grafana/013-CVE-2021-23648.patch

72 lines
3.1 KiB
Diff

From 76121bc49ce1d5417202ce0a567e4f0f00c75667 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Tue, 5 Apr 2022 17:40:30 +0200
Subject: [PATCH] upgrade @braintree/sanitize-url to v6.0.0
Resolves: CVE-2021-23648
diff --git a/package.json b/package.json
index 831586ad88..ab8b142ed9 100644
--- a/package.json
+++ b/package.json
@@ -209,7 +209,6 @@
"@sentry/utils": "5.24.2",
"@torkelo/react-select": "3.0.8",
"@types/antlr4": "^4.7.1",
- "@types/braintree__sanitize-url": "4.0.0",
"@types/common-tags": "^1.8.0",
"@types/hoist-non-react-statics": "3.3.1",
"@types/jsurl": "^1.2.28",
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
index b24b1af2f4..c3f1b4e181 100644
--- a/packages/grafana-data/package.json
+++ b/packages/grafana-data/package.json
@@ -22,7 +22,7 @@
"typecheck": "tsc --noEmit"
},
"dependencies": {
- "@braintree/sanitize-url": "4.0.0",
+ "@braintree/sanitize-url": "6.0.0",
"@types/d3-interpolate": "^1.3.1",
"apache-arrow": "0.16.0",
"eventemitter3": "4.0.7",
@@ -36,7 +36,6 @@
"@rollup/plugin-commonjs": "16.0.0",
"@rollup/plugin-json": "4.1.0",
"@rollup/plugin-node-resolve": "10.0.0",
- "@types/braintree__sanitize-url": "4.0.0",
"@types/jest": "26.0.15",
"@types/jquery": "3.3.38",
"@types/lodash": "4.14.123",
diff --git a/yarn.lock b/yarn.lock
index 3f5e5b80d6..a84bfebaa7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3030,10 +3030,10 @@
resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
-"@braintree/sanitize-url@4.0.0":
- version "4.0.0"
- resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-4.0.0.tgz#2cda79ffd67b6ea919a63b5e1a883b92d636e844"
- integrity sha512-bOoFoTxuEUuri/v1q0OXN0HIrZ2EiZlRSKdveU8vS5xf2+g0TmpXhmxkTc1s+XWR5xZNoVU4uvf/Mher98tfLw==
+"@braintree/sanitize-url@6.0.0":
+ version "6.0.0"
+ resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
+ integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
"@cnakazawa/watch@^1.0.3":
version "1.0.3"
@@ -5752,11 +5752,6 @@
resolved "https://registry.yarnpkg.com/@types/braces/-/braces-3.0.0.tgz#7da1c0d44ff1c7eb660a36ec078ea61ba7eb42cb"
integrity sha512-TbH79tcyi9FHwbyboOKeRachRq63mSuWYXOflsNO9ZyE5ClQ/JaozNKl+aWUq87qPNsXasXxi2AbgfwIJ+8GQw==
-"@types/braintree__sanitize-url@4.0.0":
- version "4.0.0"
- resolved "https://registry.yarnpkg.com/@types/braintree__sanitize-url/-/braintree__sanitize-url-4.0.0.tgz#0e8a834501f8c375d4b3fb8dcf9398a08ebe068d"
- integrity sha512-69eGJ8808/WfTJGsvMi1pxQ9UG5Z+llD1x9ash5QX+qvxElDD+eYNAn19cTEVTq6WwUqrqlaTWVCKaTRFTuGmA==
-
"@types/cheerio@*":
version "0.22.13"
resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.13.tgz#5eecda091a24514185dcba99eda77e62bf6523e6"