You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2018/03/09 20:14:59 UTC
[airavata-django-portal] branch master updated: Upgrade moment.js,
2.19.1 has vulnerability
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
The following commit(s) were added to refs/heads/master by this push:
new e69420e Upgrade moment.js, 2.19.1 has vulnerability
e69420e is described below
commit e69420e416ed94446f73260135e39c5eeacddbb8
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Fri Mar 9 15:14:53 2018 -0500
Upgrade moment.js, 2.19.1 has vulnerability
2.19.1 has regular expression denial of service (ReDoS) vulnerability.
See https://github.com/moment/moment/issues/4163 for details.
---
django_airavata/apps/workspace/package-lock.json | 46 +++++++++++++++++++++---
django_airavata/apps/workspace/package.json | 2 +-
2 files changed, 42 insertions(+), 6 deletions(-)
diff --git a/django_airavata/apps/workspace/package-lock.json b/django_airavata/apps/workspace/package-lock.json
index c7d7ad0..17ff94c 100644
--- a/django_airavata/apps/workspace/package-lock.json
+++ b/django_airavata/apps/workspace/package-lock.json
@@ -1830,6 +1830,9 @@
},
"django-airavata-api": {
"version": "file:../api",
+ "requires": {
+ "url-parse": "1.2.0"
+ },
"dependencies": {
"ansi-regex": {
"version": "2.1.1",
@@ -2464,7 +2467,6 @@
"requires": {
"anymatch": "1.3.2",
"async-each": "1.0.1",
- "fsevents": "1.1.2",
"glob-parent": "2.0.0",
"inherits": "2.0.3",
"is-binary-path": "1.0.1",
@@ -2892,6 +2894,10 @@
"bundled": true,
"optional": true
},
+ "querystringify": {
+ "version": "1.0.0",
+ "bundled": true
+ },
"randomatic": {
"version": "1.1.7",
"bundled": true,
@@ -2984,6 +2990,10 @@
"is-finite": "1.0.2"
}
},
+ "requires-port": {
+ "version": "1.0.0",
+ "bundled": true
+ },
"safe-buffer": {
"version": "5.1.1",
"bundled": true
@@ -3039,6 +3049,14 @@
"version": "1.0.1",
"bundled": true
},
+ "url-parse": {
+ "version": "1.2.0",
+ "bundled": true,
+ "requires": {
+ "querystringify": "1.0.0",
+ "requires-port": "1.0.0"
+ }
+ },
"user-home": {
"version": "1.1.1",
"bundled": true
@@ -4597,6 +4615,9 @@
"django-airavata-api": {
"version": "file:../api",
"bundled": true,
+ "requires": {
+ "url-parse": "1.2.0"
+ },
"dependencies": {
"ansi-regex": {
"version": "2.1.1",
@@ -5231,7 +5252,6 @@
"requires": {
"anymatch": "1.3.2",
"async-each": "1.0.1",
- "fsevents": "1.1.2",
"glob-parent": "2.0.0",
"inherits": "2.0.3",
"is-binary-path": "1.0.1",
@@ -5659,6 +5679,10 @@
"bundled": true,
"optional": true
},
+ "querystringify": {
+ "version": "1.0.0",
+ "bundled": true
+ },
"randomatic": {
"version": "1.1.7",
"bundled": true,
@@ -5751,6 +5775,10 @@
"is-finite": "1.0.2"
}
},
+ "requires-port": {
+ "version": "1.0.0",
+ "bundled": true
+ },
"safe-buffer": {
"version": "5.1.1",
"bundled": true
@@ -5806,6 +5834,14 @@
"version": "1.0.1",
"bundled": true
},
+ "url-parse": {
+ "version": "1.2.0",
+ "bundled": true,
+ "requires": {
+ "querystringify": "1.0.0",
+ "requires-port": "1.0.0"
+ }
+ },
"user-home": {
"version": "1.1.1",
"bundled": true
@@ -13259,9 +13295,9 @@
}
},
"moment": {
- "version": "2.19.1",
- "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.1.tgz",
- "integrity": "sha1-VtoaLRy/AdOLfhr8McELz6GSkWc="
+ "version": "2.21.0",
+ "resolved": "https://registry.npmjs.org/moment/-/moment-2.21.0.tgz",
+ "integrity": "sha512-TCZ36BjURTeFTM/CwRcViQlfkMvL1/vFISuNLO5GkcVm1+QHfbSiNqZuWeMFjj1/3+uAjXswgRk30j1kkLYJBQ=="
},
"ms": {
"version": "2.0.0",
diff --git a/django_airavata/apps/workspace/package.json b/django_airavata/apps/workspace/package.json
index c8d9725..e44836f 100644
--- a/django_airavata/apps/workspace/package.json
+++ b/django_airavata/apps/workspace/package.json
@@ -14,7 +14,7 @@
"bootstrap-vue": "^1.4.1",
"django-airavata-api": "file:../api",
"django-airavata-common-ui": "file:../../static/common",
- "moment": "^2.18.1",
+ "moment": "^2.21.0",
"vue": "^2.3.3"
},
"devDependencies": {
--
To stop receiving notification emails like this one, please contact
machristie@apache.org.