From 6a5b05728f6fcb7e74e752962553870b9a89c1fe Mon Sep 17 00:00:00 2001 From: Nicola Molinari Date: Wed, 9 Feb 2022 15:44:01 +0100 Subject: [PATCH] chore: bump node-fetch, lodash, and fast-csv versions for security vulnerabilities (#1759) * chore: bump node-fetch and lodash versions for security vulnerabilities * chore: bump fast-csv version for security vulnerabilities --- .changeset/clever-monkeys-attend.md | 28 ++-- .changeset/nice-ducks-talk.md | 20 +-- .changeset/small-grapes-eat.md | 24 +++ docs/sdk/api/typescriptSdk.md | 4 +- integration-tests/package.json | 2 +- lint-staged.config.js | 1 + packages/category-exporter/package.json | 2 +- packages/csv-parser-orders/package.json | 2 +- packages/csv-parser-price/package.json | 2 +- packages/csv-parser-state/package.json | 2 +- packages/custom-objects-exporter/package.json | 2 +- packages/custom-objects-importer/package.json | 2 +- .../customer-groups-exporter/package.json | 2 +- packages/discount-code-exporter/package.json | 4 +- packages/discount-code-importer/package.json | 4 +- packages/inventories-exporter/package.json | 4 +- packages/personal-data-erasure/package.json | 2 +- packages/price-exporter/package.json | 6 +- packages/product-exporter/package.json | 2 +- packages/product-json-to-csv/package.json | 4 +- packages/resource-deleter/package.json | 2 +- packages/sdk-auth/package.json | 2 +- packages/sdk-middleware-auth/CHANGELOG.md | 3 +- packages/sdk-middleware-auth/package.json | 2 +- packages/sdk-middleware-http/package.json | 2 +- packages/state-importer/package.json | 2 +- yarn.lock | 151 +++++++++--------- 27 files changed, 150 insertions(+), 133 deletions(-) create mode 100644 .changeset/small-grapes-eat.md diff --git a/.changeset/clever-monkeys-attend.md b/.changeset/clever-monkeys-attend.md index dd12ff40c..d5fef84c7 100644 --- a/.changeset/clever-monkeys-attend.md +++ b/.changeset/clever-monkeys-attend.md @@ -1,18 +1,18 @@ --- -"@commercetools/integration-tests": patch -"@commercetools/category-exporter": patch -"@commercetools/csv-parser-discount-code": patch -"@commercetools/csv-parser-orders": patch -"@commercetools/csv-parser-price": patch -"@commercetools/csv-parser-state": patch -"@commercetools/custom-objects-exporter": patch -"@commercetools/customer-groups-exporter": patch -"@commercetools/discount-code-exporter": patch -"@commercetools/discount-code-generator": patch -"@commercetools/inventories-exporter": patch -"@commercetools/personal-data-erasure": patch -"@commercetools/price-exporter": patch -"@commercetools/product-exporter": patch +'@commercetools/integration-tests': patch +'@commercetools/category-exporter': patch +'@commercetools/csv-parser-discount-code': patch +'@commercetools/csv-parser-orders': patch +'@commercetools/csv-parser-price': patch +'@commercetools/csv-parser-state': patch +'@commercetools/custom-objects-exporter': patch +'@commercetools/customer-groups-exporter': patch +'@commercetools/discount-code-exporter': patch +'@commercetools/discount-code-generator': patch +'@commercetools/inventories-exporter': patch +'@commercetools/personal-data-erasure': patch +'@commercetools/price-exporter': patch +'@commercetools/product-exporter': patch --- Cleanup & update dependencies diff --git a/.changeset/nice-ducks-talk.md b/.changeset/nice-ducks-talk.md index 23d9e607f..01aaabaad 100644 --- a/.changeset/nice-ducks-talk.md +++ b/.changeset/nice-ducks-talk.md @@ -1,14 +1,14 @@ --- -"@commercetools/integration-tests": patch -"@commercetools/csv-parser-orders": patch -"@commercetools/csv-parser-price": patch -"@commercetools/discount-code-exporter": patch -"@commercetools/get-credentials": patch -"@commercetools/inventories-exporter": patch -"@commercetools/product-exporter": patch -"@commercetools/sdk-auth": patch -"@commercetools/sdk-middleware-http": patch -"@commercetools/state-importer": patch +'@commercetools/integration-tests': patch +'@commercetools/csv-parser-orders': patch +'@commercetools/csv-parser-price': patch +'@commercetools/discount-code-exporter': patch +'@commercetools/get-credentials': patch +'@commercetools/inventories-exporter': patch +'@commercetools/product-exporter': patch +'@commercetools/sdk-auth': patch +'@commercetools/sdk-middleware-http': patch +'@commercetools/state-importer': patch --- chore(deps): update all dependencies diff --git a/.changeset/small-grapes-eat.md b/.changeset/small-grapes-eat.md new file mode 100644 index 000000000..74be8ad14 --- /dev/null +++ b/.changeset/small-grapes-eat.md @@ -0,0 +1,24 @@ +--- +'@commercetools/integration-tests': patch +'@commercetools/category-exporter': patch +'@commercetools/csv-parser-orders': patch +'@commercetools/csv-parser-price': patch +'@commercetools/csv-parser-state': patch +'@commercetools/custom-objects-exporter': patch +'@commercetools/custom-objects-importer': patch +'@commercetools/customer-groups-exporter': patch +'@commercetools/discount-code-exporter': patch +'@commercetools/discount-code-importer': patch +'@commercetools/inventories-exporter': patch +'@commercetools/personal-data-erasure': patch +'@commercetools/price-exporter': patch +'@commercetools/product-exporter': patch +'@commercetools/product-json-to-csv': patch +'@commercetools/resource-deleter': patch +'@commercetools/sdk-auth': patch +'@commercetools/sdk-middleware-auth': patch +'@commercetools/sdk-middleware-http': patch +'@commercetools/state-importer': patch +--- + +Bump versions of `node-fetch`, `lodash`, and `fast-csv` to fix security vulnerabilities diff --git a/docs/sdk/api/typescriptSdk.md b/docs/sdk/api/typescriptSdk.md index d56fd7059..86f1da1ee 100644 --- a/docs/sdk/api/typescriptSdk.md +++ b/docs/sdk/api/typescriptSdk.md @@ -70,12 +70,12 @@ const authMiddlewareOptions = { }, oauthUri: '/oauth/token', // - optional custom oauthUri scopes: [`manage_project:${projectKey}`], - fetch + fetch, } const httpMiddlewareOptions = { host: 'https://api.europe-west1.gcp.commercetools.com', - fetch + fetch, } const client = new ClientBuilder() diff --git a/integration-tests/package.json b/integration-tests/package.json index a5df1f102..99de54790 100644 --- a/integration-tests/package.json +++ b/integration-tests/package.json @@ -44,7 +44,7 @@ "lodash.omit": "^4.5.0", "lodash.zipobject": "^4.1.3", "mz": "^2.7.0", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "streamtest": "^2.0.0", "tmp": "^0.2.0", "unzipper": "^0.10.5" diff --git a/lint-staged.config.js b/lint-staged.config.js index f7a0c4d26..2b23db316 100644 --- a/lint-staged.config.js +++ b/lint-staged.config.js @@ -1,6 +1,7 @@ module.exports = { '*.md': ['yarn format:md'], 'packages/**/*.js': [ + 'prettier --write', // NOTE: apparently if you pass some argument that is not a flag AFTER the `reporters` // flag, jest does not seem correctly parse the arguments. // diff --git a/packages/category-exporter/package.json b/packages/category-exporter/package.json index 9c88e56f2..6bc9283c9 100644 --- a/packages/category-exporter/package.json +++ b/packages/category-exporter/package.json @@ -40,7 +40,7 @@ "@commercetools/sdk-middleware-auth": "^5.1.6", "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pino-pretty": "^4.0.0", "pretty-error": "^2.1.1", diff --git a/packages/csv-parser-orders/package.json b/packages/csv-parser-orders/package.json index 85f58a78b..ff7638243 100644 --- a/packages/csv-parser-orders/package.json +++ b/packages/csv-parser-orders/package.json @@ -43,7 +43,7 @@ "JSONStream": "^1.3.5", "csv-parser": "^3.0.0", "highland": "^2.13.0", - "lodash": "^4.17.11", + "lodash": "^4.17.21", "npmlog": "^4.1.2", "object-path": "^0.11.4", "pretty-error": "^2.1.1", diff --git a/packages/csv-parser-price/package.json b/packages/csv-parser-price/package.json index e892c9941..4e6045a14 100644 --- a/packages/csv-parser-price/package.json +++ b/packages/csv-parser-price/package.json @@ -52,7 +52,7 @@ "lodash.mapvalues": "^4.6.0", "lodash.memoize": "^4.1.2", "lodash.pick": "^4.4.0", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "npmlog": "^4.1.2", "pretty-error": "^2.1.1", "strip-bom-stream": "^4.0.0", diff --git a/packages/csv-parser-state/package.json b/packages/csv-parser-state/package.json index 4509f55e5..05cf88112 100644 --- a/packages/csv-parser-state/package.json +++ b/packages/csv-parser-state/package.json @@ -52,7 +52,7 @@ "flat": "^5.0.0", "highland": "^2.13.0", "lodash.memoize": "^4.1.2", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/custom-objects-exporter/package.json b/packages/custom-objects-exporter/package.json index 6ee736fc0..baf52be78 100644 --- a/packages/custom-objects-exporter/package.json +++ b/packages/custom-objects-exporter/package.json @@ -42,7 +42,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/custom-objects-importer/package.json b/packages/custom-objects-importer/package.json index 1b684dfae..193a0147d 100644 --- a/packages/custom-objects-importer/package.json +++ b/packages/custom-objects-importer/package.json @@ -41,7 +41,7 @@ "common-tags": "^1.8.0", "lodash.compact": "^3.0.1", "lodash.isequal": "^4.5.0", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "p-series": "^2.0.0" } } diff --git a/packages/customer-groups-exporter/package.json b/packages/customer-groups-exporter/package.json index 88f67b2b9..44011723e 100644 --- a/packages/customer-groups-exporter/package.json +++ b/packages/customer-groups-exporter/package.json @@ -43,7 +43,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/discount-code-exporter/package.json b/packages/discount-code-exporter/package.json index a9af9b9d7..9b8b42a21 100644 --- a/packages/discount-code-exporter/package.json +++ b/packages/discount-code-exporter/package.json @@ -44,9 +44,9 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "fast-csv": "^4.0.0", + "fast-csv": "^4.3.6", "flat": "^5.0.0", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "npmlog": "^4.1.2", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/discount-code-importer/package.json b/packages/discount-code-importer/package.json index 8cf666220..67bbec884 100644 --- a/packages/discount-code-importer/package.json +++ b/packages/discount-code-importer/package.json @@ -40,8 +40,8 @@ "@commercetools/sdk-middleware-queue": "^2.1.4", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "@commercetools/sync-actions": "^4.9.6", - "lodash": "^4.17.11", - "node-fetch": "^2.3.0", + "lodash": "^4.17.21", + "node-fetch": "^2.6.7", "npmlog": "^4.1.2" } } diff --git a/packages/inventories-exporter/package.json b/packages/inventories-exporter/package.json index c380b1e83..e9a27043d 100644 --- a/packages/inventories-exporter/package.json +++ b/packages/inventories-exporter/package.json @@ -47,8 +47,8 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "fast-csv": "^4.0.0", - "node-fetch": "^2.3.0", + "fast-csv": "^4.3.6", + "node-fetch": "^2.6.7", "npmlog": "^4.1.2", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/personal-data-erasure/package.json b/packages/personal-data-erasure/package.json index e6de1364c..0921aaea9 100644 --- a/packages/personal-data-erasure/package.json +++ b/packages/personal-data-erasure/package.json @@ -41,7 +41,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "lodash.flatten": "^4.4.0", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "prompt-confirm": "^2.0.4", diff --git a/packages/price-exporter/package.json b/packages/price-exporter/package.json index 0a2d652a5..215128f95 100644 --- a/packages/price-exporter/package.json +++ b/packages/price-exporter/package.json @@ -45,10 +45,10 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "fast-csv": "^4.0.0", + "fast-csv": "^4.3.6", "flat": "^5.0.0", - "lodash": "^4.17.11", - "node-fetch": "^2.3.0", + "lodash": "^4.17.21", + "node-fetch": "^2.6.7", "npmlog": "^4.1.2", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/product-exporter/package.json b/packages/product-exporter/package.json index fc7d20020..58f476e05 100644 --- a/packages/product-exporter/package.json +++ b/packages/product-exporter/package.json @@ -44,7 +44,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "JSONStream": "^1.3.5", - "node-fetch": "^2.3.0", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "yargs": "^16.0.0" diff --git a/packages/product-json-to-csv/package.json b/packages/product-json-to-csv/package.json index b25175ab2..cde0c119e 100644 --- a/packages/product-json-to-csv/package.json +++ b/packages/product-json-to-csv/package.json @@ -55,8 +55,8 @@ "highland": "^2.13.0", "iconv-lite": "^0.6.0", "json2csv": "^5.0.0", - "lodash": "^4.17.11", - "node-fetch": "^2.3.0", + "lodash": "^4.17.21", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "single-emit": "^2.0.0", diff --git a/packages/resource-deleter/package.json b/packages/resource-deleter/package.json index 56fa65504..a7774441d 100644 --- a/packages/resource-deleter/package.json +++ b/packages/resource-deleter/package.json @@ -39,7 +39,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-queue": "^2.1.4", "@commercetools/sdk-middleware-user-agent": "^2.1.5", - "node-fetch": "^2.4.1", + "node-fetch": "^2.6.7", "pino": "^6.0.0", "pretty-error": "^2.1.1", "prompts": "^2.0.4", diff --git a/packages/sdk-auth/package.json b/packages/sdk-auth/package.json index c5275e0af..42591162d 100644 --- a/packages/sdk-auth/package.json +++ b/packages/sdk-auth/package.json @@ -38,6 +38,6 @@ }, "devDependencies": { "nock": "12.0.3", - "node-fetch": "2.6.6" + "node-fetch": "^2.6.7" } } diff --git a/packages/sdk-middleware-auth/CHANGELOG.md b/packages/sdk-middleware-auth/CHANGELOG.md index 41d9595ff..1a090fe78 100644 --- a/packages/sdk-middleware-auth/CHANGELOG.md +++ b/packages/sdk-middleware-auth/CHANGELOG.md @@ -1,8 +1,7 @@ # @commercetools/sdk-middleware-auth ## 6.2.0 -### Minor Changes - +### Minor Changes - [#1731](https://github.com/commercetools/nodejs/pull/1731) [`b9304f6a`](https://github.com/commercetools/nodejs/commit/b9304f6a03f827b3a04d4b5e6f8602a6dc2cce80) Thanks [@ajimae](https://github.com/ajimae)! - releasing lastest version of sdk-middleware-auth package diff --git a/packages/sdk-middleware-auth/package.json b/packages/sdk-middleware-auth/package.json index 0df436376..7cdca7c32 100644 --- a/packages/sdk-middleware-auth/package.json +++ b/packages/sdk-middleware-auth/package.json @@ -33,7 +33,7 @@ "build:bundles": "cross-env NODE_ENV=production rollup -c ../../rollup.config.js -n CommercetoolsSdkMiddlewareAuth -i ./src/index.js" }, "dependencies": { - "node-fetch": "^2.3.0" + "node-fetch": "^2.6.7" }, "devDependencies": { "abort-controller": "3.0.0", diff --git a/packages/sdk-middleware-http/package.json b/packages/sdk-middleware-http/package.json index 10209c50a..6175ac896 100644 --- a/packages/sdk-middleware-http/package.json +++ b/packages/sdk-middleware-http/package.json @@ -34,6 +34,6 @@ "devDependencies": { "abort-controller": "3.0.0", "nock": "12.0.3", - "node-fetch": "2.6.6" + "node-fetch": "^2.6.7" } } diff --git a/packages/state-importer/package.json b/packages/state-importer/package.json index d75281f03..cd73bb34b 100644 --- a/packages/state-importer/package.json +++ b/packages/state-importer/package.json @@ -40,7 +40,7 @@ "@commercetools/sdk-middleware-http": "^6.0.11", "@commercetools/sdk-middleware-user-agent": "^2.1.5", "@commercetools/sync-actions": "^4.9.6", - "node-fetch": "^2.3.0" + "node-fetch": "^2.6.7" }, "devDependencies": { "common-tags": "1.8.2" diff --git a/yarn.lock b/yarn.lock index ca7ee3fae..b0057b9e2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1676,6 +1676,18 @@ lodash.isfunction "^3.0.9" lodash.isnil "^4.0.0" +"@fast-csv/format@4.3.5": + version "4.3.5" + resolved "https://registry.yarnpkg.com/@fast-csv/format/-/format-4.3.5.tgz#90d83d1b47b6aaf67be70d6118f84f3e12ee1ff3" + integrity sha512-8iRn6QF3I8Ak78lNAa+Gdl5MJJBM5vRHivFtMRUWINdevNo00K7OXxS2PshawLKTejVwieIlPmK5YlLu6w4u8A== + dependencies: + "@types/node" "^14.0.1" + lodash.escaperegexp "^4.1.2" + lodash.isboolean "^3.0.3" + lodash.isequal "^4.5.0" + lodash.isfunction "^3.0.9" + lodash.isnil "^4.0.0" + "@fast-csv/parse@4.3.2": version "4.3.2" resolved "https://registry.yarnpkg.com/@fast-csv/parse/-/parse-4.3.2.tgz#55caaee17431b9ba655c0aef7b453305e7b5039d" @@ -1688,6 +1700,19 @@ lodash.isundefined "^3.0.1" lodash.uniq "^4.5.0" +"@fast-csv/parse@4.3.6": + version "4.3.6" + resolved "https://registry.yarnpkg.com/@fast-csv/parse/-/parse-4.3.6.tgz#ee47d0640ca0291034c7aa94039a744cfb019264" + integrity sha512-uRsLYksqpbDmWaSmzvJcuApSEe38+6NQZBUsuAyMZKqHxH0g1wcJgsKUvN3WC8tewaqFjBMMGrkHmC+T7k8LvA== + dependencies: + "@types/node" "^14.0.1" + lodash.escaperegexp "^4.1.2" + lodash.groupby "^4.6.0" + lodash.isfunction "^3.0.9" + lodash.isnil "^4.0.0" + lodash.isundefined "^3.0.1" + lodash.uniq "^4.5.0" + "@gar/promisify@^1.0.1": version "1.1.2" resolved "https://registry.yarnpkg.com/@gar/promisify/-/promisify-1.1.2.tgz#30aa825f11d438671d585bd44e7fd564535fc210" @@ -5823,15 +5848,10 @@ diff-sequences@^26.6.2: resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-26.6.2.tgz#48ba99157de1923412eed41db6b6d4aa9ca7c0b1" integrity sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q== -diff@3.2.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/diff/-/diff-3.2.0.tgz#c9ce393a4b7cbd0b058a725c93df299027868ff9" - integrity sha1-yc45Okt8vQsFinJck98pkCeGj/k= - -diff@^4.0.2: - version "4.0.2" - resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" - integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== +diff@3.2.0, diff@5.0.0, diff@^4.0.2: + version "5.0.0" + resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b" + integrity sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w== dir-glob@^3.0.1: version "3.0.1" @@ -5917,21 +5937,7 @@ domutils@^1.5.1: dom-serializer "0" domelementtype "1" -dot-prop@^4.2.1: - version "4.2.1" - resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-4.2.1.tgz#45884194a71fc2cda71cbb4bceb3a4dd2f433ba4" - integrity sha512-l0p4+mIuJIua0mhxGoh4a+iNL9bmeK5DvnSVQa6T0OhrVmaEa1XScX5Etc673FePCJOArq/4Pa2cLGODUWTPOQ== - dependencies: - is-obj "^1.0.0" - -dot-prop@^5.1.0, dot-prop@^5.3.0: - version "5.3.0" - resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-5.3.0.tgz#90ccce708cd9cd82cc4dc8c3ddd9abdd55b20e88" - integrity sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q== - dependencies: - is-obj "^2.0.0" - -dot-prop@^6.0.1: +dot-prop@6.0.1, dot-prop@^4.2.1, dot-prop@^5.1.0, dot-prop@^5.3.0, dot-prop@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-6.0.1.tgz#fc26b3cf142b9e59b74dbd39ed66ce620c681083" integrity sha512-tE7ztYzXHIeyvc7N+hR3oi7FIbf/NIjVP9hmAt3yMXzrQ072/fpjGLx2GxNxGxUl5V73MEqYzioOMoVhGMJ5cA== @@ -6719,7 +6725,7 @@ extsprintf@^1.2.0: resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.4.0.tgz#e2689f8f356fad62cca65a3a91c5df5f9551692f" integrity sha1-4mifjzVvrWLMplo6kcXfX5VRaS8= -fast-csv@^4.0.0, fast-csv@^4.1.2: +fast-csv@^4.1.2: version "4.3.2" resolved "https://registry.yarnpkg.com/fast-csv/-/fast-csv-4.3.2.tgz#855e28d034310f8aae10f959bfea0a60d34540fb" integrity sha512-tmvVMsliprsl7P1z++XuhfGZPTz/h2sTLhs5PYVhtOSsu7t0T2q1TdWq/CORQsD9Cc2oPiTchpf7gACLXArNYQ== @@ -6728,6 +6734,14 @@ fast-csv@^4.0.0, fast-csv@^4.1.2: "@fast-csv/parse" "4.3.2" "@types/node" "^14.0.1" +fast-csv@^4.3.6: + version "4.3.6" + resolved "https://registry.yarnpkg.com/fast-csv/-/fast-csv-4.3.6.tgz#70349bdd8fe4d66b1130d8c91820b64a21bc4a63" + integrity sha512-2RNSpuwwsJGP0frGsOmTb9oUF+VkFSM4SyLTDgwf2ciHWTarN0lQTC+F2f/t5J9QjW+c65VFIAAu85GsvMIusw== + dependencies: + "@fast-csv/format" "4.3.5" + "@fast-csv/parse" "4.3.6" + fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: version "3.1.3" resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" @@ -7623,16 +7637,11 @@ got@^6.7.1: unzip-response "^2.0.1" url-parse-lax "^1.0.0" -graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.5, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.2, graceful-fs@^4.2.3, graceful-fs@^4.2.4: +graceful-fs@4.2.8, graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.5, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.2, graceful-fs@^4.2.3, graceful-fs@^4.2.4, graceful-fs@~4.1.11: version "4.2.8" resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.8.tgz#e412b8d33f5e006593cbd3cee6df9f2cebbe802a" integrity sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg== -graceful-fs@~4.1.11: - version "4.1.15" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00" - integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA== - "graceful-readlink@>= 1.0.0": version "1.0.1" resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz#4cafad76bc62f02fa039b2f94e9a3dd3a391a725" @@ -7643,17 +7652,17 @@ grapheme-splitter@^1.0.4: resolved "https://registry.yarnpkg.com/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz#9cf3a665c6247479896834af35cf1dbb4400767e" integrity sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ== -growl@1.9.2: - version "1.9.2" - resolved "https://registry.yarnpkg.com/growl/-/growl-1.9.2.tgz#0ea7743715db8d8de2c5ede1775e1b45ac85c02f" - integrity sha1-Dqd0NxXbjY3ixe3hd14bRayFwC8= +growl@1.10.5, growl@1.9.2: + version "1.10.5" + resolved "https://registry.yarnpkg.com/growl/-/growl-1.10.5.tgz#f2735dc2283674fa67478b10181059355c369e5e" + integrity sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA== growly@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/growly/-/growly-1.3.0.tgz#f10748cbe76af964b7c96c93c6bcc28af120c081" integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE= -handlebars@^4.7.6: +handlebars@4.7.7, handlebars@^4.7.6: version "4.7.7" resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1" integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA== @@ -8427,7 +8436,7 @@ is-number@^7.0.0: resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== -is-obj@^1.0.0, is-obj@^1.0.1: +is-obj@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-1.0.1.tgz#3e4729ac1f5fde025cd7d83a896dab9f4f67db0f" integrity sha1-PkcprB9f3gJc19g6iW2rn09n2w8= @@ -9980,21 +9989,11 @@ lodash.zipobject@^4.1.3: resolved "https://registry.yarnpkg.com/lodash.zipobject/-/lodash.zipobject-4.1.3.tgz#b399f5aba8ff62a746f6979bf20b214f964dbef8" integrity sha1-s5n1q6j/YqdG9peb8gshT5ZNvvg= -lodash@4.17.4: - version "4.17.4" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae" - integrity sha1-eCA6TRwyiuHYbcpkYONptX9AVa4= - -lodash@4.x, lodash@^4.17.11, lodash@^4.17.12, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.7.0: +lodash@4.17.21, lodash@4.17.4, lodash@4.x, lodash@^3.10.1, lodash@^4.17.12, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.7.0: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== -lodash@^3.10.1: - version "3.10.1" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-3.10.1.tgz#5bf45e8e49ba4189e17d482789dfd15bd140b7b6" - integrity sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y= - log-ok@^0.1.1: version "0.1.1" resolved "https://registry.yarnpkg.com/log-ok/-/log-ok-0.1.1.tgz#bea3dd36acd0b8a7240d78736b5b97c65444a334" @@ -10331,12 +10330,7 @@ merge2@^1.2.3, merge2@^1.3.0: resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== -merge@^1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.1.tgz#38bebf80c3220a8a487b6fcfb3941bb11720c145" - integrity sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ== - -merge@^2.1.0: +merge@2.1.1, merge@^1.2.1, merge@^2.1.0: version "2.1.1" resolved "https://registry.yarnpkg.com/merge/-/merge-2.1.1.tgz#59ef4bf7e0b3e879186436e8481c06a6c162ca98" integrity sha512-jz+Cfrg9GWOZbQAnDQ4hlVnQky+341Yk5ru8bZSe6sIDTCIg8n9i/u7hSQGSVOF3C7lH6mGtqjkiT9G4wFLL0w== @@ -10783,18 +10777,18 @@ node-fetch-npm@^2.0.2: json-parse-better-errors "^1.0.0" safe-buffer "^5.1.1" -node-fetch@2.6.6: - version "2.6.6" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.6.tgz#1751a7c01834e8e1697758732e9efb6eeadfaf89" - integrity sha512-Z8/6vRlTUChSdIgMa51jxQ4lrw/Jy5SOW10ObaA47/RElsAN2c5Pn8bTgFGWn/ibwzXTE8qwr1Yzx28vsecXEA== - dependencies: - whatwg-url "^5.0.0" - -node-fetch@^2.3.0, node-fetch@^2.4.1, node-fetch@^2.5.0, node-fetch@^2.6.1: +node-fetch@^2.3.0, node-fetch@^2.5.0, node-fetch@^2.6.1: version "2.6.1" resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052" integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw== +node-fetch@^2.6.7: + version "2.6.7" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" + node-gyp@^3.6.2: version "3.8.0" resolved "https://registry.yarnpkg.com/node-gyp/-/node-gyp-3.8.0.tgz#540304261c330e80d0d5edce253a68cb3964218c" @@ -11182,7 +11176,7 @@ npm-run-path@^4.0.0, npm-run-path@^4.0.1: dependencies: path-key "^3.0.0" -npm-user-validate@~1.0.0: +npm-user-validate@1.0.1, npm-user-validate@~1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.1.tgz#31428fc5475fe8416023f178c0ab47935ad8c561" integrity sha512-uQwcd/tY+h1jnEaze6cdX/LrhWhoBxfSknxentoqmIuStxUExxjWd3ULMLFPiFUrZKbOVMowH6Jq2FRWfmhcEw== @@ -11374,7 +11368,7 @@ object-keys@^1.0.12, object-keys@^1.1.1: resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== -object-path@^0.11.4: +object-path@0.11.8, object-path@^0.11.4: version "0.11.8" resolved "https://registry.yarnpkg.com/object-path/-/object-path-0.11.8.tgz#ed002c02bbdd0070b78a27455e8ae01fc14d4742" integrity sha512-YJjNZrlXJFM42wTBn6zgOJVar9KFJvzx6sTWDte8sWZF//cnjl0BxHNpfZx+ZffXX63A9q0b1zsFiBX4g4X5KA== @@ -12459,6 +12453,13 @@ randomatic@^3.0.0: kind-of "^6.0.0" math-random "^1.0.1" +randombytes@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" + integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ== + dependencies: + safe-buffer "^5.1.0" + rc@^1.0.1, rc@^1.1.6: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" @@ -13306,10 +13307,12 @@ semver@~5.3.0: resolved "https://registry.yarnpkg.com/semver/-/semver-5.3.0.tgz#9b2ce5d3de02d17c6012ad326aa6b4d0cf54f94f" integrity sha1-myzl094C0XxgEq0yaqa00M9U+U8= -serialize-javascript@^2.1.2: - version "2.1.2" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-2.1.2.tgz#ecec53b0e0317bdc95ef76ab7074b7384785fa61" - integrity sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ== +serialize-javascript@6.0.0, serialize-javascript@^2.1.2: + version "6.0.0" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" + integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== + dependencies: + randombytes "^2.1.0" set-blocking@^2.0.0, set-blocking@~2.0.0: version "2.0.0" @@ -15265,21 +15268,11 @@ xtend@^4.0.1, xtend@~4.0.1: resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54" integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ== -y18n@^3.2.1: +y18n@3.2.2, y18n@^3.2.1, y18n@^4.0.0, y18n@^5.0.5: version "3.2.2" resolved "https://registry.yarnpkg.com/y18n/-/y18n-3.2.2.tgz#85c901bd6470ce71fc4bb723ad209b70f7f28696" integrity sha512-uGZHXkHnhF0XeeAPgnKfPv1bgKAYyVvmNL1xlKsPYZPaIHxGti2hHqvOCQv71XMsLxu1QjergkqogUnms5D3YQ== -y18n@^4.0.0: - version "4.0.3" - resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.3.tgz#b5f259c82cd6e336921efd7bfd8bf560de9eeedf" - integrity sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ== - -y18n@^5.0.5: - version "5.0.8" - resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" - integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== - yallist@^2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"