Skip to content

Commit b874a25

Browse files
weirdwizweirdwiz
committed
upgrade minimatch, undici, and underscore.string to secure versions
fixes: - CVE-2025-22150 - CVE-2022-3517 - WS-2017-3772 Signed-off-by: Divyansh Kamboj <[email protected]>
1 parent a680ca7 commit b874a25

File tree

2 files changed

+61
-55
lines changed

2 files changed

+61
-55
lines changed

package.json

+4-1
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,10 @@
194194
"tough-cookie": "^4.1.3",
195195
"webpack": "^5.96.1",
196196
"webpack-bundle-analyzer/ws": "^7.5.10",
197-
"webpack-dev-server/express": "^4.21.0"
197+
"webpack-dev-server/express": "^4.21.0",
198+
"minimatch": "^3.0.5",
199+
"underscore.string": "^3.3.6",
200+
"undici": "^6.21.1"
198201
},
199202
"engines": {
200203
"node": ">=20.x"

yarn.lock

+57-54
Original file line numberDiff line numberDiff line change
@@ -4230,11 +4230,16 @@ ansi-html-community@^0.0.8:
42304230
integrity sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==
42314231

42324232
ansi-regex@^3.0.0:
4233-
version "3.0.1"
4234-
resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.1.tgz#123d6479e92ad45ad897d4054e3c7ca7db4944e1"
4235-
integrity sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw==
4233+
version "3.0.0"
4234+
resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.0.tgz#ed0317c322064f79466c02966bddb605ab37d998"
4235+
integrity sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=
4236+
4237+
ansi-regex@^5.0.0:
4238+
version "5.0.0"
4239+
resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
4240+
integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
42364241

4237-
ansi-regex@^5.0.0, ansi-regex@^5.0.1:
4242+
ansi-regex@^5.0.1:
42384243
version "5.0.1"
42394244
resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
42404245
integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
@@ -4679,13 +4684,6 @@ brace-expansion@^1.1.7:
46794684
balanced-match "^1.0.0"
46804685
concat-map "0.0.1"
46814686

4682-
brace-expansion@^2.0.1:
4683-
version "2.0.1"
4684-
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.1.tgz#1edc459e0f0c548486ecf9fc99f2221364b9a0ae"
4685-
integrity sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==
4686-
dependencies:
4687-
balanced-match "^1.0.0"
4688-
46894687
braces@^3.0.1, braces@^3.0.2, braces@~3.0.2:
46904688
version "3.0.2"
46914689
resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
@@ -5299,10 +5297,10 @@ [email protected]:
52995297
resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
53005298
integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw=
53015299

5302-
cookie@0.6.0:
5303-
version "0.6.0"
5304-
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
5305-
integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
5300+
cookie@0.7.1:
5301+
version "0.7.1"
5302+
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9"
5303+
integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==
53065304

53075305
copy-to-clipboard@^3:
53085306
version "3.3.1"
@@ -6877,16 +6875,16 @@ expect@^29.0.0, expect@^29.7.0:
68776875
jest-util "^29.7.0"
68786876

68796877
express@^4.19.2, express@^4.21.0:
6880-
version "4.21.0"
6881-
resolved "https://registry.yarnpkg.com/express/-/express-4.21.0.tgz#d57cb706d49623d4ac27833f1cbc466b668eb915"
6882-
integrity sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==
6878+
version "4.21.2"
6879+
resolved "https://registry.yarnpkg.com/express/-/express-4.21.2.tgz#cf250e48362174ead6cea4a566abef0162c1ec32"
6880+
integrity sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==
68836881
dependencies:
68846882
accepts "~1.3.8"
68856883
array-flatten "1.1.1"
68866884
body-parser "1.20.3"
68876885
content-disposition "0.5.4"
68886886
content-type "~1.0.4"
6889-
cookie "0.6.0"
6887+
cookie "0.7.1"
68906888
cookie-signature "1.0.6"
68916889
debug "2.6.9"
68926890
depd "2.0.0"
@@ -6900,7 +6898,7 @@ express@^4.19.2, express@^4.21.0:
69006898
methods "~1.1.2"
69016899
on-finished "2.4.1"
69026900
parseurl "~1.3.3"
6903-
path-to-regexp "0.1.10"
6901+
path-to-regexp "0.1.12"
69046902
proxy-addr "~2.0.7"
69056903
qs "6.13.0"
69066904
range-parser "~1.2.1"
@@ -9170,14 +9168,33 @@ json-stringify-safe@^5.0.1, json-stringify-safe@~5.0.1:
91709168
resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
91719169
integrity sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=
91729170

9173-
json5@^1.0.1, json5@^1.0.2:
9171+
json5@^1.0.1:
9172+
version "1.0.1"
9173+
resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz#779fb0018604fa854eacbf6252180d83543e3dbe"
9174+
integrity sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==
9175+
dependencies:
9176+
minimist "^1.2.0"
9177+
9178+
json5@^1.0.2:
91749179
version "1.0.2"
91759180
resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz#63d98d60f21b313b77c4d6da18bfa69d80e1d593"
91769181
integrity sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==
91779182
dependencies:
91789183
minimist "^1.2.0"
91799184

9180-
json5@^2.1.2, json5@^2.2.1, json5@^2.2.3:
9185+
json5@^2.1.2:
9186+
version "2.2.0"
9187+
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.0.tgz#2dfefe720c6ba525d9ebd909950f0515316c89a3"
9188+
integrity sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==
9189+
dependencies:
9190+
minimist "^1.2.5"
9191+
9192+
json5@^2.2.1:
9193+
version "2.2.1"
9194+
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
9195+
integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
9196+
9197+
json5@^2.2.3:
91819198
version "2.2.3"
91829199
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
91839200
integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
@@ -9653,27 +9670,13 @@ minimalistic-assert@^1.0.0:
96539670
resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
96549671
integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
96559672

9656-
minimatch@^3.0.2, minimatch@^3.0.4:
9657-
version "3.0.4"
9658-
resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083"
9659-
integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==
9660-
dependencies:
9661-
brace-expansion "^1.1.7"
9662-
9663-
minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2:
9673+
minimatch@^3.0.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2, minimatch@^9.0.4:
96649674
version "3.1.2"
96659675
resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
96669676
integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
96679677
dependencies:
96689678
brace-expansion "^1.1.7"
96699679

9670-
minimatch@^9.0.4:
9671-
version "9.0.5"
9672-
resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.5.tgz#d74f9dd6b57d83d8e98cfb82133b03978bc929e5"
9673-
integrity sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==
9674-
dependencies:
9675-
brace-expansion "^2.0.1"
9676-
96779680
minimist@^1.1.0, minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6, minimist@^1.2.8:
96789681
version "1.2.8"
96799682
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
@@ -10218,10 +10221,10 @@ path-posix@^1.0.0:
1021810221
resolved "https://registry.yarnpkg.com/path-posix/-/path-posix-1.0.0.tgz#06b26113f56beab042545a23bfa88003ccac260f"
1021910222
integrity sha1-BrJhE/Vr6rBCVFojv6iAA8ysJg8=
1022010223

10221-
[email protected].10:
10222-
version "0.1.10"
10223-
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b"
10224-
integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==
10224+
[email protected].12:
10225+
version "0.1.12"
10226+
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.12.tgz#d5e1a12e478a976d432ef3c58d534b9923164bb7"
10227+
integrity sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==
1022510228

1022610229
path-to-regexp@^1.7.0:
1022710230
version "1.9.0"
@@ -11621,10 +11624,10 @@ spdy@^4.0.2:
1162111624
select-hose "^2.0.0"
1162211625
spdy-transport "^3.0.0"
1162311626

11624-
sprintf-js@^1.0.3:
11625-
version "1.1.2"
11626-
resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673"
11627-
integrity sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug==
11627+
sprintf-js@^1.1.1:
11628+
version "1.1.3"
11629+
resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.3.tgz#4914b903a2f8b685d17fdf78a70e917e872e444a"
11630+
integrity sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==
1162811631

1162911632
sprintf-js@~1.0.2:
1163011633
version "1.0.3"
@@ -12452,18 +12455,18 @@ unbox-primitive@^1.0.2:
1245212455
has-symbols "^1.0.3"
1245312456
which-boxed-primitive "^1.0.2"
1245412457

12455-
underscore.string@~3.3.4:
12456-
version "3.3.5"
12457-
resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.5.tgz#fc2ad255b8bd309e239cbc5816fd23a9b7ea4023"
12458-
integrity sha512-g+dpmgn+XBneLmXXo+sGlW5xQEt4ErkS3mgeN2GFbremYeMBSJKr9Wf2KJplQVaiPY/f7FN6atosWYNm9ovrYg==
12458+
underscore.string@^3.3.6, underscore.string@~3.3.4:
12459+
version "3.3.6"
12460+
resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.6.tgz#ad8cf23d7423cb3b53b898476117588f4e2f9159"
12461+
integrity sha512-VoC83HWXmCrF6rgkyxS9GHv8W9Q5nhMKho+OadDJGzL2oDYbYEppBaCMH6pFlwLeqj2QS+hhkw2kpXkSdD1JxQ==
1245912462
dependencies:
12460-
sprintf-js "^1.0.3"
12463+
sprintf-js "^1.1.1"
1246112464
util-deprecate "^1.0.2"
1246212465

12463-
undici@^6.19.5:
12464-
version "6.20.1"
12465-
resolved "https://registry.yarnpkg.com/undici/-/undici-6.20.1.tgz#fbb87b1e2b69d963ff2d5410a40ffb4c9e81b621"
12466-
integrity sha512-AjQF1QsmqfJys+LXfGTNum+qw4S88CojRInG/6t31W/1fk6G59s92bnAvGz5Cmur+kQv2SURXEvvudLmbrE8QA==
12466+
undici@^6.19.5, undici@^6.21.1:
12467+
version "6.21.2"
12468+
resolved "https://registry.yarnpkg.com/undici/-/undici-6.21.2.tgz#49c5884e8f9039c65a89ee9018ef3c8e2f1f4928"
12469+
integrity sha512-uROZWze0R0itiAKVPsYhFov9LxrPMHLMEQFszeI2gCN6bnIIZ8twzBCJcN2LJrBBLfrP0t1FW0g+JmKVl8Vk1g==
1246712470

1246812471
unicorn-magic@^0.1.0:
1246912472
version "0.1.0"

0 commit comments

Comments
 (0)