Merge pull request backstage#8973 from benlangfeld/patch-2

Bump @asyncapi/react-component for CVE
jayar95 · Jan 19, 2022 · ce5edcb · ce5edcb
2 parents 622bf78 + 0c0d8a4
commit ce5edcb
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 10 deletions.
diff --git a/.changeset/wet-seas-love.md b/.changeset/wet-seas-love.md
@@ -0,0 +1,9 @@
+---
+'@backstage/plugin-api-docs': patch
+---
+
+Bump @asyncapi/react-component for CVE
+
+[CVE-2022-21680](https://github.com/advisories/GHSA-rrrm-qjm4-v8hf) and [CVE-2022-21681](https://github.com/advisories/GHSA-5v2h-r2cx-5xgj)
+
+See https://github.com/asyncapi/asyncapi-react/pull/522
diff --git a/plugins/api-docs/package.json b/plugins/api-docs/package.json
@@ -30,7 +30,7 @@
     "clean": "backstage-cli clean"
   },
   "dependencies": {
-    "@asyncapi/react-component": "1.0.0-next.26",
+    "@asyncapi/react-component": "1.0.0-next.32",
     "@backstage/catalog-model": "^0.9.10-next.0",
     "@backstage/core-components": "^0.8.5-next.0",
     "@backstage/core-plugin-api": "^0.6.0-next.0",

diff --git a/yarn.lock b/yarn.lock
@@ -83,17 +83,17 @@
     node-fetch "^2.6.0"
     tiny-merge-patch "^0.1.2"
 
-"@asyncapi/react-component@1.0.0-next.26":
-  version "1.0.0-next.26"
-  resolved "https://registry.npmjs.org/@asyncapi/react-component/-/react-component-1.0.0-next.26.tgz#d5658f89c8aa7a88e86f8d1918ef63cbf7f7634e"
-  integrity sha512-30UnzdbS7EVcdxIHru8O04mxqGPmTA0o2HtzykV9+Y0Ye+k9gqto8SK1my+qqQUs+7EwwyzA1dFaTmf2CHrJIg==
+"@asyncapi/react-component@1.0.0-next.32":
+  version "1.0.0-next.32"
+  resolved "https://registry.npmjs.org/@asyncapi/react-component/-/react-component-1.0.0-next.32.tgz#ccb99466b1b6cfd3e789cf3cead5e35ba26b5687"
+  integrity sha512-hUmLc8YCEhLsBdO+w3eoqFTtR0IZN3isNvgy7xL1WuYBXHNkB9DAhB7mnogLFUmcuLH6xAQnC/Li6CKtgIxaGw==
   dependencies:
     "@asyncapi/avro-schema-parser" "^0.3.0"
     "@asyncapi/openapi-schema-parser" "^2.0.0"
     "@asyncapi/parser" "^1.13.0"
     highlight.js "^10.7.2"
     isomorphic-dompurify "^0.13.0"
-    marked "^2.1.1"
+    marked "^4.0.10"
     openapi-sampler "^1.1.0"
     use-resize-observer "^7.0.0"
 
@@ -20081,10 +20081,10 @@ markdown-to-jsx@^7.1.3:
   resolved "https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-7.1.3.tgz#f00bae66c0abe7dd2d274123f84cb6bd2a2c7c6a"
   integrity sha512-jtQ6VyT7rMT5tPV0g2EJakEnXLiPksnvlYtwQsVVZ611JsWGN8bQ1tVSDX4s6JllfEH6wmsYxNjTUAMrPmNA8w==
 
-marked@^2.1.1:
-  version "2.1.3"
-  resolved "https://registry.npmjs.org/marked/-/marked-2.1.3.tgz#bd017cef6431724fd4b27e0657f5ceb14bff3753"
-  integrity sha512-/Q+7MGzaETqifOMWYEA7HVMaZb4XbcRfaOzcSsHZEith83KGlvaSG33u0SKu89Mj5h+T8V2hM+8O45Qc5XTgwA==
+marked@^4.0.10:
+  version "4.0.10"
+  resolved "https://registry.npmjs.org/marked/-/marked-4.0.10.tgz#423e295385cc0c3a70fa495e0df68b007b879423"
+  integrity sha512-+QvuFj0nGgO970fySghXGmuw+Fd0gD2x3+MqCWLIPf5oxdv1Ka6b2q+z9RP01P/IaKPMEramy+7cNy/Lw8c3hw==
 
 material-ui-search-bar@^1.0.0:
   version "1.0.0"