From 5238007d3b71cfec8f60e225e3f114342f2ccd9f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 20 Apr 2023 16:41:51 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- package.json | 2 +- yarn.lock | 165 ++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 164 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 59e3029..dc7e933 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "@oclif/config": "^1", "@oclif/errors": "^1", "@salesforce/command": "^2", - "@salesforce/core": "2.15.0", + "@salesforce/core": "2.15.3", "@salesforce/ts-sinon": "^1.3.0", "@types/copy-paste": "^1.1.30", "@types/jsforce": "^1.9.26", diff --git a/yarn.lock b/yarn.lock index 5ec3d01..ad91030 100644 --- a/yarn.lock +++ b/yarn.lock @@ -352,7 +352,27 @@ chalk "^2.4.2" cli-ux "^4.9.3" -"@salesforce/core@2.15.0", "@salesforce/core@^2.1.4": +"@salesforce/core@2.15.3": + version "2.15.3" + resolved "https://registry.yarnpkg.com/@salesforce/core/-/core-2.15.3.tgz#879d67d10f2b7ca9d63014ae2c5d9755dd24e3d6" + integrity sha512-sM+sifK8Fo9Bat/DXX7QMOCCH95QvuZxjTz3leS5ChHks7b5izRaTDNnSdNjuhRR5dDNr37/0wEwGt3fGZtCLw== + dependencies: + "@salesforce/bunyan" "^2.0.0" + "@salesforce/kit" "^1.3.3" + "@salesforce/schemas" "^1.0.1" + "@salesforce/ts-types" "^1.0.0" + "@types/graceful-fs" "^4.1.3" + "@types/jsforce" "1.9.23" + "@types/mkdirp" "1.0.0" + debug "^3.1.0" + graceful-fs "^4.2.4" + jsen "0.6.6" + jsforce "^1.10.0" + jsonwebtoken "8.5.0" + mkdirp "1.0.4" + sfdx-faye "^1.0.9" + +"@salesforce/core@^2.1.4": version "2.15.0" resolved "https://registry.npmjs.org/@salesforce/core/-/core-2.15.0.tgz" integrity sha512-kL7O9D0liE9k8qS1J4/EA07zATnEXJYM3rb8CMYQ//rMBp9dZcSJ1JEIG6msNw1//GKMB1pxmPuTJy0HtAccyg== @@ -388,6 +408,15 @@ "@salesforce/ts-types" "^1.5.0" tslib "^1.10.0" +"@salesforce/kit@^1.3.3": + version "1.9.2" + resolved "https://registry.yarnpkg.com/@salesforce/kit/-/kit-1.9.2.tgz#d232f135428363cdfe2649cb99a94bc2eb0a12fd" + integrity sha512-kjZvjFNP6njhAiEa/ErdLXSDWZKafHYJyKCKz1wnSFmDM8TOpKHCCVw5cQo87ZQr8OqxqwUDIAlSBLyMzKi4Lg== + dependencies: + "@salesforce/ts-types" "^1.7.3" + shx "^0.3.3" + tslib "^2.5.0" + "@salesforce/schemas@^1.0.1": version "1.0.3" resolved "https://registry.npmjs.org/@salesforce/schemas/-/schemas-1.0.3.tgz" @@ -409,6 +438,13 @@ dependencies: tslib "^1.10.0" +"@salesforce/ts-types@^1.7.3": + version "1.7.3" + resolved "https://registry.yarnpkg.com/@salesforce/ts-types/-/ts-types-1.7.3.tgz#89b79ff0aaa55fea9f2de0afa8e515be3e17d0d8" + integrity sha512-jpmekGqZ7tpHRJwf1rF0yBJ/IMC5mOrryNi4HZkKuNQn8RF97WpynmL8Om04mLTCESvCiif3y7NWfIcxtID2Gw== + dependencies: + tslib "^2.5.0" + "@sinonjs/commons@^1", "@sinonjs/commons@^1.3.0", "@sinonjs/commons@^1.7.0": version "1.8.2" resolved "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.2.tgz" @@ -494,6 +530,13 @@ resolved "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.3.tgz" integrity sha512-tHq6qdbT9U1IRSGf14CL0pUlULksvY9OZ+5eEgl1N7t+OA3tGvNpxJCzuKQlsNgCVwbAs670L1vcVQi8j9HjnA== +"@types/mkdirp@1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@types/mkdirp/-/mkdirp-1.0.0.tgz#16ce0eabe4a9a3afe64557ad0ee6886ec3d32927" + integrity sha512-ONFY9//bCEr3DWKON3iDv/Q8LXnhaYYaNDeFSN0AtO5o4sLf9F0pstJKKKjQhXE0kJEeHs8eR6SAsROhhc2Csw== + dependencies: + "@types/node" "*" + "@types/mocha@^5": version "5.2.7" resolved "https://registry.npmjs.org/@types/mocha/-/mocha-5.2.7.tgz" @@ -1032,6 +1075,11 @@ csprng@*, csprng@~0.1.2: dependencies: sequin "*" +csv-parse@^4.10.1: + version "4.16.3" + resolved "https://registry.yarnpkg.com/csv-parse/-/csv-parse-4.16.3.tgz#7ca624d517212ebc520a36873c3478fa66efbaf7" + integrity sha512-cO1I/zmz4w2dcKHVvpCr7JVRu8/FymG5OEpmvsZYlccYolPBLoVGKUHgNoc4ZGkFeFlWGEDmMyBM+TTqRdW/wg== + csv-parse@^4.6.3: version "4.15.1" resolved "https://registry.npmjs.org/csv-parse/-/csv-parse-4.15.1.tgz" @@ -1338,7 +1386,7 @@ faye-websocket@~0.9.1: dependencies: websocket-driver ">=0.5.1" -faye@^1.2.0: +faye@^1.2.0, faye@^1.4.0: version "1.4.0" resolved "https://registry.npmjs.org/faye/-/faye-1.4.0.tgz" integrity sha512-kRrIg4be8VNYhycS2PY//hpBJSzZPr/DBbcy9VWelhZMW3KhyLkQR0HL0k0MNpmVoNFF4EdfMFkNAWjTP65g6w== @@ -1556,6 +1604,18 @@ glob@^6.0.1: once "^1.3.0" path-is-absolute "^1.0.0" +glob@^7.0.0: + version "7.2.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.1.1" + once "^1.3.0" + path-is-absolute "^1.0.0" + glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6: version "7.1.6" resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" @@ -1750,6 +1810,11 @@ inherits@2, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3: resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== +interpret@^1.0.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/interpret/-/interpret-1.4.0.tgz#665ab8bc4da27a774a40584e812e3e0fa45b1a1e" + integrity sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA== + is-arrayish@^0.2.1: version "0.2.1" resolved "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz" @@ -1772,6 +1837,13 @@ is-core-module@^2.1.0: dependencies: has "^1.0.3" +is-core-module@^2.11.0: + version "2.12.0" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.12.0.tgz#36ad62f6f73c8253fd6472517a12483cf03e7ec4" + integrity sha512-RECHCBCd/viahWmwj6enj19sKbHfJrddi/6cBDsNTKbNq0f7VeaUkBo60BqzvPqo/W54ChS62Z5qyun7cfOMqQ== + dependencies: + has "^1.0.3" + is-date-object@^1.0.1: version "1.0.2" resolved "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.2.tgz" @@ -2019,6 +2091,27 @@ jsforce@1.9.3: request "^2.72.0" xml2js "^0.4.16" +jsforce@^1.10.0: + version "1.11.1" + resolved "https://registry.yarnpkg.com/jsforce/-/jsforce-1.11.1.tgz#229c176ef43b996438828734a8ba7ee691b61e98" + integrity sha512-u1vL2F4FYRNccwjwA3ftMULEf9Ekeyvsz7vYKeQ03sKg6m7DNwB2O9d0erCM7k5sQUJ44J39CI05nokDKN3ktw== + dependencies: + base64-url "^2.2.0" + co-prompt "^1.0.0" + coffeescript "^1.10.0" + commander "^2.9.0" + csv-parse "^4.10.1" + csv-stringify "^1.0.4" + faye "^1.4.0" + inherits "^2.0.1" + lodash "^4.17.19" + multistream "^2.0.5" + opn "^5.3.0" + promise "^7.1.1" + readable-stream "^2.1.0" + request "^2.72.0" + xml2js "^0.5.0" + json-parse-better-errors@^1.0.1: version "1.0.2" resolved "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz" @@ -2286,11 +2379,23 @@ mime-types@^2.1.12, mime-types@~2.1.19: dependencies: brace-expansion "^1.1.7" +minimatch@^3.1.1: + version "3.1.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" + integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + dependencies: + brace-expansion "^1.1.7" + minimist@0.0.8: version "0.0.8" resolved "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz" integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0= +minimist@^1.2.3: + version "1.2.8" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" + integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== + minimist@^1.2.5: version "1.2.5" resolved "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz" @@ -2654,6 +2759,11 @@ path-parse@^1.0.6: resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz" integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== +path-parse@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== + path-to-regexp@^1.7.0: version "1.8.0" resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz" @@ -2789,6 +2899,13 @@ readable-stream@^3.1.1, readable-stream@^3.4.0: string_decoder "^1.1.1" util-deprecate "^1.0.1" +rechoir@^0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/rechoir/-/rechoir-0.6.2.tgz#85204b54dba82d5742e28c96756ef43af50e3384" + integrity sha512-HFM8rkZ+i3zrV+4LQjwQ0W+ez98pApMGM3HUrN04j3CqzPOzl9nmP15Y8YXNm8QHGv/eacOVEjqhmWpkRV0NAw== + dependencies: + resolve "^1.1.6" + redeyed@~2.1.0: version "2.1.1" resolved "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz" @@ -2844,6 +2961,15 @@ resolve-from@^5.0.0: resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz" integrity sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw== +resolve@^1.1.6: + version "1.22.2" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.2.tgz#0ed0943d4e301867955766c9f3e1ae6d01c6845f" + integrity sha512-Sb+mjNHOULsBv818T40qSPeRiuWLyaGMa5ewydRLFimneixmVy2zdivRl+AF6jaYPC8ERxGDmFSiqui6SfPd+g== + dependencies: + is-core-module "^2.11.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" + resolve@^1.11.1, resolve@^1.17.0, resolve@^1.3.2: version "1.19.0" resolved "https://registry.npmjs.org/resolve/-/resolve-1.19.0.tgz" @@ -2975,6 +3101,23 @@ shebang-regex@^3.0.0: resolved "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz" integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== +shelljs@^0.8.5: + version "0.8.5" + resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.5.tgz#de055408d8361bed66c669d2f000538ced8ee20c" + integrity sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow== + dependencies: + glob "^7.0.0" + interpret "^1.0.0" + rechoir "^0.6.2" + +shx@^0.3.3: + version "0.3.4" + resolved "https://registry.yarnpkg.com/shx/-/shx-0.3.4.tgz#74289230b4b663979167f94e1935901406e40f02" + integrity sha512-N6A9MLVqjxZYcVn8hLmtneQWIJtp8IKzMP4eMnx+nqkvXoqinUPCbUFLp2UcWTEIUONhlk0ewxr/jaVGlc+J+g== + dependencies: + minimist "^1.2.3" + shelljs "^0.8.5" + signal-exit@^3.0.0, signal-exit@^3.0.2: version "3.0.3" resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz" @@ -3219,6 +3362,11 @@ supports-hyperlinks@^2.1.0: has-flag "^4.0.0" supports-color "^7.0.0" +supports-preserve-symlinks-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + sync-exec@~0.6.x: version "0.6.2" resolved "https://registry.npmjs.org/sync-exec/-/sync-exec-0.6.2.tgz" @@ -3339,6 +3487,11 @@ tslib@^2.0.0, tslib@^2.0.3: resolved "https://registry.npmjs.org/tslib/-/tslib-2.1.0.tgz" integrity sha512-hcVC3wYEziELGGmEEXue7D75zbwIIVUMWAVbHItGPx0ziyXxrOMQx4rQEVEV45Ut/1IotuEvwqPopzIOkDMf0A== +tslib@^2.5.0: + version "2.5.0" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.5.0.tgz#42bfed86f5787aeb41d031866c8f402429e0fddf" + integrity sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg== + tslint-microsoft-contrib@^5.2.1: version "5.2.1" resolved "https://registry.npmjs.org/tslint-microsoft-contrib/-/tslint-microsoft-contrib-5.2.1.tgz" @@ -3592,6 +3745,14 @@ xml2js@^0.4.16: sax ">=0.6.0" xmlbuilder "~11.0.0" +xml2js@^0.5.0: + version "0.5.0" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" + integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== + dependencies: + sax ">=0.6.0" + xmlbuilder "~11.0.0" + xmlbuilder@~11.0.0: version "11.0.1" resolved "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz"