From 43b43432638f2c6f6ea2e1118e9ac1b223aaec04 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 00:58:17 +0000 Subject: [PATCH] chore(deps): update dependency es5-ext to v0.10.63 [security] (#6349) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [es5-ext](https://togithub.com/medikoo/es5-ext) | [`0.10.62` -> `0.10.63`](https://renovatebot.com/diffs/npm/es5-ext/0.10.62/0.10.63) | [![age](https://developer.mend.io/api/mc/badges/age/npm/es5-ext/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/es5-ext/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/es5-ext/0.10.62/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/es5-ext/0.10.62/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-27088](https://togithub.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h) ### Impact Passing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall ### Patches Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 Published with v0.10.63 ### Workarounds No real workaround aside of refraining from using above utilities. ### References [https://github.com/medikoo/es5-ext/issues/201](https://togithub.com/medikoo/es5-ext/issues/201) --- ### Release Notes
medikoo/es5-ext (es5-ext) ### [`v0.10.63`](https://togithub.com/medikoo/es5-ext/blob/HEAD/CHANGELOG.md#01063-2024-02-23) [Compare Source](https://togithub.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63)
--- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Unleash/unleash). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docker/package.json | 2 +- package.json | 2 +- yarn.lock | 19 +++++++++++++++---- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/docker/package.json b/docker/package.json index dc50ed4be4..00ebb8917a 100644 --- a/docker/package.json +++ b/docker/package.json @@ -22,7 +22,7 @@ "resolutions": { "async": "^3.2.4", "db-migrate/rc/minimist": "^1.2.5", - "es5-ext": "0.10.62", + "es5-ext": "0.10.63", "knex/liftoff/object.map/**/kind-of": "^6.0.3", "knex/liftoff/findup-sync/micromatc/kind-of": "^6.0.3", "knex/liftoff/findup-sync/micromatc/nanomatch/kind-of": "^6.0.3", diff --git a/package.json b/package.json index 8ce25eaa7b..3f08fd52d1 100644 --- a/package.json +++ b/package.json @@ -200,7 +200,7 @@ "resolutions": { "async": "^3.2.4", "db-migrate/rc/minimist": "^1.2.5", - "es5-ext": "0.10.62", + "es5-ext": "0.10.63", "knex/liftoff/object.map/**/kind-of": "^6.0.3", "knex/liftoff/findup-sync/micromatc/kind-of": "^6.0.3", "knex/liftoff/findup-sync/micromatc/nanomatch/kind-of": "^6.0.3", diff --git a/yarn.lock b/yarn.lock index 0b2d8e5261..c5aaf6b27a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2868,13 +2868,14 @@ errorhandler@^1.5.1: accepts "~1.3.7" escape-html "~1.0.3" -es5-ext@0.10.62, es5-ext@^0.10.35, es5-ext@^0.10.46, es5-ext@^0.10.50, es5-ext@^0.10.53, es5-ext@~0.10.14, es5-ext@~0.10.2, es5-ext@~0.10.46: - version "0.10.62" - resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.62.tgz#5e6adc19a6da524bf3d1e02bbc8960e5eb49a9a5" - integrity sha512-BHLqn0klhEpnOKSrzn/Xsz2UIW8j+cGmo9JLzr8BiUapV8hPL9+FliFqjwr9ngW7jWdnxv6eO+/LqyhJVqgrjA== +es5-ext@0.10.63, es5-ext@^0.10.35, es5-ext@^0.10.46, es5-ext@^0.10.50, es5-ext@^0.10.53, es5-ext@^0.10.62, es5-ext@~0.10.14, es5-ext@~0.10.2, es5-ext@~0.10.46: + version "0.10.63" + resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.63.tgz#9c222a63b6a332ac80b1e373b426af723b895bd6" + integrity sha512-hUCZd2Byj/mNKjfP9jXrdVZ62B8KuA/VoK7X8nUh5qT+AxDmcbvZz041oDVZdbIN1qW6XY9VDNwzkvKnZvK2TQ== dependencies: es6-iterator "^2.0.3" es6-symbol "^3.1.3" + esniff "^2.0.1" next-tick "^1.1.0" es6-iterator@^2.0.3: @@ -2939,6 +2940,16 @@ esm@^3.2.25: resolved "https://registry.yarnpkg.com/esm/-/esm-3.2.25.tgz#342c18c29d56157688ba5ce31f8431fbb795cc10" integrity sha512-U1suiZ2oDVWv4zPO56S0NcR5QriEahGtdN2OR6FiOG4WJvcjBVFB0qI4+eKoWFH483PKGuLuu6V8Z4T5g63UVA== +esniff@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/esniff/-/esniff-2.0.1.tgz#a4d4b43a5c71c7ec51c51098c1d8a29081f9b308" + integrity sha512-kTUIGKQ/mDPFoJ0oVfcmyJn4iBDRptjNVIzwIFR7tqWXdVI9xfA2RMwY/gbSpJG3lkdWNEjLap/NqVHZiJsdfg== + dependencies: + d "^1.0.1" + es5-ext "^0.10.62" + event-emitter "^0.3.5" + type "^2.7.2" + esprima@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71"