[arvados] created: 2.7.0-6370-g4d3508cefb

git repository hosting git at public.arvados.org
Tue Apr 9 00:56:48 UTC 2024


        at  4d3508cefb40ad5b53af22d8f3dda13593b598d2 (commit)


commit 4d3508cefb40ad5b53af22d8f3dda13593b598d2
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Mon Apr 8 21:55:25 2024 -0300

    21654: Upgrades browserify-sign to address CVE-2023-46234
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/services/workbench2/yarn.lock b/services/workbench2/yarn.lock
index 633766568f..58753ec162 100644
--- a/services/workbench2/yarn.lock
+++ b/services/workbench2/yarn.lock
@@ -4234,6 +4234,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"asn1.js at npm:^4.10.1":
+  version: 4.10.1
+  resolution: "asn1.js at npm:4.10.1"
+  dependencies:
+    bn.js: ^4.0.0
+    inherits: ^2.0.1
+    minimalistic-assert: ^1.0.0
+  checksum: 9289a1a55401238755e3142511d7b8f6fc32f08c86ff68bd7100da8b6c186179dd6b14234fba2f7f6099afcd6758a816708485efe44bc5b2a6ec87d9ceeddbb5
+  languageName: node
+  linkType: hard
+
 "asn1.js at npm:^5.2.0":
   version: 5.4.1
   resolution: "asn1.js at npm:5.4.1"
@@ -4763,13 +4774,20 @@ __metadata:
   languageName: node
   linkType: hard
 
-"bn.js at npm:^5.0.0, bn.js at npm:^5.1.1":
+"bn.js at npm:^5.0.0":
   version: 5.2.0
   resolution: "bn.js at npm:5.2.0"
   checksum: 6117170393200f68b35a061ecbf55d01dd989302e7b3c798a3012354fa638d124f0b2f79e63f77be5556be80322a09c40339eda6413ba7468524c0b6d4b4cb7a
   languageName: node
   linkType: hard
 
+"bn.js at npm:^5.2.1":
+  version: 5.2.1
+  resolution: "bn.js at npm:5.2.1"
+  checksum: 3dd8c8d38055fedfa95c1d5fc3c99f8dd547b36287b37768db0abab3c239711f88ff58d18d155dd8ad902b0b0cee973747b7ae20ea12a09473272b0201c9edd3
+  languageName: node
+  linkType: hard
+
 "body-parser at npm:1.19.0":
   version: 1.19.0
   resolution: "body-parser at npm:1.19.0"
@@ -4894,7 +4912,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"browserify-aes at npm:^1.0.0, browserify-aes at npm:^1.0.4":
+"browserify-aes at npm:^1.0.0, browserify-aes at npm:^1.0.4, browserify-aes at npm:^1.2.0":
   version: 1.2.0
   resolution: "browserify-aes at npm:1.2.0"
   dependencies:
@@ -4931,7 +4949,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"browserify-rsa at npm:^4.0.0, browserify-rsa at npm:^4.0.1":
+"browserify-rsa at npm:^4.0.0, browserify-rsa at npm:^4.1.0":
   version: 4.1.0
   resolution: "browserify-rsa at npm:4.1.0"
   dependencies:
@@ -4942,19 +4960,20 @@ __metadata:
   linkType: hard
 
 "browserify-sign at npm:^4.0.0":
-  version: 4.2.1
-  resolution: "browserify-sign at npm:4.2.1"
+  version: 4.2.3
+  resolution: "browserify-sign at npm:4.2.3"
   dependencies:
-    bn.js: ^5.1.1
-    browserify-rsa: ^4.0.1
+    bn.js: ^5.2.1
+    browserify-rsa: ^4.1.0
     create-hash: ^1.2.0
     create-hmac: ^1.1.7
-    elliptic: ^6.5.3
+    elliptic: ^6.5.5
+    hash-base: ~3.0
     inherits: ^2.0.4
-    parse-asn1: ^5.1.5
-    readable-stream: ^3.6.0
-    safe-buffer: ^5.2.0
-  checksum: 0221f190e3f5b2d40183fa51621be7e838d9caa329fe1ba773406b7637855f37b30f5d83e52ff8f244ed12ffe6278dd9983638609ed88c841ce547e603855707
+    parse-asn1: ^5.1.7
+    readable-stream: ^2.3.8
+    safe-buffer: ^5.2.1
+  checksum: 403a8061d229ae31266670345b4a7c00051266761d2c9bbeb68b1a9bcb05f68143b16110cf23a171a5d6716396a1f41296282b3e73eeec0a1871c77f0ff4ee6b
   languageName: node
   linkType: hard
 
@@ -7387,6 +7406,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"elliptic at npm:^6.5.5":
+  version: 6.5.5
+  resolution: "elliptic at npm:6.5.5"
+  dependencies:
+    bn.js: ^4.11.9
+    brorand: ^1.1.0
+    hash.js: ^1.0.0
+    hmac-drbg: ^1.0.1
+    inherits: ^2.0.4
+    minimalistic-assert: ^1.0.1
+    minimalistic-crypto-utils: ^1.0.1
+  checksum: ec9105e4469eb3b32b0ee2579756c888ddf3f99d259aa0d65fccb906ee877768aaf8880caae73e3e669c9a4adeb3eb1945703aa974ec5000d2d33a239f4567eb
+  languageName: node
+  linkType: hard
+
 "emoji-regex at npm:^7.0.1, emoji-regex at npm:^7.0.2":
   version: 7.0.3
   resolution: "emoji-regex at npm:7.0.3"
@@ -9340,6 +9374,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"hash-base at npm:~3.0":
+  version: 3.0.4
+  resolution: "hash-base at npm:3.0.4"
+  dependencies:
+    inherits: ^2.0.1
+    safe-buffer: ^5.0.1
+  checksum: 878465a0dfcc33cce195c2804135352c590d6d10980adc91a9005fd377e77f2011256c2b7cfce472e3f2e92d561d1bf3228d2da06348a9017ce9a258b3b49764
+  languageName: node
+  linkType: hard
+
 "hash.js at npm:^1.0.0, hash.js at npm:^1.0.3":
   version: 1.1.7
   resolution: "hash.js at npm:1.1.7"
@@ -13774,7 +13818,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"parse-asn1 at npm:^5.0.0, parse-asn1 at npm:^5.1.5":
+"parse-asn1 at npm:^5.0.0":
   version: 5.1.6
   resolution: "parse-asn1 at npm:5.1.6"
   dependencies:
@@ -13787,6 +13831,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"parse-asn1 at npm:^5.1.7":
+  version: 5.1.7
+  resolution: "parse-asn1 at npm:5.1.7"
+  dependencies:
+    asn1.js: ^4.10.1
+    browserify-aes: ^1.2.0
+    evp_bytestokey: ^1.0.3
+    hash-base: ~3.0
+    pbkdf2: ^3.1.2
+    safe-buffer: ^5.2.1
+  checksum: 93c7194c1ed63a13e0b212d854b5213ad1aca0ace41c66b311e97cca0519cf9240f79435a0306a3b412c257f0ea3f1953fd0d9549419a0952c9e995ab361fd6c
+  languageName: node
+  linkType: hard
+
 "parse-duration at npm:0.4.4":
   version: 0.4.4
   resolution: "parse-duration at npm:0.4.4"
@@ -14003,7 +14061,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"pbkdf2 at npm:^3.0.3":
+"pbkdf2 at npm:^3.0.3, pbkdf2 at npm:^3.1.2":
   version: 3.1.2
   resolution: "pbkdf2 at npm:3.1.2"
   dependencies:
@@ -15991,6 +16049,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"readable-stream at npm:^2.3.8":
+  version: 2.3.8
+  resolution: "readable-stream at npm:2.3.8"
+  dependencies:
+    core-util-is: ~1.0.0
+    inherits: ~2.0.3
+    isarray: ~1.0.0
+    process-nextick-args: ~2.0.0
+    safe-buffer: ~5.1.1
+    string_decoder: ~1.1.1
+    util-deprecate: ~1.0.1
+  checksum: 65645467038704f0c8aaf026a72fbb588a9e2ef7a75cd57a01702ee9db1c4a1e4b03aaad36861a6a0926546a74d174149c8c207527963e0c2d3eee2f37678a42
+  languageName: node
+  linkType: hard
+
 "readable-stream at npm:^3.0.6, readable-stream at npm:^3.6.0":
   version: 3.6.0
   resolution: "readable-stream at npm:3.6.0"
@@ -16776,7 +16849,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"safe-buffer at npm:>=5.1.0, safe-buffer at npm:^5.0.1, safe-buffer at npm:^5.1.0, safe-buffer at npm:^5.1.1, safe-buffer at npm:^5.1.2, safe-buffer at npm:^5.2.0, safe-buffer at npm:~5.2.0":
+"safe-buffer at npm:>=5.1.0, safe-buffer at npm:^5.0.1, safe-buffer at npm:^5.1.0, safe-buffer at npm:^5.1.1, safe-buffer at npm:^5.1.2, safe-buffer at npm:^5.2.0, safe-buffer at npm:^5.2.1, safe-buffer at npm:~5.2.0":
   version: 5.2.1
   resolution: "safe-buffer at npm:5.2.1"
   checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list