From 8131d4aa48166016bbef7c570237d985dd20db15 Mon Sep 17 00:00:00 2001 From: shrshindeMSFT <98348000+shrshindeMSFT@users.noreply.github.com> Date: Thu, 15 Feb 2024 10:54:38 -0800 Subject: [PATCH 1/5] Override socks package --- package.json | 5 ++ pnpm-lock.yaml | 179 ++++++++++++++++++++++++++++++------------------- 2 files changed, 115 insertions(+), 69 deletions(-) diff --git a/package.json b/package.json index 3143baa6b4..7650c1d692 100644 --- a/package.json +++ b/package.json @@ -121,5 +121,10 @@ }, "dependencies": { "uuid": "^9.0.0" + }, + "pnpm": { + "overrides": { + "socks": "^2.7.3" + } } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 300f3d55ed..f599681b0b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,23 +1,7 @@ lockfileVersion: '6.0' overrides: - axios: ^1.6.0 - dns-packet: ^1.3.2 - follow-redirects: ^1.15.4 - glob-parent: ^5.1.2 - lodash: ^4.17.21 - merge: ^2.1.1 - minimist: ^0.2.4 - postcss: ^8.4.31 - semver: ^7.5.2 - serialize-javascript: ^3.1.0 - set-value: ^2.0.1 - string_decoder: ^1.3.0 - tough-cookie: ^4.1.3 - underscore: 1.12.1 - url-parse: ^1.5.0 - word-wrap: ^1.2.4 - y18n: ^4.0.1 + socks: ^2.7.3 importers: @@ -424,7 +408,7 @@ packages: debug: 4.3.4 gensync: 1.0.0-beta.2 json5: 2.2.3 - semver: 7.5.4 + semver: 6.3.1 transitivePeerDependencies: - supports-color dev: true @@ -461,7 +445,7 @@ packages: '@babel/helper-validator-option': 7.22.15 browserslist: 4.22.1 lru-cache: 5.1.1 - semver: 7.5.4 + semver: 6.3.1 dev: true /@babel/helper-create-class-features-plugin@7.22.15(@babel/core@7.23.2): @@ -479,7 +463,7 @@ packages: '@babel/helper-replace-supers': 7.22.20(@babel/core@7.23.2) '@babel/helper-skip-transparent-expression-wrappers': 7.22.5 '@babel/helper-split-export-declaration': 7.22.6 - semver: 7.5.4 + semver: 6.3.1 dev: true /@babel/helper-create-regexp-features-plugin@7.21.0(@babel/core@7.23.2): @@ -502,7 +486,7 @@ packages: '@babel/core': 7.23.2 '@babel/helper-annotate-as-pure': 7.22.5 regexpu-core: 5.3.1 - semver: 7.5.4 + semver: 6.3.1 dev: true /@babel/helper-define-polyfill-provider@0.4.3(@babel/core@7.23.2): @@ -1401,7 +1385,7 @@ packages: babel-plugin-polyfill-corejs2: 0.4.6(@babel/core@7.23.2) babel-plugin-polyfill-corejs3: 0.8.5(@babel/core@7.23.2) babel-plugin-polyfill-regenerator: 0.5.3(@babel/core@7.23.2) - semver: 7.5.4 + semver: 6.3.1 transitivePeerDependencies: - supports-color dev: true @@ -1599,7 +1583,7 @@ packages: babel-plugin-polyfill-corejs3: 0.8.5(@babel/core@7.23.2) babel-plugin-polyfill-regenerator: 0.5.3(@babel/core@7.23.2) core-js-compat: 3.33.0 - semver: 7.5.4 + semver: 6.3.1 transitivePeerDependencies: - supports-color dev: true @@ -3200,6 +3184,10 @@ packages: '@jridgewell/sourcemap-codec': 1.4.14 dev: true + /@leichtgewicht/ip-codec@2.0.4: + resolution: {integrity: sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A==} + dev: true + /@lerna/child-process@6.6.2: resolution: {integrity: sha512-QyKIWEnKQFnYu2ey+SAAm1A5xjzJLJJj3bhIZd3QKyXKKjaJ0hlxam/OsWSltxTNbcyH1jRJjC6Cxv31usv0Ag==} engines: {node: ^14.17.0 || >=16.0.0} @@ -3284,7 +3272,7 @@ packages: read-cmd-shim: 3.0.0 read-package-json: 5.0.1 resolve-from: 5.0.0 - semver: 7.5.4 + semver: 7.3.8 signal-exit: 3.0.7 slash: 3.0.0 ssri: 9.0.1 @@ -3672,7 +3660,7 @@ packages: ejs: 3.1.8 ignore: 5.3.0 nx: 15.8.2 - semver: 7.5.4 + semver: 7.3.4 tmp: 0.2.1 tslib: 2.5.0 transitivePeerDependencies: @@ -5391,7 +5379,7 @@ packages: '@babel/compat-data': 7.23.2 '@babel/core': 7.23.2 '@babel/helper-define-polyfill-provider': 0.4.3(@babel/core@7.23.2) - semver: 7.5.4 + semver: 6.3.1 transitivePeerDependencies: - supports-color dev: true @@ -6111,7 +6099,7 @@ packages: json-stringify-safe: 5.0.1 lodash: 4.17.21 meow: 8.1.2 - semver: 7.5.4 + semver: 6.3.1 split: 1.0.1 through2: 4.0.2 dev: true @@ -6176,11 +6164,11 @@ packages: webpack: ^5.1.0 dependencies: fast-glob: 3.2.12 - glob-parent: 5.1.2 + glob-parent: 6.0.2 globby: 11.1.0 normalize-path: 3.0.0 schema-utils: 3.1.1 - serialize-javascript: 3.1.0 + serialize-javascript: 6.0.2 webpack: 5.88.2(webpack-cli@5.1.4) dev: true @@ -6496,7 +6484,7 @@ packages: hasBin: true dependencies: get-stdin: 0.1.0 - minimist: 0.2.4 + minimist: 0.1.0 dev: true /detect-indent@5.0.0: @@ -6539,11 +6527,11 @@ packages: resolution: {integrity: sha1-s55/HabrCnW6nBcySzR1PEfgZU0=} dev: true - /dns-packet@1.3.4: - resolution: {integrity: sha512-BQ6F4vycLXBvdrJZ6S3gZewt6rcrks9KBgM9vrhW+knGRqc8uEdT7fuCwloc7nny5xNoMJ17HGH0R/6fpo8ECA==} + /dns-packet@5.6.1: + resolution: {integrity: sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==} + engines: {node: '>=6'} dependencies: - ip: 1.1.8 - safe-buffer: 5.2.1 + '@leichtgewicht/ip-codec': 2.0.4 dev: true /doctrine@2.1.0: @@ -6893,7 +6881,7 @@ packages: ignore: 5.2.4 minimatch: 3.1.2 resolve: 1.22.1 - semver: 7.5.4 + semver: 6.3.1 dev: true /eslint-plugin-only-error@1.0.2: @@ -6968,7 +6956,7 @@ packages: object.values: 1.1.6 prop-types: 15.8.1 resolve: 2.0.0-next.4 - semver: 7.5.4 + semver: 6.3.1 string.prototype.matchall: 4.0.8 dev: true @@ -7687,7 +7675,7 @@ packages: hasBin: true dependencies: meow: 8.1.2 - semver: 7.5.4 + semver: 6.3.1 dev: true /git-up@7.0.0: @@ -7716,6 +7704,13 @@ packages: is-glob: 4.0.3 dev: true + /glob-parent@6.0.2: + resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} + engines: {node: '>=10.13.0'} + dependencies: + is-glob: 4.0.3 + dev: true + /glob-to-regexp@0.4.1: resolution: {integrity: sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==} @@ -7867,7 +7862,7 @@ packages: engines: {node: '>=0.4.7'} hasBin: true dependencies: - minimist: 0.2.4 + minimist: 1.2.8 neo-async: 2.6.2 source-map: 0.6.1 wordwrap: 1.0.0 @@ -8309,12 +8304,12 @@ packages: engines: {node: '>=10.13.0'} dev: true - /ip@1.1.8: - resolution: {integrity: sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==} - dev: true - - /ip@2.0.0: - resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==} + /ip-address@9.0.5: + resolution: {integrity: sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==} + engines: {node: '>= 12'} + dependencies: + jsbn: 1.1.0 + sprintf-js: 1.1.3 dev: true /ipaddr.js@1.9.1: @@ -8604,7 +8599,7 @@ packages: '@babel/parser': 7.23.0 '@istanbuljs/schema': 0.1.3 istanbul-lib-coverage: 3.2.0 - semver: 7.5.4 + semver: 6.3.1 transitivePeerDependencies: - supports-color dev: true @@ -9227,6 +9222,10 @@ packages: argparse: 2.0.1 dev: true + /jsbn@1.1.0: + resolution: {integrity: sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==} + dev: true + /jsdom@20.0.3: resolution: {integrity: sha512-SYhBvTh89tTfCD/CRdSOm13mOBa42iTaTyfyEWBdKcGdPxPtLFBXuHR8XHb33YNYaP+lLbmSvBTsnoesCNJEsQ==} engines: {node: '>=14'} @@ -9723,14 +9722,14 @@ packages: engines: {node: '>=6'} dependencies: pify: 4.0.1 - semver: 7.5.4 + semver: 5.7.2 dev: true /make-dir@3.1.0: resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==} engines: {node: '>=8'} dependencies: - semver: 7.5.4 + semver: 6.3.1 dev: true /make-error@1.3.6: @@ -9955,8 +9954,12 @@ packages: kind-of: 6.0.3 dev: true - /minimist@0.2.4: - resolution: {integrity: sha512-Pkrrm8NjyQ8yVt8Am9M+yUt74zE3iokhzbG1bFVNjLB92vwM71hf40RkEsryg98BujhVOncKm/C1xROxZ030LQ==} + /minimist@0.1.0: + resolution: {integrity: sha512-wR5Ipl99t0mTGwLjQJnBjrP/O7zBbLZqvA3aw32DmLx+nXHfWctUjzDjnDx09pX1Po86WFQazF9xUzfMea3Cnw==} + dev: true + + /minimist@1.2.8: + resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} dev: true /minipass-collect@1.0.2: @@ -10054,7 +10057,7 @@ packages: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true dependencies: - minimist: 0.2.4 + minimist: 1.2.8 dev: true /mkdirp@1.0.4: @@ -10097,7 +10100,7 @@ packages: resolution: {integrity: sha1-d+tGBX9NetvRbZKQ+nKZ9vpkzO0=} hasBin: true dependencies: - dns-packet: 1.3.4 + dns-packet: 5.6.1 thunky: 1.1.0 dev: true @@ -10271,7 +10274,7 @@ packages: dependencies: hosted-git-info: 2.8.9 resolve: 1.22.1 - semver: 7.5.4 + semver: 5.7.2 validate-npm-package-license: 3.0.4 dev: true @@ -10517,7 +10520,7 @@ packages: minimatch: 3.0.5 npm-run-path: 4.0.1 open: 8.4.2 - semver: 7.5.4 + semver: 7.3.4 string-width: 4.2.3 strong-log-transformer: 2.1.0 tar-stream: 2.2.0 @@ -11448,7 +11451,7 @@ packages: isarray: 1.0.0 process-nextick-args: 2.0.1 safe-buffer: 5.1.2 - string_decoder: 1.3.0 + string_decoder: 1.1.1 util-deprecate: 1.0.2 /readable-stream@3.6.1: @@ -11729,6 +11732,7 @@ packages: /safe-buffer@5.2.1: resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==} + dev: true /safe-regex-test@1.0.0: resolution: {integrity: sha1-eTuHTVJOs2QNGHOq0DWW2y1PIpU=} @@ -11813,6 +11817,32 @@ packages: node-forge: 1.3.1 dev: true + /semver@5.7.2: + resolution: {integrity: sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==} + hasBin: true + dev: true + + /semver@6.3.1: + resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==} + hasBin: true + dev: true + + /semver@7.3.4: + resolution: {integrity: sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==} + engines: {node: '>=10'} + hasBin: true + dependencies: + lru-cache: 6.0.0 + dev: true + + /semver@7.3.8: + resolution: {integrity: sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==} + engines: {node: '>=10'} + hasBin: true + dependencies: + lru-cache: 6.0.0 + dev: true + /semver@7.5.4: resolution: {integrity: sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==} engines: {node: '>=10'} @@ -11842,8 +11872,8 @@ packages: - supports-color dev: true - /serialize-javascript@3.1.0: - resolution: {integrity: sha512-JIJT1DGiWmIKhzRsG91aS6Ze4sFUrYbltlkg2onR5OrnNM02Kl/hnY/T4FN2omvyeBbQmMJv+K4cPOpGzOTFBg==} + /serialize-javascript@6.0.2: + resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==} dependencies: randombytes: 2.1.0 dev: true @@ -11938,7 +11968,7 @@ packages: engines: {node: '>=6'} hasBin: true dependencies: - minimist: 0.2.4 + minimist: 1.2.8 shelljs: 0.8.5 dev: true @@ -12016,16 +12046,16 @@ packages: dependencies: agent-base: 6.0.2 debug: 4.3.4 - socks: 2.7.1 + socks: 2.7.3 transitivePeerDependencies: - supports-color dev: true - /socks@2.7.1: - resolution: {integrity: sha512-7maUZy1N7uo6+WVEX6psASxtNlKaNVMlGQKkG/63nEDdLOWNbiUMoLK7X4uYoLhQstau72mLgfEWcXcwsaHbYQ==} - engines: {node: '>= 10.13.0', npm: '>= 3.0.0'} + /socks@2.7.3: + resolution: {integrity: sha512-vfuYK48HXCTFD03G/1/zkIls3Ebr2YNa4qU9gHDZdblHLiqhJrJGkY3+0Nx0JpN9qBhJbVObc1CNciT1bIZJxw==} + engines: {node: '>= 10.0.0', npm: '>= 3.0.0'} dependencies: - ip: 2.0.0 + ip-address: 9.0.5 smart-buffer: 4.2.0 dev: true @@ -12123,6 +12153,10 @@ packages: resolution: {integrity: sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=} dev: true + /sprintf-js@1.1.3: + resolution: {integrity: sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==} + dev: true + /ssri@10.0.4: resolution: {integrity: sha512-12+IR2CB2C28MMAw0Ncqwj5QbTcs0nGIhgJzYWzDkb21vWmfNI83KS4f3Ci6GI98WreIfG7o9UXp3C0qbpA8nQ==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -12214,10 +12248,16 @@ packages: es-abstract: 1.21.1 dev: true + /string_decoder@1.1.1: + resolution: {integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==} + dependencies: + safe-buffer: 5.1.2 + /string_decoder@1.3.0: resolution: {integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==} dependencies: safe-buffer: 5.2.1 + dev: true /strip-ansi@6.0.1: resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} @@ -12266,7 +12306,7 @@ packages: hasBin: true dependencies: duplexer: 0.1.2 - minimist: 0.2.4 + minimist: 1.2.8 through: 2.3.8 dev: true @@ -12416,7 +12456,7 @@ packages: '@jridgewell/trace-mapping': 0.3.20 jest-worker: 27.5.1 schema-utils: 3.3.0 - serialize-javascript: 3.1.0 + serialize-javascript: 6.0.2 terser: 5.19.4 webpack: 5.88.2(webpack-cli@5.1.4) dev: true @@ -12655,7 +12695,7 @@ packages: engines: {node: '>=6'} dependencies: json5: 2.2.3 - minimist: 0.2.4 + minimist: 1.2.8 strip-bom: 3.0.0 dev: true @@ -13518,8 +13558,9 @@ packages: engines: {node: '>=0.4'} dev: true - /y18n@4.0.3: - resolution: {integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==} + /y18n@5.0.8: + resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==} + engines: {node: '>=10'} dev: true /yallist@3.1.1: @@ -13554,7 +13595,7 @@ packages: get-caller-file: 2.0.5 require-directory: 2.1.1 string-width: 4.2.3 - y18n: 4.0.3 + y18n: 5.0.8 yargs-parser: 20.2.4 dev: true @@ -13567,7 +13608,7 @@ packages: get-caller-file: 2.0.5 require-directory: 2.1.1 string-width: 4.2.3 - y18n: 4.0.3 + y18n: 5.0.8 yargs-parser: 21.1.1 dev: true From 4d7c74482d4e3dec65a1dcdc376b49d2b1a0c7dc Mon Sep 17 00:00:00 2001 From: shrshindeMSFT <98348000+shrshindeMSFT@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:24:21 -0800 Subject: [PATCH 2/5] Update minimist package --- package.json | 1 + pnpm-lock.yaml | 7 ++----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 7650c1d692..84cb8a0730 100644 --- a/package.json +++ b/package.json @@ -124,6 +124,7 @@ }, "pnpm": { "overrides": { + "minimist": "^1.2.8", "socks": "^2.7.3" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f599681b0b..346812a8fe 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,6 +1,7 @@ lockfileVersion: '6.0' overrides: + minimist: ^1.2.8 socks: ^2.7.3 importers: @@ -6484,7 +6485,7 @@ packages: hasBin: true dependencies: get-stdin: 0.1.0 - minimist: 0.1.0 + minimist: 1.2.8 dev: true /detect-indent@5.0.0: @@ -9954,10 +9955,6 @@ packages: kind-of: 6.0.3 dev: true - /minimist@0.1.0: - resolution: {integrity: sha512-wR5Ipl99t0mTGwLjQJnBjrP/O7zBbLZqvA3aw32DmLx+nXHfWctUjzDjnDx09pX1Po86WFQazF9xUzfMea3Cnw==} - dev: true - /minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} dev: true From 38537746fcc76c642b7b0f765b245b41bd86b4f3 Mon Sep 17 00:00:00 2001 From: shrshindeMSFT <98348000+shrshindeMSFT@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:28:45 -0800 Subject: [PATCH 3/5] Override semver and string_decoder --- package.json | 4 ++- pnpm-lock.yaml | 73 +++++++++++++++----------------------------------- 2 files changed, 24 insertions(+), 53 deletions(-) diff --git a/package.json b/package.json index 84cb8a0730..173800b8b5 100644 --- a/package.json +++ b/package.json @@ -125,7 +125,9 @@ "pnpm": { "overrides": { "minimist": "^1.2.8", - "socks": "^2.7.3" + "semver": "^7.5.4", + "socks": "^2.7.3", + "string_decoder": "^1.3.0" } } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 346812a8fe..009de08114 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -2,7 +2,9 @@ lockfileVersion: '6.0' overrides: minimist: ^1.2.8 + semver: ^7.5.4 socks: ^2.7.3 + string_decoder: ^1.3.0 importers: @@ -409,7 +411,7 @@ packages: debug: 4.3.4 gensync: 1.0.0-beta.2 json5: 2.2.3 - semver: 6.3.1 + semver: 7.5.4 transitivePeerDependencies: - supports-color dev: true @@ -446,7 +448,7 @@ packages: '@babel/helper-validator-option': 7.22.15 browserslist: 4.22.1 lru-cache: 5.1.1 - semver: 6.3.1 + semver: 7.5.4 dev: true /@babel/helper-create-class-features-plugin@7.22.15(@babel/core@7.23.2): @@ -464,7 +466,7 @@ packages: '@babel/helper-replace-supers': 7.22.20(@babel/core@7.23.2) '@babel/helper-skip-transparent-expression-wrappers': 7.22.5 '@babel/helper-split-export-declaration': 7.22.6 - semver: 6.3.1 + semver: 7.5.4 dev: true /@babel/helper-create-regexp-features-plugin@7.21.0(@babel/core@7.23.2): @@ -487,7 +489,7 @@ packages: '@babel/core': 7.23.2 '@babel/helper-annotate-as-pure': 7.22.5 regexpu-core: 5.3.1 - semver: 6.3.1 + semver: 7.5.4 dev: true /@babel/helper-define-polyfill-provider@0.4.3(@babel/core@7.23.2): @@ -1386,7 +1388,7 @@ packages: babel-plugin-polyfill-corejs2: 0.4.6(@babel/core@7.23.2) babel-plugin-polyfill-corejs3: 0.8.5(@babel/core@7.23.2) babel-plugin-polyfill-regenerator: 0.5.3(@babel/core@7.23.2) - semver: 6.3.1 + semver: 7.5.4 transitivePeerDependencies: - supports-color dev: true @@ -1584,7 +1586,7 @@ packages: babel-plugin-polyfill-corejs3: 0.8.5(@babel/core@7.23.2) babel-plugin-polyfill-regenerator: 0.5.3(@babel/core@7.23.2) core-js-compat: 3.33.0 - semver: 6.3.1 + semver: 7.5.4 transitivePeerDependencies: - supports-color dev: true @@ -3273,7 +3275,7 @@ packages: read-cmd-shim: 3.0.0 read-package-json: 5.0.1 resolve-from: 5.0.0 - semver: 7.3.8 + semver: 7.5.4 signal-exit: 3.0.7 slash: 3.0.0 ssri: 9.0.1 @@ -3661,7 +3663,7 @@ packages: ejs: 3.1.8 ignore: 5.3.0 nx: 15.8.2 - semver: 7.3.4 + semver: 7.5.4 tmp: 0.2.1 tslib: 2.5.0 transitivePeerDependencies: @@ -5380,7 +5382,7 @@ packages: '@babel/compat-data': 7.23.2 '@babel/core': 7.23.2 '@babel/helper-define-polyfill-provider': 0.4.3(@babel/core@7.23.2) - semver: 6.3.1 + semver: 7.5.4 transitivePeerDependencies: - supports-color dev: true @@ -6100,7 +6102,7 @@ packages: json-stringify-safe: 5.0.1 lodash: 4.17.21 meow: 8.1.2 - semver: 6.3.1 + semver: 7.5.4 split: 1.0.1 through2: 4.0.2 dev: true @@ -6882,7 +6884,7 @@ packages: ignore: 5.2.4 minimatch: 3.1.2 resolve: 1.22.1 - semver: 6.3.1 + semver: 7.5.4 dev: true /eslint-plugin-only-error@1.0.2: @@ -6957,7 +6959,7 @@ packages: object.values: 1.1.6 prop-types: 15.8.1 resolve: 2.0.0-next.4 - semver: 6.3.1 + semver: 7.5.4 string.prototype.matchall: 4.0.8 dev: true @@ -7676,7 +7678,7 @@ packages: hasBin: true dependencies: meow: 8.1.2 - semver: 6.3.1 + semver: 7.5.4 dev: true /git-up@7.0.0: @@ -8600,7 +8602,7 @@ packages: '@babel/parser': 7.23.0 '@istanbuljs/schema': 0.1.3 istanbul-lib-coverage: 3.2.0 - semver: 6.3.1 + semver: 7.5.4 transitivePeerDependencies: - supports-color dev: true @@ -9723,14 +9725,14 @@ packages: engines: {node: '>=6'} dependencies: pify: 4.0.1 - semver: 5.7.2 + semver: 7.5.4 dev: true /make-dir@3.1.0: resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==} engines: {node: '>=8'} dependencies: - semver: 6.3.1 + semver: 7.5.4 dev: true /make-error@1.3.6: @@ -10271,7 +10273,7 @@ packages: dependencies: hosted-git-info: 2.8.9 resolve: 1.22.1 - semver: 5.7.2 + semver: 7.5.4 validate-npm-package-license: 3.0.4 dev: true @@ -10517,7 +10519,7 @@ packages: minimatch: 3.0.5 npm-run-path: 4.0.1 open: 8.4.2 - semver: 7.3.4 + semver: 7.5.4 string-width: 4.2.3 strong-log-transformer: 2.1.0 tar-stream: 2.2.0 @@ -11448,7 +11450,7 @@ packages: isarray: 1.0.0 process-nextick-args: 2.0.1 safe-buffer: 5.1.2 - string_decoder: 1.1.1 + string_decoder: 1.3.0 util-deprecate: 1.0.2 /readable-stream@3.6.1: @@ -11729,7 +11731,6 @@ packages: /safe-buffer@5.2.1: resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==} - dev: true /safe-regex-test@1.0.0: resolution: {integrity: sha1-eTuHTVJOs2QNGHOq0DWW2y1PIpU=} @@ -11814,32 +11815,6 @@ packages: node-forge: 1.3.1 dev: true - /semver@5.7.2: - resolution: {integrity: sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==} - hasBin: true - dev: true - - /semver@6.3.1: - resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==} - hasBin: true - dev: true - - /semver@7.3.4: - resolution: {integrity: sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==} - engines: {node: '>=10'} - hasBin: true - dependencies: - lru-cache: 6.0.0 - dev: true - - /semver@7.3.8: - resolution: {integrity: sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==} - engines: {node: '>=10'} - hasBin: true - dependencies: - lru-cache: 6.0.0 - dev: true - /semver@7.5.4: resolution: {integrity: sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==} engines: {node: '>=10'} @@ -12245,16 +12220,10 @@ packages: es-abstract: 1.21.1 dev: true - /string_decoder@1.1.1: - resolution: {integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==} - dependencies: - safe-buffer: 5.1.2 - /string_decoder@1.3.0: resolution: {integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==} dependencies: safe-buffer: 5.2.1 - dev: true /strip-ansi@6.0.1: resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} From a570a7be8eab73fbb1169b5c66ac346f60f75a4c Mon Sep 17 00:00:00 2001 From: shrshindeMSFT <98348000+shrshindeMSFT@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:25:52 -0800 Subject: [PATCH 4/5] Update resolutions in package.json to overrides --- package.json | 45 +++++++++++++---------------- pnpm-lock.yaml | 78 +++++++++++++++++++++++++++----------------------- 2 files changed, 62 insertions(+), 61 deletions(-) diff --git a/package.json b/package.json index 173800b8b5..09392b2018 100644 --- a/package.json +++ b/package.json @@ -100,34 +100,29 @@ "webpack-subresource-integrity": "^5.1.0", "yargs": "^17.7.2" }, - "resolutions": { - "axios": "^1.6.0", - "dns-packet": "^1.3.2", - "follow-redirects": "^1.15.4", - "glob-parent": "^5.1.2", - "lodash": "^4.17.21", - "merge": "^2.1.1", - "minimist": "^0.2.4", - "postcss": "^8.4.31", - "semver": "^7.5.2", - "serialize-javascript": "^3.1.0", - "set-value": "^2.0.1", - "string_decoder": "^1.3.0", - "tough-cookie": "^4.1.3", - "underscore": "1.12.1", - "url-parse": "^1.5.0", - "word-wrap": "^1.2.4", - "y18n": "^4.0.1" - }, - "dependencies": { - "uuid": "^9.0.0" - }, "pnpm": { "overrides": { - "minimist": "^1.2.8", - "semver": "^7.5.4", + "axios": "^1.6.0", + "dns-packet": "^1.3.2", + "follow-redirects": "^1.15.4", + "glob-parent": "^5.1.2", + "lodash": "^4.17.21", + "merge": "^2.1.1", + "minimist": "^0.2.4", + "postcss": "^8.4.31", + "semver": "^7.5.2", + "serialize-javascript": "^3.1.0", + "set-value": "^2.0.1", "socks": "^2.7.3", - "string_decoder": "^1.3.0" + "string_decoder": "^1.3.0", + "tough-cookie": "^4.1.3", + "underscore": "1.12.1", + "url-parse": "^1.5.0", + "word-wrap": "^1.2.4", + "y18n": "^4.0.1" } + }, + "dependencies": { + "uuid": "^9.0.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 009de08114..606b48e282 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,10 +1,24 @@ lockfileVersion: '6.0' overrides: - minimist: ^1.2.8 - semver: ^7.5.4 + axios: ^1.6.0 + dns-packet: ^1.3.2 + follow-redirects: ^1.15.4 + glob-parent: ^5.1.2 + lodash: ^4.17.21 + merge: ^2.1.1 + minimist: ^0.2.4 + postcss: ^8.4.31 + semver: ^7.5.2 + serialize-javascript: ^3.1.0 + set-value: ^2.0.1 socks: ^2.7.3 string_decoder: ^1.3.0 + tough-cookie: ^4.1.3 + underscore: 1.12.1 + url-parse: ^1.5.0 + word-wrap: ^1.2.4 + y18n: ^4.0.1 importers: @@ -3187,10 +3201,6 @@ packages: '@jridgewell/sourcemap-codec': 1.4.14 dev: true - /@leichtgewicht/ip-codec@2.0.4: - resolution: {integrity: sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A==} - dev: true - /@lerna/child-process@6.6.2: resolution: {integrity: sha512-QyKIWEnKQFnYu2ey+SAAm1A5xjzJLJJj3bhIZd3QKyXKKjaJ0hlxam/OsWSltxTNbcyH1jRJjC6Cxv31usv0Ag==} engines: {node: ^14.17.0 || >=16.0.0} @@ -6167,11 +6177,11 @@ packages: webpack: ^5.1.0 dependencies: fast-glob: 3.2.12 - glob-parent: 6.0.2 + glob-parent: 5.1.2 globby: 11.1.0 normalize-path: 3.0.0 schema-utils: 3.1.1 - serialize-javascript: 6.0.2 + serialize-javascript: 3.1.0 webpack: 5.88.2(webpack-cli@5.1.4) dev: true @@ -6487,7 +6497,7 @@ packages: hasBin: true dependencies: get-stdin: 0.1.0 - minimist: 1.2.8 + minimist: 0.2.4 dev: true /detect-indent@5.0.0: @@ -6530,11 +6540,11 @@ packages: resolution: {integrity: sha1-s55/HabrCnW6nBcySzR1PEfgZU0=} dev: true - /dns-packet@5.6.1: - resolution: {integrity: sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==} - engines: {node: '>=6'} + /dns-packet@1.3.4: + resolution: {integrity: sha512-BQ6F4vycLXBvdrJZ6S3gZewt6rcrks9KBgM9vrhW+knGRqc8uEdT7fuCwloc7nny5xNoMJ17HGH0R/6fpo8ECA==} dependencies: - '@leichtgewicht/ip-codec': 2.0.4 + ip: 1.1.8 + safe-buffer: 5.2.1 dev: true /doctrine@2.1.0: @@ -7707,13 +7717,6 @@ packages: is-glob: 4.0.3 dev: true - /glob-parent@6.0.2: - resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} - engines: {node: '>=10.13.0'} - dependencies: - is-glob: 4.0.3 - dev: true - /glob-to-regexp@0.4.1: resolution: {integrity: sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==} @@ -7865,7 +7868,7 @@ packages: engines: {node: '>=0.4.7'} hasBin: true dependencies: - minimist: 1.2.8 + minimist: 0.2.4 neo-async: 2.6.2 source-map: 0.6.1 wordwrap: 1.0.0 @@ -8315,6 +8318,10 @@ packages: sprintf-js: 1.1.3 dev: true + /ip@1.1.8: + resolution: {integrity: sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==} + dev: true + /ipaddr.js@1.9.1: resolution: {integrity: sha1-v/OFQ+64mEglB5/zoqjmy9RngbM=} engines: {node: '>= 0.10'} @@ -9957,8 +9964,8 @@ packages: kind-of: 6.0.3 dev: true - /minimist@1.2.8: - resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} + /minimist@0.2.4: + resolution: {integrity: sha512-Pkrrm8NjyQ8yVt8Am9M+yUt74zE3iokhzbG1bFVNjLB92vwM71hf40RkEsryg98BujhVOncKm/C1xROxZ030LQ==} dev: true /minipass-collect@1.0.2: @@ -10056,7 +10063,7 @@ packages: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} hasBin: true dependencies: - minimist: 1.2.8 + minimist: 0.2.4 dev: true /mkdirp@1.0.4: @@ -10099,7 +10106,7 @@ packages: resolution: {integrity: sha1-d+tGBX9NetvRbZKQ+nKZ9vpkzO0=} hasBin: true dependencies: - dns-packet: 5.6.1 + dns-packet: 1.3.4 thunky: 1.1.0 dev: true @@ -11844,8 +11851,8 @@ packages: - supports-color dev: true - /serialize-javascript@6.0.2: - resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==} + /serialize-javascript@3.1.0: + resolution: {integrity: sha512-JIJT1DGiWmIKhzRsG91aS6Ze4sFUrYbltlkg2onR5OrnNM02Kl/hnY/T4FN2omvyeBbQmMJv+K4cPOpGzOTFBg==} dependencies: randombytes: 2.1.0 dev: true @@ -11940,7 +11947,7 @@ packages: engines: {node: '>=6'} hasBin: true dependencies: - minimist: 1.2.8 + minimist: 0.2.4 shelljs: 0.8.5 dev: true @@ -12272,7 +12279,7 @@ packages: hasBin: true dependencies: duplexer: 0.1.2 - minimist: 1.2.8 + minimist: 0.2.4 through: 2.3.8 dev: true @@ -12422,7 +12429,7 @@ packages: '@jridgewell/trace-mapping': 0.3.20 jest-worker: 27.5.1 schema-utils: 3.3.0 - serialize-javascript: 6.0.2 + serialize-javascript: 3.1.0 terser: 5.19.4 webpack: 5.88.2(webpack-cli@5.1.4) dev: true @@ -12661,7 +12668,7 @@ packages: engines: {node: '>=6'} dependencies: json5: 2.2.3 - minimist: 1.2.8 + minimist: 0.2.4 strip-bom: 3.0.0 dev: true @@ -13524,9 +13531,8 @@ packages: engines: {node: '>=0.4'} dev: true - /y18n@5.0.8: - resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==} - engines: {node: '>=10'} + /y18n@4.0.3: + resolution: {integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==} dev: true /yallist@3.1.1: @@ -13561,7 +13567,7 @@ packages: get-caller-file: 2.0.5 require-directory: 2.1.1 string-width: 4.2.3 - y18n: 5.0.8 + y18n: 4.0.3 yargs-parser: 20.2.4 dev: true @@ -13574,7 +13580,7 @@ packages: get-caller-file: 2.0.5 require-directory: 2.1.1 string-width: 4.2.3 - y18n: 5.0.8 + y18n: 4.0.3 yargs-parser: 21.1.1 dev: true From c9e38233376d9138116e9b8c63ac590f2665af83 Mon Sep 17 00:00:00 2001 From: shrshindeMSFT <98348000+shrshindeMSFT@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:37:28 -0800 Subject: [PATCH 5/5] Add pnpm.overrides-explanation section in package.json --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index 09392b2018..f496215770 100644 --- a/package.json +++ b/package.json @@ -120,6 +120,10 @@ "url-parse": "^1.5.0", "word-wrap": "^1.2.4", "y18n": "^4.0.1" + }, + "overrides-explanation": { + "WHAT IS THIS SECTION": "pnpm ignores this section and comments aren't allowed in JSON files. This section documents why the above overrides have been put in place. If you add an override, describe it in this section.", + "socks": "There is a vulnerability in the ip package which has no fix. We consume ip via socks (eventually via lerna). Socks released a new version that removed the ip dependency. We are using this newer version of socks to avoid the vulnerability. If ip is ever updated or lerna (or any package in the chain) eventually updates to a version of socks that doesn't depend on ip, we can remove this override" } }, "dependencies": {