Skip to content

Commit ed26c2e

Browse files
pradeepjangid195pradeepjangid195
authored
Merge pull request #7928 from BitGo/fix-security-vulnerabilities-tar-jspdf-qs
fix(deps): resolve high severity vulnerabilities in tar, jspdf (Code Audit fix)
2 parents dfb486d + 2cb6c00 commit ed26c2e

2 files changed

Lines changed: 8 additions & 18 deletions

File tree

package.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,8 @@
6767
"**/cacache/glob": "11.1.0",
6868
"**/pacote/glob": "11.1.0",
6969
"**/sha.js": ">=2.4.12",
70+
"tar": ">=7.5.3",
71+
"jspdf": ">=4.0.0",
7072
"@ethereumjs/util": "8.0.3",
7173
"@types/keyv": "3.1.4",
7274
"@types/react": "17.0.24",

yarn.lock

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -14173,7 +14173,7 @@ jsonpointer@^5.0.0:
1417314173
resolved "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz"
1417414174
integrity sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==
1417514175

14176-
jspdf@^4.0.0:
14176+
jspdf@>=4.0.0, jspdf@^4.0.0:
1417714177
version "4.0.0"
1417814178
resolved "https://registry.npmjs.org/jspdf/-/jspdf-4.0.0.tgz#3731c0a1a7d8afe28c681891236f8ad4a662d893"
1417914179
integrity sha512-w12U97Z6edKd2tXDn3LzTLg7C7QLJlx0BPfM3ecjK2BckUl9/81vZ+r5gK4/3KQdhAcEZhENUxRhtgYBj75MqQ==
@@ -17817,7 +17817,7 @@ qrcode@^1.5.1:
1781717817
pngjs "^5.0.0"
1781817818
yargs "^15.3.1"
1781917819

17820-
qs@6.13.0, qs@6.14.0, qs@6.14.1, qs@^6.11.0, qs@^6.11.2, qs@^6.12.3, qs@^6.5.1:
17820+
qs@6.13.0, qs@6.14.0, qs@>=6.14.1, qs@^6.11.0, qs@^6.11.2, qs@^6.12.3, qs@^6.5.1:
1782117821
version "6.14.1"
1782217822
resolved "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz#a41d85b9d3902f31d27861790506294881871159"
1782317823
integrity sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==
@@ -20003,22 +20003,10 @@ tar-stream@~2.2.0:
2000320003
inherits "^2.0.3"
2000420004
readable-stream "^3.1.1"
2000520005

20006-
tar@6.2.1, tar@^6.1.11, tar@^6.1.2:
20007-
version "6.2.1"
20008-
resolved "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz"
20009-
integrity sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==
20010-
dependencies:
20011-
chownr "^2.0.0"
20012-
fs-minipass "^2.0.0"
20013-
minipass "^5.0.0"
20014-
minizlib "^2.1.1"
20015-
mkdirp "^1.0.3"
20016-
yallist "^4.0.0"
20017-
20018-
tar@^7.4.3:
20019-
version "7.5.1"
20020-
resolved "https://registry.npmjs.org/tar/-/tar-7.5.1.tgz"
20021-
integrity sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g==
20006+
tar@6.2.1, tar@>=7.5.3, tar@^6.1.11, tar@^6.1.2, tar@^7.4.3:
20007+
version "7.5.3"
20008+
resolved "https://registry.npmjs.org/tar/-/tar-7.5.3.tgz#e1a41236e32446f75e63b720222112c4ffe5b3a1"
20009+
integrity sha512-ENg5JUHUm2rDD7IvKNFGzyElLXNjachNLp6RaGf4+JOgxXHkqA+gq81ZAMCUmtMtqBsoU62lcp6S27g1LCYGGQ==
2002220010
dependencies:
2002320011
"@isaacs/fs-minipass" "^4.0.0"
2002420012
chownr "^3.0.0"

0 commit comments

Comments
 (0)