From 64cb1bb8cb89d57c9121e3afd429cefb80ef5323 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Jan 2020 03:11:38 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AWSLAMBDA-540839 --- package.json | 2 +- yarn.lock | 58 ++++++++++++++++++++++++++++++---------------------- 2 files changed, 35 insertions(+), 25 deletions(-) diff --git a/package.json b/package.json index 560f507c..ef84fb1a 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,7 @@ "apollo-link-dedup": "^1.0.18", "apollo-link-http": "^1.5.14", "apollo-server-lambda": "^2.4.8", - "aws-lambda": "^0.1.2", + "aws-lambda": "^1.0.5", "dataloader": "^1.4.0", "debug": "^4.1.1", "graphql": "^14.2.1", diff --git a/yarn.lock b/yarn.lock index d84f7d3b..07dd6558 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4186,23 +4186,24 @@ await-to-js@^2.0.1: resolved "https://registry.yarnpkg.com/await-to-js/-/await-to-js-2.1.1.tgz#c2093cd5a386f2bb945d79b292817bbc3f41b31b" integrity sha512-CHBC6gQGCIzjZ09tJ+XmpQoZOn4GdWePB4qUweCaKNJ0D3f115YdhmYVTZ4rMVpiJ3cFzZcTYK1VMYEICV4YXw== -aws-lambda@^0.1.2: - version "0.1.2" - resolved "https://registry.yarnpkg.com/aws-lambda/-/aws-lambda-0.1.2.tgz#19b1585075df31679597b976a5f1def61f12ccee" - integrity sha1-GbFYUHXfMWeVl7l2pfHe9h8SzO4= +aws-lambda@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/aws-lambda/-/aws-lambda-1.0.5.tgz#9f40ca36da2aca8345230d6252c6e0da5a772dcf" + integrity sha512-rRBZT5mitbeb/qdqHrFiymFQ8k+uc8WlN2Y16OhsCEZzYHKRqFzRirO7gIozDohNuu7T27S6w88KBFpI0cS1NQ== dependencies: - aws-sdk "^*" - commander "^2.5.0" - dotenv "^0.4.0" + aws-sdk "*" + commander "^3.0.2" + js-yaml "^3.13.1" + watchpack "^2.0.0-beta.10" -aws-sdk@^*: - version "2.442.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.442.0.tgz#2b6848bbdcb53d1e7f955a7c7149072192ca4195" - integrity sha512-1KWya47PNEKJiIRQ4l3B+31gSwfaxa+1ow/o8HMmUAQl7wM5SDotUz+v6y2e08R4sL3u7UN+DWMkhg1itpYZIQ== +aws-sdk@*: + version "2.599.0" + resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.599.0.tgz#45705cbf95a34b6b7f455c3b43c9c7a8c37297e4" + integrity sha512-7yTXnV5SC9W6m+STbziPd1ZNVh9fTtEZ7Mm0rMqEDm/B2fJBa5xd45TwWG8JvS40X5+9jUBykiWdCuVBBx82rg== dependencies: buffer "4.9.1" events "1.1.1" - ieee754 "1.1.8" + ieee754 "1.1.13" jmespath "0.15.0" querystring "0.2.0" sax "1.2.1" @@ -6061,11 +6062,16 @@ commander@2.17.x: resolved "https://registry.yarnpkg.com/commander/-/commander-2.17.1.tgz#bd77ab7de6de94205ceacc72f1716d29f20a77bf" integrity sha512-wPMUt6FnH2yzG95SA6mzjQOEKUU3aLaDEmzs1ti+1E9h+CsrZghRlqEM/EJ4KscsQVG8uNN4uVreUeT8+drlgg== -commander@^2.11.0, commander@^2.13.0, commander@^2.14.1, commander@^2.17.1, commander@^2.19.0, commander@^2.3.0, commander@^2.5.0, commander@^2.9.0, commander@~2.20.0: +commander@^2.11.0, commander@^2.13.0, commander@^2.14.1, commander@^2.17.1, commander@^2.19.0, commander@^2.3.0, commander@^2.9.0, commander@~2.20.0: version "2.20.0" resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.0.tgz#d58bb2b5c1ee8f87b0d340027e9e94e222c5a422" integrity sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ== +commander@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/commander/-/commander-3.0.2.tgz#6837c3fb677ad9933d1cfba42dd14d5117d6b39e" + integrity sha512-Gar0ASD4BDyKC4hl4DwHqDrmvjoxWKZigVnAbn5H1owvm4CxCPdb0HQDehwNYMJpla5+M2tPmPARzhtYuwpHow== + commander@~2.13.0: version "2.13.0" resolved "https://registry.yarnpkg.com/commander/-/commander-2.13.0.tgz#6964bca67685df7c1f1430c584f07d7597885b9c" @@ -7382,11 +7388,6 @@ dotenv@6.0.0: resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-6.0.0.tgz#24e37c041741c5f4b25324958ebbc34bca965935" integrity sha512-FlWbnhgjtwD+uNLUGHbMykMOYQaTivdHEmYwAKFjn6GKe/CqY0fNae93ZHTd20snh9ZLr8mTzIL9m0APQ1pjQg== -dotenv@^0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-0.4.0.tgz#f6fb351363c2d92207245c737802c9ab5ae1495a" - integrity sha1-9vs1E2PC2SIHJFxzeALJq1rhSVo= - dotenv@^6.0.0, dotenv@^6.2.0: version "6.2.0" resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-6.2.0.tgz#941c0410535d942c8becf28d3f357dbd9d476064" @@ -9138,6 +9139,11 @@ glob-to-regexp@^0.3.0: resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz#8c5a1494d2066c570cc3bfe4496175acc4d502ab" integrity sha1-jFoUlNIGbFcMw7/kSWF1rMTVAqs= +glob-to-regexp@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" + integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== + glob@7.1.3, glob@^7.0.0, glob@^7.0.3, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@~7.1.1: version "7.1.3" resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1" @@ -10057,12 +10063,7 @@ identity-obj-proxy@3.0.0: dependencies: harmony-reflect "^1.4.6" -ieee754@1.1.8: - version "1.1.8" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.8.tgz#be33d40ac10ef1926701f6f08a2d86fbfd1ad3e4" - integrity sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q= - -ieee754@^1.1.4: +ieee754@1.1.13, ieee754@^1.1.4: version "1.1.13" resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.13.tgz#ec168558e95aa181fd87d37f55c32bbcb6708b84" integrity sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg== @@ -19295,6 +19296,15 @@ watchpack@^1.5.0: graceful-fs "^4.1.2" neo-async "^2.5.0" +watchpack@^2.0.0-beta.10: + version "2.0.0-beta.11" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.0.0-beta.11.tgz#70b47e770359fbb9cef108e83ade020087a42c6e" + integrity sha512-hXR+UJFVM9Q+gh+5c40JhUVTxyfJhs3qoPZV3iNY1WP89G8KdiDLmtIlWiVEUokOihuu901fkpWqT0fHft2Peg== + dependencies: + glob-to-regexp "^0.4.1" + graceful-fs "^4.1.2" + neo-async "^2.5.0" + wbuf@^1.1.0, wbuf@^1.7.2: version "1.7.3" resolved "https://registry.yarnpkg.com/wbuf/-/wbuf-1.7.3.tgz#c1d8d149316d3ea852848895cb6a0bfe887b87df"