From 5f46ec1d6b5f0ecaff793d145266c9e61cff0ea6 Mon Sep 17 00:00:00 2001 From: Alberto Ruiz <109065994+alber-devo@users.noreply.github.com> Date: Sat, 28 Oct 2023 11:32:14 +0100 Subject: [PATCH] fix/snyk vulnerability (#46) ## 3.1.5 Fix vulns by updating transitive package (@devoinc/js-helper) - https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 --- CHANGELOG.md | 5 +++++ package-lock.json | 34 +++++++++++++++++----------------- package.json | 4 ++-- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c10f470..bd21ba2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ Change log. +## 3.1.5 + +Fix vulns by updating transitive package (@devoinc/js-helper) +- https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119 + ## 3.1.4 Fix API error processing to avoid calling done callback. diff --git a/package-lock.json b/package-lock.json index 3363f44..cd9ba28 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,16 +1,16 @@ { "name": "@devoinc/browser-sdk", - "version": "3.1.4", + "version": "3.1.5", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@devoinc/browser-sdk", - "version": "3.1.4", + "version": "3.1.5", "hasInstallScript": true, "license": "MIT", "dependencies": { - "@devoinc/js-helper": "^2.0.1", + "@devoinc/js-helper": "^2.0.2", "abort-controller": "^3.0.0", "detect-browser": "^5.3.0", "fetch-readablestream": "^0.2.0", @@ -1710,11 +1710,11 @@ } }, "node_modules/@devoinc/js-helper": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@devoinc/js-helper/-/js-helper-2.0.1.tgz", - "integrity": "sha512-Rz2fn2WLwSpX3Ivd9ZyZMVXKOxzWV9Cww6toCE5EIm1drj1rLGSLcy2vafb21ej+r0XJPWJ5ooUeqU4Ok3aF6g==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/@devoinc/js-helper/-/js-helper-2.0.2.tgz", + "integrity": "sha512-sM7pjseOs/fgnXn2tdNInJD0gNsa7+r6s+EpFKURgTi1Ip2KB9rUB6lORP3VfmYeP3EN3ZHv+zqPZRVr8QB+XQ==", "dependencies": { - "crypto-js": "4.1.1" + "crypto-js": "^4.2.0" }, "engines": { "node": ">=14", @@ -4152,9 +4152,9 @@ } }, "node_modules/crypto-js": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.1.1.tgz", - "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==" + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", + "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==" }, "node_modules/css-loader": { "version": "6.7.1", @@ -12890,11 +12890,11 @@ } }, "@devoinc/js-helper": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@devoinc/js-helper/-/js-helper-2.0.1.tgz", - "integrity": "sha512-Rz2fn2WLwSpX3Ivd9ZyZMVXKOxzWV9Cww6toCE5EIm1drj1rLGSLcy2vafb21ej+r0XJPWJ5ooUeqU4Ok3aF6g==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/@devoinc/js-helper/-/js-helper-2.0.2.tgz", + "integrity": "sha512-sM7pjseOs/fgnXn2tdNInJD0gNsa7+r6s+EpFKURgTi1Ip2KB9rUB6lORP3VfmYeP3EN3ZHv+zqPZRVr8QB+XQ==", "requires": { - "crypto-js": "4.1.1" + "crypto-js": "^4.2.0" } }, "@devoinc/prettier-config": { @@ -14822,9 +14822,9 @@ } }, "crypto-js": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.1.1.tgz", - "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==" + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", + "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==" }, "css-loader": { "version": "6.7.1", diff --git a/package.json b/package.json index a714b15..420e3d4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@devoinc/browser-sdk", - "version": "3.1.4", + "version": "3.1.5", "description": "Devo browser SDK", "author": "Devo Dev Team", "eslintConfig": { @@ -45,7 +45,7 @@ "LinQ" ], "dependencies": { - "@devoinc/js-helper": "^2.0.1", + "@devoinc/js-helper": "^2.0.2", "abort-controller": "^3.0.0", "detect-browser": "^5.3.0", "fetch-readablestream": "^0.2.0",