Skip to content

Commit

Permalink
fix: replace node-ipc with @achrinza/node-ipc to further secure t…
Browse files Browse the repository at this point in the history
…he dependency chain
  • Loading branch information
haoqunjiang committed Mar 22, 2022
1 parent dd53f26 commit 75826d6
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 21 deletions.
2 changes: 1 addition & 1 deletion packages/@vue/cli-shared-utils/lib/ipc.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
const ipc = require('node-ipc')
const ipc = require('@achrinza/node-ipc')

const DEFAULT_ID = process.env.VUE_CLI_IPC || 'vue-cli'
const DEFAULT_IDLE_TIMEOUT = 3000
Expand Down
2 changes: 1 addition & 1 deletion packages/@vue/cli-shared-utils/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"launch-editor": "^2.2.1",
"lru-cache": "^6.0.0",
"node-fetch": "^2.6.7",
"node-ipc": "9.2.1",
"@achrinza/node-ipc": "9.2.2",
"open": "^8.0.2",
"ora": "^5.3.0",
"read-pkg": "^5.1.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/@vue/cli-ui/apollo-server/util/ipc.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
const ipc = require('node-ipc')
const ipc = require('@achrinza/node-ipc')
// Utils
const { log, dumpObject } = require('../util/logger')

Expand Down
2 changes: 1 addition & 1 deletion packages/@vue/cli-ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
"lodash.merge": "^4.6.1",
"lowdb": "^1.0.0",
"lru-cache": "^6.0.0",
"node-ipc": "9.2.1",
"@achrinza/node-ipc": "9.2.2",
"node-notifier": "^10.0.0",
"parse-git-config": "^3.0.0",
"portfinder": "^1.0.26",
Expand Down
34 changes: 17 additions & 17 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,15 @@
# yarn lockfile v1


"@achrinza/node-ipc@9.2.2":
version "9.2.2"
resolved "https://registry.yarnpkg.com/@achrinza/node-ipc/-/node-ipc-9.2.2.tgz#ae1b5d3d6a9362034eea60c8d946b93893c2e4ec"
integrity sha512-b90U39dx0cU6emsOvy5hxU4ApNXnE3+Tuo8XQZfiKTGelDwpMwBVgBP7QX6dGTcJgu/miyJuNJ/2naFBliNWEw==
dependencies:
"@node-ipc/js-queue" "2.0.3"
event-pubsub "4.3.0"
js-message "1.0.7"

"@akryum/winattr@^3.0.0":
version "3.0.0"
resolved "https://registry.yarnpkg.com/@akryum/winattr/-/winattr-3.0.0.tgz#c345d49f8415583897e345729c12b3503927dd11"
Expand Down Expand Up @@ -2824,6 +2833,13 @@
pathval "1.1.1"
type-detect "4.0.5"

"@node-ipc/js-queue@2.0.3":
version "2.0.3"
resolved "https://registry.yarnpkg.com/@node-ipc/js-queue/-/js-queue-2.0.3.tgz#ac7fe33d766fa53e233ef8fedaf3443a01c5a4cd"
integrity sha512-fL1wpr8hhD5gT2dA1qifeVaoDFlQR5es8tFuKqjHX+kdOtdNHnxkVZbtIrR2rxnMFvehkjaZRNV2H/gPXlb0hw==
dependencies:
easy-stack "1.0.1"

"@nodelib/fs.scandir@2.1.5":
version "2.1.5"
resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
Expand Down Expand Up @@ -8622,7 +8638,7 @@ duplexer@^0.1.1, duplexer@^0.1.2, duplexer@~0.1.1:
resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.2.tgz#3abe43aef3835f8ae077d136ddce0f276b0400e6"
integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==

easy-stack@^1.0.1:
easy-stack@1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/easy-stack/-/easy-stack-1.0.1.tgz#8afe4264626988cabb11f3c704ccd0c835411066"
integrity sha512-wK2sCs4feiiJeFXn3zvY0p41mdU5VUgbgs1rNsc/y5ngFUijdWd+iIN8eoyuZHKB8xN6BL4PdWmzqFmxNg6V2w==
Expand Down Expand Up @@ -12826,13 +12842,6 @@ js-message@1.0.7:
resolved "https://registry.yarnpkg.com/js-message/-/js-message-1.0.7.tgz#fbddd053c7a47021871bb8b2c95397cc17c20e47"
integrity sha512-efJLHhLjIyKRewNS9EGZ4UpI8NguuL6fKkhRxVuMmrGV2xN/0APGdQYwLFky5w9naebSZ0OwAGp0G6/2Cg90rA==

js-queue@2.0.2:
version "2.0.2"
resolved "https://registry.yarnpkg.com/js-queue/-/js-queue-2.0.2.tgz#0be590338f903b36c73d33c31883a821412cd482"
integrity sha512-pbKLsbCfi7kriM3s1J4DDCo7jQkI58zPLHi0heXPzPlj0hjUsm+FesPUbE0DSbIVIK503A36aUBoCN7eMFedkA==
dependencies:
easy-stack "^1.0.1"

"js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
Expand Down Expand Up @@ -14919,15 +14928,6 @@ node-int64@^0.4.0:
resolved "https://registry.yarnpkg.com/node-int64/-/node-int64-0.4.0.tgz#87a9065cdb355d3182d8f94ce11188b825c68a3b"
integrity sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=

node-ipc@9.2.1:
version "9.2.1"
resolved "https://registry.yarnpkg.com/node-ipc/-/node-ipc-9.2.1.tgz#b32f66115f9d6ce841dc4ec2009d6a733f98bb6b"
integrity sha512-mJzaM6O3xHf9VT8BULvJSbdVbmHUKRNOH7zDDkCrA1/T+CVjq2WVIDfLt0azZRXpgArJtl3rtmEozrbXPZ9GaQ==
dependencies:
event-pubsub "4.3.0"
js-message "1.0.7"
js-queue "2.0.2"

node-notifier@^10.0.0:
version "10.0.1"
resolved "https://registry.yarnpkg.com/node-notifier/-/node-notifier-10.0.1.tgz#0e82014a15a8456c4cfcdb25858750399ae5f1c7"
Expand Down

0 comments on commit 75826d6

Please sign in to comment.