Skip to content

Commit db30586

Browse files
author
Prasad Bonasu
committed
fix: update aws-sdk to 2.1354.0
older versions of aws-sdk uses xml2js version 0.4.19 as dependency which has vulnerability `CVE-2023-0842` ``` pkg:npm/xml2js@0.4.19 Vulnerability Title: [CVE-2023-0842] CWE-1321 ID: CVE-2023-0842 Description: xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. ```
1 parent c950d8e commit db30586

File tree

2 files changed

+128
-25
lines changed

2 files changed

+128
-25
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"test": "node tests/runner.js && ./node_modules/.bin/eslint index.js lib/* tests/**/*-test.js"
1919
},
2020
"dependencies": {
21-
"aws-sdk": "^2.860.0",
21+
"aws-sdk": "^2.1354.0",
2222
"chalk": "^4.1.0",
2323
"core-object": "^3.1.5",
2424
"ember-cli-deploy-plugin": "^0.2.2",

yarn.lock

Lines changed: 127 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1344,20 +1344,26 @@ atob@^2.1.2:
13441344
resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
13451345
integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==
13461346

1347-
aws-sdk@^2.860.0:
1348-
version "2.860.0"
1349-
resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.860.0.tgz#cc1abc37576c5b8cdcb3ca4117d69eb4e8656627"
1350-
integrity sha512-BUBWw28PNDhRDnPEnXiPEvgTWD8Iyq5pl9lk/WhXC/vkACJ3aUVe+sicezI1/JQRjLrO3R6w7X20YknVWfAibA==
1347+
available-typed-arrays@^1.0.5:
1348+
version "1.0.5"
1349+
resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7"
1350+
integrity sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==
1351+
1352+
aws-sdk@^2.1354.0:
1353+
version "2.1354.0"
1354+
resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1354.0.tgz#26a1cf72c84a4c105caf0025621a5f04327181e4"
1355+
integrity sha512-3aDxvyuOqMB9DqJguCq6p8momdsz0JR1axwkWOOCzHA7a35+Bw+WLmqt3pWwRjR1tGIwkkZ2CvGJObYHsOuw3w==
13511356
dependencies:
13521357
buffer "4.9.2"
13531358
events "1.1.1"
13541359
ieee754 "1.1.13"
1355-
jmespath "0.15.0"
1360+
jmespath "0.16.0"
13561361
querystring "0.2.0"
13571362
sax "1.2.1"
13581363
url "0.10.3"
1359-
uuid "3.3.2"
1360-
xml2js "0.4.19"
1364+
util "^0.12.4"
1365+
uuid "8.0.0"
1366+
xml2js "0.5.0"
13611367

13621368
babel-plugin-dynamic-import-node@^2.3.3:
13631369
version "2.3.3"
@@ -2036,6 +2042,14 @@ calculate-cache-key-for-tree@^2.0.0:
20362042
dependencies:
20372043
json-stable-stringify "^1.0.1"
20382044

2045+
call-bind@^1.0.2:
2046+
version "1.0.2"
2047+
resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c"
2048+
integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==
2049+
dependencies:
2050+
function-bind "^1.1.1"
2051+
get-intrinsic "^1.0.2"
2052+
20392053
callsites@^3.0.0, callsites@^3.1.0:
20402054
version "3.1.0"
20412055
resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73"
@@ -3777,6 +3791,13 @@ follow-redirects@^1.0.0:
37773791
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.8.tgz#016996fb9a11a100566398b1c6839337d7bfa8fc"
37783792
integrity sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==
37793793

3794+
for-each@^0.3.3:
3795+
version "0.3.3"
3796+
resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.3.tgz#69b447e88a0a5d32c3e7084f3f1710034b21376e"
3797+
integrity sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==
3798+
dependencies:
3799+
is-callable "^1.1.3"
3800+
37803801
for-in@^1.0.2:
37813802
version "1.0.2"
37823803
resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
@@ -3979,6 +4000,15 @@ get-func-name@^2.0.0:
39794000
resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.0.tgz#ead774abee72e20409433a066366023dd6887a41"
39804001
integrity sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=
39814002

4003+
get-intrinsic@^1.0.2, get-intrinsic@^1.1.3:
4004+
version "1.2.0"
4005+
resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f"
4006+
integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==
4007+
dependencies:
4008+
function-bind "^1.1.1"
4009+
has "^1.0.3"
4010+
has-symbols "^1.0.3"
4011+
39824012
get-stdin@^4.0.1:
39834013
version "4.0.1"
39844014
resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-4.0.1.tgz#b968c6b0a04384324902e8bf1a5df32579a450fe"
@@ -4154,6 +4184,13 @@ globby@11.0.2:
41544184
merge2 "^1.3.0"
41554185
slash "^3.0.0"
41564186

4187+
gopd@^1.0.1:
4188+
version "1.0.1"
4189+
resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c"
4190+
integrity sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==
4191+
dependencies:
4192+
get-intrinsic "^1.1.3"
4193+
41574194
got@11.8.1:
41584195
version "11.8.1"
41594196
resolved "https://registry.yarnpkg.com/got/-/got-11.8.1.tgz#df04adfaf2e782babb3daabc79139feec2f7e85d"
@@ -4264,6 +4301,18 @@ has-symbols@^1.0.0:
42644301
resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
42654302
integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==
42664303

4304+
has-symbols@^1.0.2, has-symbols@^1.0.3:
4305+
version "1.0.3"
4306+
resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
4307+
integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
4308+
4309+
has-tostringtag@^1.0.0:
4310+
version "1.0.0"
4311+
resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.0.tgz#7e133818a7d394734f941e73c3d3f9291e658b25"
4312+
integrity sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==
4313+
dependencies:
4314+
has-symbols "^1.0.2"
4315+
42674316
has-unicode@^2.0.0:
42684317
version "2.0.1"
42694318
resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
@@ -4730,6 +4779,14 @@ is-alphanumerical@^1.0.0:
47304779
is-alphabetical "^1.0.0"
47314780
is-decimal "^1.0.0"
47324781

4782+
is-arguments@^1.0.4:
4783+
version "1.1.1"
4784+
resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b"
4785+
integrity sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==
4786+
dependencies:
4787+
call-bind "^1.0.2"
4788+
has-tostringtag "^1.0.0"
4789+
47334790
is-arrayish@^0.2.1:
47344791
version "0.2.1"
47354792
resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
@@ -4746,6 +4803,11 @@ is-buffer@^1.1.5:
47464803
resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
47474804
integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
47484805

4806+
is-callable@^1.1.3:
4807+
version "1.2.7"
4808+
resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.7.tgz#3bc2a85ea742d9e36205dcacdd72ca1fdc51b055"
4809+
integrity sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==
4810+
47494811
is-ci@3.0.0:
47504812
version "3.0.0"
47514813
resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-3.0.0.tgz#c7e7be3c9d8eef7d0fa144390bd1e4b88dc4c994"
@@ -4845,6 +4907,13 @@ is-fullwidth-code-point@^3.0.0:
48454907
resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d"
48464908
integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
48474909

4910+
is-generator-function@^1.0.7:
4911+
version "1.0.10"
4912+
resolved "https://registry.yarnpkg.com/is-generator-function/-/is-generator-function-1.0.10.tgz#f1558baf1ac17e0deea7c0415c438351ff2b3c72"
4913+
integrity sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==
4914+
dependencies:
4915+
has-tostringtag "^1.0.0"
4916+
48484917
is-git-url@^1.0.0:
48494918
version "1.0.0"
48504919
resolved "https://registry.yarnpkg.com/is-git-url/-/is-git-url-1.0.0.tgz#53f684cd143285b52c3244b4e6f28253527af66b"
@@ -4961,6 +5030,17 @@ is-type@0.0.1:
49615030
dependencies:
49625031
core-util-is "~1.0.0"
49635032

5033+
is-typed-array@^1.1.10, is-typed-array@^1.1.3:
5034+
version "1.1.10"
5035+
resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.10.tgz#36a5b5cb4189b575d1a3e4b08536bfb485801e3f"
5036+
integrity sha512-PJqgEHiWZvMpaFZ3uTc8kHPM4+4ADTlDniuQL7cU/UDA0Ql7F70yGfHph3cLNe+c9toaigv+DFzTJKhc2CtO6A==
5037+
dependencies:
5038+
available-typed-arrays "^1.0.5"
5039+
call-bind "^1.0.2"
5040+
for-each "^0.3.3"
5041+
gopd "^1.0.1"
5042+
has-tostringtag "^1.0.0"
5043+
49645044
is-typedarray@^1.0.0:
49655045
version "1.0.0"
49665046
resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
@@ -5029,10 +5109,10 @@ istextorbinary@2.1.0:
50295109
editions "^1.1.1"
50305110
textextensions "1 || 2"
50315111

5032-
jmespath@0.15.0:
5033-
version "0.15.0"
5034-
resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.15.0.tgz#a3f222a9aae9f966f5d27c796510e28091764217"
5035-
integrity sha1-o/Iiqarp+Wb10nx5ZRDigJF2Qhc=
5112+
jmespath@0.16.0:
5113+
version "0.16.0"
5114+
resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076"
5115+
integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==
50365116

50375117
js-tokens@^4.0.0:
50385118
version "4.0.0"
@@ -8377,6 +8457,17 @@ util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1:
83778457
resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
83788458
integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=
83798459

8460+
util@^0.12.4:
8461+
version "0.12.5"
8462+
resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc"
8463+
integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==
8464+
dependencies:
8465+
inherits "^2.0.3"
8466+
is-arguments "^1.0.4"
8467+
is-generator-function "^1.0.7"
8468+
is-typed-array "^1.1.3"
8469+
which-typed-array "^1.1.2"
8470+
83808471
utils-merge@1.0.0:
83818472
version "1.0.0"
83828473
resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.0.tgz#0294fb922bb9375153541c4f7096231f287c8af8"
@@ -8386,10 +8477,10 @@ utils-merge@1.0.1:
83868477
resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"
83878478
integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=
83888479

8389-
uuid@3.3.2:
8390-
version "3.3.2"
8391-
resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.3.2.tgz#1b4af4955eb3077c501c23872fc6513811587131"
8392-
integrity sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==
8480+
uuid@8.0.0:
8481+
version "8.0.0"
8482+
resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.0.0.tgz#bc6ccf91b5ff0ac07bbcdbf1c7c4e150db4dbb6c"
8483+
integrity sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw==
83938484

83948485
uuid@8.3.2, uuid@^8.3.2:
83958486
version "8.3.2"
@@ -8534,6 +8625,18 @@ which-module@^2.0.0:
85348625
resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a"
85358626
integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=
85368627

8628+
which-typed-array@^1.1.2:
8629+
version "1.1.9"
8630+
resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.9.tgz#307cf898025848cf995e795e8423c7f337efbde6"
8631+
integrity sha512-w9c4xkx6mPidwp7180ckYWfMmvxpjlZuIudNtDf4N/tTAUB8VJbX25qZoAsrtGuYNnGw3pa0AXgbGKRB8/EceA==
8632+
dependencies:
8633+
available-typed-arrays "^1.0.5"
8634+
call-bind "^1.0.2"
8635+
for-each "^0.3.3"
8636+
gopd "^1.0.1"
8637+
has-tostringtag "^1.0.0"
8638+
is-typed-array "^1.1.10"
8639+
85378640
which@2.0.2, which@^2.0.1, which@^2.0.2:
85388641
version "2.0.2"
85398642
resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1"
@@ -8673,18 +8776,18 @@ xdg-basedir@^4.0.0:
86738776
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
86748777
integrity sha512-PSNhEJDejZYV7h50BohL09Er9VaIefr2LMAf3OEmpCkjOi34eYyQYAXUTjEQtZJTKcF0E2UKTh+osDLsgNim9Q==
86758778

8676-
xml2js@0.4.19:
8677-
version "0.4.19"
8678-
resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7"
8679-
integrity sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==
8779+
xml2js@0.5.0:
8780+
version "0.5.0"
8781+
resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7"
8782+
integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==
86808783
dependencies:
86818784
sax ">=0.6.0"
8682-
xmlbuilder "~9.0.1"
8785+
xmlbuilder "~11.0.0"
86838786

8684-
xmlbuilder@~9.0.1:
8685-
version "9.0.7"
8686-
resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d"
8687-
integrity sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0=
8787+
xmlbuilder@~11.0.0:
8788+
version "11.0.1"
8789+
resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3"
8790+
integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==
86888791

86898792
xmldom@^0.1.19:
86908793
version "0.1.27"

0 commit comments

Comments
 (0)