Skip to content

Commit

Permalink
Merge pull request #90 from atlassian-labs/noissue/fix-vuln
Browse files Browse the repository at this point in the history
Bump @atlassian/forge-graphql to 13.3.14 to fix vuln within @atlassian/forge-graphql > axios
  • Loading branch information
chrisng93 authored Jan 16, 2024
2 parents 5a56505 + f32d025 commit d6312df
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 58 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
},
"dependencies": {
"@atlaskit/tokens": "^1.29.1",
"@atlassian/forge-graphql": "13.3.10",
"@atlassian/forge-graphql": "13.3.14",
"@forge/api": "^2.8.1",
"@forge/bridge": "^2.6.0",
"@forge/events": "^0.5.3",
Expand Down
2 changes: 1 addition & 1 deletion ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"@atlaskit/theme": "^12.1.6",
"@atlaskit/tokens": "^1.29.1",
"@atlaskit/tooltip": "^17.5.9",
"@atlassian/forge-graphql": "13.3.10",
"@atlassian/forge-graphql": "13.3.14",
"@forge/api": "^2.8.1",
"@forge/bridge": "^2.6.0",
"escape-string-regexp": "^5.0.0",
Expand Down
48 changes: 14 additions & 34 deletions ui/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -511,13 +511,12 @@
"@babel/runtime" "^7.0.0"
"@emotion/core" "^10.0.9"

"@atlassian/[email protected].10":
version "13.3.10"
resolved "https://packages.atlassian.com/api/npm/atlassian-npm/@atlassian/forge-graphql/-/forge-graphql-13.3.10.tgz#e5bec74899ca1541068402400f607acb43aedb0c"
integrity sha512-q/mCg91f7vtR5G6wQibE+KQKcPYe2u8U6ZJrhhY/jACnbzY5wJrl80DZGGuntC4r+I80XlyaFNX/RXf57AMJLg==
"@atlassian/[email protected].14":
version "13.3.14"
resolved "https://registry.npmjs.com/@atlassian/forge-graphql/-/forge-graphql-13.3.14.tgz#dd50bff6df9db473ca9e53a708fd71cafd6af0eb"
integrity sha512-VP9TGql8WHEZcQg5wFrTeN1uwH9xJu3IdKIkleLngCF54i3qvGelYYPcYg2Vn6tV8l6IcqJZ2gJ3kFtxiZk38Q==
dependencies:
"@forge/api" "^2.18.5"
axios "^1.6.0"
"@forge/api" "^2.21.0"
fs "^0.0.1-security"
js-yaml "^4.1.0"
lodash "^4.17.21"
Expand Down Expand Up @@ -2065,13 +2064,13 @@
minimatch "^3.0.4"
strip-json-comments "^3.1.1"

"@forge/api@^2.18.5":
version "2.20.1"
resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.20.1.tgz#4d5a7a1bdd994fc689ea886177c1c568ae4333de"
integrity sha512-UmEWfsjnaq+xrodlKYZQeaeTI3Ox/gx1recX65i/K643C96uGJAiEItrbfsvsyw0ToYwjgzotGB0mDqOr0eKww==
"@forge/api@^2.21.0":
version "2.22.1"
resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.22.1.tgz#3ecafc63816669b1b0b7d9d28d8c6a2a7365dfb7"
integrity sha512-rX7BRIZs94ojfnI5MF5Zpgbr1zoZ5tY4O2LHREGVhPP0pYsnY17rbjZbdrRhGQdlg3rvJSj98K5vOBCsqT6hfA==
dependencies:
"@forge/auth" "0.0.5"
"@forge/egress" "1.2.9"
"@forge/egress" "1.2.11"
"@forge/storage" "1.5.13"
"@forge/util" "1.3.3"
"@types/node-fetch" "^2.6.9"
Expand Down Expand Up @@ -2109,10 +2108,10 @@
dependencies:
"@types/history" "^4.7.11"

"@forge/[email protected].9":
version "1.2.9"
resolved "https://registry.yarnpkg.com/@forge/egress/-/egress-1.2.9.tgz#9f432c14f0bb68db998b25ad037980fcfe21c39d"
integrity sha512-ubvieNqXOtPdJwTVCzddy87wSZT1oi8DJ2BNqgOd0/6F35vRQwlRE1AQ0QkgkRsnSGp0i8l1rYZ5G4GQE6wCkA==
"@forge/[email protected].11":
version "1.2.11"
resolved "https://registry.yarnpkg.com/@forge/egress/-/egress-1.2.11.tgz#3b56fd6a1a6d25043ba1e77add0a426390cc58b7"
integrity sha512-8dOzntU1BqFUlU1+6cLnKBZSTmKraijfo3lPf80AE223yFjlJNIWpN2JAxSmn9WtmHBoMwaTMLE6P2FOWU28Cw==
dependencies:
minimatch "^9.0.3"

Expand Down Expand Up @@ -3715,15 +3714,6 @@ axe-core@^4.3.5:
resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413"
integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw==

axios@^1.6.0:
version "1.6.2"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.2.tgz#de67d42c755b571d3e698df1b6504cde9b0ee9f2"
integrity sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==
dependencies:
follow-redirects "^1.15.0"
form-data "^4.0.0"
proxy-from-env "^1.1.0"

axobject-query@^2.2.0:
version "2.2.0"
resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.2.0.tgz#943d47e10c0b704aa42275e20edf3722648989be"
Expand Down Expand Up @@ -5709,11 +5699,6 @@ follow-redirects@^1.0.0:
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==

follow-redirects@^1.15.0:
version "1.15.3"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a"
integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==

fork-ts-checker-webpack-plugin@^6.5.0:
version "6.5.0"
resolved "https://registry.yarnpkg.com/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.0.tgz#0282b335fa495a97e167f69018f566ea7d2a2b5e"
Expand Down Expand Up @@ -8496,11 +8481,6 @@ proxy-addr@~2.0.7:
forwarded "0.2.0"
ipaddr.js "1.9.1"

proxy-from-env@^1.1.0:
version "1.1.0"
resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==

psl@^1.1.33:
version "1.8.0"
resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
Expand Down
48 changes: 26 additions & 22 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,12 @@
"@babel/types" "^7.20.0"
bind-event-listener "^2.1.1"

"@atlassian/[email protected].10":
version "13.3.10"
resolved "https://packages.atlassian.com/api/npm/atlassian-npm/@atlassian/forge-graphql/-/forge-graphql-13.3.10.tgz#e5bec74899ca1541068402400f607acb43aedb0c"
integrity sha512-q/mCg91f7vtR5G6wQibE+KQKcPYe2u8U6ZJrhhY/jACnbzY5wJrl80DZGGuntC4r+I80XlyaFNX/RXf57AMJLg==
"@atlassian/[email protected].14":
version "13.3.14"
resolved "https://registry.npmjs.com/@atlassian/forge-graphql/-/forge-graphql-13.3.14.tgz#dd50bff6df9db473ca9e53a708fd71cafd6af0eb"
integrity sha512-VP9TGql8WHEZcQg5wFrTeN1uwH9xJu3IdKIkleLngCF54i3qvGelYYPcYg2Vn6tV8l6IcqJZ2gJ3kFtxiZk38Q==
dependencies:
"@forge/api" "^2.18.5"
axios "^1.6.0"
"@forge/api" "^2.21.0"
fs "^0.0.1-security"
js-yaml "^4.1.0"
lodash "^4.17.21"
Expand Down Expand Up @@ -870,7 +869,7 @@
"@types/node-fetch" "^2.5.7"
node-fetch "2.6.7"

"@forge/[email protected]", "@forge/api@^2.18.5":
"@forge/[email protected]":
version "2.20.1"
resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.20.1.tgz#4d5a7a1bdd994fc689ea886177c1c568ae4333de"
integrity sha512-UmEWfsjnaq+xrodlKYZQeaeTI3Ox/gx1recX65i/K643C96uGJAiEItrbfsvsyw0ToYwjgzotGB0mDqOr0eKww==
Expand All @@ -882,6 +881,18 @@
"@types/node-fetch" "^2.6.9"
node-fetch "2.7.0"

"@forge/api@^2.21.0":
version "2.22.1"
resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.22.1.tgz#3ecafc63816669b1b0b7d9d28d8c6a2a7365dfb7"
integrity sha512-rX7BRIZs94ojfnI5MF5Zpgbr1zoZ5tY4O2LHREGVhPP0pYsnY17rbjZbdrRhGQdlg3rvJSj98K5vOBCsqT6hfA==
dependencies:
"@forge/auth" "0.0.5"
"@forge/egress" "1.2.11"
"@forge/storage" "1.5.13"
"@forge/util" "1.3.3"
"@types/node-fetch" "^2.6.9"
node-fetch "2.7.0"

"@forge/api@^2.6.1":
version "2.6.1"
resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.6.1.tgz#8bed707ac395795feacc17e46310e78a491f4005"
Expand Down Expand Up @@ -1057,6 +1068,13 @@
cheerio "^0.22.0"
content-security-policy-parser "^0.4.1"

"@forge/[email protected]":
version "1.2.11"
resolved "https://registry.yarnpkg.com/@forge/egress/-/egress-1.2.11.tgz#3b56fd6a1a6d25043ba1e77add0a426390cc58b7"
integrity sha512-8dOzntU1BqFUlU1+6cLnKBZSTmKraijfo3lPf80AE223yFjlJNIWpN2JAxSmn9WtmHBoMwaTMLE6P2FOWU28Cw==
dependencies:
minimatch "^9.0.3"

"@forge/[email protected]":
version "1.2.9"
resolved "https://registry.yarnpkg.com/@forge/egress/-/egress-1.2.9.tgz#9f432c14f0bb68db998b25ad037980fcfe21c39d"
Expand Down Expand Up @@ -2752,15 +2770,6 @@ axe-core@^4.3.5:
resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.4.1.tgz#7dbdc25989298f9ad006645cd396782443757413"
integrity sha512-gd1kmb21kwNuWr6BQz8fv6GNECPBnUasepcoLbekws23NVBLODdsClRZ+bQ8+9Uomf3Sm3+Vwn0oYG9NvwnJCw==

axios@^1.6.0:
version "1.6.2"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.2.tgz#de67d42c755b571d3e698df1b6504cde9b0ee9f2"
integrity sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==
dependencies:
follow-redirects "^1.15.0"
form-data "^4.0.0"
proxy-from-env "^1.1.0"

axobject-query@^2.2.0:
version "2.2.0"
resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.2.0.tgz#943d47e10c0b704aa42275e20edf3722648989be"
Expand Down Expand Up @@ -4912,7 +4921,7 @@ flatted@^3.1.0:
resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.5.tgz#76c8584f4fc843db64702a6bd04ab7a8bd666da3"
integrity sha512-WIWGi2L3DyTUvUrwRKgGi9TwxQMUEqPOPQBVi71R96jZXJdFskXEmf54BoZaS1kknGODoIGASGEzBUYdyMCBJg==

follow-redirects@^1.0.0, follow-redirects@^1.15.0:
follow-redirects@^1.0.0:
version "1.15.3"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a"
integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==
Expand Down Expand Up @@ -7955,11 +7964,6 @@ proxy-addr@~2.0.7:
forwarded "0.2.0"
ipaddr.js "1.9.1"

proxy-from-env@^1.1.0:
version "1.1.0"
resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==

psl@^1.1.33:
version "1.8.0"
resolved "https://registry.yarnpkg.com/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
Expand Down

0 comments on commit d6312df

Please sign in to comment.