From 620c27095d8f7b3590e97678ef38d50b329aab00 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 29 Apr 2020 06:07:56 +0200 Subject: [PATCH 1/2] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index de39a9c..33592c5 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "license": "CC-BY-SA-3.0", "dependencies": { "filter.js": "github:perfectwebteam/filter.js", - "handlebars": "^4.0.10", + "handlebars": "^4.6.0", "lodash": "^4.17.4", "metalsmith-assets-copy": "0.0.2", "metalsmith-assets-improved": "github:contentascode/metalsmith-assets-improved#release", From 8eb24b43c6f0ac6882daf63cdeb9d12c93d73945 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 29 Apr 2020 06:07:57 +0200 Subject: [PATCH 2/2] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742 --- package-lock.json | 82 ++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 47 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1f9113c..f400731 100644 --- a/package-lock.json +++ b/package-lock.json @@ -688,14 +688,36 @@ } }, "handlebars": { - "version": "4.0.11", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.0.11.tgz", - "integrity": "sha1-Ywo13+ApS8KB7a5v/F0yn8eYLcw=", + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.6.0.tgz", + "integrity": "sha512-i1ZUP7Qp2JdkMaFon2a+b0m5geE8Z4ZTLaGkgrObkEd+OkUKyRbRWw4KxuFCoHfdETSY1yf9/574eVoNSiK7pw==", "requires": { - "async": "^1.4.0", + "neo-async": "^2.6.0", "optimist": "^0.6.1", - "source-map": "^0.4.4", - "uglify-js": "^2.6" + "source-map": "^0.6.1", + "uglify-js": "^3.1.4" + }, + "dependencies": { + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "optional": true + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" + }, + "uglify-js": { + "version": "3.9.1", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.9.1.tgz", + "integrity": "sha512-JUPoL1jHsc9fOjVFHdQIhqEEJsQvfKDjlubcCilu8U26uZ73qOg8VsN8O1jbuei44ZPlwL7kmbAdM4tzaUvqnA==", + "optional": true, + "requires": { + "commander": "~2.20.3" + } + } } }, "has": { @@ -1467,28 +1489,6 @@ } } }, - "metalsmith-markdown-taxonomy": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/metalsmith-markdown-taxonomy/-/metalsmith-markdown-taxonomy-0.0.2.tgz", - "integrity": "sha512-N+zbq76trOqwO4lhqo18FlUN9DhzDv1vGN6Tj/mOmWTkT3/4MM+Q0pil/SPrUIySDSJpSctc/hom8eLTNJcSeQ==", - "requires": { - "async": "^2.4.1", - "debug": "^2.2.0", - "lodash": "^4.17.4", - "marked": "^0.3.6", - "minimatch": "^3.0.0" - }, - "dependencies": { - "async": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/async/-/async-2.6.0.tgz", - "integrity": "sha512-xAfGg1/NTLBBKlHFmnd7PlmUW9KhVQIUuSrYem9xzFUZy13ScvtyGGejaae9iAVRiRq9+Cx7DPFaAAhCpyxyPw==", - "requires": { - "lodash": "^4.14.0" - } - } - } - }, "metalsmith-matters": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/metalsmith-matters/-/metalsmith-matters-1.2.0.tgz", @@ -1505,18 +1505,6 @@ "resolved": "https://registry.npmjs.org/metalsmith-metacopy/-/metalsmith-metacopy-0.2.0.tgz", "integrity": "sha1-Cl9sK0NNnMgmoUWn8BX3tmT0pfM=" }, - "metalsmith-migrate-safetag": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/metalsmith-migrate-safetag/-/metalsmith-migrate-safetag-0.2.0.tgz", - "integrity": "sha512-/qGKFehHya7amnFlXDB6R2xoBRbGJIYN0+1pStfb2fUgvxnUteH1gqwFnfF9i9uclF3yOtaUHNEMxWKcA6Q3fA==", - "requires": { - "debug": "^2.2.0", - "lodash": "^4.17.4", - "minimatch": "^3.0.0", - "source-map-support": "^0.4.15", - "trim-newlines": "^2.0.0" - } - }, "metalsmith-packages": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/metalsmith-packages/-/metalsmith-packages-0.1.0.tgz", @@ -1545,7 +1533,7 @@ "async": "^2.0.0-rc.2", "debug": "^2.1.0", "multimatch": "^2.1.0", - "pdc": "github:cherbst/node-pdc#720ad811afd5239c27b3bbe9b4cd8677b0cde1df", + "pdc": "pdc@github:cherbst/node-pdc#720ad811afd5239c27b3bbe9b4cd8677b0cde1df", "system-install": "^1.0.0", "which": "^1.0.8" }, @@ -1668,7 +1656,7 @@ "requires": { "async": "^2.4.1", "debug": "^2.2.0", - "hercule": "github:contentascode/hercule#2df09afb83b52c5cf8edc241a85d40a7ef0a546f", + "hercule": "hercule@github:contentascode/hercule#2df09afb83b52c5cf8edc241a85d40a7ef0a546f", "json-pointer": "^0.6.0", "multimatch": "^2.1.0", "pegjs": "^0.10.0" @@ -1819,6 +1807,11 @@ "minimatch": "^3.0.0" } }, + "neo-async": { + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.1.tgz", + "integrity": "sha512-iyam8fBuCUpWeKPGpaNMetEocMt364qkCsfL9JuhjXX6dRnguRVOfk2GZaDpPjcOKiiXCPINZC1GczQ7iTq3Zw==" + }, "node-static": { "version": "0.7.10", "resolved": "https://registry.npmjs.org/node-static/-/node-static-0.7.10.tgz", @@ -3135,11 +3128,6 @@ "resolved": "https://registry.npmjs.org/trim/-/trim-0.0.1.tgz", "integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0=" }, - "trim-newlines": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-2.0.0.tgz", - "integrity": "sha1-tAPQuRvlDDMd/EuC7s6yLD3hbSA=" - }, "trim-trailing-lines": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.0.tgz",