From 4fcbbb3bd5ae48380e5ebeb26a6d9d1f25470216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Tue, 21 Mar 2023 14:49:35 +0100 Subject: [PATCH] fix(core): Force-upgrade `http-cache-semantics` to address CVE-2022-25881 (#5733) [GitHub Advisory](https://github.com/advisories/GHSA-rc47-6667-2j5j) --- package.json | 1 + pnpm-lock.yaml | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index b0488bc4f1039..6af8b8f7c0281 100644 --- a/package.json +++ b/package.json @@ -72,6 +72,7 @@ "decode-uri-component": "0.2.2", "ejs": "^3.1.8", "fork-ts-checker-webpack-plugin": "^6.0.4", + "http-cache-semantics": "4.1.1", "jsonwebtoken": "9.0.0", "prettier": "^2.8.3", "ts-node": "^10.9.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6f3f94afec31f..1920c980c6fcc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -11,6 +11,7 @@ overrides: decode-uri-component: 0.2.2 ejs: ^3.1.8 fork-ts-checker-webpack-plugin: ^6.0.4 + http-cache-semantics: 4.1.1 jsonwebtoken: 9.0.0 prettier: ^2.8.3 ts-node: ^10.9.1 @@ -12426,8 +12427,8 @@ packages: domutils: 3.0.1 entities: 4.4.0 - /http-cache-semantics/4.1.0: - resolution: {integrity: sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==} + /http-cache-semantics/4.1.1: + resolution: {integrity: sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==} dev: false optional: true @@ -15052,7 +15053,7 @@ packages: dependencies: agentkeepalive: 4.2.1 cacache: 15.3.0 - http-cache-semantics: 4.1.0 + http-cache-semantics: 4.1.1 http-proxy-agent: 4.0.1 https-proxy-agent: 5.0.1 is-lambda: 1.0.1