Switch tokml to avoid RegExp DoS in dependency

Switch tokml dependency to @maphubs/tokml See: mapbox/tokml#36 See: mapbox/tokml#37
johnlettman · Aug 4, 2023 · 1c92af1 · 1c92af1
1 parent dc5a991
commit 1c92af1
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/package.json b/package.json
@@ -5,6 +5,7 @@
   "description": "A program to execute OverpassQL queries, filter the results, and output into various GIS formats.",
   "license": "MIT",
   "dependencies": {
+    "@maphubs/tokml": "^0.6.1",
     "@types/jest": "^29.5.3",
     "@types/json-schema": "^7.0.12",
     "commander": "^11.0.0",

diff --git a/yarn.lock b/yarn.lock
@@ -633,6 +633,14 @@
     get-stream "^6.0.1"
     minimist "^1.2.6"
 
+"@maphubs/tokml@^0.6.1":
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/@maphubs/tokml/-/tokml-0.6.1.tgz#82c9f42805780e802c649e3d64e4e9326c55b080"
+  integrity sha512-C1qIeLpSDKPIQmYxiPmSZbw1eQDIaWTzeIMf2ym3gzY1q0b7UwDQDuUpccidrdLqOcERx2dlT4URhKl9H2scfA==
+  dependencies:
+    minimist "^1.2.5"
+    rw "^1.3.3"
+
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@@ -3062,6 +3070,11 @@ rw@0.0.4:
   resolved "https://registry.yarnpkg.com/rw/-/rw-0.0.4.tgz#de27b1ed5b9175772eaa22a79662510bd0598c4c"
   integrity sha512-JXKZaF+LLZNj4vwbrexrjafIACEUxe1BCzjZ7BTIsFGwhk6xY/nEx2jenGwJfRtFx13dFX+ophHr00vm14Thmw==
 
+rw@^1.3.3:
+  version "1.3.3"
+  resolved "https://registry.yarnpkg.com/rw/-/rw-1.3.3.tgz#3f862dfa91ab766b14885ef4d01124bfda074fb4"
+  integrity sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==
+
 safe-buffer@^5.1.0, safe-buffer@~5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"