From 2656267bea27474c7f805b75b374cdb05cf55d4f Mon Sep 17 00:00:00 2001 From: Feiyang1 Date: Thu, 29 Nov 2018 14:59:13 -0800 Subject: [PATCH] update npm-run-all to avoid potential exploit --- integration/typescript/package.json | 2 +- packages/app/package.json | 2 +- packages/database/package.json | 2 +- packages/firestore/package.json | 2 +- packages/functions/package.json | 2 +- packages/logger/package.json | 2 +- packages/messaging/package.json | 2 +- packages/rxfire/package.json | 2 +- packages/storage/package.json | 2 +- packages/template/package.json | 2 +- packages/util/package.json | 2 +- yarn.lock | 98 ++++++++++------------------- 12 files changed, 45 insertions(+), 75 deletions(-) diff --git a/integration/typescript/package.json b/integration/typescript/package.json index c6de5878c3d..d033d198c29 100644 --- a/integration/typescript/package.json +++ b/integration/typescript/package.json @@ -24,7 +24,7 @@ "karma-spec-reporter": "0.0.32", "karma-typescript": "3.0.12", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "typescript": "2.8.1" } } diff --git a/packages/app/package.json b/packages/app/package.json index 98a550bc260..41b824ac680 100644 --- a/packages/app/package.json +++ b/packages/app/package.json @@ -43,7 +43,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/packages/database/package.json b/packages/database/package.json index 5c8e1e49cff..03490aa5a35 100644 --- a/packages/database/package.json +++ b/packages/database/package.json @@ -45,7 +45,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/packages/firestore/package.json b/packages/firestore/package.json index fd25e6a24e8..6d95de37aef 100644 --- a/packages/firestore/package.json +++ b/packages/firestore/package.json @@ -56,7 +56,7 @@ "long": "3.2.0", "mkdirp": "0.5.1", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "prettier": "1.12.0", "rollup": "0.57.1", diff --git a/packages/functions/package.json b/packages/functions/package.json index 3329c73a75d..9d62ce3f1c1 100644 --- a/packages/functions/package.json +++ b/packages/functions/package.json @@ -40,7 +40,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/packages/logger/package.json b/packages/logger/package.json index b74365350c1..dc241b72967 100644 --- a/packages/logger/package.json +++ b/packages/logger/package.json @@ -32,7 +32,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/packages/messaging/package.json b/packages/messaging/package.json index 19c0e98c7c0..a35944b40be 100644 --- a/packages/messaging/package.json +++ b/packages/messaging/package.json @@ -44,7 +44,7 @@ "karma-sourcemap-loader": "0.3.7", "karma-spec-reporter": "0.0.32", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", "rollup-plugin-node-resolve": "3.3.0", diff --git a/packages/rxfire/package.json b/packages/rxfire/package.json index 3efb3ab8ec8..c9aa6f441ef 100644 --- a/packages/rxfire/package.json +++ b/packages/rxfire/package.json @@ -58,7 +58,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "sinon": "4.5.0", "source-map-loader": "0.2.3", diff --git a/packages/storage/package.json b/packages/storage/package.json index 3f14d59d374..12397c4e8d6 100644 --- a/packages/storage/package.json +++ b/packages/storage/package.json @@ -38,7 +38,7 @@ "karma-sourcemap-loader": "0.3.7", "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", "rollup-plugin-node-resolve": "3.3.0", diff --git a/packages/template/package.json b/packages/template/package.json index 1cd63bda271..2f93acd5cce 100644 --- a/packages/template/package.json +++ b/packages/template/package.json @@ -41,7 +41,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/packages/util/package.json b/packages/util/package.json index eab1661c4ac..ad8de268ee7 100644 --- a/packages/util/package.json +++ b/packages/util/package.json @@ -35,7 +35,7 @@ "karma-spec-reporter": "0.0.32", "karma-webpack": "2.0.9", "mocha": "5.2.0", - "npm-run-all": "4.1.2", + "npm-run-all": "4.1.5", "nyc": "11.6.0", "rollup": "0.57.1", "rollup-plugin-commonjs": "9.1.0", diff --git a/yarn.lock b/yarn.lock index 79ef83c1e03..e9250c25101 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1232,7 +1232,7 @@ ansi-styles@^2.2.1: resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz#b432dd3358b634cf75e1e4664368240533c1ddbe" integrity sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4= -ansi-styles@^3.2.0, ansi-styles@^3.2.1: +ansi-styles@^3.2.1: version "3.2.1" resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d" integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== @@ -2617,7 +2617,7 @@ chalk@^1.0.0, chalk@^1.1.0, chalk@^1.1.1, chalk@^1.1.3: strip-ansi "^3.0.0" supports-color "^2.0.0" -"chalk@^1.1.3 || 2.x": +"chalk@^1.1.3 || 2.x", chalk@^2.4.1: version "2.4.1" resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz#18c49ab16a037b6eb0152cc83e3471338215b66e" integrity sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ== @@ -3575,6 +3575,17 @@ cross-spawn@^5.0.1, cross-spawn@^5.1.0: shebang-command "^1.2.0" which "^1.2.9" +cross-spawn@^6.0.5: + version "6.0.5" + resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz#4a5ec7c64dfae22c3a14124dbacdee846d80cbc4" + integrity sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ== + dependencies: + nice-try "^1.0.4" + path-key "^2.0.1" + semver "^5.5.0" + shebang-command "^1.2.0" + which "^1.2.9" + cryptiles@2.x.x: version "2.0.5" resolved "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz#3bdfecdc608147c1c67202fa291e7dca59eaa3b8" @@ -4150,7 +4161,7 @@ duplexer3@^0.1.4: resolved "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2" integrity sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI= -duplexer@^0.1.1, duplexer@~0.1.1: +duplexer@^0.1.1: version "0.1.1" resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz#ace6ff808c1ce66b57d1ebf97977acb02334cfc1" integrity sha1-rOb/gIwc5mtX0ev5eXessCM0z8E= @@ -4530,19 +4541,6 @@ event-emitter@^0.3.5, event-emitter@~0.3.5: d "1" es5-ext "~0.10.14" -event-stream@~3.3.0: - version "3.3.4" - resolved "http://registry.npmjs.org/event-stream/-/event-stream-3.3.4.tgz#4ab4c9a0f5a54db9338b4c34d86bfce8f4b35571" - integrity sha1-SrTJoPWlTbkzi0w02Gv86PSzVXE= - dependencies: - duplexer "~0.1.1" - from "~0" - map-stream "~0.1.0" - pause-stream "0.0.11" - split "0.3" - stream-combiner "~0.0.4" - through "~2.3.1" - eventemitter3@1.x.x: version "1.2.0" resolved "https://registry.npmjs.org/eventemitter3/-/eventemitter3-1.2.0.tgz#1c86991d816ad1e504750e73874224ecf3bec508" @@ -5332,11 +5330,6 @@ from2@^2.1.1: inherits "^2.0.1" readable-stream "^2.0.0" -from@~0: - version "0.1.7" - resolved "https://registry.npmjs.org/from/-/from-0.1.7.tgz#83c60afc58b9c56997007ed1a768b3ab303a44fe" - integrity sha1-g8YK/Fi5xWmXAH7Rp2izqzA6RP4= - fs-access@^1.0.0: version "1.0.1" resolved "https://registry.npmjs.org/fs-access/-/fs-access-1.0.1.tgz#d6a87f262271cefebec30c553407fb995da8777a" @@ -8693,11 +8686,6 @@ map-obj@^2.0.0: resolved "https://registry.npmjs.org/map-obj/-/map-obj-2.0.0.tgz#a65cd29087a92598b8791257a523e021222ac1f9" integrity sha1-plzSkIepJZi4eRJXpSPgISIqwfk= -map-stream@~0.1.0: - version "0.1.0" - resolved "https://registry.npmjs.org/map-stream/-/map-stream-0.1.0.tgz#e56aa94c4c8055a16404a0674b78f215f7c8e194" - integrity sha1-5WqpTEyAVaFkBKBnS3jyFffI4ZQ= - map-visit@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f" @@ -9256,6 +9244,11 @@ next-tick@1: resolved "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz#ca86d1fe8828169b0120208e3dc8424b9db8342c" integrity sha1-yobR/ogoFpsBICCOPchCS524NCw= +nice-try@^1.0.4: + version "1.0.5" + resolved "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366" + integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== + nise@^1.2.0: version "1.3.2" resolved "https://registry.npmjs.org/nise/-/nise-1.3.2.tgz#fd6fd8dc040dfb3c0a45252feb6ff21832309b14" @@ -9503,17 +9496,17 @@ npm-packlist@^1.1.6: ignore-walk "^3.0.1" npm-bundled "^1.0.1" -npm-run-all@4.1.2: - version "4.1.2" - resolved "https://registry.npmjs.org/npm-run-all/-/npm-run-all-4.1.2.tgz#90d62d078792d20669139e718621186656cea056" - integrity sha512-Z2aRlajMK4SQ8u19ZA75NZZu7wupfCNQWdYosIi8S6FgBdGf/8Y6Hgyjdc8zU2cYmIRVCx1nM80tJPkdEd+UYg== +npm-run-all@4.1.5: + version "4.1.5" + resolved "https://registry.npmjs.org/npm-run-all/-/npm-run-all-4.1.5.tgz#04476202a15ee0e2e214080861bff12a51d98fba" + integrity sha512-Oo82gJDAVcaMdi3nuoKFavkIHBRVqQ1qvMb+9LHk/cF4P6B2m8aP04hGf7oL6wZ9BuGwX1onlLhpuoofSyoQDQ== dependencies: - ansi-styles "^3.2.0" - chalk "^2.1.0" - cross-spawn "^5.1.0" + ansi-styles "^3.2.1" + chalk "^2.4.1" + cross-spawn "^6.0.5" memorystream "^0.3.1" minimatch "^3.0.4" - ps-tree "^1.1.0" + pidtree "^0.3.0" read-pkg "^3.0.0" shell-quote "^1.6.1" string.prototype.padend "^3.0.0" @@ -10124,7 +10117,7 @@ path-is-inside@^1.0.1: resolved "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz#365417dede44430d1c11af61027facf074bdfc53" integrity sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM= -path-key@^2.0.0: +path-key@^2.0.0, path-key@^2.0.1: version "2.0.1" resolved "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz#411cadb574c5a140d3a4b1910d40d80cc9f40b40" integrity sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= @@ -10198,13 +10191,6 @@ pathval@^1.0.0: resolved "https://registry.npmjs.org/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0" integrity sha1-uULm1L3mUwBe9rcTYd74cn0GReA= -pause-stream@0.0.11: - version "0.0.11" - resolved "https://registry.npmjs.org/pause-stream/-/pause-stream-0.0.11.tgz#fe5a34b0cbce12b5aa6a2b403ee2e73b602f1445" - integrity sha1-/lo0sMvOErWqaitAPuLnO2AvFEU= - dependencies: - through "~2.3" - pbkdf2@^3.0.3: version "3.0.14" resolved "https://registry.npmjs.org/pbkdf2/-/pbkdf2-3.0.14.tgz#a35e13c64799b06ce15320f459c230e68e73bade" @@ -10231,6 +10217,11 @@ performance-now@^2.1.0: resolved "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= +pidtree@^0.3.0: + version "0.3.0" + resolved "https://registry.npmjs.org/pidtree/-/pidtree-0.3.0.tgz#f6fada10fccc9f99bf50e90d0b23d72c9ebc2e6b" + integrity sha512-9CT4NFlDcosssyg8KVFltgokyKZIFjoBxw8CTGy+5F38Y1eQWrt8tRayiUOXE+zVKQnYu5BR8JjCtvK3BcnBhg== + pify@^2.0.0, pify@^2.3.0: version "2.3.0" resolved "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c" @@ -10488,13 +10479,6 @@ prr@~1.0.1: resolved "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476" integrity sha1-0/wRS6BplaRexok/SEzrHXj19HY= -ps-tree@^1.1.0: - version "1.1.0" - resolved "https://registry.npmjs.org/ps-tree/-/ps-tree-1.1.0.tgz#b421b24140d6203f1ed3c76996b4427b08e8c014" - integrity sha1-tCGyQUDWID8e08dplrRCewjowBQ= - dependencies: - event-stream "~3.3.0" - pseudomap@^1.0.2: version "1.0.2" resolved "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3" @@ -12111,13 +12095,6 @@ split2@^2.0.0: dependencies: through2 "^2.0.2" -split@0.3: - version "0.3.3" - resolved "https://registry.npmjs.org/split/-/split-0.3.3.tgz#cd0eea5e63a211dfff7eb0f091c4133e2d0dd28f" - integrity sha1-zQ7qXmOiEd//frDwkcQTPi0N0o8= - dependencies: - through "2" - split@^1.0.0: version "1.0.1" resolved "https://registry.npmjs.org/split/-/split-1.0.1.tgz#605bd9be303aa59fb35f9229fbea0ddec9ea07d9" @@ -12202,13 +12179,6 @@ stream-combiner2@^1.1.1: duplexer2 "~0.1.0" readable-stream "^2.0.2" -stream-combiner@~0.0.4: - version "0.0.4" - resolved "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz#4d5e433c185261dde623ca3f44c586bcf5c4ad14" - integrity sha1-TV5DPBhSYd3mI8o/RMWGvPXErRQ= - dependencies: - duplexer "~0.1.1" - stream-events@^1.0.1: version "1.0.3" resolved "https://registry.npmjs.org/stream-events/-/stream-events-1.0.3.tgz#73502d794e9e03607682e0c21948406cc650e54c" @@ -12787,7 +12757,7 @@ through2@^2.0.0, through2@^2.0.1, through2@^2.0.2, through2@^2.0.3, through2@~2. readable-stream "^2.1.5" xtend "~4.0.1" -through@2, "through@>=2.2.7 <3", through@^2.3.4, through@^2.3.6, through@^2.3.8, through@~2.3, through@~2.3.1: +through@2, "through@>=2.2.7 <3", through@^2.3.4, through@^2.3.6, through@^2.3.8: version "2.3.8" resolved "https://registry.npmjs.org/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" integrity sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=