From 1c92af160192b653a369cee383b01228ffc775e8 Mon Sep 17 00:00:00 2001 From: "John P. Lettman" Date: Fri, 4 Aug 2023 16:20:41 -0400 Subject: [PATCH] Switch tokml to avoid RegExp DoS in dependency Switch tokml dependency to @maphubs/tokml See: https://github.com/mapbox/tokml/issues/36 See: https://github.com/mapbox/tokml/issues/37 --- package.json | 1 + yarn.lock | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/package.json b/package.json index 481605d..a8afdee 100644 --- a/package.json +++ b/package.json @@ -5,6 +5,7 @@ "description": "A program to execute OverpassQL queries, filter the results, and output into various GIS formats.", "license": "MIT", "dependencies": { + "@maphubs/tokml": "^0.6.1", "@types/jest": "^29.5.3", "@types/json-schema": "^7.0.12", "commander": "^11.0.0", diff --git a/yarn.lock b/yarn.lock index eba6299..f1802bf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -633,6 +633,14 @@ get-stream "^6.0.1" minimist "^1.2.6" +"@maphubs/tokml@^0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@maphubs/tokml/-/tokml-0.6.1.tgz#82c9f42805780e802c649e3d64e4e9326c55b080" + integrity sha512-C1qIeLpSDKPIQmYxiPmSZbw1eQDIaWTzeIMf2ym3gzY1q0b7UwDQDuUpccidrdLqOcERx2dlT4URhKl9H2scfA== + dependencies: + minimist "^1.2.5" + rw "^1.3.3" + "@nodelib/fs.scandir@2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" @@ -3062,6 +3070,11 @@ rw@0.0.4: resolved "https://registry.yarnpkg.com/rw/-/rw-0.0.4.tgz#de27b1ed5b9175772eaa22a79662510bd0598c4c" integrity sha512-JXKZaF+LLZNj4vwbrexrjafIACEUxe1BCzjZ7BTIsFGwhk6xY/nEx2jenGwJfRtFx13dFX+ophHr00vm14Thmw== +rw@^1.3.3: + version "1.3.3" + resolved "https://registry.yarnpkg.com/rw/-/rw-1.3.3.tgz#3f862dfa91ab766b14885ef4d01124bfda074fb4" + integrity sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ== + safe-buffer@^5.1.0, safe-buffer@~5.2.0: version "5.2.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"