From 67ccaafe13d0f394232cc935ab1b6343deaa3d34 Mon Sep 17 00:00:00 2001 From: Michael Shilman Date: Thu, 8 Dec 2022 16:24:29 +0800 Subject: [PATCH 1/2] Upgrade express to fix security warning --- code/lib/builder-manager/package.json | 2 +- code/lib/builder-vite/package.json | 2 +- code/lib/builder-webpack5/package.json | 2 +- code/lib/cli/package.json | 2 +- code/lib/core-common/package.json | 2 +- code/lib/core-server/package.json | 2 +- code/lib/manager-api/package.json | 2 +- code/lib/types/package.json | 2 +- code/package.json | 2 +- code/yarn.lock | 22 +++++++++---------- scripts/package.json | 2 +- .../server-kitchen-sink/package.json | 2 +- 12 files changed, 22 insertions(+), 22 deletions(-) diff --git a/code/lib/builder-manager/package.json b/code/lib/builder-manager/package.json index 69df7d7aff1c..e1cec647b8a7 100644 --- a/code/lib/builder-manager/package.json +++ b/code/lib/builder-manager/package.json @@ -51,7 +51,7 @@ "ejs": "^3.1.8", "esbuild": "^0.14.48", "esbuild-plugin-alias": "^0.2.1", - "express": "^4.17.1", + "express": "^4.17.3", "fs-extra": "^9.0.1", "process": "^0.11.10", "slash": "^3.0.0", diff --git a/code/lib/builder-vite/package.json b/code/lib/builder-vite/package.json index cfa7755ee481..7de241ad7ca9 100644 --- a/code/lib/builder-vite/package.json +++ b/code/lib/builder-vite/package.json @@ -53,7 +53,7 @@ "@vitejs/plugin-react": "^2.0.0", "browser-assert": "^1.2.1", "es-module-lexer": "^0.9.3", - "express": "^4.17.1", + "express": "^4.17.3", "fs-extra": "^9.0.1", "glob": "^7.2.0", "glob-promise": "^4.2.0", diff --git a/code/lib/builder-webpack5/package.json b/code/lib/builder-webpack5/package.json index 3fb775b89d54..70c0cf74729f 100644 --- a/code/lib/builder-webpack5/package.json +++ b/code/lib/builder-webpack5/package.json @@ -79,7 +79,7 @@ "browser-assert": "^1.2.1", "case-sensitive-paths-webpack-plugin": "^2.4.0", "css-loader": "^6.7.1", - "express": "^4.17.1", + "express": "^4.17.3", "fork-ts-checker-webpack-plugin": "^7.2.8", "fs-extra": "^9.0.1", "global": "^4.4.0", diff --git a/code/lib/cli/package.json b/code/lib/cli/package.json index ca05de0d2187..236863b4b7cb 100644 --- a/code/lib/cli/package.json +++ b/code/lib/cli/package.json @@ -58,7 +58,7 @@ "detect-indent": "^6.1.0", "envinfo": "^7.7.3", "execa": "^5.0.0", - "express": "^4.17.1", + "express": "^4.17.3", "find-up": "^5.0.0", "fs-extra": "^9.0.1", "get-port": "^5.1.1", diff --git a/code/lib/core-common/package.json b/code/lib/core-common/package.json index 929ae727ea3c..ad31d901d3b0 100644 --- a/code/lib/core-common/package.json +++ b/code/lib/core-common/package.json @@ -56,7 +56,7 @@ "chalk": "^4.1.0", "esbuild": "^0.14.48", "esbuild-register": "^3.3.3", - "express": "^4.17.1", + "express": "^4.17.3", "file-system-cache": "^2.0.0", "find-up": "^5.0.0", "fs-extra": "^9.0.1", diff --git a/code/lib/core-server/package.json b/code/lib/core-server/package.json index a280467a812c..34dc13fc4c13 100644 --- a/code/lib/core-server/package.json +++ b/code/lib/core-server/package.json @@ -55,7 +55,7 @@ "cli-table3": "^0.6.1", "compression": "^1.7.4", "detect-port": "^1.3.0", - "express": "^4.17.1", + "express": "^4.17.3", "fs-extra": "^9.0.1", "global": "^4.4.0", "globby": "^11.0.2", diff --git a/code/lib/manager-api/package.json b/code/lib/manager-api/package.json index acce5f9c3df3..d0d4d91d1b56 100644 --- a/code/lib/manager-api/package.json +++ b/code/lib/manager-api/package.json @@ -62,7 +62,7 @@ "@types/lodash": "^4.14.167", "@types/qs": "^6", "flush-promises": "^1.0.2", - "qs": "^6.10.1", + "qs": "^6.10.0", "typescript": "~4.9.3" }, "peerDependencies": { diff --git a/code/lib/types/package.json b/code/lib/types/package.json index 2be3615ccaed..16b13496a5ac 100644 --- a/code/lib/types/package.json +++ b/code/lib/types/package.json @@ -44,7 +44,7 @@ "@storybook/channels": "7.0.0-beta.0", "@types/babel__core": "^7.0.0", "@types/express": "^4.7.0", - "express": "^4.17.1", + "express": "^4.17.3", "file-system-cache": "^2.0.0" }, "devDependencies": { diff --git a/code/package.json b/code/package.json index e7acb6afbddf..d36099cedc27 100644 --- a/code/package.json +++ b/code/package.json @@ -289,7 +289,7 @@ "eslint-plugin-storybook": "^0.6.6", "esm": "^3.2.25", "execa": "^5.0.0", - "express": "^4.17.1", + "express": "^4.17.3", "fs-extra": "^9.0.1", "github-release-from-changelog": "^2.1.1", "glob": "^7.1.6", diff --git a/code/yarn.lock b/code/yarn.lock index 411f06c5681d..ca2670913f08 100644 --- a/code/yarn.lock +++ b/code/yarn.lock @@ -5857,7 +5857,7 @@ __metadata: ejs: ^3.1.8 esbuild: ^0.14.48 esbuild-plugin-alias: ^0.2.1 - express: ^4.17.1 + express: ^4.17.3 fs-extra: ^9.0.1 process: ^0.11.10 slash: ^3.0.0 @@ -5884,7 +5884,7 @@ __metadata: "@vitejs/plugin-react": ^2.0.0 browser-assert: ^1.2.1 es-module-lexer: ^0.9.3 - express: ^4.17.1 + express: ^4.17.3 fs-extra: ^9.0.1 glob: ^7.2.0 glob-promise: ^4.2.0 @@ -5940,7 +5940,7 @@ __metadata: browser-assert: ^1.2.1 case-sensitive-paths-webpack-plugin: ^2.4.0 css-loader: ^6.7.1 - express: ^4.17.1 + express: ^4.17.3 fork-ts-checker-webpack-plugin: ^7.2.8 fs-extra: ^9.0.1 global: ^4.4.0 @@ -6041,7 +6041,7 @@ __metadata: detect-indent: ^6.1.0 envinfo: ^7.7.3 execa: ^5.0.0 - express: ^4.17.1 + express: ^4.17.3 find-up: ^5.0.0 fs-extra: ^9.0.1 get-port: ^5.1.1 @@ -6170,7 +6170,7 @@ __metadata: chalk: ^4.1.0 esbuild: ^0.14.48 esbuild-register: ^3.3.3 - express: ^4.17.1 + express: ^4.17.3 file-system-cache: ^2.0.0 find-up: ^5.0.0 fs-extra: ^9.0.1 @@ -6240,7 +6240,7 @@ __metadata: cli-table3: ^0.6.1 compression: ^1.7.4 detect-port: ^1.3.0 - express: ^4.17.1 + express: ^4.17.3 fs-extra: ^9.0.1 global: ^4.4.0 globby: ^11.0.2 @@ -6578,7 +6578,7 @@ __metadata: global: ^4.4.0 lodash: ^4.17.21 memoizerific: ^1.11.3 - qs: ^6.10.1 + qs: ^6.10.0 semver: ^7.3.7 store2: ^2.14.2 telejson: ^7.0.3 @@ -7234,7 +7234,7 @@ __metadata: esm: ^3.2.25 execa: ^5.0.0 expect-type: ^0.14.2 - express: ^4.17.1 + express: ^4.17.3 fs-extra: ^9.0.1 github-release-from-changelog: ^2.1.1 glob: ^7.1.6 @@ -7591,7 +7591,7 @@ __metadata: "@types/babel__core": ^7.0.0 "@types/express": ^4.7.0 "@types/node": ^16.0.0 - express: ^4.17.1 + express: ^4.17.3 file-system-cache: ^2.0.0 typescript: ~4.9.3 languageName: unknown @@ -16550,7 +16550,7 @@ __metadata: languageName: node linkType: hard -"express@npm:^4.17.1": +"express@npm:^4.17.1, express@npm:^4.17.3": version: 4.18.2 resolution: "express@npm:4.18.2" dependencies: @@ -27242,7 +27242,7 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.11.0, qs@npm:^6.10.0, qs@npm:^6.10.1, qs@npm:^6.4.0, qs@npm:^6.9.4": +"qs@npm:6.11.0, qs@npm:^6.10.0, qs@npm:^6.4.0, qs@npm:^6.9.4": version: 6.11.0 resolution: "qs@npm:6.11.0" dependencies: diff --git a/scripts/package.json b/scripts/package.json index 001324026d21..c6f702dd3b21 100644 --- a/scripts/package.json +++ b/scripts/package.json @@ -119,7 +119,7 @@ "eslint-plugin-react": "^7.31.10", "eslint-plugin-storybook": "^0.6.6", "execa": "^6.1.0", - "express": "^4.17.1", + "express": "^4.17.3", "find-up": "^5.0.0", "fs-extra": "^9.0.1", "github-release-from-changelog": "^2.1.1", diff --git a/test-storybooks/server-kitchen-sink/package.json b/test-storybooks/server-kitchen-sink/package.json index 4440a9359c1d..3df952a34736 100644 --- a/test-storybooks/server-kitchen-sink/package.json +++ b/test-storybooks/server-kitchen-sink/package.json @@ -25,7 +25,7 @@ "@storybook/server-webpack5": "7.0.0-alpha.43", "concurrently": "^5.3.0", "cors": "^2.8.5", - "express": "^4.17.1", + "express": "^4.17.3", "morgan": "^1.10.0", "nodemon": "^2.0.7", "pug": "^3.0.0", From dcc55c51e685025de80f6bcd26dc5b62c84c40b0 Mon Sep 17 00:00:00 2001 From: Michael Shilman Date: Thu, 8 Dec 2022 16:35:06 +0800 Subject: [PATCH 2/2] Fix scripts lockfile --- scripts/yarn.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/yarn.lock b/scripts/yarn.lock index 88388906eb23..9ed2cbe820b1 100644 --- a/scripts/yarn.lock +++ b/scripts/yarn.lock @@ -3276,7 +3276,7 @@ __metadata: eslint-plugin-react: ^7.31.10 eslint-plugin-storybook: ^0.6.6 execa: ^6.1.0 - express: ^4.17.1 + express: ^4.17.3 find-up: ^5.0.0 fs-extra: ^9.0.1 github-release-from-changelog: ^2.1.1 @@ -8560,7 +8560,7 @@ __metadata: languageName: node linkType: hard -"express@npm:^4.17.1": +"express@npm:^4.17.3": version: 4.18.2 resolution: "express@npm:4.18.2" dependencies: