From f6f014a907f346e46576776162430010314ba7b5 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Mon, 11 Feb 2019 07:22:54 +0100 Subject: [PATCH 1/3] fix: update dependencies due to security vulnerabilities lodash@3.0.1-0 --- package.json | 6 +++--- yarn.lock | Bin 394248 -> 394083 bytes 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 5b2550008..1ba6cb8e3 100644 --- a/package.json +++ b/package.json @@ -16,10 +16,10 @@ }, "dependencies": { "@verdaccio/file-locking": "0.0.8", - "@verdaccio/local-storage": "1.1.4", + "@verdaccio/local-storage": "1.1.6", "@verdaccio/streams": "1.0.0", "JSONStream": "1.3.5", - "async": "2.6.1", + "async": "3.0.1-0", "body-parser": "1.18.3", "bunyan": "1.8.12", "chalk": "2.4.2", @@ -30,7 +30,7 @@ "date-fns": "1.29.0", "express": "4.16.4", "global": "4.3.2", - "handlebars": "4.0.12", + "handlebars": "4.1.0", "http-errors": "1.7.1", "js-base64": "2.5.1", "js-string-escape": "1.0.1", diff --git a/yarn.lock b/yarn.lock index 8bd28d93bb5cd65a6abd312568962afd0e28b2c4..ff162fc5956ec164f8c5eaa9c0acee0c43727dec 100644 GIT binary patch delta 601 zcmXYuPfyce0LHV<#Y7Vipb0^ZV~UARw)gFyx2=YlF}A`69i{6w7Cm%*`<8WE_YYd= z)hHxNFsVr|5HEfJ6AnA+#ZO>77>>ld9{d6hBu}2pljrh#p8fr)UvH*9f0{Y@ka!uP zP$GQ(JMt_@J(x?O)RyJn7ZGG2;5ZsXk>(*U2n^750I;ZI#xM!Q7-G}ZgR{~tZJ_$w zR<4MoMbqgGT&Ll$BebG=UJtvqmc(mXL0MF`d7QV~o{`OO6zZaDl{{6WYXxT~zm(KB zla7^NR`LsJuPpg~k+#CfkJwajefAzDB*NowvD<+(J8_jsffSqr;mpn0^kwp|15~yeH=XM++Z&&7hr}C5Dyt5LW9BLn1C@wgmlAXfyfXRnnVx@ z4Zt~At&wb(4-2aA&{W)_G1Yw&FDG{ktoo7gYW`xFc();+O)mCtwA|cEuu`7 z>-UXvrd(ADuDq7>TC2RAE2>R5ZS_mTuBtRD-Rf??lH1@UHCbCz1i@dCJN=Bh-t!6W x2$&Z)3u@8}zqhG7qr+ngpN?L8(Vvsy(Yxs1k^VLcB727i(Xp?L4i93x?myYi!C3$R delta 607 zcmXAkPfrs;7>Cnc8xtUeNEAXmvL>8X4Z^{M_!Te~c$4?==9m1Q_c?nryuUyE^-EkblyD$B z89p5C4gbbt6NXkVv`2~WLI*jn&Y(xIZ|lef1_J;Ww90TW|S$Ktd%G87&u{Uf^4 z6YEYXaP7_Yn1VHEXb>npJxX{QA3FRTcOnv2#7-z*q9!Kr6~@EB2RbCa0~y8K!AS4c zBA*gOT~0W$F>sM7s;{Lx%K2x|(GdJkmVp8mg$dI`B8SN7%Kca&X zBb*%5WTa8?s4sH+aChv*^v&+2!SPsFD*pX^AiCd`Z+NdZ zi$SI9F5rc%iSHk!5pWq^nIaAeH*H2;OkJCJh*ARp0!_y@xnsHvGM6~~+BCObw!Dq3 zn$FLutMlv4MY!Utj%DSm?p&}{Xx2%U7m~2P)uyw&1^ntv!f1n Date: Mon, 11 Feb 2019 07:23:24 +0100 Subject: [PATCH 2/3] chore(release): 3.11.4 --- CHANGELOG.md | 10 ++++++++++ package.json | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 145d8c928..aa5ae6b5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [3.11.4](https://github.com/verdaccio/verdaccio/compare/v3.11.3...v3.11.4) (2019-02-11) + + +### Bug Fixes + +* update dependencies due to security vulnerabilities ([f6f014a](https://github.com/verdaccio/verdaccio/commit/f6f014a)) + + + ## [3.11.3](https://github.com/verdaccio/verdaccio/compare/v3.11.2...v3.11.3) (2019-02-07) diff --git a/package.json b/package.json index 1ba6cb8e3..8634bcf91 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "verdaccio", - "version": "3.11.3", + "version": "3.11.4", "description": "Private npm repository server", "author": { "name": "Alex Kocharin", From c42c06666f359d219adb00e620a03f642613b05e Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Mon, 11 Feb 2019 07:33:35 +0100 Subject: [PATCH 3/3] chore: update lock file --- yarn.lock | Bin 570615 -> 570870 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/yarn.lock b/yarn.lock index a74ad7e8bc775840279b78a3fd44f8f38c6d0564..5e464a94d0f97cda7b250d1420a9962a92538472 100644 GIT binary patch delta 247 zcmezVQt8`krG_nxeW6mudIoxix&~HU3JPVZMa7xNv<9%jYfPMHzT=24j`7ExK2CjMrQwzgbcV24dlRA&-vUmVH^ Z#7scU48$xz%nHP8K+L{