From eb9ebde06db62d21b875e0a7ab282c9038c725ce Mon Sep 17 00:00:00 2001 From: Jordan Van Ness Date: Tue, 10 Sep 2024 11:14:21 -0700 Subject: [PATCH 1/4] fix: adding resolutions for path-to-regexp to fix dependabot issue --- package.json | 2 ++ yarn.lock | 16 ++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 2213dc0c9cc..082e1832b29 100644 --- a/package.json +++ b/package.json @@ -75,6 +75,7 @@ "**/@angular-devkit/build-angular/webpack": "^5.76.0", "**/@size-limit/webpack/webpack": "^5.76.0", "**/serve/serve-handler/minimatch": "3.0.5", + "**/serve/serve-handler/path-to-regexp": "8.0.0", "@adobe/css-tools": "^4.3.2", "@babel/traverse": "7.23.2", "@cypress/request": "^3.0.0", @@ -88,6 +89,7 @@ "loader-utils": "2.0.4", "node-forge": "1.3.0", "nth-check": "^2.0.1", + "path-to-regexp": "0.1.10", "postcss": "^8.4.31", "prismjs": "^1.25.0", "react": "18.2.0", diff --git a/yarn.lock b/yarn.lock index d88cff4c94c..72c12ae3d56 100644 --- a/yarn.lock +++ b/yarn.lock @@ -24717,15 +24717,15 @@ path-strip-sep@^1.0.17: dependencies: tslib "^2" -path-to-regexp@0.1.7: - version "0.1.7" - resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" - integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ== +path-to-regexp@0.1.10, path-to-regexp@0.1.7: + version "0.1.10" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b" + integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w== -path-to-regexp@2.2.1: - version "2.2.1" - resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.2.1.tgz#90b617025a16381a879bc82a38d4e8bdeb2bcf45" - integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ== +path-to-regexp@2.2.1, path-to-regexp@8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-8.0.0.tgz#92076ec6b2eaf08be7c3233484142c05e8866cf5" + integrity sha512-GAWaqWlTjYK/7SVpIUA6CTxmcg65SP30sbjdCvyYReosRkk7Z/LyHWwkK3Vu0FcIi0FNTADUs4eh1AsU5s10cg== path-type@^4.0.0: version "4.0.0" From 2942bf8c424f8b58d4ac067f70556cee3889b475 Mon Sep 17 00:00:00 2001 From: Jordan Van Ness Date: Tue, 10 Sep 2024 13:18:41 -0700 Subject: [PATCH 2/4] fix: downgrading path-to-regexp to 0.1.10 --- package.json | 1 - yarn.lock | 45 ++++++++++++++++++++------------------------- 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/package.json b/package.json index 082e1832b29..c7f67611760 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,6 @@ "**/@angular-devkit/build-angular/webpack": "^5.76.0", "**/@size-limit/webpack/webpack": "^5.76.0", "**/serve/serve-handler/minimatch": "3.0.5", - "**/serve/serve-handler/path-to-regexp": "8.0.0", "@adobe/css-tools": "^4.3.2", "@babel/traverse": "7.23.2", "@cypress/request": "^3.0.0", diff --git a/yarn.lock b/yarn.lock index 72c12ae3d56..c59c7882f2d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13528,7 +13528,7 @@ "@zeit/schemas@2.6.0": version "2.6.0" - resolved "https://registry.npmjs.org/@zeit/schemas/-/schemas-2.6.0.tgz#004e8e553b4cd53d538bd38eac7bcbf58a867fe3" + resolved "https://registry.yarnpkg.com/@zeit/schemas/-/schemas-2.6.0.tgz#004e8e553b4cd53d538bd38eac7bcbf58a867fe3" integrity sha512-uUrgZ8AxS+Lio0fZKAipJjAh415JyrOZowliZAzmnJSsf7piVL5w+G0+gFJ0KSu3QRhvui/7zuvpLz03YjXAhg== abab@^2.0.6: @@ -13719,7 +13719,7 @@ anser@^1.4.9: ansi-align@^2.0.0: version "2.0.0" - resolved "https://registry.npmjs.org/ansi-align/-/ansi-align-2.0.0.tgz#c36aeccba563b89ceb556f3690f0b1d9e3547f7f" + resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-2.0.0.tgz#c36aeccba563b89ceb556f3690f0b1d9e3547f7f" integrity sha512-TdlOggdA/zURfMYa7ABC66j+oqfMew58KpJMbUlH3bcZP1b+cBHIHDDn5uH9INsxrHBPjsqM0tDB4jPTF/vgJA== dependencies: string-width "^2.0.0" @@ -13757,7 +13757,7 @@ ansi-html-community@^0.0.8: ansi-regex@^3.0.0: version "3.0.1" - resolved "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.1.tgz#123d6479e92ad45ad897d4054e3c7ca7db4944e1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.1.tgz#123d6479e92ad45ad897d4054e3c7ca7db4944e1" integrity sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw== ansi-regex@^4.1.0: @@ -13850,7 +13850,7 @@ are-we-there-yet@^3.0.0: arg@2.0.0: version "2.0.0" - resolved "https://registry.npmjs.org/arg/-/arg-2.0.0.tgz#c06e7ff69ab05b3a4a03ebe0407fac4cba657545" + resolved "https://registry.yarnpkg.com/arg/-/arg-2.0.0.tgz#c06e7ff69ab05b3a4a03ebe0407fac4cba657545" integrity sha512-XxNTUzKnz1ctK3ZIcI2XUPlD96wbHP2nGqkPKpvk/HNRlPveYrXIVSTk9m3LcqOgDPg3B1nMvdV/K8wZd7PG4w== arg@^4.1.0: @@ -14593,7 +14593,7 @@ bowser@^2.11.0: boxen@1.3.0: version "1.3.0" - resolved "https://registry.npmjs.org/boxen/-/boxen-1.3.0.tgz#55c6c39a8ba58d9c61ad22cd877532deb665a20b" + resolved "https://registry.yarnpkg.com/boxen/-/boxen-1.3.0.tgz#55c6c39a8ba58d9c61ad22cd877532deb665a20b" integrity sha512-TNPjfTr432qx7yOjQyaXm3dSR0MH9vXp7eT1BFSl/C51g+EFnOR9hTg1IreahGBmDNCehscshe45f+C1TBZbLw== dependencies: ansi-align "^2.0.0" @@ -14921,7 +14921,7 @@ camelcase-keys@6.2.2, camelcase-keys@^6.2.2: camelcase@^4.0.0: version "4.1.0" - resolved "https://registry.npmjs.org/camelcase/-/camelcase-4.1.0.tgz#d545635be1e33c542649c69173e5de6acfae34dd" + resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-4.1.0.tgz#d545635be1e33c542649c69173e5de6acfae34dd" integrity sha512-FxAv7HpHrXbh3aPo4o2qxHay2lkLY3x5Mw3KeE4KQE8ysVfziWeRZDwcjauvwBSGEC/nXUPzZy8zeh4HokqOnw== camelcase@^5.0.0, camelcase@^5.3.1: @@ -14999,7 +14999,7 @@ ccount@^2.0.0: chalk@2.4.1: version "2.4.1" - resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.1.tgz#18c49ab16a037b6eb0152cc83e3471338215b66e" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.1.tgz#18c49ab16a037b6eb0152cc83e3471338215b66e" integrity sha512-ObN6h1v2fTJSmUXoS3nMQ92LbDK9be4TV+6G+omQlGJFdcUX5heKi1LZ1YnRMIgwTLEj3E24bT6tYni50rlCfQ== dependencies: ansi-styles "^3.2.1" @@ -15243,7 +15243,7 @@ clean-stack@^2.0.0: cli-boxes@^1.0.0: version "1.0.0" - resolved "https://registry.npmjs.org/cli-boxes/-/cli-boxes-1.0.0.tgz#4fa917c3e59c94a004cd61f8ee509da651687143" + resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-1.0.0.tgz#4fa917c3e59c94a004cd61f8ee509da651687143" integrity sha512-3Fo5wu8Ytle8q9iCzS4D2MWVL2X7JVWRiS1BnXbTFDhS9c/REkM9vd1AmabsoZoY5/dGi5TT9iKL8Kb6DeBRQg== cli-cursor@^3.1.0: @@ -15312,7 +15312,7 @@ client-only@0.0.1: clipboardy@2.3.0: version "2.3.0" - resolved "https://registry.npmjs.org/clipboardy/-/clipboardy-2.3.0.tgz#3c2903650c68e46a91b388985bc2774287dba290" + resolved "https://registry.yarnpkg.com/clipboardy/-/clipboardy-2.3.0.tgz#3c2903650c68e46a91b388985bc2774287dba290" integrity sha512-mKhiIL2DrQIsuXMgBgnfEHOZOryC7kY7YO//TN6c63wlEm3NG5tz+YgY5rVi29KCmq/QQjKYvM7a19+MDOTHOQ== dependencies: arch "^2.1.1" @@ -15570,7 +15570,7 @@ compressible@~2.0.14, compressible@~2.0.16: compression@1.7.3: version "1.7.3" - resolved "https://registry.npmjs.org/compression/-/compression-1.7.3.tgz#27e0e176aaf260f7f2c2813c3e440adb9f1993db" + resolved "https://registry.yarnpkg.com/compression/-/compression-1.7.3.tgz#27e0e176aaf260f7f2c2813c3e440adb9f1993db" integrity sha512-HSjyBG5N1Nnz7tF2+O7A9XUhyjru71/fwgNb7oIsEVHR0WShfs2tIS/EySLgiTe98aOK18YDlMXpzjCXY/n9mg== dependencies: accepts "~1.3.5" @@ -18276,7 +18276,7 @@ execa@4.1.0: execa@^0.7.0: version "0.7.0" - resolved "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz#944becd34cc41ee32a63a9faf27ad5a65fc59777" + resolved "https://registry.yarnpkg.com/execa/-/execa-0.7.0.tgz#944becd34cc41ee32a63a9faf27ad5a65fc59777" integrity sha512-RztN09XglpYI7aBBrJCPW95jEH7YF1UEPOoX9yDhUTPdp7mK+CQvnLTuD10BNXZ3byLTu2uehZ8EcKT/4CGiFw== dependencies: cross-spawn "^5.0.1" @@ -19100,7 +19100,7 @@ get-package-type@^0.1.0: get-stream@^3.0.0: version "3.0.0" - resolved "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz#8e943d1358dc37555054ecbe2edb05aa174ede14" + resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-3.0.0.tgz#8e943d1358dc37555054ecbe2edb05aa174ede14" integrity sha512-GlhdIUuVakc8SJ6kK0zAFbiGzRFzNnY4jUuEbV9UROo4Y+0Ny4fjvcZFVTeDA4odpFyOQzaw6hXukJSq/f28sQ== get-stream@^4.0.0: @@ -24717,16 +24717,11 @@ path-strip-sep@^1.0.17: dependencies: tslib "^2" -path-to-regexp@0.1.10, path-to-regexp@0.1.7: +path-to-regexp@0.1.10, path-to-regexp@0.1.7, path-to-regexp@2.2.1: version "0.1.10" resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b" integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w== -path-to-regexp@2.2.1, path-to-regexp@8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-8.0.0.tgz#92076ec6b2eaf08be7c3233484142c05e8866cf5" - integrity sha512-GAWaqWlTjYK/7SVpIUA6CTxmcg65SP30sbjdCvyYReosRkk7Z/LyHWwkK3Vu0FcIi0FNTADUs4eh1AsU5s10cg== - path-type@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" @@ -27429,7 +27424,7 @@ serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: serve-handler@6.1.3: version "6.1.3" - resolved "https://registry.npmjs.org/serve-handler/-/serve-handler-6.1.3.tgz#1bf8c5ae138712af55c758477533b9117f6435e8" + resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.3.tgz#1bf8c5ae138712af55c758477533b9117f6435e8" integrity sha512-FosMqFBNrLyeiIDvP1zgO6YoTzFYHxLDEIavhlmQ+knB2Z7l1t+kGLHkZIDN7UVWqQAmKI3D20A6F6jo3nDd4w== dependencies: bytes "3.0.0" @@ -27466,7 +27461,7 @@ serve-static@1.15.0, serve-static@^1.13.1: serve@^12.0.0: version "12.0.1" - resolved "https://registry.npmjs.org/serve/-/serve-12.0.1.tgz#5b0e05849f5ed9b8aab0f30a298c3664bba052bb" + resolved "https://registry.yarnpkg.com/serve/-/serve-12.0.1.tgz#5b0e05849f5ed9b8aab0f30a298c3664bba052bb" integrity sha512-CQ4ikLpxg/wmNM7yivulpS6fhjRiFG6OjmP8ty3/c1SBnSk23fpKmLAV4HboTA2KrZhkUPlDfjDhnRmAjQ5Phw== dependencies: "@zeit/schemas" "2.6.0" @@ -28099,7 +28094,7 @@ string-natural-compare@^3.0.1: string-width@^2.0.0, string-width@^2.1.1: version "2.1.1" - resolved "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-2.1.1.tgz#ab93f27a8dc13d28cac815c462143a6d9012ae9e" integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw== dependencies: is-fullwidth-code-point "^2.0.0" @@ -28229,7 +28224,7 @@ strip-ansi@6.0.1, strip-ansi@^6.0.0, strip-ansi@^6.0.1: strip-ansi@^4.0.0: version "4.0.0" - resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-4.0.0.tgz#a8479022eb1ac368a871389b635262c505ee368f" integrity sha512-4XaJ2zQdCzROZDivEVIDPkcQn8LMFSa8kj8Gxb/Lnwzv9A8VctNZ+lfivC/sV3ivW8ElJTERXZoPBRrZKkNKow== dependencies: ansi-regex "^3.0.0" @@ -28605,7 +28600,7 @@ tempfile@^2.0.0: term-size@^1.2.0: version "1.2.0" - resolved "https://registry.npmjs.org/term-size/-/term-size-1.2.0.tgz#458b83887f288fc56d6fffbfad262e26638efa69" + resolved "https://registry.yarnpkg.com/term-size/-/term-size-1.2.0.tgz#458b83887f288fc56d6fffbfad262e26638efa69" integrity sha512-7dPUZQGy/+m3/wjVz3ZW5dobSoD/02NxJpoXUX0WIyjfVS3l0c+b/+9phIDFA7FHzkYtwtMFgeGZ/Y8jVTeqQQ== dependencies: execa "^0.7.0" @@ -29608,7 +29603,7 @@ update-browserslist-db@^1.1.0: update-check@1.5.2: version "1.5.2" - resolved "https://registry.npmjs.org/update-check/-/update-check-1.5.2.tgz#2fe09f725c543440b3d7dabe8971f2d5caaedc28" + resolved "https://registry.yarnpkg.com/update-check/-/update-check-1.5.2.tgz#2fe09f725c543440b3d7dabe8971f2d5caaedc28" integrity sha512-1TrmYLuLj/5ZovwUS7fFd1jMH3NnFDN1y1A8dboedIDt7zs/zJMo6TwwlhYKkSeEwzleeiSBV5/3c9ufAQWDaQ== dependencies: registry-auth-token "3.3.2" @@ -30265,7 +30260,7 @@ wide-align@^1.1.2, wide-align@^1.1.5: widest-line@^2.0.0: version "2.0.1" - resolved "https://registry.npmjs.org/widest-line/-/widest-line-2.0.1.tgz#7438764730ec7ef4381ce4df82fb98a53142a3fc" + resolved "https://registry.yarnpkg.com/widest-line/-/widest-line-2.0.1.tgz#7438764730ec7ef4381ce4df82fb98a53142a3fc" integrity sha512-Ba5m9/Fa4Xt9eb2ELXt77JxVDV8w7qQrH0zS/TWSJdLyAwQjWoOzpzj5lwVftDz6n/EOu3tNACS84v509qwnJA== dependencies: string-width "^2.1.1" From bbe0669c944e5fc7a86e59fe94977b437a64ff5c Mon Sep 17 00:00:00 2001 From: Jordan Van Ness Date: Thu, 12 Sep 2024 07:37:09 -0700 Subject: [PATCH 3/4] pinning serve-handler's import of path-to-regexp to new safe version --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index c7f67611760..55f0abbd64a 100644 --- a/package.json +++ b/package.json @@ -75,6 +75,7 @@ "**/@angular-devkit/build-angular/webpack": "^5.76.0", "**/@size-limit/webpack/webpack": "^5.76.0", "**/serve/serve-handler/minimatch": "3.0.5", + "**/serve/serve-handler/path-to-regexp": "^3.3.0", "@adobe/css-tools": "^4.3.2", "@babel/traverse": "7.23.2", "@cypress/request": "^3.0.0", From 81eb7df37500dadbe3c9401994cbf9c352a927c2 Mon Sep 17 00:00:00 2001 From: Jordan Van Ness Date: Thu, 12 Sep 2024 07:55:56 -0700 Subject: [PATCH 4/4] chore: updating pinned version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b7a7a134e45..c2e68c52d21 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,7 @@ "**/@angular-devkit/build-angular/webpack": "^5.76.0", "**/@size-limit/webpack/webpack": "^5.76.0", "**/serve/serve-handler/minimatch": "3.0.5", - "**/serve/serve-handler/path-to-regexp": "^3.3.0", + "**/serve/serve-handler/path-to-regexp": "3.3.0", "@adobe/css-tools": "^4.3.2", "@babel/traverse": "7.23.2", "@cypress/request": "^3.0.0",