389-ds-base

Clone
Source Code
GIT

#50500 Issue 50499 - Fix audit issues and remove jquery from the whitelist
Closed 3 years ago by spichugi. Opened 4 years ago by spichugi.
spichugi/389-ds-base fix-audit  into  master

file modified
+1 -2 
@@ -3,6 +3,5 @@ 
 

    "package-manager": "auto",
 

    "report": true,
 

    "advisories": [],
 

-   "_comment": "jquery should be removed from the whitelist after https://github.com/patternfly/patternfly/pull/1174 is merged",
 

-   "whitelist": ["jquery"]
 

+   "whitelist": []
 

  }

file modified
+74 -75 
@@ -935,7 +935,8 @@ 
 

      "@types/d3-color": {
 

        "version": "1.2.2",
 

        "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-1.2.2.tgz",
 

-       "integrity": "sha512-6pBxzJ8ZP3dYEQ4YjQ+NVbQaOflfgXq/JbDiS99oLobM2o72uAST4q6yPxHv6FOTCRC/n35ktuo8pvw/S4M7sw=="
 

+       "integrity": "sha512-6pBxzJ8ZP3dYEQ4YjQ+NVbQaOflfgXq/JbDiS99oLobM2o72uAST4q6yPxHv6FOTCRC/n35ktuo8pvw/S4M7sw==",
 

+       "optional": true
 

      },
 

      "@types/d3-dispatch": {
 

        "version": "1.0.7",
 
@@ -955,7 +956,8 @@ 
 

      "@types/d3-dsv": {
 

        "version": "1.0.36",
 

        "resolved": "https://registry.npmjs.org/@types/d3-dsv/-/d3-dsv-1.0.36.tgz",
 

-       "integrity": "sha512-jbIWQ27QJcBNMZbQv0NSQMHnBDCmxghAxePxgyiPH1XPCRkOsTBei7jcdi3fDrUCGpCV3lKrSZFSlOkhUQVClA=="
 

+       "integrity": "sha512-jbIWQ27QJcBNMZbQv0NSQMHnBDCmxghAxePxgyiPH1XPCRkOsTBei7jcdi3fDrUCGpCV3lKrSZFSlOkhUQVClA==",
 

+       "optional": true
 

      },
 

      "@types/d3-ease": {
 

        "version": "1.0.8",
 
@@ -994,6 +996,7 @@ 
 

        "version": "1.3.1",
 

        "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-1.3.1.tgz",
 

        "integrity": "sha512-z8Zmi08XVwe8e62vP6wcA+CNuRhpuUU5XPEfqpG0hRypDE5BWNthQHB1UNWWDB7ojCbGaN4qBdsWp5kWxhT1IQ==",
 

+       "optional": true,
 

        "requires": {
 

          "@types/d3-color": "*"
 

        }
 
@@ -1001,7 +1004,8 @@ 
 

      "@types/d3-path": {
 

        "version": "1.0.8",
 

        "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-1.0.8.tgz",
 

-       "integrity": "sha512-AZGHWslq/oApTAHu9+yH/Bnk63y9oFOMROtqPAtxl5uB6qm1x2lueWdVEjsjjV3Qc2+QfuzKIwIR5MvVBakfzA=="
 

+       "integrity": "sha512-AZGHWslq/oApTAHu9+yH/Bnk63y9oFOMROtqPAtxl5uB6qm1x2lueWdVEjsjjV3Qc2+QfuzKIwIR5MvVBakfzA==",
 

+       "optional": true
 

      },
 

      "@types/d3-polygon": {
 

        "version": "1.0.7",
 
@@ -1048,7 +1052,8 @@ 
 

      "@types/d3-selection": {
 

        "version": "1.4.1",
 

        "resolved": "https://registry.npmjs.org/@types/d3-selection/-/d3-selection-1.4.1.tgz",
 

-       "integrity": "sha512-bv8IfFYo/xG6dxri9OwDnK3yCagYPeRIjTlrcdYJSx+FDWlCeBDepIHUpqROmhPtZ53jyna0aUajZRk0I3rXNA=="
 

+       "integrity": "sha512-bv8IfFYo/xG6dxri9OwDnK3yCagYPeRIjTlrcdYJSx+FDWlCeBDepIHUpqROmhPtZ53jyna0aUajZRk0I3rXNA==",
 

+       "optional": true
 

      },
 

      "@types/d3-shape": {
 

        "version": "1.3.1",
 
@@ -1062,7 +1067,8 @@ 
 

      "@types/d3-time": {
 

        "version": "1.0.10",
 

        "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-1.0.10.tgz",
 

-       "integrity": "sha512-aKf62rRQafDQmSiv1NylKhIMmznsjRN+MnXRXTqHoqm0U/UZzVpdrtRnSIfdiLS616OuC1soYeX1dBg2n1u8Xw=="
 

+       "integrity": "sha512-aKf62rRQafDQmSiv1NylKhIMmznsjRN+MnXRXTqHoqm0U/UZzVpdrtRnSIfdiLS616OuC1soYeX1dBg2n1u8Xw==",
 

+       "optional": true
 

      },
 

      "@types/d3-time-format": {
 

        "version": "2.1.1",
 
@@ -2003,9 +2009,9 @@ 
 

        "integrity": "sha512-CB9CrpNVrIytlOoqHtRXhhxFo/jencr1U5cMqPBA0WmMdb13bzjHnXQVNGYde/g5gWW+RWiuT9jTquZuz3VE8A=="
 

      },
 

      "bootstrap-switch": {
 

-       "version": "3.3.5",
 

-       "resolved": "https://registry.npmjs.org/bootstrap-switch/-/bootstrap-switch-3.3.5.tgz",
 

-       "integrity": "sha512-aRwgTPO7QPvTtUxit2ucXgs/P+dp3Y8Qy41XOOqTXZiJvfI6b87+hP+r4B4+3y7bptu0P6KHIyEc4ordEVIVkg==",
 

+       "version": "3.3.4",
 

+       "resolved": "https://registry.npmjs.org/bootstrap-switch/-/bootstrap-switch-3.3.4.tgz",
 

+       "integrity": "sha1-cOCusqh3wNx2aZHeEI4hcPwpov8=",
 

        "optional": true
 

      },
 

      "bootstrap-touchspin": {
 
@@ -2787,17 +2793,18 @@ 
 

        "version": "1.10.19",
 

        "resolved": "https://registry.npmjs.org/datatables.net/-/datatables.net-1.10.19.tgz",
 

        "integrity": "sha512-+ljXcI6Pj3PTGy5pesp3E5Dr3x3AV45EZe0o1r0gKENN2gafBKXodVnk2ypKwl2tTmivjxbkiqoWnipTefyBTA==",
 

+       "optional": true,
 

        "requires": {
 

          "jquery": ">=1.7"
 

        }
 

      },
 

      "datatables.net-bs": {
 

-       "version": "2.1.1",
 

-       "resolved": "https://registry.npmjs.org/datatables.net-bs/-/datatables.net-bs-2.1.1.tgz",
 

-       "integrity": "sha1-cEEIlyiRlJ0JS/RPU9BlTZ/ue84=",
 

+       "version": "1.10.19",
 

+       "resolved": "https://registry.npmjs.org/datatables.net-bs/-/datatables.net-bs-1.10.19.tgz",
 

+       "integrity": "sha512-5gxoI2n+duZP06+4xVC2TtH6zcY369/TRKTZ1DdSgDcDUl4OYQsrXCuaLJmbVzna/5Y5lrMmK7CxgvYgIynICA==",
 

        "optional": true,
 

        "requires": {
 

-         "datatables.net": ">=1.10.9",
 

+         "datatables.net": "1.10.19",
 

          "jquery": ">=1.7"
 

        }
 

      },
 
@@ -4107,7 +4114,8 @@ 
 

          "ansi-regex": {
 

            "version": "2.1.1",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "aproba": {
 

            "version": "1.2.0",
 
@@ -4128,12 +4136,14 @@ 
 

          "balanced-match": {
 

            "version": "1.0.0",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "brace-expansion": {
 

            "version": "1.1.11",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "balanced-match": "^1.0.0",
 

              "concat-map": "0.0.1"
 
@@ -4148,17 +4158,20 @@ 
 

          "code-point-at": {
 

            "version": "1.1.0",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "concat-map": {
 

            "version": "0.0.1",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "console-control-strings": {
 

            "version": "1.1.0",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "core-util-is": {
 

            "version": "1.0.2",
 
@@ -4275,7 +4288,8 @@ 
 

          "inherits": {
 

            "version": "2.0.3",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "ini": {
 

            "version": "1.3.5",
 
@@ -4287,6 +4301,7 @@ 
 

            "version": "1.0.0",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "number-is-nan": "^1.0.0"
 

            }
 
@@ -4301,6 +4316,7 @@ 
 

            "version": "3.0.4",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "brace-expansion": "^1.1.7"
 

            }
 
@@ -4308,12 +4324,14 @@ 
 

          "minimist": {
 

            "version": "0.0.8",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "minipass": {
 

            "version": "2.3.5",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "safe-buffer": "^5.1.2",
 

              "yallist": "^3.0.0"
 
@@ -4332,6 +4350,7 @@ 
 

            "version": "0.5.1",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "minimist": "0.0.8"
 

            }
 
@@ -4419,7 +4438,8 @@ 
 

          "number-is-nan": {
 

            "version": "1.0.1",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "object-assign": {
 

            "version": "4.1.1",
 
@@ -4431,6 +4451,7 @@ 
 

            "version": "1.4.0",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "wrappy": "1"
 

            }
 
@@ -4516,7 +4537,8 @@ 
 

          "safe-buffer": {
 

            "version": "5.1.2",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "safer-buffer": {
 

            "version": "2.1.2",
 
@@ -4552,6 +4574,7 @@ 
 

            "version": "1.0.2",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "code-point-at": "^1.0.0",
 

              "is-fullwidth-code-point": "^1.0.0",
 
@@ -4571,6 +4594,7 @@ 
 

            "version": "3.0.1",
 

            "bundled": true,
 

            "dev": true,
 

+           "optional": true,
 

            "requires": {
 

              "ansi-regex": "^2.0.0"
 

            }
 
@@ -4614,12 +4638,14 @@ 
 

          "wrappy": {
 

            "version": "1.0.2",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          },
 

          "yallist": {
 

            "version": "3.0.3",
 

            "bundled": true,
 

-           "dev": true
 

+           "dev": true,
 

+           "optional": true
 

          }
 

        }
 

      },
 
@@ -5683,9 +5709,9 @@ 
 

        }
 

      },
 

      "lodash": {
 

-       "version": "4.17.11",
 

-       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
 

-       "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="
 

+       "version": "4.17.14",
 

+       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.14.tgz",
 

+       "integrity": "sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw=="
 

      },
 

      "lodash.assign": {
 

        "version": "4.2.0",
 
@@ -5703,9 +5729,9 @@ 
 

        "integrity": "sha1-gteb/zCmfEAF/9XiUVMArZyk168="
 

      },
 

      "lodash.mergewith": {
 

-       "version": "4.6.1",
 

-       "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.1.tgz",
 

-       "integrity": "sha512-eWw5r+PYICtEBgrBE5hhlT6aAa75f411bgDz/ZL2KZqYV03USvucsxcHUIlGTDTECs1eunpI7HOV7U+WLDvNdQ=="
 

+       "version": "4.6.2",
 

+       "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz",
 

+       "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ=="
 

      },
 

      "lodash.tail": {
 

        "version": "4.1.1",
 
@@ -5928,9 +5954,9 @@ 
 

        }
 

      },
 

      "mixin-deep": {
 

-       "version": "1.3.1",
 

-       "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz",
 

-       "integrity": "sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ==",
 

+       "version": "1.3.2",
 

+       "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz",
 

+       "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==",
 

        "dev": true,
 

        "requires": {
 

          "for-in": "^1.0.2",
 
@@ -5984,11 +6010,12 @@ 
 

      "moment": {
 

        "version": "2.24.0",
 

        "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
 

-       "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg=="
 

+       "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==",
 

+       "optional": true
 

      },
 

      "moment-timezone": {
 

        "version": "0.4.1",
 

-       "resolved": "http://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz",
 

+       "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz",
 

        "integrity": "sha1-gfWYw61eIs2teWtn7NjYjQ9bqgY=",
 

        "optional": true,
 

        "requires": {
 
@@ -6502,17 +6529,17 @@ 
 

        }
 

      },
 

      "patternfly": {
 

-       "version": "3.59.1",
 

-       "resolved": "https://registry.npmjs.org/patternfly/-/patternfly-3.59.1.tgz",
 

-       "integrity": "sha512-0Q/P58yaxcQXwnXo/OssiXaZmuX0g9QvWdpsYHyml4ihqnN2lL/yGdadFarA6UAQb//15XtNjKHZocoJXCkWYg==",
 

+       "version": "3.59.3",
 

+       "resolved": "https://registry.npmjs.org/patternfly/-/patternfly-3.59.3.tgz",
 

+       "integrity": "sha512-gStdjLCS9k6NmI2xCXa1IBK0s8p5l5dqMEh/zLEUwA+qdV6z6qwSxHe8QT3AjLyEy27qMSzmtUXxvkO1c8jENw==",
 

        "requires": {
 

          "@types/c3": "^0.6.0",
 

-         "bootstrap": "~3.4.0",
 

+         "bootstrap": "~3.4.1",
 

          "bootstrap-datepicker": "^1.7.1",
 

          "bootstrap-sass": "^3.4.0",
 

          "bootstrap-select": "1.12.2",
 

          "bootstrap-slider": "^9.9.0",
 

-         "bootstrap-switch": "~3.3.4",
 

+         "bootstrap-switch": "3.3.4",
 

          "bootstrap-touchspin": "~3.1.1",
 

          "c3": "~0.4.11",
 

          "d3": "~3.5.17",
 
@@ -6525,7 +6552,7 @@ 
 

          "font-awesome": "^4.7.0",
 

          "font-awesome-sass": "^4.7.0",
 

          "google-code-prettify": "~1.0.5",
 

-         "jquery": "~3.2.1",
 

+         "jquery": "~3.4.1",
 

          "jquery-match-height": "^0.7.2",
 

          "moment": "^2.19.1",
 

          "moment-timezone": "^0.4.1",
 
@@ -6537,11 +6564,6 @@ 
 

            "version": "3.4.1",
 

            "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-3.4.1.tgz",
 

            "integrity": "sha512-yN5oZVmRCwe5aKwzRj6736nSmKDX7pLYwsXiCj/EYmo16hODaBiT4En5btW/jhBF/seV+XMx3aYwukYC3A49DA=="
 

-         },
 

-         "jquery": {
 

-           "version": "3.2.1",
 

-           "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.2.1.tgz",
 

-           "integrity": "sha1-XE2d5lKvbNCncBVKYxu6ErAVx4c="
 

          }
 

        }
 

      },
 
@@ -7649,9 +7671,9 @@ 
 

        "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc="
 

      },
 

      "set-value": {
 

-       "version": "2.0.0",
 

-       "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz",
 

-       "integrity": "sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==",
 

+       "version": "2.0.1",
 

+       "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz",
 

+       "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==",
 

        "dev": true,
 

        "requires": {
 

          "extend-shallow": "^2.0.1",
 
@@ -8506,38 +8528,15 @@ 
 

        "dev": true
 

      },
 

      "union-value": {
 

-       "version": "1.0.0",
 

-       "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.0.tgz",
 

-       "integrity": "sha1-XHHDTLW61dzr4+oM0IIHulqhrqQ=",
 

+       "version": "1.0.1",
 

+       "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz",
 

+       "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==",
 

        "dev": true,
 

        "requires": {
 

          "arr-union": "^3.1.0",
 

          "get-value": "^2.0.6",
 

          "is-extendable": "^0.1.1",
 

-         "set-value": "^0.4.3"
 

-       },
 

-       "dependencies": {
 

-         "extend-shallow": {
 

-           "version": "2.0.1",
 

-           "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
 

-           "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
 

-           "dev": true,
 

-           "requires": {
 

-             "is-extendable": "^0.1.0"
 

-           }
 

-         },
 

-         "set-value": {
 

-           "version": "0.4.3",
 

-           "resolved": "https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz",
 

-           "integrity": "sha1-fbCPnT0i3H945Trzw79GZuzfzPE=",
 

-           "dev": true,
 

-           "requires": {
 

-             "extend-shallow": "^2.0.1",
 

-             "is-extendable": "^0.1.1",
 

-             "is-plain-object": "^2.0.1",
 

-             "to-object-path": "^0.3.0"
 

-           }
 

-         }
 

+         "set-value": "^2.0.1"
 

        }
 

      },
 

      "uniq": {

file modified
+1 -1 
@@ -50,7 +50,7 @@ 
 

    "dependencies": {
 

      "bootstrap": "^4.3.1",
 

      "node-sass": "4.11.0",
 

-     "patternfly": "^3.59.1",
 

+     "patternfly": "^3.59.3",
 

      "patternfly-react": "^2.34.3",
 

      "prop-types": "15.6.2",
 

      "react": "16.6.1",

Description: 50 high vulnerabilities were found during audit. Fix them.
It updates the Patternfly version to 3.59.3 version.
Package jquery is no longer an issue, remove it from the whitelist.

https://pagure.io/389-ds-base/issue/50499

Reviewed by: ?

ack

rebased onto 20e0d26
4 years ago

Pull-Request has been merged by spichugi
4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3556

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 3
+1 -2
file changed
src/cockpit/389-console/audit-ci.json
+74 -75
file changed
src/cockpit/389-console/package-lock.json
+1 -1
file changed
src/cockpit/389-console/package.json
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.