From 986ec5cbed0d0280300d0bd84d0d3b1c7baf30fb Mon Sep 17 00:00:00 2001 From: Antoine Colombier Date: Mon, 1 Apr 2019 09:53:23 +0100 Subject: [PATCH 1/4] Updating package dependencies to fix DoS vulnerability --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index b4c3865..43a8e33 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,6 @@ "colors": "^1.2.1", "commander": "^2.15.0", "core-js": "^2.5.1", - "js-yaml": "^3.7.0", "merge-options": "^1.0.1", "opn": "^5.2.0", "winston": "^2.4.0", @@ -39,10 +38,11 @@ "@types/source-map-support": "^0.4.0", "@types/winston": "^2.3.7", "chai": "latest", - "mocha": "latest", - "typescript": "~2.6.2", "dependency-check": "^2.9.1", - "proxyquire-2": "^1.0.7" + "js-yaml": "^3.13.0", + "mocha": "latest", + "proxyquire-2": "^1.0.7", + "typescript": "~2.6.2" }, "scripts": { "build": "tsc", From 77ea47bb93b575c3d768dd045f1d9abb5e25fb87 Mon Sep 17 00:00:00 2001 From: Antoine Colombier Date: Tue, 2 Apr 2019 10:09:09 +0100 Subject: [PATCH 2/4] Fixing wrong location for dependency and updating CHANGELOG.md --- CHANGELOG.md | 10 +++++++--- package.json | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d53a785..6a75e8e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,12 @@ Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] +## [1.9.7] - 2019-04-02 +### Changed +- Merge PR #232, Update dependency `js-yaml` to fix DoS vulnerability + ## [1.9.6] - 2019-02-27 -### Added +### Added - Merge PR #227, adding Depreciation/Retirement Notice to README.md ### Fixed @@ -193,8 +197,8 @@ Versioning](http://semver.org/spec/v2.0.0.html). ### Fixed - Merge PR #60, allowing a single wildcard as a string within the template - Merge PR #65, allowing forked branches to run tests -- Merge PR #71, fixing maps, see #69 and #68 -- Merge PR #63, fixing if intrinsic functions, see +- Merge PR #71, fixing maps, see #69 and #68 +- Merge PR #63, fixing if intrinsic functions, see ## [1.1.7] - 2017-10-07 ### Changed diff --git a/package.json b/package.json index 43a8e33..87f85dc 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,8 @@ "winston": "^2.4.0", "sha.js": "^2.4.11", "source-map-support": "^0.5.0", - "safe-buffer": "^5.1.1" + "safe-buffer": "^5.1.1", + "js-yaml": "^3.13.0" }, "devDependencies": { "@types/chai": "^4.0.4", @@ -39,7 +40,6 @@ "@types/winston": "^2.3.7", "chai": "latest", "dependency-check": "^2.9.1", - "js-yaml": "^3.13.0", "mocha": "latest", "proxyquire-2": "^1.0.7", "typescript": "~2.6.2" From 0e57a85e26129b7988bb67e62077bae26ace7e7d Mon Sep 17 00:00:00 2001 From: Antoine Colombier Date: Tue, 2 Apr 2019 11:10:00 +0100 Subject: [PATCH 3/4] Fixing Mocha version to support Node 4 LTS --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 87f85dc..9dcde4d 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "@types/winston": "^2.3.7", "chai": "latest", "dependency-check": "^2.9.1", - "mocha": "latest", + "mocha": "^5.2.0", "proxyquire-2": "^1.0.7", "typescript": "~2.6.2" }, From 5c78b39d7d8cdd2189b7841fd125367a718ef50e Mon Sep 17 00:00:00 2001 From: Marty Sweet Date: Wed, 3 Apr 2019 16:25:06 +0100 Subject: [PATCH 4/4] Update CHANGELOG.md --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a75e8e..6e9d771 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] - -## [1.9.7] - 2019-04-02 ### Changed - Merge PR #232, Update dependency `js-yaml` to fix DoS vulnerability