From 03b4608da3b0817600c81464fdf8572de09cf9f5 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 4 Mar 2019 05:40:57 +0100
Subject: [PATCH] build: remediate lodash
---
package.json | 3 ++
yarn.lock | 85 +++++++++++-----------------------------------------
2 files changed, 20 insertions(+), 68 deletions(-)
diff --git a/package.json b/package.json
index 294235f49e..ee375f1f14 100644
--- a/package.json
+++ b/package.json
@@ -162,6 +162,9 @@
"semantic-release": "15.13.3",
"tmp-promise": "1.0.5"
},
+ "resolutions": {
+ "lodash": ">= 4.17.11"
+ },
"files": [
"bin/config-validator.js",
"bin/yarn-1.9.4.js",
diff --git a/yarn.lock b/yarn.lock
index a1cdaa5f36..eabe4186d9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1682,7 +1682,7 @@ debug@^3.1.0:
dependencies:
ms "^2.1.1"
-debuglog@*, debuglog@^1.0.1:
+debuglog@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
integrity sha1-qiT/uaw9+aI1GDfPstJ5NgzXhJI=
@@ -3269,7 +3269,7 @@ import-local@^1.0.0:
pkg-dir "^2.0.0"
resolve-cwd "^2.0.0"
-imurmurhash@*, imurmurhash@^0.1.4:
+imurmurhash@^0.1.4:
version "0.1.4"
resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"
integrity sha1-khi5srkoojixPcT7a21XbyMUU+o=
@@ -4508,7 +4508,7 @@ libnpm@^2.0.1:
read-package-json "^2.0.13"
stringify-package "^1.0.0"
-libnpmaccess@*, libnpmaccess@^3.0.1:
+libnpmaccess@^3.0.1:
version "3.0.1"
resolved "https://registry.yarnpkg.com/libnpmaccess/-/libnpmaccess-3.0.1.tgz#5b3a9de621f293d425191aa2e779102f84167fa8"
integrity sha512-RlZ7PNarCBt+XbnP7R6PoVgOq9t+kou5rvhaInoNibhPO7eMlRfS0B8yjatgn2yaHIwWNyoJDolC/6Lc5L/IQA==
@@ -4545,7 +4545,7 @@ libnpmhook@^5.0.2:
get-stream "^4.0.0"
npm-registry-fetch "^3.8.0"
-libnpmorg@*, libnpmorg@^1.0.0:
+libnpmorg@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/libnpmorg/-/libnpmorg-1.0.0.tgz#979b868c48ba28c5820e3bb9d9e73c883c16a232"
integrity sha512-o+4eVJBoDGMgRwh2lJY0a8pRV2c/tQM/SxlqXezjcAg26Qe9jigYVs+Xk0vvlYDWCDhP0g74J8UwWeAgsB7gGw==
@@ -4570,7 +4570,7 @@ libnpmpublish@^1.1.0:
semver "^5.5.1"
ssri "^6.0.1"
-libnpmsearch@*, libnpmsearch@^2.0.0:
+libnpmsearch@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/libnpmsearch/-/libnpmsearch-2.0.0.tgz#de05af47ada81554a5f64276a69599070d4a5685"
integrity sha512-vd+JWbTGzOSfiOc+72MU6y7WqmBXn49egCCrIXp27iE/88bX8EpG64ST1blWQI1bSMUr9l1AKPMVsqa2tS5KWA==
@@ -4579,7 +4579,7 @@ libnpmsearch@*, libnpmsearch@^2.0.0:
get-stream "^4.0.0"
npm-registry-fetch "^3.8.0"
-libnpmteam@*, libnpmteam@^1.0.1:
+libnpmteam@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/libnpmteam/-/libnpmteam-1.0.1.tgz#ff704b1b6c06ea674b3b1101ac3e305f5114f213"
integrity sha512-gDdrflKFCX7TNwOMX1snWojCoDE5LoRWcfOC0C/fqF7mBq8Uz9zWAX4B2RllYETNO7pBupBaSyBDkTAC15cAMg==
@@ -4686,11 +4686,6 @@ lockfile@^1.0.4:
dependencies:
signal-exit "^3.0.2"
-lodash._baseindexof@*:
- version "3.1.0"
- resolved "https://registry.yarnpkg.com/lodash._baseindexof/-/lodash._baseindexof-3.1.0.tgz#fe52b53a1c6761e42618d654e4a25789ed61822c"
- integrity sha1-/lK1OhxnYeQmGNZU5KJXie1hgiw=
-
lodash._baseuniq@~4.6.0:
version "4.6.0"
resolved "https://registry.yarnpkg.com/lodash._baseuniq/-/lodash._baseuniq-4.6.0.tgz#0ebb44e456814af7905c6212fa2c9b2d51b841e8"
@@ -4699,33 +4694,11 @@ lodash._baseuniq@~4.6.0:
lodash._createset "~4.0.0"
lodash._root "~3.0.0"
-lodash._bindcallback@*:
- version "3.0.1"
- resolved "https://registry.yarnpkg.com/lodash._bindcallback/-/lodash._bindcallback-3.0.1.tgz#e531c27644cf8b57a99e17ed95b35c748789392e"
- integrity sha1-5THCdkTPi1epnhftlbNcdIeJOS4=
-
-lodash._cacheindexof@*:
- version "3.0.2"
- resolved "https://registry.yarnpkg.com/lodash._cacheindexof/-/lodash._cacheindexof-3.0.2.tgz#3dc69ac82498d2ee5e3ce56091bafd2adc7bde92"
- integrity sha1-PcaayCSY0u5ePOVgkbr9Ktx73pI=
-
-lodash._createcache@*:
- version "3.1.2"
- resolved "https://registry.yarnpkg.com/lodash._createcache/-/lodash._createcache-3.1.2.tgz#56d6a064017625e79ebca6b8018e17440bdcf093"
- integrity sha1-VtagZAF2JeeevKa4AY4XRAvc8JM=
- dependencies:
- lodash._getnative "^3.0.0"
-
lodash._createset@~4.0.0:
version "4.0.3"
resolved "https://registry.yarnpkg.com/lodash._createset/-/lodash._createset-4.0.3.tgz#0f4659fbb09d75194fa9e2b88a6644d363c9fe26"
integrity sha1-D0ZZ+7CddRlPqeK4imZE02PJ/iY=
-lodash._getnative@*, lodash._getnative@^3.0.0:
- version "3.9.1"
- resolved "https://registry.yarnpkg.com/lodash._getnative/-/lodash._getnative-3.9.1.tgz#570bc7dede46d61cdcde687d65d3eecbaa3aaff5"
- integrity sha1-VwvH3t5G1hzc3mh9ZdPuy6o6r/U=
-
lodash._reinterpolate@~3.0.0:
version "3.0.0"
resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
@@ -4766,11 +4739,6 @@ lodash.isstring@^4.0.1:
resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
-lodash.restparam@*:
- version "3.6.1"
- resolved "https://registry.yarnpkg.com/lodash.restparam/-/lodash.restparam-3.6.1.tgz#936a4e309ef330a7645ed4145986c85ae5b20805"
- integrity sha1-k2pOMJ7zMKdkXtQUWYbIWuWyCAU=
-
lodash.set@^4.3.2:
version "4.3.2"
resolved "https://registry.yarnpkg.com/lodash.set/-/lodash.set-4.3.2.tgz#d8757b1da807dde24816b0d6a84bea1a76230b23"
@@ -4821,16 +4789,11 @@ lodash.without@~4.4.0:
resolved "https://registry.yarnpkg.com/lodash.without/-/lodash.without-4.4.0.tgz#3cd4574a00b67bae373a94b748772640507b7aac"
integrity sha1-PNRXSgC2e643OpS3SHcmQFB7eqw=
-lodash@4.17.11, lodash@^4.13.1, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@^4.7.0:
+lodash@4.17.11, "lodash@>= 4.17.11", lodash@^3.10.1, lodash@^4.13.1, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@^4.7.0:
version "4.17.11"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
-lodash@^3.10.1:
- version "3.10.1"
- resolved "https://registry.yarnpkg.com/lodash/-/lodash-3.10.1.tgz#5bf45e8e49ba4189e17d482789dfd15bd140b7b6"
- integrity sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y=
-
longest-streak@^2.0.1:
version "2.0.2"
resolved "https://registry.yarnpkg.com/longest-streak/-/longest-streak-2.0.2.tgz#2421b6ba939a443bb9ffebf596585a50b4c38e2e"
@@ -5630,15 +5593,6 @@ npm-pick-manifest@^2.1.0, npm-pick-manifest@^2.2.3:
npm-package-arg "^6.0.0"
semver "^5.4.1"
-npm-profile@*, npm-profile@^4.0.1:
- version "4.0.1"
- resolved "https://registry.yarnpkg.com/npm-profile/-/npm-profile-4.0.1.tgz#d350f7a5e6b60691c7168fbb8392c3603583f5aa"
- integrity sha512-NQ1I/1Q7YRtHZXkcuU1/IyHeLy6pd+ScKg4+DQHdfsm769TGq6HPrkbuNJVJS4zwE+0mvvmeULzQdWn2L2EsVA==
- dependencies:
- aproba "^1.1.2 || 2"
- figgy-pudding "^3.4.1"
- npm-registry-fetch "^3.8.0"
-
npm-profile@^3.0.2:
version "3.0.2"
resolved "https://registry.yarnpkg.com/npm-profile/-/npm-profile-3.0.2.tgz#58d568f1b56ef769602fd0aed8c43fa0e0de0f57"
@@ -5647,6 +5601,15 @@ npm-profile@^3.0.2:
aproba "^1.1.2 || 2"
make-fetch-happen "^2.5.0 || 3 || 4"
+npm-profile@^4.0.1:
+ version "4.0.1"
+ resolved "https://registry.yarnpkg.com/npm-profile/-/npm-profile-4.0.1.tgz#d350f7a5e6b60691c7168fbb8392c3603583f5aa"
+ integrity sha512-NQ1I/1Q7YRtHZXkcuU1/IyHeLy6pd+ScKg4+DQHdfsm769TGq6HPrkbuNJVJS4zwE+0mvvmeULzQdWn2L2EsVA==
+ dependencies:
+ aproba "^1.1.2 || 2"
+ figgy-pudding "^3.4.1"
+ npm-registry-fetch "^3.8.0"
+
npm-registry-client@^8.6.0:
version "8.6.0"
resolved "https://registry.yarnpkg.com/npm-registry-client/-/npm-registry-client-8.6.0.tgz#7f1529f91450732e89f8518e0f21459deea3e4c4"
@@ -5840,7 +5803,6 @@ npm@6.8.0:
cmd-shim "~2.0.2"
columnify "~1.5.4"
config-chain "^1.1.12"
- debuglog "*"
detect-indent "~5.0.0"
detect-newline "^2.1.0"
dezalgo "~1.0.3"
@@ -5855,7 +5817,6 @@ npm@6.8.0:
has-unicode "~2.0.1"
hosted-git-info "^2.7.1"
iferr "^1.0.2"
- imurmurhash "*"
inflight "~1.0.6"
inherits "~2.0.3"
ini "^1.3.5"
@@ -5865,22 +5826,12 @@ npm@6.8.0:
lazy-property "~1.0.0"
libcipm "^3.0.3"
libnpm "^2.0.1"
- libnpmaccess "*"
libnpmhook "^5.0.2"
- libnpmorg "*"
- libnpmsearch "*"
- libnpmteam "*"
libnpx "^10.2.0"
lock-verify "^2.0.2"
lockfile "^1.0.4"
- lodash._baseindexof "*"
lodash._baseuniq "~4.6.0"
- lodash._bindcallback "*"
- lodash._cacheindexof "*"
- lodash._createcache "*"
- lodash._getnative "*"
lodash.clonedeep "~4.5.0"
- lodash.restparam "*"
lodash.union "~4.6.0"
lodash.uniq "~4.5.0"
lodash.without "~4.4.0"
@@ -5899,7 +5850,6 @@ npm@6.8.0:
npm-package-arg "^6.1.0"
npm-packlist "^1.3.0"
npm-pick-manifest "^2.2.3"
- npm-profile "*"
npm-registry-fetch "^3.9.0"
npm-user-validate "~1.0.0"
npmlog "~4.1.2"
@@ -5918,7 +5868,6 @@ npm@6.8.0:
read-package-json "^2.0.13"
read-package-tree "^5.2.2"
readable-stream "^3.1.1"
- readdir-scoped-modules "*"
request "^2.88.0"
retry "^0.12.0"
rimraf "^2.6.3"
@@ -6985,7 +6934,7 @@ readable-stream@3, readable-stream@^3.1.1:
string_decoder "^1.1.1"
util-deprecate "^1.0.1"
-readdir-scoped-modules@*, readdir-scoped-modules@^1.0.0:
+readdir-scoped-modules@^1.0.0:
version "1.0.2"
resolved "https://registry.yarnpkg.com/readdir-scoped-modules/-/readdir-scoped-modules-1.0.2.tgz#9fafa37d286be5d92cbaebdee030dc9b5f406747"
integrity sha1-n6+jfShr5dksuuve4DDcm19AZ0c=
--
GitLab