From 275249fcb7fa22e0f9accc5eaf3bd8f58696577c Mon Sep 17 00:00:00 2001 From: Vladimir Gorej Date: Tue, 25 Jan 2022 16:21:49 +0100 Subject: [PATCH] fix(security): update cross-fetch to >=3.1.5 (#2431) This transitively updates node-fetch to v2.6.7 which no longer suffers from CVE-2022-0235. Refs https://github.com/advisories/GHSA-r683-j2x4-v87g --- package-lock.json | 40 +++++++++++++++++++++---- package.json | 2 +- test/specmap/data/cyclic/external/1.js | 6 ++-- test/specmap/data/cyclic/external/10.js | 6 ++-- test/specmap/data/cyclic/external/2.js | 14 ++++----- test/specmap/data/cyclic/external/20.js | 6 ++-- test/specmap/data/cyclic/external/21.js | 6 ++-- test/specmap/data/cyclic/external/30.js | 12 ++++---- test/specmap/data/cyclic/external/31.js | 16 +++++----- test/specmap/data/cyclic/external/32.js | 16 +++++----- test/specmap/data/cyclic/external/40.js | 8 ++--- 11 files changed, 81 insertions(+), 51 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1d4ea0980..f25e09ad4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5356,11 +5356,40 @@ } }, "cross-fetch": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.4.tgz", - "integrity": "sha512-1eAtFWdIubi6T4XPy6ei9iUFoKpUkIF971QLN8lIvvvwueI65+Nw5haMNKUwfJxabqlIIDODJKGrQ66gxC0PbQ==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", + "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", "requires": { - "node-fetch": "2.6.1" + "node-fetch": "2.6.7" + }, + "dependencies": { + "node-fetch": { + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "requires": { + "whatwg-url": "^5.0.0" + } + }, + "tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=" + }, + "webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=" + }, + "whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", + "requires": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + } } }, "cross-spawn": { @@ -9337,7 +9366,8 @@ "node-fetch": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", - "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" + "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==", + "dev": true }, "node-int64": { "version": "0.4.0", diff --git a/package.json b/package.json index 537d3c10b..e79561b16 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "@babel/runtime-corejs3": "^7.11.2", "btoa": "^1.2.1", "cookie": "~0.4.1", - "cross-fetch": "^3.1.4", + "cross-fetch": "^3.1.5", "deepmerge": "~4.2.2", "fast-json-patch": "^3.0.0-1", "form-data-encoder": "^1.4.3", diff --git a/test/specmap/data/cyclic/external/1.js b/test/specmap/data/cyclic/external/1.js index e56c5436f..993775bbe 100644 --- a/test/specmap/data/cyclic/external/1.js +++ b/test/specmap/data/cyclic/external/1.js @@ -2,11 +2,11 @@ module.exports = { name: 'link to a cyclic node', spec: { x: { - $ref: 'http://1/spec#/a', + $ref: 'http://0.0.0.1/spec#/a', }, }, external: { - 'http://1/spec': { + 'http://0.0.0.1/spec': { a: { b: { $ref: '#/a', @@ -17,7 +17,7 @@ module.exports = { output: { x: { b: { - $ref: 'http://1/spec#/a', + $ref: 'http://0.0.0.1/spec#/a', }, }, }, diff --git a/test/specmap/data/cyclic/external/10.js b/test/specmap/data/cyclic/external/10.js index 733c48e01..06419616e 100644 --- a/test/specmap/data/cyclic/external/10.js +++ b/test/specmap/data/cyclic/external/10.js @@ -2,11 +2,11 @@ module.exports = { name: 'link to 2 cyclic nodes', spec: { x: { - $ref: 'http://2/spec#/a', + $ref: 'http://0.0.0.2/spec#/a', }, }, external: { - 'http://2/spec': { + 'http://0.0.0.2/spec': { a: { $ref: '#/b', }, @@ -17,7 +17,7 @@ module.exports = { }, output: { x: { - $ref: 'http://2/spec#/a', + $ref: 'http://0.0.0.2/spec#/a', }, }, }; diff --git a/test/specmap/data/cyclic/external/2.js b/test/specmap/data/cyclic/external/2.js index 88294bdf7..66d91dc71 100644 --- a/test/specmap/data/cyclic/external/2.js +++ b/test/specmap/data/cyclic/external/2.js @@ -2,21 +2,21 @@ module.exports = { name: 'a few hops to an internally cyclic doc', spec: { x: { - $ref: 'http://8/spec1#/a', + $ref: 'http://0.0.0.8/spec1#/a', }, }, external: { - 'http://8/spec1': { + 'http://0.0.0.8/spec1': { a: { - $ref: 'http://8/spec2#/b', + $ref: 'http://0.0.0.8/spec2#/b', }, }, - 'http://8/spec2': { + 'http://0.0.0.8/spec2': { b: { - $ref: 'http://8/spec3#/c', + $ref: 'http://0.0.0.8/spec3#/c', }, }, - 'http://8/spec3': { + 'http://0.0.0.8/spec3': { c: { d: { $ref: '#/c', @@ -27,7 +27,7 @@ module.exports = { output: { x: { d: { - $ref: 'http://8/spec3#/c', + $ref: 'http://0.0.0.8/spec3#/c', }, }, }, diff --git a/test/specmap/data/cyclic/external/20.js b/test/specmap/data/cyclic/external/20.js index 27535f07f..4968744f0 100644 --- a/test/specmap/data/cyclic/external/20.js +++ b/test/specmap/data/cyclic/external/20.js @@ -2,11 +2,11 @@ module.exports = { name: 'link to 3 cyclic nodes', spec: { x: { - $ref: 'http://3/spec#/defs/d1', + $ref: 'http://0.0.0.3/spec#/defs/d1', }, }, external: { - 'http://3/spec': { + 'http://0.0.0.3/spec': { defs: { d1: { d1k: { @@ -31,7 +31,7 @@ module.exports = { d1k: { d2k: { d3k: { - $ref: 'http://3/spec#/defs/d1', + $ref: 'http://0.0.0.3/spec#/defs/d1', }, }, }, diff --git a/test/specmap/data/cyclic/external/21.js b/test/specmap/data/cyclic/external/21.js index 228496348..c0e1bddf9 100644 --- a/test/specmap/data/cyclic/external/21.js +++ b/test/specmap/data/cyclic/external/21.js @@ -2,11 +2,11 @@ module.exports = { name: 'link to 3 cyclic nodes (in array)', spec: { x: { - $ref: 'http://4/spec#/defs/0', + $ref: 'http://0.0.0.4/spec#/defs/0', }, }, external: { - 'http://4/spec': { + 'http://0.0.0.4/spec': { defs: [ { d1k: { @@ -31,7 +31,7 @@ module.exports = { d1k: { d2k: { d3k: { - $ref: 'http://4/spec#/defs/0', + $ref: 'http://0.0.0.4/spec#/defs/0', }, }, }, diff --git a/test/specmap/data/cyclic/external/30.js b/test/specmap/data/cyclic/external/30.js index ca6013278..ca2bb2fa1 100644 --- a/test/specmap/data/cyclic/external/30.js +++ b/test/specmap/data/cyclic/external/30.js @@ -2,21 +2,21 @@ module.exports = { name: 'link to cyclic nodes that use absolute reference', spec: { x: { - $ref: 'http://5/spec1#/a', + $ref: 'http://0.0.0.5/spec1#/a', }, }, external: { - 'http://5/spec1': { + 'http://0.0.0.5/spec1': { a: { b: { - $ref: 'http://5/spec2#/c', + $ref: 'http://0.0.0.5/spec2#/c', }, }, }, - 'http://5/spec2': { + 'http://0.0.0.5/spec2': { c: { d: { - $ref: 'http://5/spec1#/a', + $ref: 'http://0.0.0.5/spec1#/a', }, }, }, @@ -25,7 +25,7 @@ module.exports = { x: { b: { d: { - $ref: 'http://5/spec1#/a', + $ref: 'http://0.0.0.5/spec1#/a', }, }, }, diff --git a/test/specmap/data/cyclic/external/31.js b/test/specmap/data/cyclic/external/31.js index f29039423..f1555345d 100644 --- a/test/specmap/data/cyclic/external/31.js +++ b/test/specmap/data/cyclic/external/31.js @@ -2,28 +2,28 @@ module.exports = { name: 'link to 3 cyclic nodes that use absolute reference', spec: { x: { - $ref: 'http://6/spec1#/a', + $ref: 'http://0.0.0.6/spec1#/a', }, }, external: { - 'http://6/spec1': { + 'http://0.0.0.6/spec1': { a: { b: { - $ref: 'http://6/spec2#/c', + $ref: 'http://0.0.0.6/spec2#/c', }, }, }, - 'http://6/spec2': { + 'http://0.0.0.6/spec2': { c: { d: { - $ref: 'http://6/spec3#/e', + $ref: 'http://0.0.0.6/spec3#/e', }, }, }, - 'http://6/spec3': { + 'http://0.0.0.6/spec3': { e: { f: { - $ref: 'http://6/spec1#/a', + $ref: 'http://0.0.0.6/spec1#/a', }, }, }, @@ -33,7 +33,7 @@ module.exports = { b: { d: { f: { - $ref: 'http://6/spec1#/a', + $ref: 'http://0.0.0.6/spec1#/a', }, }, }, diff --git a/test/specmap/data/cyclic/external/32.js b/test/specmap/data/cyclic/external/32.js index 6bab0e19f..d9f8af6b4 100644 --- a/test/specmap/data/cyclic/external/32.js +++ b/test/specmap/data/cyclic/external/32.js @@ -2,24 +2,24 @@ module.exports = { name: 'absolute path to itself', spec: { x: { - $ref: 'http://9/spec1#/a', + $ref: 'http://0.0.0.9/spec1#/a', }, }, external: { - 'http://9/spec1': { + 'http://0.0.0.9/spec1': { a: { - $ref: 'http://9/spec2#/b', + $ref: 'http://0.0.0.9/spec2#/b', }, }, - 'http://9/spec2': { + 'http://0.0.0.9/spec2': { b: { - $ref: 'http://9/spec3#/c', + $ref: 'http://0.0.0.9/spec3#/c', }, }, - 'http://9/spec3': { + 'http://0.0.0.9/spec3': { c: { d: { - $ref: 'http://9/spec3#/c', + $ref: 'http://0.0.0.9/spec3#/c', }, }, }, @@ -27,7 +27,7 @@ module.exports = { output: { x: { d: { - $ref: 'http://9/spec3#/c', + $ref: 'http://0.0.0.9/spec3#/c', }, }, }, diff --git a/test/specmap/data/cyclic/external/40.js b/test/specmap/data/cyclic/external/40.js index e41c97d70..5470072f6 100644 --- a/test/specmap/data/cyclic/external/40.js +++ b/test/specmap/data/cyclic/external/40.js @@ -2,18 +2,18 @@ module.exports = { name: 'link to 2 cyclic nodes that use relative reference', spec: { x: { - $ref: 'http://7/spec1#/a', + $ref: 'http://0.0.0.7/spec1#/a', }, }, external: { - 'http://7/spec1': { + 'http://0.0.0.7/spec1': { a: { b: { $ref: '../spec2#/c', }, }, }, - 'http://7/spec2': { + 'http://0.0.0.7/spec2': { c: { d: { $ref: '../spec1#/a', @@ -25,7 +25,7 @@ module.exports = { x: { b: { d: { - $ref: 'http://7/spec1#/a', + $ref: 'http://0.0.0.7/spec1#/a', }, }, },