0.63.0(@types/node@20.19.30) - '@fluidframework/eslint-config-fluid': - specifier: workspace:~ - version: link:../../../common/build/eslint-config-fluid - '@types/express': - specifier: ^4.17.21 - version: 4.17.21 - '@types/fs-extra': - specifier: ^9.0.11 - version: 9.0.13 - '@types/node': - specifier: ~20.19.30 - version: 20.19.30 - '@types/webpack-hot-middleware': - specifier: ^2.25.9 - version: 2.25.9(webpack-cli@5.1.4) - buffer: - specifier: ^6.0.3 - version: 6.0.3 - c8: - specifier: ^10.1.3 - version: 10.1.3 - css-loader: - specifier: ^7.1.2 - version: 7.1.2(webpack@5.103.0) - eslint: - specifier: ~9.39.1 - version: 9.39.1(jiti@2.6.1) - fs-extra: - specifier: ^9.1.0 - version: 9.1.0 - jiti: - specifier: ^2.6.1 - version: 2.6.1 - rimraf: - specifier: ^6.1.3 - version: 6.1.3 - source-map-loader: - specifier: ^5.0.0 - version: 5.0.0(webpack@5.103.0) - style-loader: - specifier: ^4.0.0 - version: 4.0.0(webpack@5.103.0) - ts-loader: - specifier: ^9.5.1 - version: 9.5.1(typescript@5.4.5)(webpack@5.103.0) - typescript: - specifier: ~5.4.5 - version: 5.4.5 - webpack: - specifier: ^5.94.0 - version: 5.103.0(webpack-cli@5.1.4) - webpack-cli: - specifier: ^5.1.4 - version: 5.1.4(webpack-dev-server@4.15.2)(webpack@5.103.0) - webpack-dev-middleware: - specifier: ^7.1.1 - version: 7.4.2(webpack@5.103.0) - webpack-hot-middleware: - specifier: ^2.25.3 - version: 2.26.1 - webpack-merge: - specifier: ^6.0.1 - version: 6.0.1 - examples/benchmarks/tablebench: dependencies: '@fluid-internal/client-utils': @@ -19266,24 +19157,6 @@ packages: '@json2csv/plainjs@7.0.6': resolution: {integrity: sha512-4Md7RPDCSYpmW1HWIpWBOqCd4vWfIqm53S3e/uzQ62iGi7L3r34fK/8nhOMEe+/eVfCx8+gdSCt1d74SlacQHw==} - '@jsonjoy.com/base64@1.1.2': - resolution: {integrity: sha512-q6XAnWQDIMA3+FTiOYajoYqySkO+JSat0ytXGSuRdq9uXE7o92gzuQwQM14xaCRlBLGq3v5miDGC4vkVTn54xA==} - engines: {node: '>=10.0'} - peerDependencies: - tslib: '2' - - '@jsonjoy.com/json-pack@1.1.1': - resolution: {integrity: sha512-osjeBqMJ2lb/j/M8NCPjs1ylqWIcTRTycIhVB5pt6LgzgeRSb0YRZ7j9RfA8wIUrsr/medIuhVyonXRZWLyfdw==} - engines: {node: '>=10.0'} - peerDependencies: - tslib: '2' - - '@jsonjoy.com/util@1.5.0': - resolution: {integrity: sha512-ojoNsrIuPI9g6o8UxhraZQSyF2ByJanAY4cTFbc8Mf2AXEF4aQRGY1dJxyJpuyav8r9FGflEt/Ff3u5Nt6YMPA==} - engines: {node: '>=10.0'} - peerDependencies: - tslib: '2' - '@juggle/resize-observer@3.4.0': resolution: {integrity: sha512-dfLbk+PwWvFzSxwk3n5ySL0hfBog779o8h68wK/7/APo/7cgyWp5jcXockbxdk5kFRkbeXWm4Fbi9FrdN381sA==} @@ -20388,9 +20261,6 @@ packages: '@types/valid-url@1.0.7': resolution: {integrity: sha512-tgsWVG80dM5PVEBSbXUttPJTBCOo0IKbBh4R4z/SHsC5C81A3aaUH4fsbj+JYk7fopApU/Mao1c0EWTE592TSg==} - '@types/webpack-hot-middleware@2.25.9': - resolution: {integrity: sha512-fad4T9VfocBjS2fZxlqkGoXoVUAjVp0EEnKBRqPwnhEEDN/FqJoFkSP5t9O1gPH75qsyG2kkT/GSUqSNTn1ZPg==} - '@types/wrap-ansi@3.0.0': resolution: {integrity: sha512-ltIpx+kM7g/MLRZfkbL7EsCEjfzCcScLpkg37eXEtx5kmrAKBkTJwd1GIAjDSL8wTpM6Hzn5YO4pSb91BEwu1g==} @@ -23509,10 +23379,6 @@ packages: humanize-ms@1.2.1: resolution: {integrity: sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==} - hyperdyperid@1.2.0: - resolution: {integrity: sha512-Y93lCzHYgGWdrJ66yIktxiaGULYc6oGiABxhcO5AufBeOyoIdZF7bIfLaOrbM0iGIOXQQgxxRrFEnb+Y6w1n4A==} - engines: {node: '>=10.18'} - hyperlinker@1.0.0: resolution: {integrity: sha512-Ty8UblRWFEcfSuIaajM34LdPXIhbs1ajEX/BBPv24J+enSVaEVY63xQ6lTO9VRYS5LAoghIG0IDJ+p+IPzKUQQ==} engines: {node: '>=4'} @@ -24795,10 +24661,6 @@ packages: resolution: {integrity: sha512-UERzLsxzllchadvbPs5aolHh65ISpKpM+ccLbOJ8/vvpBKmAWf+la7dXFy7Mr0ySHbdHrFv5kGFCUHHe6GFEmw==} engines: {node: '>= 4.0.0'} - memfs@4.15.0: - resolution: {integrity: sha512-q9MmZXd2rRWHS6GU3WEm3HyiXZyyoA1DqdOhEq0lxPBmKb5S7IAOwX0RgUCwJfqjelDCySa5h8ujOy24LqsWcw==} - engines: {node: '>= 4.0.0'} - memoize@10.2.0: resolution: {integrity: sha512-DeC6b7QBrZsRs3Y02A6A7lQyzFbsQbqgjI6UW0GigGWV+u1s25TycMr0XHZE4cJce7rY/vyw2ctMQqfDkIhUEA==} engines: {node: '>=18'} @@ -27274,8 +27136,8 @@ packages: tar-stream@3.1.7: resolution: {integrity: sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==} - tar@7.5.7: - resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==} + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} engines: {node: '>=18'} temp@0.9.4: @@ -27332,12 +27194,6 @@ packages: thenify@3.3.1: resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==} - thingies@1.21.0: - resolution: {integrity: sha512-hsqsJsFMsV+aD4s3CWKk85ep/3I9XzYV/IXaSouJMYIoDlgyi11cBhsqYe9/geRfB0YIikBQg6raRaM+nIMP9g==} - engines: {node: '>=10.18'} - peerDependencies: - tslib: ^2 - through2@2.0.5: resolution: {integrity: sha512-/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==} @@ -27435,12 +27291,6 @@ packages: traverse@0.6.6: resolution: {integrity: sha512-kdf4JKs8lbARxWdp7RKdNzoJBhGUcIalSYibuGyHJbmk40pOysQ0+QPvlkCOICOivDWU2IJo2rkrxyTK2AH4fw==} - tree-dump@1.0.2: - resolution: {integrity: sha512-dpev9ABuLWdEubk+cIaI9cHwRNNDjkBBLXTwI4UCUFdQ5xXKqNXoK4FEciw/vxf+NQ7Cb7sGUyeUtORvHIdRXQ==} - engines: {node: '>=10.0'} - peerDependencies: - tslib: '2' - tree-kill@1.2.2: resolution: {integrity: sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==} hasBin: true @@ -28051,15 +27901,6 @@ packages: peerDependencies: webpack: ^4.0.0 || ^5.0.0 - webpack-dev-middleware@7.4.2: - resolution: {integrity: sha512-xOO8n6eggxnwYpy1NlzUKpvrjfJTvae5/D6WOK0S2LSo7vjmo5gCM1DbLUmFqrMTJP+W/0YZNctm7jasWvLuBA==} - engines: {node: '>= 18.12.0'} - peerDependencies: - webpack: ^5.0.0 - peerDependenciesMeta: - webpack: - optional: true - webpack-dev-server@4.15.2: resolution: {integrity: sha512-0XavAZbNJ5sDrCbkpWL8mia0o5WPOd2YGtxrEiZkBK9FjLppIUK2TgxK6qGD2P3hUXTJNNPVibrerKcx5WkR1g==} engines: {node: '>= 12.13.0'} @@ -28073,9 +27914,6 @@ packages: webpack-cli: optional: true - webpack-hot-middleware@2.26.1: - resolution: {integrity: sha512-khZGfAeJx6I8K9zKohEWWYN6KDlVw2DHownoe+6Vtwj1LP9WFgegXnVMSkZ/dBEBtXFwrkkydsaPFlB7f8wU2A==} - webpack-merge@5.10.0: resolution: {integrity: sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA==} engines: {node: '>=10.0.0'} @@ -32546,22 +32384,6 @@ snapshots: '@json2csv/formatters': 7.0.6 '@streamparser/json': 0.0.20 - '@jsonjoy.com/base64@1.1.2(tslib@2.8.1)': - dependencies: - tslib: 2.8.1 - - '@jsonjoy.com/json-pack@1.1.1(tslib@2.8.1)': - dependencies: - '@jsonjoy.com/base64': 1.1.2(tslib@2.8.1) - '@jsonjoy.com/util': 1.5.0(tslib@2.8.1) - hyperdyperid: 1.2.0 - thingies: 1.21.0(tslib@2.8.1) - tslib: 2.8.1 - - '@jsonjoy.com/util@1.5.0(tslib@2.8.1)': - dependencies: - tslib: 2.8.1 - '@juggle/resize-observer@3.4.0': {} '@kwsites/file-exists@1.1.1': @@ -33978,17 +33800,6 @@ snapshots: '@types/valid-url@1.0.7': {} - '@types/webpack-hot-middleware@2.25.9(webpack-cli@5.1.4)': - dependencies: - '@types/connect': 3.4.38 - tapable: 2.3.0 - webpack: 5.103.0(webpack-cli@5.1.4) - transitivePeerDependencies: - - '@swc/core' - - esbuild - - uglify-js - - webpack-cli - '@types/wrap-ansi@3.0.0': {} '@types/ws@6.0.4': @@ -34284,7 +34095,7 @@ snapshots: dependencies: axios: 1.13.5(debug@4.4.3) rimraf: 5.0.10 - tar: 7.5.7 + tar: 7.5.11 unzipper: 0.10.14 transitivePeerDependencies: - debug @@ -35058,7 +34869,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 7.5.7 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -35075,7 +34886,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.6 - tar: 7.5.7 + tar: 7.5.11 unique-filename: 3.0.0 cacheable-lookup@7.0.0: {} @@ -37572,8 +37383,6 @@ snapshots: dependencies: ms: 2.1.3 - hyperdyperid@1.2.0: {} - hyperlinker@1.0.0: {} iconv-lite@0.4.24: @@ -39254,13 +39063,6 @@ snapshots: dependencies: fs-monkey: 1.1.0 - memfs@4.15.0: - dependencies: - '@jsonjoy.com/json-pack': 1.1.1(tslib@2.8.1) - '@jsonjoy.com/util': 1.5.0(tslib@2.8.1) - tree-dump: 1.0.2(tslib@2.8.1) - tslib: 2.8.1 - memoize@10.2.0: dependencies: mimic-function: 5.0.1 @@ -39909,7 +39711,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 7.5.7 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -40332,7 +40134,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.9.0 ssri: 10.0.6 - tar: 7.5.7 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -42401,7 +42203,7 @@ snapshots: fast-fifo: 1.3.2 streamx: 2.21.0 - tar@7.5.7: + tar@7.5.11: dependencies: '@isaacs/fs-minipass': 4.0.1 chownr: 3.0.0 @@ -42472,10 +42274,6 @@ snapshots: dependencies: any-promise: 1.3.0 - thingies@1.21.0(tslib@2.8.1): - dependencies: - tslib: 2.8.1 - through2@2.0.5: dependencies: readable-stream: 2.3.8 @@ -42607,10 +42405,6 @@ snapshots: traverse@0.6.6: {} - tree-dump@1.0.2(tslib@2.8.1): - dependencies: - tslib: 2.8.1 - tree-kill@1.2.2: {} triple-beam@1.4.1: {} @@ -43338,17 +43132,6 @@ snapshots: schema-utils: 4.3.3 webpack: 5.103.0(webpack-cli@5.1.4) - webpack-dev-middleware@7.4.2(webpack@5.103.0): - dependencies: - colorette: 2.0.20 - memfs: 4.15.0 - mime-types: 2.1.35 - on-finished: 2.4.1 - range-parser: 1.2.1 - schema-utils: 4.3.3 - optionalDependencies: - webpack: 5.103.0(webpack-cli@5.1.4) - webpack-dev-server@4.15.2(debug@4.4.3)(webpack-cli@5.1.4)(webpack@5.103.0): dependencies: '@types/bonjour': 3.5.13 @@ -43431,12 +43214,6 @@ snapshots: - supports-color - utf-8-validate - webpack-hot-middleware@2.26.1: - dependencies: - ansi-html-community: 0.0.8 - html-entities: 2.6.0 - strip-ansi: 6.0.1 - webpack-merge@5.10.0: dependencies: clone-deep: 4.0.1 diff --git a/server/gitrest/package.json b/server/gitrest/package.json index fd5297e4f973..127810fd8485 100644 --- a/server/gitrest/package.json +++ b/server/gitrest/package.json @@ -82,7 +82,8 @@ "oclif includes some AWS-related features, but we don't use them, so we drop those dependencies entirely via overrides. This helps reduce lockfile churn since the deps release very frequently.", "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "overrides": { "@fluidframework/eslint-config-fluid": "link:../../common/build/eslint-config-fluid", @@ -96,7 +97,8 @@ "js-yaml@>=4": "^4.1.1", "qs": "^6.15.0", "simple-git": "^3.32.3", - "sharp": "^0.33.2" + "sharp": "^0.33.2", + "tar": "^7.5.11" }, "onlyBuiltDependencies": [ "core-js", diff --git a/server/gitrest/pnpm-lock.yaml b/server/gitrest/pnpm-lock.yaml index dc1ba1ea613f..4efdd1810f52 100644 --- a/server/gitrest/pnpm-lock.yaml +++ b/server/gitrest/pnpm-lock.yaml @@ -17,6 +17,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 sharp: ^0.33.2 + tar: ^7.5.11 importers: @@ -843,6 +844,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@istanbuljs/schema@0.1.3': resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==} engines: {node: '>=8'} @@ -1741,6 +1746,10 @@ packages: resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} + chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} engines: {node: '>=6.0'} @@ -3508,6 +3517,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mkdirp@1.0.4: resolution: {integrity: sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==} engines: {node: '>=10'} @@ -4525,10 +4538,9 @@ packages: resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==} engines: {node: '>=6'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} terser-webpack-plugin@5.3.15: resolution: {integrity: sha512-PGkOdpRFK+rb1TzVz+msVhw4YMRT9txLF4kRqvJhGhCM324xuR3REBSHALN+l+sAhKUmz0aotnjp5D+P83mLhQ==} @@ -4959,6 +4971,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.2: resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==} engines: {node: '>= 14.6'} @@ -5731,6 +5747,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@istanbuljs/schema@0.1.3': {} '@jridgewell/gen-mapping@0.3.3': @@ -6726,7 +6746,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -6744,7 +6764,7 @@ snapshots: p-map: 4.0.0 promise-inflight: 1.0.1 ssri: 10.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 transitivePeerDependencies: - bluebird @@ -6847,6 +6867,8 @@ snapshots: chownr@2.0.0: {} + chownr@3.0.0: {} + chrome-trace-event@1.0.3: {} ci-info@3.9.0: {} @@ -8832,6 +8854,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mkdirp@1.0.4: {} mkdirp@3.0.1: {} @@ -8949,7 +8975,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.4 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -9238,7 +9264,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.7.0 ssri: 10.0.1 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -10042,14 +10068,13 @@ snapshots: tapable@2.3.0: {} - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 terser-webpack-plugin@5.3.15(webpack@5.103.0): dependencies: @@ -10488,6 +10513,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.2: {} yargs-parser@20.2.9: {} diff --git a/server/historian/package.json b/server/historian/package.json index 4ab2cef11e5b..55997595d353 100644 --- a/server/historian/package.json +++ b/server/historian/package.json @@ -74,7 +74,8 @@ "eslint is overridden to v9 for flat config support across all packages", "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "overrides": { "@fluidframework/eslint-config-fluid": "link:../../common/build/eslint-config-fluid", @@ -90,6 +91,7 @@ "qs": "^6.15.0", "simple-git": "^3.32.3", "socket.io-parser": "^4.2.4", + "tar": "^7.5.11", "sharp": "^0.33.2" }, "onlyBuiltDependencies": [ diff --git a/server/historian/pnpm-lock.yaml b/server/historian/pnpm-lock.yaml index 1067e15d0b7e..e620a4213adc 100644 --- a/server/historian/pnpm-lock.yaml +++ b/server/historian/pnpm-lock.yaml @@ -18,6 +18,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 socket.io-parser: ^4.2.4 + tar: ^7.5.11 sharp: ^0.33.2 importers: @@ -813,6 +814,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@istanbuljs/schema@0.1.3': resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==} engines: {node: '>=8'} @@ -1797,6 +1802,10 @@ packages: resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} + chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} engines: {node: '>=6.0'} @@ -3644,6 +3653,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mkdirp@0.5.6: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true @@ -4784,10 +4797,9 @@ packages: resolution: {integrity: sha512-rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A==} engines: {node: '>= 0.8.0'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} telegrafjs@0.1.3: resolution: {integrity: sha512-OdLXhCp8yxXz9uY8xH5q55COtU89eOAwVZStcGJU1CLDsDnC7ON12I5cHJaaXvSfTaP309eh7IGsY72Q0hGrww==} @@ -5235,6 +5247,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.2: resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==} engines: {node: '>= 14.6'} @@ -6086,6 +6102,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@istanbuljs/schema@0.1.3': {} '@jridgewell/gen-mapping@0.3.3': @@ -7186,7 +7206,7 @@ snapshots: promise-inflight: 1.0.1 rimraf: 3.0.2 ssri: 9.0.1 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 2.0.1 transitivePeerDependencies: - bluebird @@ -7203,7 +7223,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 cacheable-lookup@7.0.0: {} @@ -7311,6 +7331,8 @@ snapshots: chownr@2.0.0: {} + chownr@3.0.0: {} + chrome-trace-event@1.0.3: {} ci-info@3.8.0: {} @@ -9401,6 +9423,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mkdirp@0.5.6: dependencies: minimist: 1.2.8 @@ -9550,7 +9576,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - bluebird @@ -9851,7 +9877,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.4.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -10773,14 +10799,13 @@ snapshots: to-buffer: 1.2.1 xtend: 4.0.2 - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 telegrafjs@0.1.3: {} @@ -11243,6 +11268,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.2: {} yargs-parser@20.2.9: {} diff --git a/server/routerlicious/package.json b/server/routerlicious/package.json index 30adc5235293..d26173a74cf4 100644 --- a/server/routerlicious/package.json +++ b/server/routerlicious/package.json @@ -152,7 +152,8 @@ "qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.", "js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).", "systeminformation: overridden to ^5.31.0 to resolve command injection vulnerabilities.", - "simple-git: overridden to ^3.32.3 to resolve a CG alert." + "simple-git: overridden to ^3.32.3 to resolve a CG alert.", + "tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport)." ], "overrides": { "@typescript-eslint/tsconfig-utils": "8.52.0", @@ -181,6 +182,7 @@ "qs": "^6.15.0", "simple-git": "^3.32.3", "systeminformation": "^5.31.0", + "tar": "^7.5.11", "socket.io-parser": "^4.2.4", "zookeeper": "^7.2.0" }, diff --git a/server/routerlicious/pnpm-lock.yaml b/server/routerlicious/pnpm-lock.yaml index 24335963e35e..f88e0529c011 100644 --- a/server/routerlicious/pnpm-lock.yaml +++ b/server/routerlicious/pnpm-lock.yaml @@ -31,6 +31,7 @@ overrides: qs: ^6.15.0 simple-git: ^3.32.3 systeminformation: ^5.31.0 + tar: ^7.5.11 socket.io-parser: ^4.2.4 zookeeper: ^7.2.0 @@ -2822,6 +2823,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@istanbuljs/schema@0.1.3': resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==} engines: {node: '>=8'} @@ -4368,9 +4373,9 @@ packages: chownr@1.1.4: resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==} - chownr@2.0.0: - resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} - engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} chrome-trace-event@1.0.3: resolution: {integrity: sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==} @@ -5415,10 +5420,6 @@ packages: resolution: {integrity: sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==} engines: {node: '>=6 <7 || >=8'} - fs-minipass@2.1.0: - resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==} - engines: {node: '>= 8'} - fs-minipass@3.0.2: resolution: {integrity: sha512-2GAfyfoaCDRrM6jaOS3UsBts8yJ55VioXdWcOL7dK9zdAuKT71+WBA4ifnNYqVjYv+4SsPxjK0JT4yIIn4cA/g==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -6762,6 +6763,10 @@ packages: resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} + mkdirp@0.5.6: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true @@ -8317,10 +8322,9 @@ packages: resolution: {integrity: sha512-rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A==} engines: {node: '>= 0.8.0'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} - deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me + tar@7.5.11: + resolution: {integrity: sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==} + engines: {node: '>=18'} telegrafjs@0.1.3: resolution: {integrity: sha512-OdLXhCp8yxXz9uY8xH5q55COtU89eOAwVZStcGJU1CLDsDnC7ON12I5cHJaaXvSfTaP309eh7IGsY72Q0hGrww==} @@ -8920,6 +8924,10 @@ packages: yallist@4.0.0: resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} + yaml@2.8.2: resolution: {integrity: sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==} engines: {node: '>= 14.6'} @@ -10305,6 +10313,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@istanbuljs/schema@0.1.3': {} '@jridgewell/gen-mapping@0.3.13': @@ -12097,7 +12109,7 @@ snapshots: minipass-pipeline: 1.2.4 p-map: 4.0.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 unique-filename: 3.0.0 cacheable-lookup@7.0.0: {} @@ -12240,7 +12252,7 @@ snapshots: chownr@1.1.4: optional: true - chownr@2.0.0: {} + chownr@3.0.0: {} chrome-trace-event@1.0.3: {} @@ -13442,10 +13454,6 @@ snapshots: jsonfile: 4.0.0 universalify: 0.1.2 - fs-minipass@2.1.0: - dependencies: - minipass: 3.3.6 - fs-minipass@3.0.2: dependencies: minipass: 5.0.0 @@ -15018,6 +15026,10 @@ snapshots: minipass: 3.3.6 yallist: 4.0.0 + minizlib@3.1.0: + dependencies: + minipass: 7.1.2 + mkdirp@0.5.6: dependencies: minimist: 1.2.8 @@ -15215,7 +15227,7 @@ snapshots: npmlog: 6.0.2 rimraf: 3.0.2 semver: 7.7.3 - tar: 6.2.1 + tar: 7.5.11 which: 2.0.2 transitivePeerDependencies: - supports-color @@ -15602,7 +15614,7 @@ snapshots: read-package-json-fast: 3.0.2 sigstore: 1.6.0 ssri: 10.0.4 - tar: 6.2.1 + tar: 7.5.11 transitivePeerDependencies: - bluebird - supports-color @@ -16928,14 +16940,13 @@ snapshots: to-buffer: 1.2.1 xtend: 4.0.2 - tar@6.2.1: + tar@7.5.11: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 telegrafjs@0.1.3: {} @@ -17598,6 +17609,8 @@ snapshots: yallist@4.0.0: {} + yallist@5.0.0: {} + yaml@2.8.2: {} yargs-parser@20.2.9: {}