72 lines
3.1 KiB
Diff
72 lines
3.1 KiB
Diff
From 76121bc49ce1d5417202ce0a567e4f0f00c75667 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
|
Date: Tue, 5 Apr 2022 17:40:30 +0200
|
|
Subject: [PATCH] upgrade @braintree/sanitize-url to v6.0.0
|
|
|
|
Resolves: CVE-2021-23648
|
|
|
|
diff --git a/package.json b/package.json
|
|
index 831586ad88..ab8b142ed9 100644
|
|
--- a/package.json
|
|
+++ b/package.json
|
|
@@ -209,7 +209,6 @@
|
|
"@sentry/utils": "5.24.2",
|
|
"@torkelo/react-select": "3.0.8",
|
|
"@types/antlr4": "^4.7.1",
|
|
- "@types/braintree__sanitize-url": "4.0.0",
|
|
"@types/common-tags": "^1.8.0",
|
|
"@types/hoist-non-react-statics": "3.3.1",
|
|
"@types/jsurl": "^1.2.28",
|
|
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
|
|
index b24b1af2f4..c3f1b4e181 100644
|
|
--- a/packages/grafana-data/package.json
|
|
+++ b/packages/grafana-data/package.json
|
|
@@ -22,7 +22,7 @@
|
|
"typecheck": "tsc --noEmit"
|
|
},
|
|
"dependencies": {
|
|
- "@braintree/sanitize-url": "4.0.0",
|
|
+ "@braintree/sanitize-url": "6.0.0",
|
|
"@types/d3-interpolate": "^1.3.1",
|
|
"apache-arrow": "0.16.0",
|
|
"eventemitter3": "4.0.7",
|
|
@@ -36,7 +36,6 @@
|
|
"@rollup/plugin-commonjs": "16.0.0",
|
|
"@rollup/plugin-json": "4.1.0",
|
|
"@rollup/plugin-node-resolve": "10.0.0",
|
|
- "@types/braintree__sanitize-url": "4.0.0",
|
|
"@types/jest": "26.0.15",
|
|
"@types/jquery": "3.3.38",
|
|
"@types/lodash": "4.14.123",
|
|
diff --git a/yarn.lock b/yarn.lock
|
|
index 3f5e5b80d6..a84bfebaa7 100644
|
|
--- a/yarn.lock
|
|
+++ b/yarn.lock
|
|
@@ -3030,10 +3030,10 @@
|
|
resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
|
|
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
|
|
|
|
-"@braintree/sanitize-url@4.0.0":
|
|
- version "4.0.0"
|
|
- resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-4.0.0.tgz#2cda79ffd67b6ea919a63b5e1a883b92d636e844"
|
|
- integrity sha512-bOoFoTxuEUuri/v1q0OXN0HIrZ2EiZlRSKdveU8vS5xf2+g0TmpXhmxkTc1s+XWR5xZNoVU4uvf/Mher98tfLw==
|
|
+"@braintree/sanitize-url@6.0.0":
|
|
+ version "6.0.0"
|
|
+ resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
|
|
+ integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
|
|
|
|
"@cnakazawa/watch@^1.0.3":
|
|
version "1.0.3"
|
|
@@ -5752,11 +5752,6 @@
|
|
resolved "https://registry.yarnpkg.com/@types/braces/-/braces-3.0.0.tgz#7da1c0d44ff1c7eb660a36ec078ea61ba7eb42cb"
|
|
integrity sha512-TbH79tcyi9FHwbyboOKeRachRq63mSuWYXOflsNO9ZyE5ClQ/JaozNKl+aWUq87qPNsXasXxi2AbgfwIJ+8GQw==
|
|
|
|
-"@types/braintree__sanitize-url@4.0.0":
|
|
- version "4.0.0"
|
|
- resolved "https://registry.yarnpkg.com/@types/braintree__sanitize-url/-/braintree__sanitize-url-4.0.0.tgz#0e8a834501f8c375d4b3fb8dcf9398a08ebe068d"
|
|
- integrity sha512-69eGJ8808/WfTJGsvMi1pxQ9UG5Z+llD1x9ash5QX+qvxElDD+eYNAn19cTEVTq6WwUqrqlaTWVCKaTRFTuGmA==
|
|
-
|
|
"@types/cheerio@*":
|
|
version "0.22.13"
|
|
resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.13.tgz#5eecda091a24514185dcba99eda77e62bf6523e6"
|