Skip to content

Commit

Permalink
chore: upgrade dependencies to remove vm2 vulnerability (#25355)
Browse files Browse the repository at this point in the history 
Not that anybody uses the PAC resolver feature, but that feature uses `vm2` and `vm2` has vulnerabilities reported against it every other week.

Upgrade all dependencies to remove the use of vulnerable versions of that dependency.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@rix0rrr
rix0rrr authored May 3, 2023
1 parent 04323c4 commit 8c0de6d
Show file tree
Hide file tree
Showing 30 changed files with 878 additions and 969 deletions.
6 changes: 3 additions & 3 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
"build-all": "tsc -b"
},
"devDependencies": {
"@nrwl/cli": "^15.9.1",
"@nrwl/workspace": "^15.9.1",
"@types/node": "18.11.19",
"@types/prettier": "2.6.0",
"@yarnpkg/lockfile": "^1.1.0",
Expand All @@ -28,12 +30,10 @@
"jsii-reflect": "1.78.1",
"jsii-rosetta": "~5.0.7",
"lerna": "^6.6.1",
"nx": "^15.9.1",
"patch-package": "^6.5.1",
"semver": "^6.3.0",
"standard-version": "^9.5.0",
"@nrwl/cli": "^15.9.1",
"@nrwl/workspace": "^15.9.1",
"nx": "^15.9.1",
"typescript": "~4.9.5"
},
"resolutions": {
Expand Down
3 changes: 2 additions & 1 deletion packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@
"experimentalDecorators": true,
"incremental": true,
"lib": [
"es2020"
"es2020",
"dom"
],
"module": "CommonJS",
"newLine": "lf",
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/cdk-cli-wrapper/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"compilerOptions": {
"target": "ES2020",
"module": "commonjs",
"lib": ["es2020"],
"lib": ["es2020", "dom"],
"strict": true,
"alwaysStrict": true,
"declaration": true,
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/cfnspec/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"compilerOptions": {
"target":"ES2020",
"module": "commonjs",
"lib": ["es2016", "es2017.object", "es2017.string"],
"lib": ["es2016", "es2017.object", "es2017.string", "dom"],
"declaration": true,
"composite": true,
"strict": true,
Expand Down
18 changes: 9 additions & 9 deletions packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE

----------------

** aws-sdk@2.1329.0 - https://www.npmjs.com/package/aws-sdk/v/2.1329.0 | Apache-2.0
** aws-sdk@2.1367.0 - https://www.npmjs.com/package/aws-sdk/v/2.1367.0 | Apache-2.0
AWS SDK for JavaScript
Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Expand Down Expand Up @@ -915,7 +915,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI

----------------

** degenerator@3.0.2 - https://www.npmjs.com/package/degenerator/v/3.0.2 | MIT
** degenerator@3.0.4 - https://www.npmjs.com/package/degenerator/v/3.0.4 | MIT

----------------

Expand Down Expand Up @@ -1439,7 +1439,7 @@ https://creativecommons.org/licenses/by-sa/4.0/

----------------

** graceful-fs@4.2.10 - https://www.npmjs.com/package/graceful-fs/v/4.2.10 | ISC
** graceful-fs@4.2.11 - https://www.npmjs.com/package/graceful-fs/v/4.2.11 | ISC
The ISC License

Copyright (c) 2011-2022 Isaac Z. Schlueter, Ben Noordhuis, and Contributors
Expand Down Expand Up @@ -2597,7 +2597,7 @@ IN THE SOFTWARE.

----------------

** readable-stream@3.6.1 - https://www.npmjs.com/package/readable-stream/v/3.6.1 | MIT
** readable-stream@3.6.2 - https://www.npmjs.com/package/readable-stream/v/3.6.2 | MIT
Node.js is licensed for use as follows:

"""
Expand Down Expand Up @@ -2649,7 +2649,7 @@ IN THE SOFTWARE.

----------------

** readdir-glob@1.1.2 - https://www.npmjs.com/package/readdir-glob/v/1.1.2 | Apache-2.0
** readdir-glob@1.1.3 - https://www.npmjs.com/package/readdir-glob/v/1.1.3 | Apache-2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Expand Down Expand Up @@ -3031,7 +3031,7 @@ License, as follows:

----------------

** semver@7.3.8 - https://www.npmjs.com/package/semver/v/7.3.8 | ISC
** semver@7.5.0 - https://www.npmjs.com/package/semver/v/7.5.0 | ISC
The ISC License

Copyright (c) Isaac Z. Schlueter and Contributors
Expand Down Expand Up @@ -3612,7 +3612,7 @@ OTHER DEALINGS IN THE SOFTWARE.

----------------

** vm2@3.9.14 - https://www.npmjs.com/package/vm2/v/3.9.14 | MIT
** vm2@3.9.17 - https://www.npmjs.com/package/vm2/v/3.9.17 | MIT

----------------

Expand Down Expand Up @@ -3650,7 +3650,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

----------------

** xml2js@0.4.19 - https://www.npmjs.com/package/xml2js/v/0.4.19 | MIT
** xml2js@0.5.0 - https://www.npmjs.com/package/xml2js/v/0.5.0 | MIT
Copyright 2010, 2011, 2012, 2013. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy
Expand All @@ -3674,7 +3674,7 @@ IN THE SOFTWARE.

----------------

** xmlbuilder@9.0.7 - https://www.npmjs.com/package/xmlbuilder/v/9.0.7 | MIT
** xmlbuilder@11.0.1 - https://www.npmjs.com/package/xmlbuilder/v/11.0.1 | MIT
The MIT License (MIT)

Copyright (c) 2013 Ozgur Ozcitak
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/cloudformation-diff/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"compilerOptions": {
"target":"ES2020",
"module": "commonjs",
"lib": ["es2020"],
"lib": ["es2020", "dom"],
"declaration": true,
"composite": true,
"strict": true,
Expand Down
14 changes: 7 additions & 7 deletions packages/@aws-cdk/integ-runner/THIRD_PARTY_LICENSES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE

----------------

** aws-sdk@2.1329.0 - https://www.npmjs.com/package/aws-sdk/v/2.1329.0 | Apache-2.0
** aws-sdk@2.1367.0 - https://www.npmjs.com/package/aws-sdk/v/2.1367.0 | Apache-2.0
AWS SDK for JavaScript
Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Expand Down Expand Up @@ -875,7 +875,7 @@ https://creativecommons.org/licenses/by-sa/4.0/

----------------

** graceful-fs@4.2.10 - https://www.npmjs.com/package/graceful-fs/v/4.2.10 | ISC
** graceful-fs@4.2.11 - https://www.npmjs.com/package/graceful-fs/v/4.2.11 | ISC
The ISC License

Copyright (c) 2011-2022 Isaac Z. Schlueter, Ben Noordhuis, and Contributors
Expand Down Expand Up @@ -1586,7 +1586,7 @@ IN THE SOFTWARE.

----------------

** readable-stream@3.6.1 - https://www.npmjs.com/package/readable-stream/v/3.6.1 | MIT
** readable-stream@3.6.2 - https://www.npmjs.com/package/readable-stream/v/3.6.2 | MIT
Node.js is licensed for use as follows:

"""
Expand Down Expand Up @@ -1638,7 +1638,7 @@ IN THE SOFTWARE.

----------------

** readdir-glob@1.1.2 - https://www.npmjs.com/package/readdir-glob/v/1.1.2 | Apache-2.0
** readdir-glob@1.1.3 - https://www.npmjs.com/package/readdir-glob/v/1.1.3 | Apache-2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Expand Down Expand Up @@ -1968,7 +1968,7 @@ License, as follows:

----------------

** semver@7.3.8 - https://www.npmjs.com/package/semver/v/7.3.8 | ISC
** semver@7.5.0 - https://www.npmjs.com/package/semver/v/7.5.0 | ISC
The ISC License

Copyright (c) Isaac Z. Schlueter and Contributors
Expand Down Expand Up @@ -2503,7 +2503,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

----------------

** xml2js@0.4.19 - https://www.npmjs.com/package/xml2js/v/0.4.19 | MIT
** xml2js@0.5.0 - https://www.npmjs.com/package/xml2js/v/0.5.0 | MIT
Copyright 2010, 2011, 2012, 2013. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy
Expand All @@ -2527,7 +2527,7 @@ IN THE SOFTWARE.

----------------

** xmlbuilder@9.0.7 - https://www.npmjs.com/package/xmlbuilder/v/9.0.7 | MIT
** xmlbuilder@11.0.1 - https://www.npmjs.com/package/xmlbuilder/v/11.0.1 | MIT
The MIT License (MIT)

Copyright (c) 2013 Ozgur Ozcitak
Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk-lib/aws-lambda-nodejs/test/testtsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@
"experimentalDecorators": true,
"incremental": true,
"lib": [
"es2020"
"es2020",
"dom"
],
"module": "CommonJS",
"newLine": "lf",
Expand Down
11 changes: 11 additions & 0 deletions packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/sdk-api-metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1284,5 +1284,16 @@
},
"internetmonitor": {
"name": "InternetMonitor"
},
"ivsrealtime": {
"prefix": "ivs-realtime",
"name": "IVSRealTime"
},
"vpclattice": {
"prefix": "vpc-lattice",
"name": "VPCLattice"
},
"osis": {
"name": "OSIS"
}
}
3 changes: 2 additions & 1 deletion packages/aws-cdk-lib/tsconfig.dev.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@
"experimentalDecorators": true,
"incremental": true,
"lib": [
"es2020"
"es2020",
"dom"
],
"module": "CommonJS",
"noFallthroughCasesInSwitch": true,
Expand Down
18 changes: 9 additions & 9 deletions packages/aws-cdk/THIRD_PARTY_LICENSES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE

----------------

** aws-sdk@2.1329.0 - https://www.npmjs.com/package/aws-sdk/v/2.1329.0 | Apache-2.0
** aws-sdk@2.1367.0 - https://www.npmjs.com/package/aws-sdk/v/2.1367.0 | Apache-2.0
AWS SDK for JavaScript
Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Expand Down Expand Up @@ -915,7 +915,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI

----------------

** degenerator@3.0.2 - https://www.npmjs.com/package/degenerator/v/3.0.2 | MIT
** degenerator@3.0.4 - https://www.npmjs.com/package/degenerator/v/3.0.4 | MIT

----------------

Expand Down Expand Up @@ -1439,7 +1439,7 @@ https://creativecommons.org/licenses/by-sa/4.0/

----------------

** graceful-fs@4.2.10 - https://www.npmjs.com/package/graceful-fs/v/4.2.10 | ISC
** graceful-fs@4.2.11 - https://www.npmjs.com/package/graceful-fs/v/4.2.11 | ISC
The ISC License

Copyright (c) 2011-2022 Isaac Z. Schlueter, Ben Noordhuis, and Contributors
Expand Down Expand Up @@ -2597,7 +2597,7 @@ IN THE SOFTWARE.

----------------

** readable-stream@3.6.1 - https://www.npmjs.com/package/readable-stream/v/3.6.1 | MIT
** readable-stream@3.6.2 - https://www.npmjs.com/package/readable-stream/v/3.6.2 | MIT
Node.js is licensed for use as follows:

"""
Expand Down Expand Up @@ -2649,7 +2649,7 @@ IN THE SOFTWARE.

----------------

** readdir-glob@1.1.2 - https://www.npmjs.com/package/readdir-glob/v/1.1.2 | Apache-2.0
** readdir-glob@1.1.3 - https://www.npmjs.com/package/readdir-glob/v/1.1.3 | Apache-2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Expand Down Expand Up @@ -3031,7 +3031,7 @@ License, as follows:

----------------

** semver@7.3.8 - https://www.npmjs.com/package/semver/v/7.3.8 | ISC
** semver@7.5.0 - https://www.npmjs.com/package/semver/v/7.5.0 | ISC
The ISC License

Copyright (c) Isaac Z. Schlueter and Contributors
Expand Down Expand Up @@ -3612,7 +3612,7 @@ OTHER DEALINGS IN THE SOFTWARE.

----------------

** vm2@3.9.14 - https://www.npmjs.com/package/vm2/v/3.9.14 | MIT
** vm2@3.9.17 - https://www.npmjs.com/package/vm2/v/3.9.17 | MIT

----------------

Expand Down Expand Up @@ -3650,7 +3650,7 @@ IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

----------------

** xml2js@0.4.19 - https://www.npmjs.com/package/xml2js/v/0.4.19 | MIT
** xml2js@0.5.0 - https://www.npmjs.com/package/xml2js/v/0.5.0 | MIT
Copyright 2010, 2011, 2012, 2013. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy
Expand All @@ -3674,7 +3674,7 @@ IN THE SOFTWARE.

----------------

** xmlbuilder@9.0.7 - https://www.npmjs.com/package/xmlbuilder/v/9.0.7 | MIT
** xmlbuilder@11.0.1 - https://www.npmjs.com/package/xmlbuilder/v/11.0.1 | MIT
The MIT License (MIT)

Copyright (c) 2013 Ozgur Ozcitak
Expand Down
5 changes: 1 addition & 4 deletions packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,11 @@
import * as cxapi from '@aws-cdk/cx-api';
import * as chalk from 'chalk';
import { minimatch } from 'minimatch';
import * as semver from 'semver';
import { error, print, warning } from '../../logging';
import { flatten } from '../../util';
import { versionNumber } from '../../version';

// namespace object imports won't work in the bundle for function exports
// eslint-disable-next-line @typescript-eslint/no-require-imports
const minimatch = require('minimatch');


export enum DefaultSelection {
/**
Expand Down
5 changes: 1 addition & 4 deletions packages/aws-cdk/lib/api/cxapp/environments.ts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
import * as cxapi from '@aws-cdk/cx-api';
import { minimatch } from 'minimatch';
import { StackCollection } from './cloud-assembly';
import { SdkProvider } from '../aws-auth';

// namespace object imports won't work in the bundle for function exports
// eslint-disable-next-line @typescript-eslint/no-require-imports
const minimatch = require('minimatch');

export function looksLikeGlob(environment: string) {
return environment.indexOf('*') > -1;
}
Expand Down
2 changes: 1 addition & 1 deletion packages/aws-cdk/lib/commands/context.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as chalk from 'chalk';
import * as minimatch from 'minimatch';
import { minimatch } from 'minimatch';
import * as version from '../../lib/version';
import { CommandOptions } from '../command-api';
import { print, error, warning } from '../logging';
Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk/lib/init-templates/app/typescript/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
"target": "ES2020",
"module": "commonjs",
"lib": [
"es2020"
"es2020",
"dom"
],
"declaration": true,
"strict": true,
Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk/lib/init-templates/lib/typescript/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
"target": "ES2020",
"module": "commonjs",
"lib": [
"es2020"
"es2020",
"dom"
],
"declaration": true,
"strict": true,
Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk/lib/init-templates/sample-app/javascript/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
"target": "ES2020",
"module": "commonjs",
"lib": [
"es2020"
"es2020",
"dom"
],
"declaration": true,
"strict": true,
Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk/lib/init-templates/sample-app/typescript/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
"target": "ES2020",
"module": "commonjs",
"lib": [
"es2020"
"es2020",
"dom"
],
"declaration": true,
"strict": true,
Expand Down
Loading

0 comments on commit 8c0de6d

Please sign in to comment.