Skip to content

Commit

Permalink
Fossa securty CVE warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
casibbald committed Dec 16, 2024
1 parent f894a8d commit e2e2169
Show file tree
Hide file tree
Showing 4 changed files with 307 additions and 49 deletions.
2 changes: 1 addition & 1 deletion gitops.dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ARG FLUX_CLI=ghcr.io/fluxcd/flux-cli:v$FLUX_VERSION
FROM $FLUX_CLI@sha256:a9cb966cddc1a0c56dc0d57dda485d9477dd397f8b45f222717b24663471fd1f AS flux

# Go build
FROM golang:1.23@sha256:574185e5c6b9d09873f455a7c205ea0514bfd99738c5dc7750196403a44ed4b7 AS go-build
FROM golang:1.23.2@sha256:ad5c126b5cf501a8caef751a243bb717ec204ab1aa56dc41dc11be089fafcb4f AS go-build

# Add known_hosts entries for GitHub and GitLab
RUN mkdir ~/.ssh
Expand Down
4 changes: 4 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,12 @@
"@material-ui/icons": "^4.11.2",
"@material-ui/lab": "^4.0.0-alpha.58",
"ansi-styles": "^6.2.1",
"axios": "^0.28.0",
"commander": "^11.0.0",
"cross-spawn": "^7.0.5",
"d3": "^7.6.1",
"d3-dag": "^0.11.5",
"got": "^11.8.5",
"history": "^5.0.0",
"http-proxy-middleware": "^2.0.3",
"install": "^0.13.0",
Expand All @@ -65,6 +67,7 @@
"lodash": "^4.17.21",
"luxon": "^3.2.1",
"mnemonic-browser": "^0.0.1",
"path-to-regexp": "0.1.12",
"postcss": "^8.4.31",
"query-string": "^4.3.4",
"react": "^17.0.2",
Expand Down Expand Up @@ -121,6 +124,7 @@
"prettier": "^2.6.2",
"process": "^0.11.10",
"react-test-renderer": "^17.0.2",
"rimraf": "^4.0.0",
"ts-jest": "^27.1.1",
"typescript": "^5.2.2",
"yarn-audit-fix": "^10.0.1"
Expand Down
62 changes: 25 additions & 37 deletions website/yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2719,9 +2719,9 @@ autoprefixer@^10.4.12, autoprefixer@^10.4.7:
picocolors "^1.0.0"
postcss-value-parser "^4.2.0"

axios@^0.25.0:
version "0.25.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.25.0.tgz#349cfbb31331a9b4453190791760a8d35b093e0a"
axios@^0.28.0:
version "0.28.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.28.0.tgz#349cfbb31331a9b4453190791760a8d35b093e0a"
integrity sha512-cD8FOb0tRH3uuEe6+evtAbgJtfxr7ly3fQjYcMcuPlgkwVS9xboaVIpcDV+cYQe+yGykgwZCs1pzjntcGa6l5g==
dependencies:
follow-redirects "^1.14.7"
Expand Down Expand Up @@ -2804,7 +2804,7 @@ bash-glob@^2.0.0:
dependencies:
bash-path "^1.0.1"
component-emitter "^1.2.1"
cross-spawn "^5.1.0"
cross-spawn "^6.0.6"
each-parallel-async "^1.0.0"
extend-shallow "^2.0.1"
is-extglob "^2.1.1"
Expand Down Expand Up @@ -3394,18 +3394,18 @@ cross-fetch@^3.1.5:
dependencies:
node-fetch "2.6.7"

cross-spawn@^5.1.0:
version "5.1.0"
resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz"
cross-spawn@^6.0.6:
version "6.0.5"
resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz"
integrity "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk= sha512-pTgQJ5KC0d2hcY8eyL1IzlBPYjTkyH72XRZPnLyKus2mBfNjQs3klqbJU2VILqZryAZUt9JOb3h/mWMy23/f5A=="
dependencies:
lru-cache "^4.0.1"
shebang-command "^1.2.0"
which "^1.2.9"

cross-spawn@^7.0.3:
version "7.0.3"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
cross-spawn@^7.0.5:
version "7.0.5"
resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.5.tgz"
integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
dependencies:
path-key "^3.1.0"
Expand Down Expand Up @@ -3991,7 +3991,7 @@ execa@^5.0.0:
resolved "https://registry.yarnpkg.com/execa/-/execa-5.1.1.tgz#f80ad9cbf4298f7bd1d4c9555c21e93741c411dd"
integrity sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==
dependencies:
cross-spawn "^7.0.3"
cross-spawn "^7.0.5"
get-stream "^6.0.0"
human-signals "^2.1.0"
is-stream "^2.0.0"
Expand Down Expand Up @@ -4025,7 +4025,7 @@ express@^4.17.3:
methods "~1.1.2"
on-finished "2.4.1"
parseurl "~1.3.3"
path-to-regexp "0.1.10"
path-to-regexp "0.1.12"
proxy-addr "~2.0.7"
qs "6.13.0"
range-parser "~1.2.1"
Expand Down Expand Up @@ -4431,9 +4431,9 @@ gopd@^1.0.1:
dependencies:
get-intrinsic "^1.1.3"

got@^9.6.0:
version "9.6.0"
resolved "https://registry.yarnpkg.com/got/-/got-9.6.0.tgz#edf45e7d67f99545705de1f7bbeeeb121765ed85"
got@^11.8.5:
version "11.8.5"
resolved "https://registry.yarnpkg.com/got/-/got-11.8.5.tgz"
integrity sha512-R7eWptXuGYxwijs0eV+v3o6+XH1IqVK8dJOEecQfTmkncw9AV4dcw/Dhxi8MdlqPthxxpZyizMzyg8RTmEsG+Q==
dependencies:
"@sindresorhus/is" "^0.14.0"
Expand All @@ -4442,7 +4442,7 @@ got@^9.6.0:
decompress-response "^3.3.0"
duplexer3 "^0.1.4"
get-stream "^4.1.0"
lowercase-keys "^1.0.1"
lowercase-keys "^1.0.1
mimic-response "^1.0.1"
p-cancelable "^1.0.0"
to-readable-stream "^1.0.0"
Expand Down Expand Up @@ -5543,7 +5543,7 @@ multicast-dns@^7.2.5:
nanoid@^3.3.8:
version "3.3.8"
resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==
integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PčsrLl/BgKEyS4mqsGChFN0w==

[email protected]:
version "0.6.3"
Expand Down Expand Up @@ -5782,7 +5782,7 @@ package-json@^6.3.0:
resolved "https://registry.yarnpkg.com/package-json/-/package-json-6.5.0.tgz#6feedaca35e75725876d0b0e64974697fed145b0"
integrity sha512-k3bdm2n25tkyxcjSKzB5x8kfVxlMdgsbPr0GkZcwHsLpba6cBjqCt1KlcChKEvxHIcTB1FVMuwoijZ26xex5MQ==
dependencies:
got "^9.6.0"
got "^11.8.5"
registry-auth-token "^4.0.0"
registry-url "^5.0.0"
semver "^6.2.0"
Expand Down Expand Up @@ -5897,23 +5897,11 @@ path-parse@^1.0.7:
resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==

[email protected].10:
version "0.1.10"
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b"
[email protected].12:
version "0.1.12"
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.12.tgz"
integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==

[email protected]:
version "2.2.1"
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-2.2.1.tgz#90b617025a16381a879bc82a38d4e8bdeb2bcf45"
integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ==

path-to-regexp@^1.7.0:
version "1.8.0"
resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-1.8.0.tgz#887b3ba9d84393e87a0a0b9f4cb756198b53548a"
integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==
dependencies:
isarray "0.0.1"

path-type@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
Expand Down Expand Up @@ -6435,7 +6423,7 @@ react-dev-utils@^12.0.1:
address "^1.1.2"
browserslist "^4.18.1"
chalk "^4.1.2"
cross-spawn "^7.0.3"
cross-spawn "^7.0.5"
detect-port-alt "^1.1.6"
escape-string-regexp "^4.0.0"
filesize "^8.0.6"
Expand Down Expand Up @@ -6561,7 +6549,7 @@ [email protected], react-router@^5.3.3:
history "^4.9.0"
hoist-non-react-statics "^3.1.0"
loose-envify "^1.3.1"
path-to-regexp "^1.7.0"
path-to-regexp "^1.9.0"
prop-types "^15.6.2"
react-is "^16.6.0"
tiny-invariant "^1.0.2"
Expand Down Expand Up @@ -7012,7 +7000,7 @@ serve-handler@^6.1.3:
mime-types "2.1.18"
minimatch "3.1.2"
path-is-inside "1.0.2"
path-to-regexp "2.2.1"
path-to-regexp "3.3.0"
range-parser "1.2.0"

serve-index@^1.9.1:
Expand Down Expand Up @@ -7827,7 +7815,7 @@ wait-on@^6.0.1:
resolved "https://registry.yarnpkg.com/wait-on/-/wait-on-6.0.1.tgz#16bbc4d1e4ebdd41c5b4e63a2e16dbd1f4e5601e"
integrity sha512-zht+KASY3usTY5u2LgaNqn/Cd8MukxLGjdcZxT2ns5QzDmTFc4XoWBgC+C/na+sMRZTuVygQoMYwdcVjHnYIVw==
dependencies:
axios "^0.25.0"
axios "^0.28.0"
joi "^17.6.0"
lodash "^4.17.21"
minimist "^1.2.5"
Expand Down
Loading

0 comments on commit e2e2169

Please sign in to comment.