From 94cdc73bd974549fc3b9d459c02f74b28f80ee1a Mon Sep 17 00:00:00 2001 From: Rikki Schulte Date: Mon, 6 Nov 2023 20:35:12 +0100 Subject: [PATCH] fix non-impacting but noisy dependency vulnerabilities --- .github/workflows/test.yml | 3 + package.json | 8 +- pnpm-lock.yaml | 156 ++++++++++++++++++------------------- 3 files changed, 85 insertions(+), 82 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 03ca0fd..1bba872 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -37,3 +37,6 @@ jobs: - name: Test run: pnpm test:coverage + + - name: Vulnerability Audit + run: pnpm audit --prod diff --git a/package.json b/package.json index 43972e4..e2081c5 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "@sagold/json-pointer": "^5.1.1", "@types/json-schema": "^7.0.12", "@types/node": "^20.4.2", - "json-schema": "^0.2.3", + "json-schema": "^0.4.0", "json-schema-library": "^8.0.0" }, "optionalDependencies": { @@ -76,7 +76,7 @@ "@codemirror/commands": "^6.2.4", "@codemirror/theme-one-dark": "^6.1.2", "@evilmartians/lefthook": "^1.4.6", - "@vitest/coverage-v8": "^0.33.0", + "@vitest/coverage-v8": "^0.34.6", "codemirror": "^6.0.1", "codemirror-json5": "^1.0.3", "happy-dom": "^10.3.2", @@ -84,8 +84,8 @@ "typedoc": "^0.24.8", "typedoc-plugin-markdown": "^3.15.3", "typescript": "^5.1.6", - "vite": "^4.4.4", - "vitest": "0.33.0", + "vite": "^4.5.0", + "vitest": "0.34.6", "vitest-dom": "^0.1.0" }, "scripts": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6c1018d..026ee76 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -33,8 +33,8 @@ dependencies: specifier: ^20.4.2 version: 20.4.2 json-schema: - specifier: ^0.2.3 - version: 0.2.3 + specifier: ^0.4.0 + version: 0.4.0 json-schema-library: specifier: ^8.0.0 version: 8.0.0 @@ -67,8 +67,8 @@ devDependencies: specifier: ^1.4.6 version: 1.4.6 '@vitest/coverage-v8': - specifier: ^0.33.0 - version: 0.33.0(vitest@0.33.0) + specifier: ^0.34.6 + version: 0.34.6(vitest@0.34.6) codemirror: specifier: ^6.0.1 version: 6.0.1(@lezer/common@1.0.3) @@ -85,14 +85,14 @@ devDependencies: specifier: ^5.1.6 version: 5.1.6 vite: - specifier: ^4.4.4 - version: 4.4.4(@types/node@20.4.2) + specifier: ^4.5.0 + version: 4.5.0(@types/node@20.4.2) vitest: - specifier: 0.33.0 - version: 0.33.0(happy-dom@10.3.2) + specifier: 0.34.6 + version: 0.34.6(happy-dom@10.3.2) vitest-dom: specifier: ^0.1.0 - version: 0.1.0(vitest@0.33.0) + version: 0.1.0(vitest@0.34.6) packages: @@ -677,6 +677,7 @@ packages: /@lezer/json@1.0.1: resolution: {integrity: sha512-nkVC27qiEZEjySbi6gQRuMwa2sDu2PtfjSgz0A4QF81QyRGm3kb2YRzLcOPcTEtmcwvrX/cej7mlhbwViA4WJw==} + requiresBuild: true dependencies: '@lezer/highlight': 1.1.6 '@lezer/lr': 1.3.9 @@ -787,15 +788,15 @@ packages: resolution: {integrity: sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw==} dev: true - /@vitest/coverage-v8@0.33.0(vitest@0.33.0): - resolution: {integrity: sha512-Rj5IzoLF7FLj6yR7TmqsfRDSeaFki6NAJ/cQexqhbWkHEV2htlVGrmuOde3xzvFsCbLCagf4omhcIaVmfU8Okg==} + /@vitest/coverage-v8@0.34.6(vitest@0.34.6): + resolution: {integrity: sha512-fivy/OK2d/EsJFoEoxHFEnNGTg+MmdZBAVK9Ka4qhXR2K3J0DS08vcGVwzDtXSuUMabLv4KtPcpSKkcMXFDViw==} peerDependencies: vitest: '>=0.32.0 <1' dependencies: '@ampproject/remapping': 2.2.1 '@bcoe/v8-coverage': 0.2.3 istanbul-lib-coverage: 3.2.0 - istanbul-lib-report: 3.0.0 + istanbul-lib-report: 3.0.1 istanbul-lib-source-maps: 4.0.1 istanbul-reports: 3.1.5 magic-string: 0.30.1 @@ -803,43 +804,43 @@ packages: std-env: 3.3.3 test-exclude: 6.0.0 v8-to-istanbul: 9.1.0 - vitest: 0.33.0(happy-dom@10.3.2) + vitest: 0.34.6(happy-dom@10.3.2) transitivePeerDependencies: - supports-color dev: true - /@vitest/expect@0.33.0: - resolution: {integrity: sha512-sVNf+Gla3mhTCxNJx+wJLDPp/WcstOe0Ksqz4Vec51MmgMth/ia0MGFEkIZmVGeTL5HtjYR4Wl/ZxBxBXZJTzQ==} + /@vitest/expect@0.34.6: + resolution: {integrity: sha512-QUzKpUQRc1qC7qdGo7rMK3AkETI7w18gTCUrsNnyjjJKYiuUB9+TQK3QnR1unhCnWRC0AbKv2omLGQDF/mIjOw==} dependencies: - '@vitest/spy': 0.33.0 - '@vitest/utils': 0.33.0 - chai: 4.3.7 + '@vitest/spy': 0.34.6 + '@vitest/utils': 0.34.6 + chai: 4.3.10 dev: true - /@vitest/runner@0.33.0: - resolution: {integrity: sha512-UPfACnmCB6HKRHTlcgCoBh6ppl6fDn+J/xR8dTufWiKt/74Y9bHci5CKB8tESSV82zKYtkBJo9whU3mNvfaisg==} + /@vitest/runner@0.34.6: + resolution: {integrity: sha512-1CUQgtJSLF47NnhN+F9X2ycxUP0kLHQ/JWvNHbeBfwW8CzEGgeskzNnHDyv1ieKTltuR6sdIHV+nmR6kPxQqzQ==} dependencies: - '@vitest/utils': 0.33.0 + '@vitest/utils': 0.34.6 p-limit: 4.0.0 pathe: 1.1.1 dev: true - /@vitest/snapshot@0.33.0: - resolution: {integrity: sha512-tJjrl//qAHbyHajpFvr8Wsk8DIOODEebTu7pgBrP07iOepR5jYkLFiqLq2Ltxv+r0uptUb4izv1J8XBOwKkVYA==} + /@vitest/snapshot@0.34.6: + resolution: {integrity: sha512-B3OZqYn6k4VaN011D+ve+AA4whM4QkcwcrwaKwAbyyvS/NB1hCWjFIBQxAQQSQir9/RtyAAGuq+4RJmbn2dH4w==} dependencies: magic-string: 0.30.1 pathe: 1.1.1 pretty-format: 29.6.1 dev: true - /@vitest/spy@0.33.0: - resolution: {integrity: sha512-Kv+yZ4hnH1WdiAkPUQTpRxW8kGtH8VRTnus7ZTGovFYM1ZezJpvGtb9nPIjPnptHbsyIAxYZsEpVPYgtpjGnrg==} + /@vitest/spy@0.34.6: + resolution: {integrity: sha512-xaCvneSaeBw/cz8ySmF7ZwGvL0lBjfvqc1LpQ/vcdHEvpLn3Ff1vAvjw+CoGn0802l++5L/pxb7whwcWAw+DUQ==} dependencies: tinyspy: 2.1.1 dev: true - /@vitest/utils@0.33.0: - resolution: {integrity: sha512-pF1w22ic965sv+EN6uoePkAOTkAPWM03Ri/jXNyMIKBb/XHLDPfhLvf/Fa9g0YECevAIz56oVYXhodLvLQ/awA==} + /@vitest/utils@0.34.6: + resolution: {integrity: sha512-IG5aDD8S6zlvloDsnzHw0Ut5xczlF+kv2BOTo+iXfPr54Yhi5qbVOgGB1hZaVq4iJ4C/MZ2J0y15IlsV/ZcI0A==} dependencies: diff-sequences: 29.4.3 loupe: 2.3.6 @@ -1013,14 +1014,14 @@ packages: engines: {node: '>=6'} dev: true - /chai@4.3.7: - resolution: {integrity: sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==} + /chai@4.3.10: + resolution: {integrity: sha512-0UXG04VuVbruMUYbJ6JctvH0YnC/4q3/AkT18q4NaITo91CUm0liMS9VqzT9vZhVQ/1eqPanMWjBM+Juhfb/9g==} engines: {node: '>=4'} dependencies: assertion-error: 1.1.0 - check-error: 1.0.2 + check-error: 1.0.3 deep-eql: 4.1.3 - get-func-name: 2.0.0 + get-func-name: 2.0.2 loupe: 2.3.6 pathval: 1.1.1 type-detect: 4.0.8 @@ -1052,8 +1053,10 @@ packages: resolution: {integrity: sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==} dev: true - /check-error@1.0.2: - resolution: {integrity: sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==} + /check-error@1.0.3: + resolution: {integrity: sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==} + dependencies: + get-func-name: 2.0.2 dev: true /ci-info@3.8.0: @@ -1532,8 +1535,8 @@ packages: engines: {node: 6.* || 8.* || >= 10.*} dev: true - /get-func-name@2.0.0: - resolution: {integrity: sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==} + /get-func-name@2.0.2: + resolution: {integrity: sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==} dev: true /get-intrinsic@1.2.1: @@ -1894,12 +1897,12 @@ packages: engines: {node: '>=8'} dev: true - /istanbul-lib-report@3.0.0: - resolution: {integrity: sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==} - engines: {node: '>=8'} + /istanbul-lib-report@3.0.1: + resolution: {integrity: sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==} + engines: {node: '>=10'} dependencies: istanbul-lib-coverage: 3.2.0 - make-dir: 3.1.0 + make-dir: 4.0.0 supports-color: 7.2.0 dev: true @@ -1919,7 +1922,7 @@ packages: engines: {node: '>=8'} dependencies: html-escaper: 2.0.2 - istanbul-lib-report: 3.0.0 + istanbul-lib-report: 3.0.1 dev: true /js-tokens@4.0.0: @@ -1949,14 +1952,15 @@ packages: valid-url: 1.0.9 dev: false - /json-schema@0.2.3: - resolution: {integrity: sha512-a3xHnILGMtk+hDOqNwHzF6e2fNbiMrXZvxKQiEv2MlgQP+pjIOzqAmKYD2mDpXYE/44M7g+n9p2bKkYWDUcXCQ==} + /json-schema@0.4.0: + resolution: {integrity: sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==} dev: false /json5@2.2.3: resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==} engines: {node: '>=6'} hasBin: true + requiresBuild: true dev: false optional: true @@ -1982,6 +1986,7 @@ packages: /lezer-json5@2.0.2: resolution: {integrity: sha512-NRmtBlKW/f8mA7xatKq8IUOq045t8GVHI4kZXrUtYYUdiVeGiO6zKGAV7/nUAnf5q+rYTY+SWX/gvQdFXMjNxQ==} + requiresBuild: true dependencies: '@lezer/lr': 1.3.9 dev: false @@ -2031,7 +2036,7 @@ packages: /loupe@2.3.6: resolution: {integrity: sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==} dependencies: - get-func-name: 2.0.0 + get-func-name: 2.0.2 dev: true /lru-cache@4.1.5: @@ -2059,11 +2064,11 @@ packages: '@jridgewell/sourcemap-codec': 1.4.15 dev: true - /make-dir@3.1.0: - resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==} - engines: {node: '>=8'} + /make-dir@4.0.0: + resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==} + engines: {node: '>=10'} dependencies: - semver: 6.3.1 + semver: 7.5.4 dev: true /map-obj@1.0.1: @@ -2344,8 +2349,8 @@ packages: pathe: 1.1.1 dev: true - /postcss@8.4.25: - resolution: {integrity: sha512-7taJ/8t2av0Z+sQEvNzCkpDynl0tX3uJMCODi6nT3PfASC7dYCWV9aQ+uiCf+KBD4SEFcu+GvJdGdwzQ6OSjCw==} + /postcss@8.4.31: + resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} engines: {node: ^10 || ^12 || >=14} dependencies: nanoid: 3.3.6 @@ -2481,8 +2486,8 @@ packages: engines: {iojs: '>=1.0.0', node: '>=0.10.0'} dev: true - /rollup@3.26.2: - resolution: {integrity: sha512-6umBIGVz93er97pMgQO08LuH3m6PUb3jlDUUGFsNJB6VgTCUaDFpupf5JfU30529m/UKOgmiX+uY6Sx8cOYpLA==} + /rollup@3.29.4: + resolution: {integrity: sha512-oWzmBZwvYrU0iJHtDmhsm662rC15FRXmcjCk1xD771dFDx5jJ02ufAQQTn0etB2emNk4J9EZg/yWKpsn9BWGRw==} engines: {node: '>=14.18.0', npm: '>=8.0.0'} hasBin: true optionalDependencies: @@ -2522,11 +2527,6 @@ packages: hasBin: true dev: true - /semver@6.3.1: - resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==} - hasBin: true - dev: true - /semver@7.5.4: resolution: {integrity: sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==} engines: {node: '>=10'} @@ -2757,8 +2757,8 @@ packages: resolution: {integrity: sha512-kRwSG8Zx4tjF9ZiyH4bhaebu+EDz1BOx9hOigYHlUW4xxI/wKIUQUqo018UlU4ar6ATPBsaMrdbKZ+tmPdohFA==} dev: true - /tinypool@0.6.0: - resolution: {integrity: sha512-FdswUUo5SxRizcBc6b1GSuLpLjisa8N8qMyYoP3rl+bym+QauhtJP5bvZY1ytt8krKGmMLYIRl36HBZfeAoqhQ==} + /tinypool@0.7.0: + resolution: {integrity: sha512-zSYNUlYSMhJ6Zdou4cJwo/p7w5nmAH17GRfU/ui3ctvjXFErXXkruT4MWW6poDeXgCaIBlGLrfU6TbTXxyGMww==} engines: {node: '>=14.0.0'} dev: true @@ -2937,8 +2937,8 @@ packages: spdx-expression-parse: 3.0.1 dev: true - /vite-node@0.33.0(@types/node@20.4.2): - resolution: {integrity: sha512-19FpHYbwWWxDr73ruNahC+vtEdza52kA90Qb3La98yZ0xULqV8A5JLNPUff0f5zID4984tW7l3DH2przTJUZSw==} + /vite-node@0.34.6(@types/node@20.4.2): + resolution: {integrity: sha512-nlBMJ9x6n7/Amaz6F3zJ97EBwR2FkzhBRxF5e+jE6LA3yi6Wtc2lyTij1OnDMIr34v5g/tVQtsVAzhT0jc5ygA==} engines: {node: '>=v14.18.0'} hasBin: true dependencies: @@ -2947,7 +2947,7 @@ packages: mlly: 1.4.0 pathe: 1.1.1 picocolors: 1.0.0 - vite: 4.4.4(@types/node@20.4.2) + vite: 4.5.0(@types/node@20.4.2) transitivePeerDependencies: - '@types/node' - less @@ -2959,8 +2959,8 @@ packages: - terser dev: true - /vite@4.4.4(@types/node@20.4.2): - resolution: {integrity: sha512-4mvsTxjkveWrKDJI70QmelfVqTm+ihFAb6+xf4sjEU2TmUCTlVX87tmg/QooPEMQb/lM9qGHT99ebqPziEd3wg==} + /vite@4.5.0(@types/node@20.4.2): + resolution: {integrity: sha512-ulr8rNLA6rkyFAlVWw2q5YJ91v098AFQ2R0PRFwPzREXOUJQPtFUG0t+/ZikhaOCDqFoDhN6/v8Sq0o4araFAw==} engines: {node: ^14.18.0 || >=16.0.0} hasBin: true peerDependencies: @@ -2989,13 +2989,13 @@ packages: dependencies: '@types/node': 20.4.2 esbuild: 0.18.11 - postcss: 8.4.25 - rollup: 3.26.2 + postcss: 8.4.31 + rollup: 3.29.4 optionalDependencies: fsevents: 2.3.2 dev: true - /vitest-dom@0.1.0(vitest@0.33.0): + /vitest-dom@0.1.0(vitest@0.34.6): resolution: {integrity: sha512-1KqmbJ+3eiyz5SZilzDXySNnQ32t/XVi1f9zsyv+smI4X+sZEz54zlPwoBXK9XD6XAJdRReGgRxuNu8t6FYhXQ==} peerDependencies: vitest: ^0.31.0 @@ -3006,11 +3006,11 @@ packages: dom-accessibility-api: 0.6.1 lodash-es: 4.17.21 redent: 4.0.0 - vitest: 0.33.0(happy-dom@10.3.2) + vitest: 0.34.6(happy-dom@10.3.2) dev: true - /vitest@0.33.0(happy-dom@10.3.2): - resolution: {integrity: sha512-1CxaugJ50xskkQ0e969R/hW47za4YXDUfWJDxip1hwbnhUjYolpfUn2AMOulqG/Dtd9WYAtkHmM/m3yKVrEejQ==} + /vitest@0.34.6(happy-dom@10.3.2): + resolution: {integrity: sha512-+5CALsOvbNKnS+ZHMXtuUC7nL8/7F1F2DnHGjSsszX8zCjWSSviphCb/NuS9Nzf4Q03KyyDRBAXhF/8lffME4Q==} engines: {node: '>=v14.18.0'} hasBin: true peerDependencies: @@ -3043,15 +3043,15 @@ packages: '@types/chai': 4.3.5 '@types/chai-subset': 1.3.3 '@types/node': 20.4.2 - '@vitest/expect': 0.33.0 - '@vitest/runner': 0.33.0 - '@vitest/snapshot': 0.33.0 - '@vitest/spy': 0.33.0 - '@vitest/utils': 0.33.0 + '@vitest/expect': 0.34.6 + '@vitest/runner': 0.34.6 + '@vitest/snapshot': 0.34.6 + '@vitest/spy': 0.34.6 + '@vitest/utils': 0.34.6 acorn: 8.10.0 acorn-walk: 8.2.0 cac: 6.7.14 - chai: 4.3.7 + chai: 4.3.10 debug: 4.3.4 happy-dom: 10.3.2 local-pkg: 0.4.3 @@ -3061,9 +3061,9 @@ packages: std-env: 3.3.3 strip-literal: 1.0.1 tinybench: 2.5.0 - tinypool: 0.6.0 - vite: 4.4.4(@types/node@20.4.2) - vite-node: 0.33.0(@types/node@20.4.2) + tinypool: 0.7.0 + vite: 4.5.0(@types/node@20.4.2) + vite-node: 0.34.6(@types/node@20.4.2) why-is-node-running: 2.2.2 transitivePeerDependencies: - less