fix(web-scripts): resolve sec issue with minimist, must use ^1.2.6

danorel · danorel · commit d52b6a3c3595 · 2022-07-14T20:53:41.000+03:00
diff --git a/package.json b/package.json
@@ -26,5 +26,8 @@
     "husky": "^8.0.1",
     "lerna": "^5.1.8",
     "typescript": "^4.2.3"
+  },
+  "resolutions": {
+    "minimist": "^1.2.6"
   }
 }
diff --git a/packages/web-scripts/package.json b/packages/web-scripts/package.json
@@ -42,9 +42,9 @@
     "@types/react": "^18.0.15",
     "@types/react-dom": "^18.0.6",
     "commander": "^6.1.0",
-    "commitizen": "^4.2.3",
+    "commitizen": "^4.2.4",
     "cross-spawn-promise": "^0.10.1",
-    "cz-conventional-changelog": "^3.0.2",
+    "cz-conventional-changelog": "^3.3.0",
     "debug": "^4.1.1",
     "eslint": "^8.10.0",
     "jest": "^28.1.2",
diff --git a/yarn.lock b/yarn.lock
@@ -2204,13 +2204,51 @@
   dependencies:
     "@sinonjs/commons" "^1.7.0"
 
+"@spotify/eslint-config-base@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/eslint-config-base/-/eslint-config-base-13.0.1.tgz#91471028de6426a1f1a5cc06aa9aeb6d8c85565f"
+  integrity sha512-7dC5zMJpNud9UBCHVk/IWfZOXKyuRkcyopHzTJi3xsfmZcZvi0jTSVIf7sv8315lpjmqroVZoUdKbxZFkZcZpA==
+
 "@spotify/eslint-config-oss@^1.0.0":
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/@spotify/eslint-config-oss/-/eslint-config-oss-1.0.2.tgz#b0e56e549c78dcdd79063ce48521f10c3420f701"
   integrity sha512-3Tn6R98f5BWeb8anOhxYdvZywasp1RaJb+y65W7Db5+xiQVmCnSFvIM3jwysQpu1xRdlUJSCqeDHR7S4Nz3thw==
   dependencies:
     eslint-plugin-notice "^0.9.10"
 
+"@spotify/eslint-config-react@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/eslint-config-react/-/eslint-config-react-13.0.1.tgz#f309f5d3c53ef1e2c7c6ce05f76ee681970112c3"
+  integrity sha512-gyC0CtJ2H9K57HyQG5/RcMsJiB6qmVbBHOHWukZcPLfYtwkK201kgMjHrVfJXoSN+mJxcWhDVPxqe+eA7LHshQ==
+
+"@spotify/eslint-config-typescript@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/eslint-config-typescript/-/eslint-config-typescript-13.0.1.tgz#47801a66d5569074a110f4422eba60aafc6bd7f8"
+  integrity sha512-1wLQFyN2H2v+rn/mytA2PGzmGxOmdZdcKBpNyW+4z0qJydpvavp2SeBj/X+FEbwKoYBoUdG9QLr40eLQh1ZHZA==
+
+"@spotify/eslint-plugin@^13.0.0":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/eslint-plugin/-/eslint-plugin-13.0.1.tgz#46789dbbbae4a5154197d678d498e93e6930cd4f"
+  integrity sha512-N5mipnByFPrCFLhYXgevNGGgiqzmk7mGrvm58Gh2iobzvPi6pLtGS0R//Jg5cXydYnJ5wupK1zAxuG3AD1lULQ==
+
+"@spotify/prettier-config@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/prettier-config/-/prettier-config-13.0.1.tgz#0fdceb3d4ab543259ce6adc0ec1d10e34898b812"
+  integrity sha512-oVd4hjx2+y0MeUdk1l+ItwVLwlrDlvTlGwXBWMMzPYc7DLyxuxFvDfoHGkAQkrikfAgtdnzxrW6u9a8ywUqdfw==
+
+"@spotify/tsconfig@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/tsconfig/-/tsconfig-13.0.1.tgz#c9495476ff36e9b8a6e47870e489a9755488666d"
+  integrity sha512-gwF13n4WEsfOneHbIzmJuOrmeuusSdFzT7mxEEFsxPEeoLuFDGW6Gahf1qUsdhFWlVbuIqVwN0GRczAdENUXuA==
+
+"@spotify/web-scripts-utils@^13.0.1":
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/@spotify/web-scripts-utils/-/web-scripts-utils-13.0.1.tgz#73c944c84befc0fb0b1ccd414bb3f126100b0852"
+  integrity sha512-goL6BjMmFfsnFrxEYpZGU6qB4gRDpkK3H8+3av4AbLbbCgMJd652jCpnF93DY5dDeggK39uZv/FCjIKKIVA5Tg==
+  dependencies:
+    glob "^7.1.4"
+    read-pkg-up "^7.0.1"
+
 "@tootallnate/once@1":
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82"
@@ -3304,7 +3342,7 @@ commander@^9.3.0:
   resolved "https://registry.yarnpkg.com/commander/-/commander-9.3.0.tgz#f619114a5a2d2054e0d9ff1b31d5ccf89255e26b"
   integrity sha512-hv95iU5uXPbK83mjrJKuZyFM/LBAoCV/XhVGkS5Je6tl7sxr6A0ITMw5WoRV46/UaJ46Nllm3Xt7IaJhXTIkzw==
 
-commitizen@^4.0.3, commitizen@^4.2.3:
+commitizen@^4.0.3, commitizen@^4.2.4:
   version "4.2.4"
   resolved "https://registry.yarnpkg.com/commitizen/-/commitizen-4.2.4.tgz#a3e5b36bd7575f6bf6e7aa19dbbf06b0d8f37165"
   integrity sha512-LlZChbDzg3Ir3O2S7jSo/cgWp5/QwylQVr59K4xayVq8S4/RdKzSyJkghAiZZHfhh5t4pxunUoyeg0ml1q/7aw==
@@ -3566,7 +3604,7 @@ cz-conventional-changelog@3.2.0:
   optionalDependencies:
     "@commitlint/load" ">6.1.1"
 
-cz-conventional-changelog@^3.0.2:
+cz-conventional-changelog@^3.3.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/cz-conventional-changelog/-/cz-conventional-changelog-3.3.0.tgz#9246947c90404149b3fe2cf7ee91acad3b7d22d2"
   integrity sha512-U466fIzU5U22eES5lTNiNbZ+d8dfcHcssH4o7QsdWaCcRs/feIPCxKYSWkYBNs5mny7MvEfwpTLWjvbm94hecw==
@@ -6306,12 +6344,7 @@ minimist-options@4.1.0:
     is-plain-obj "^1.1.0"
     kind-of "^6.0.3"
 
-minimist@1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
-
-minimist@^1.2.0, minimist@^1.2.5:
+minimist@1.2.5, minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6:
   version "1.2.6"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
   integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==

Original file line number	Diff line number	Diff line change
`@@ -26,5 +26,8 @@`
`26`	`26`	`"husky": "^8.0.1",`
`27`	`27`	`"lerna": "^5.1.8",`
`28`	`28`	`"typescript": "^4.2.3"`
	`29`	`+ },`
	`30`	`+ "resolutions": {`
	`31`	`+ "minimist": "^1.2.6"`
`29`	`32`	`}`
`30`	`33`	`}`