From 16e501cd7b39a4566e16ddf9899473e904240ddc Mon Sep 17 00:00:00 2001 From: Linda Lu Cannon Date: Wed, 15 Jul 2020 16:40:07 -0700 Subject: [PATCH 1/5] [admin] bump set-value High severity: Dependabot cannot create security patch --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index dfd2809..f3704e1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -818,7 +818,7 @@ "get-value": "^2.0.6", "has-value": "^1.0.0", "isobject": "^3.0.1", - "set-value": "^2.0.0", + "set-value": "^2.0.1", "to-object-path": "^0.3.0", "union-value": "^1.0.0", "unset-value": "^1.0.0" @@ -5402,7 +5402,7 @@ } }, "set-value": { - "version": "2.0.0", + "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz", "integrity": "sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==", "dev": true, @@ -6121,7 +6121,7 @@ "arr-union": "^3.1.0", "get-value": "^2.0.6", "is-extendable": "^0.1.1", - "set-value": "^0.4.3" + "set-value": "^2.0.1" }, "dependencies": { "extend-shallow": { @@ -6134,7 +6134,7 @@ } }, "set-value": { - "version": "0.4.3", + "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz", "integrity": "sha1-fbCPnT0i3H945Trzw79GZuzfzPE=", "dev": true, From 636a7700e1990479b680a27edcebccba5c42dd1b Mon Sep 17 00:00:00 2001 From: Linda Lu Cannon Date: Wed, 15 Jul 2020 16:43:28 -0700 Subject: [PATCH 2/5] [admin] bump lodash.template Critical severity: dependabot cannot update to the required version --- package-lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index f3704e1..fa9d75f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2951,7 +2951,7 @@ "lodash._reescape": "^3.0.0", "lodash._reevaluate": "^3.0.0", "lodash._reinterpolate": "^3.0.0", - "lodash.template": "^3.0.0", + "lodash.template": "^4.5.0", "minimist": "^1.1.0", "multipipe": "^0.1.2", "object-assign": "^3.0.0", @@ -4029,7 +4029,7 @@ "dev": true }, "lodash.template": { - "version": "3.6.2", + "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz", "integrity": "sha1-+M3sxhaaJVvpCYrosMU9N4kx0U8=", "dev": true, From 22bfb20e5426ff0f217f0ef7c381595aebceb742 Mon Sep 17 00:00:00 2001 From: Linda Lu Cannon Date: Wed, 15 Jul 2020 16:46:27 -0700 Subject: [PATCH 3/5] [admin] bump diff High severity: Dependabot cannot update to required version --- package-lock.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index fa9d75f..c8fc2cb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1368,7 +1368,7 @@ "dev": true }, "diff": { - "version": "1.4.0", + "version": "3.5.0", "resolved": "https://registry.npmjs.org/diff/-/diff-1.4.0.tgz", "integrity": "sha1-fyjS657nsVqX79ic5j3P2qPMur8=", "dev": true @@ -2588,7 +2588,7 @@ "requires": { "commander": "2.3.0", "debug": "2.2.0", - "diff": "1.4.0", + "diff": "3.5.0", "escape-string-regexp": "1.0.2", "glob": "3.2.11", "growl": "1.9.2", @@ -4274,7 +4274,7 @@ "browser-stdout": "1.3.0", "commander": "2.9.0", "debug": "2.6.8", - "diff": "3.2.0", + "diff": "3.5.0", "escape-string-regexp": "1.0.5", "glob": "7.1.1", "growl": "1.9.2", @@ -4304,7 +4304,7 @@ } }, "diff": { - "version": "3.2.0", + "version": "3.5.0", "resolved": "https://registry.npmjs.org/diff/-/diff-3.2.0.tgz", "integrity": "sha1-yc45Okt8vQsFinJck98pkCeGj/k=", "dev": true @@ -6001,7 +6001,7 @@ "requires": { "babel-code-frame": "^6.20.0", "colors": "^1.1.2", - "diff": "^3.0.1", + "diff": "^3.5.0", "findup-sync": "~0.3.0", "glob": "^7.1.1", "optimist": "~0.6.0", From 0af38c8b4c74be73283323e1eb29e0308ac730c9 Mon Sep 17 00:00:00 2001 From: Linda Lu Cannon Date: Wed, 15 Jul 2020 16:50:40 -0700 Subject: [PATCH 4/5] [admin] bump cryptiles High severity: Dependabot cannot update to required version --- package-lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index c8fc2cb..76663b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1136,7 +1136,7 @@ } }, "cryptiles": { - "version": "2.0.5", + "version": "4.1.2", "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz", "integrity": "sha1-O9/s3GCBR8HGcgL6KR59ylnqo7g=", "requires": { @@ -3165,7 +3165,7 @@ "integrity": "sha1-B4REvXwWQLD+VA0sm3PVlnjo4cQ=", "requires": { "boom": "2.x.x", - "cryptiles": "2.x.x", + "cryptiles": "4.1.2", "hoek": "2.x.x", "sntp": "1.x.x" } From 0403fb60fc618cb7d60c78d98995b8a31f040265 Mon Sep 17 00:00:00 2001 From: Linda Lu Cannon Date: Wed, 15 Jul 2020 16:53:00 -0700 Subject: [PATCH 5/5] [admin] bump growl Critical severity: Dependabot cannot update to required version --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 76663b3..d5befce 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2433,7 +2433,7 @@ "dev": true }, "growl": { - "version": "1.9.2", + "version": "1.10.0", "resolved": "https://registry.npmjs.org/growl/-/growl-1.9.2.tgz", "integrity": "sha1-Dqd0NxXbjY3ixe3hd14bRayFwC8=", "dev": true @@ -2591,7 +2591,7 @@ "diff": "3.5.0", "escape-string-regexp": "1.0.2", "glob": "3.2.11", - "growl": "1.9.2", + "growl": "1.10.0", "jade": "0.26.3", "mkdirp": "0.5.1", "supports-color": "1.2.0", @@ -4277,7 +4277,7 @@ "diff": "3.5.0", "escape-string-regexp": "1.0.5", "glob": "7.1.1", - "growl": "1.9.2", + "growl": "1.10.0", "he": "1.1.1", "json3": "3.3.2", "lodash.create": "3.1.1",