This is an automated email from the ASF dual-hosted git repository. dpgaspar pushed a commit to branch 0.35 in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
commit 4c2a6537976f839aee972f839d9eeddf12f34635 Author: Marcus <[email protected]> AuthorDate: Mon Nov 4 10:30:46 2019 -0800 build: bump dompurify version because of nasty xss bypass. (#8498) --- superset/assets/package-lock.json | 299 ++++++++++++++++++++++++++++++++++++-- superset/assets/package.json | 6 +- 2 files changed, 287 insertions(+), 18 deletions(-) diff --git a/superset/assets/package-lock.json b/superset/assets/package-lock.json index 298fc1c..7ddb037 100644 --- a/superset/assets/package-lock.json +++ b/superset/assets/package-lock.json @@ -3875,13 +3875,13 @@ } }, "@superset-ui/legacy-plugin-chart-table": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@superset-ui/legacy-plugin-chart-table/-/legacy-plugin-chart-table-0.11.0.tgz";, - "integrity": "sha512-R9LuoWzR9YL/fkBq9iyFnzv3zwcNpU4D22zbtV1sx4EE/Rj2rN6u9glVruKcI4iwUwhakqFiTNMGlBph3A26xw==", + "version": "0.11.4", + "resolved": "https://registry.npmjs.org/@superset-ui/legacy-plugin-chart-table/-/legacy-plugin-chart-table-0.11.4.tgz";, + "integrity": "sha512-yhzlBSVXNkiC4kkItDUPAYt1ZNDG1de3NhAr8m/ueN39RAsku0+O/3ZW3o2mQC0vjnjhREejUOqC5iaLAi3WQA==", "requires": { "d3": "^3.5.17", "datatables.net-bs": "^1.10.15", - "dompurify": "^1.0.3", + "dompurify": "^2.0.6", "prop-types": "^15.6.2" } }, @@ -3950,14 +3950,14 @@ } }, "@superset-ui/legacy-preset-chart-nvd3": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@superset-ui/legacy-preset-chart-nvd3/-/legacy-preset-chart-nvd3-0.11.0.tgz";, - "integrity": "sha512-qZKQY/5myO0WKNm3e/8aa0Cp30e6t8fMTNBM+StD8CXfMhH9YEXLLGDyxLMVqY2Ytb2DszsmMLeldMAsdpneNA==", + "version": "0.11.4", + "resolved": "https://registry.npmjs.org/@superset-ui/legacy-preset-chart-nvd3/-/legacy-preset-chart-nvd3-0.11.4.tgz";, + "integrity": "sha512-oNRWGIGApyH/55IhD8E6rGoyhswU2cs9aPI6zmqVwfEDKmqMonjDlY06YRRh2e3o9AOM1o3VGRiDutJBqOUzaQ==", "requires": { - "@data-ui/xy-chart": "^0.0.80", + "@data-ui/xy-chart": "^0.0.81", "d3": "^3.5.17", "d3-tip": "^0.9.1", - "dompurify": "^1.0.3", + "dompurify": "^2.0.6", "fast-safe-stringify": "^2.0.6", "lodash": "^4.17.11", "mathjs": "^3.20.2", @@ -3965,6 +3965,275 @@ "nvd3": "1.8.6", "prop-types": "^15.6.2", "urijs": "^1.18.10" + }, + "dependencies": { + "@data-ui/shared": { + "version": "0.0.81", + "resolved": "https://registry.npmjs.org/@data-ui/shared/-/shared-0.0.81.tgz";, + "integrity": "sha512-kARqb5FIKk5JLqFUwQQccrJdZccPMoWyJ9N1PGvZ+KT+SbTvby/NiodnnpH3UljrDnoAfNggEnI6z9YJI0yF7w==", + "requires": { + "@data-ui/theme": "^0.0.81", + "@vx/event": "^0.0.165", + "@vx/group": "^0.0.165", + "@vx/shape": "^0.0.168", + "@vx/tooltip": "0.0.165", + "d3-array": "^1.2.1", + "prop-types": "^15.5.10" + }, + "dependencies": { + "@vx/shape": { + "version": "0.0.168", + "resolved": "https://registry.npmjs.org/@vx/shape/-/shape-0.0.168.tgz";, + "integrity": "sha512-urKZkwSafMpPQ0wI/L5FJmufRiAR4UsgYUCKxROjfE1Cf4jWNlK6mlVIIASxCdHlh9CGBbIrRMdl5Yv5lzqhjA==", + "requires": { + "@vx/curve": "0.0.165", + "@vx/group": "0.0.165", + "@vx/point": "0.0.165", + "classnames": "^2.2.5", + "d3-path": "^1.0.5", + "d3-shape": "^1.2.0", + "prop-types": "^15.5.10" + } + } + } + }, + "@data-ui/theme": { + "version": "0.0.81", + "resolved": "https://registry.npmjs.org/@data-ui/theme/-/theme-0.0.81.tgz";, + "integrity": "sha512-Qo0TRf75acWZfsDDDTotQnXum28ECXft1ax9YXKZyRhkb9DiNBI7I1E3Ip/e9VKg1hoH2KnT20PNIKiE7kdhKQ==" + }, + "@data-ui/xy-chart": { + "version": "0.0.81", + "resolved": "https://registry.npmjs.org/@data-ui/xy-chart/-/xy-chart-0.0.81.tgz";, + "integrity": "sha512-/rJJ+xQ7ISEkObYGGPAOkRGu1m3zQ3QgmaQI9CgeYoJO/So9yqZe2D1ttCYTxtEFQdvTVA1Vxz3VjNiGJffzyA==", + "requires": { + "@data-ui/shared": "^0.0.81", + "@data-ui/theme": "^0.0.81", + "@vx/axis": "^0.0.175", + "@vx/curve": "^0.0.165", + "@vx/event": "^0.0.165", + "@vx/glyph": "^0.0.165", + "@vx/gradient": "^0.0.165", + "@vx/grid": "^0.0.180", + "@vx/group": "^0.0.165", + "@vx/pattern": "^0.0.165", + "@vx/point": "^0.0.165", + "@vx/responsive": "^0.0.165", + "@vx/scale": "^0.0.165", + "@vx/shape": "^0.0.165", + "@vx/stats": "^0.0.165", + "@vx/text": "0.0.183", + "@vx/threshold": "0.0.170", + "@vx/tooltip": "^0.0.165", + "@vx/voronoi": "^0.0.165", + "d3-array": "^1.2.0", + "prop-types": "^15.5.10" + } + }, + "@vx/axis": { + "version": "0.0.175", + "resolved": "https://registry.npmjs.org/@vx/axis/-/axis-0.0.175.tgz";, + "integrity": "sha512-qVRIHurnbPnRF4p0KQITArOUSF564tWW1pc48giLz+DJGlcJ4H9RfOSTpV6rnnP15xto6pQdQehBgBAvFRmoig==", + "requires": { + "@vx/group": "0.0.170", + "@vx/point": "0.0.165", + "@vx/shape": "0.0.175", + "@vx/text": "0.0.175", + "classnames": "^2.2.5", + "prop-types": "^15.6.0" + }, + "dependencies": { + "@vx/group": { + "version": "0.0.170", + "resolved": "https://registry.npmjs.org/@vx/group/-/group-0.0.170.tgz";, + "integrity": "sha512-RnDdRoy0YI5hokk+YWXc8t39Kp51i4BdCpiwkDJU4YypGycTYnDFjicam6jigUmZ/6wyMirDf/aQboWviFLt2Q==", + "requires": { + "classnames": "^2.2.5" + } + }, + "@vx/shape": { + "version": "0.0.175", + "resolved": "https://registry.npmjs.org/@vx/shape/-/shape-0.0.175.tgz";, + "integrity": "sha512-bjAJoIIpKjUEPDV2xmTYGUvSvwRztv+6rd1c6NPZG/nIuqsMHFnFig/2xTcQJEQhRg6aKzvxIUo43zPSSq3fWA==", + "requires": { + "@vx/curve": "0.0.165", + "@vx/group": "0.0.170", + "@vx/point": "0.0.165", + "classnames": "^2.2.5", + "d3-path": "^1.0.5", + "d3-shape": "^1.2.0", + "prop-types": "^15.5.10" + } + }, + "@vx/text": { + "version": "0.0.175", + "resolved": "https://registry.npmjs.org/@vx/text/-/text-0.0.175.tgz";, + "integrity": "sha512-SOBhctXXAGhhpCOiTjxOM/8NDaDqGRk3OGfsJ714Mt1UJX6VQaKxFocZJwn6IMw3mNG6/p7O4Eao/gGDcoM6+A==", + "requires": { + "babel-plugin-lodash": "^3.3.2", + "classnames": "^2.2.5", + "lodash": "^4.17.4", + "reduce-css-calc": "^1.3.0" + } + } + } + }, + "@vx/bounds": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/bounds/-/bounds-0.0.165.tgz";, + "integrity": "sha512-ZvRb72/4QNs1ZrytZTZxd0hfAb/KKfhsdkcYtIQkmdF6dTsjigMQZ+h2bLvLnbZb/RxyCCoxdiZSGXd+T1c//Q==", + "requires": { + "prop-types": "^15.5.10" + } + }, + "@vx/curve": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/curve/-/curve-0.0.165.tgz";, + "integrity": "sha512-fiQAGrKNGjJbL+eixUckJqIZDWXH/1NtIyyDbSz3J7ksk0QpYr5BgWcNJN76HLNt7wfcLwNzCHeNs4iVYyFGTg==", + "requires": { + "d3-shape": "^1.0.6" + } + }, + "@vx/event": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/event/-/event-0.0.165.tgz";, + "integrity": "sha512-FsQiw0f3s5DQB6aBQmBcoWk9e4q65LcDobHIyV8qrmpW2QgV2NvQFM1w0Q300ohpRMgJDzGk68HHHQgFOJvApw==", + "requires": { + "@vx/point": "0.0.165" + } + }, + "@vx/glyph": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/glyph/-/glyph-0.0.165.tgz";, + "integrity": "sha512-kccUm40e/VCtayxqvcwc2K2M6oNXO7IafwIfw1RRv6Fj4Iutto9ZpI+PGOf/zPnYVueoLnWBXT/HE7IRS+C2gw==", + "requires": { + "@vx/group": "0.0.165", + "classnames": "^2.2.5", + "d3-shape": "^1.2.0" + } + }, + "@vx/gradient": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/gradient/-/gradient-0.0.165.tgz";, + "integrity": "sha512-FjRXMTmcy7k0TWsfDzWWXw6T9WXKP+6LS/GRgnguq271pab/P+AdOJThsVxtBgUc8ZOAPbub3/2Gggz9d8tocg==", + "requires": { + "classnames": "^2.2.5", + "prop-types": "^15.5.7" + } + }, + "@vx/grid": { + "version": "0.0.180", + "resolved": "https://registry.npmjs.org/@vx/grid/-/grid-0.0.180.tgz";, + "integrity": "sha512-+ugS0c6GbwHr6pFU0znnOG3/zTwRRadvWwj3E4ZOHmKUSz6ZEN6JNo+rD3WSZckYwLis6UivmYfJ5cV6AM4ufg==", + "requires": { + "@vx/group": "0.0.170", + "@vx/point": "0.0.165", + "@vx/shape": "0.0.179", + "classnames": "^2.2.5", + "prop-types": "^15.6.2" + }, + "dependencies": { + "@vx/group": { + "version": "0.0.170", + "resolved": "https://registry.npmjs.org/@vx/group/-/group-0.0.170.tgz";, + "integrity": "sha512-RnDdRoy0YI5hokk+YWXc8t39Kp51i4BdCpiwkDJU4YypGycTYnDFjicam6jigUmZ/6wyMirDf/aQboWviFLt2Q==", + "requires": { + "classnames": "^2.2.5" + } + }, + "@vx/shape": { + "version": "0.0.179", + "resolved": "https://registry.npmjs.org/@vx/shape/-/shape-0.0.179.tgz";, + "integrity": "sha512-YHVNx4xGpbjolkW3Lb5pEgJB0+u349vfnLI976DJlinY0hRNa4TZbWXOB4ywLIrYzQEXXPMUR8WtdubNxg6g0w==", + "requires": { + "@vx/curve": "0.0.165", + "@vx/group": "0.0.170", + "@vx/point": "0.0.165", + "classnames": "^2.2.5", + "d3-path": "^1.0.5", + "d3-shape": "^1.2.0", + "prop-types": "^15.5.10" + } + } + } + }, + "@vx/group": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/group/-/group-0.0.165.tgz";, + "integrity": "sha512-gi1DSg8AAaVRseyWiq8y4bzyvKiQIXT6vDUYBVRmv2LBcpHocBGaxNiNK0X602RgLG0XmNyRv6qSCWLOaBs3Mg==", + "requires": { + "classnames": "^2.2.5" + } + }, + "@vx/pattern": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/pattern/-/pattern-0.0.165.tgz";, + "integrity": "sha512-h5nmfcYlQYYzNhlhqaYUvVnkmGnC0yWv5yU1snjHweGmIHTovV3RAbKgVFAP7kB3i2rbEtC3O8WkJN++cZdLzA==", + "requires": { + "classnames": "^2.2.5", + "prop-types": "^15.5.10" + } + }, + "@vx/point": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/point/-/point-0.0.165.tgz";, + "integrity": "sha512-spoHilhjcWNgccrSzBUPw+PXV81tYxeyEWBkgr35aGVU4m7YT86Ywvfemwp7AVVGPn+XJHrhB0ujAhDoyqFPoA==" + }, + "@vx/responsive": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/responsive/-/responsive-0.0.165.tgz";, + "integrity": "sha512-b5PYEzsjgTGuH4qN2ujghq2uKQsPGBEtOAO1791WdA0j6rr0zbVsHVmJeEhvoOg0b3xhdNN1mXAzQr4K9lDaDw==", + "requires": { + "lodash": "^4.17.10", + "prop-types": "^15.6.1", + "resize-observer-polyfill": "1.5.0" + } + }, + "@vx/scale": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/scale/-/scale-0.0.165.tgz";, + "integrity": "sha512-5jSgXJDU6J/KWIyCbpjHqysPCddp7tG3LbTV7UmtB1Qleb4m4slShTVSE7+EKU+zgiQPDGm0+E2ht4cet+7F7A==", + "requires": { + "d3-scale": "^2.0.0" + } + }, + "@vx/shape": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/shape/-/shape-0.0.165.tgz";, + "integrity": "sha512-D9naH/glDtw8J8IcdumpRz1ihaoCAYMwFNh2KTv73HiTKrLQSXvIjwYFv9C0b8BCPNOXkDZS8s+AlgMSqGlZNQ==", + "requires": { + "@vx/curve": "0.0.165", + "@vx/group": "0.0.165", + "@vx/point": "0.0.165", + "classnames": "^2.2.5", + "d3-path": "^1.0.5", + "d3-shape": "^1.2.0", + "prop-types": "^15.5.10" + } + }, + "@vx/text": { + "version": "0.0.183", + "resolved": "https://registry.npmjs.org/@vx/text/-/text-0.0.183.tgz";, + "integrity": "sha512-SM97C6I2Oy3FdbjM0zb2oZ8xgPskQE3r0FdGHZgq6Dk1b3lYwuW3KqdXn598BRl3iL9jfSyR6vFN9z6NV0FFww==", + "requires": { + "@babel/core": "^7.0.0", + "babel-plugin-lodash": "^3.3.2", + "classnames": "^2.2.5", + "lodash": "^4.17.4", + "prop-types": "^15.6.2", + "reduce-css-calc": "^1.3.0" + } + }, + "@vx/tooltip": { + "version": "0.0.165", + "resolved": "https://registry.npmjs.org/@vx/tooltip/-/tooltip-0.0.165.tgz";, + "integrity": "sha512-/x1NZc67QGQ4e/WNT7Ks5LYRyeLSqp8lG04gX5J6leUS0zscAVzo3aE5u65Qqbc0cnMyMPRZ2Qtb4klWTLg+eQ==", + "requires": { + "@vx/bounds": "0.0.165", + "classnames": "^2.2.5", + "prop-types": "^15.5.10" + } + } } }, "@superset-ui/number-format": { @@ -9219,9 +9488,9 @@ } }, "dompurify": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-1.0.8.tgz";, - "integrity": "sha512-vetRFbN1SXSPfP3ClIiYnxTrXquSqakBEOoB5JESn0SVcSYzpu6ougjakpKnskGctYdlNpwf+riUHSkG7d4XUw==" + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.0.7.tgz";, + "integrity": "sha512-S3O0lk6rFJtO01ZTzMollCOGg+WAtCwS3U5E2WSDY/x/sy7q70RjEC4Dmrih5/UqzLLB9XoKJ8KqwBxaNvBu4A==" }, "domutils": { "version": "1.5.1", @@ -10399,9 +10668,9 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=" }, "fast-safe-stringify": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.0.6.tgz";, - "integrity": "sha512-q8BZ89jjc+mz08rSxROs8VsrBBcn1SIw1kq9NjolL509tkABRk9io01RAjSaEv1Xb2uFLt8VtRiZbGp5H8iDtg==" + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.0.7.tgz";, + "integrity": "sha512-Utm6CdzT+6xsDk2m8S6uL8VHxNwI6Jub+e9NYTcAms28T84pTa25GJQV9j0CY0N1rM8hK4x6grpF2BQf+2qwVA==" }, "fastparse": { "version": "1.1.2", diff --git a/superset/assets/package.json b/superset/assets/package.json index 6d766a8..de4bb8d 100644 --- a/superset/assets/package.json +++ b/superset/assets/package.json @@ -71,13 +71,13 @@ "@superset-ui/legacy-plugin-chart-rose": "^0.11.0", "@superset-ui/legacy-plugin-chart-sankey": "^0.11.0", "@superset-ui/legacy-plugin-chart-sunburst": "^0.11.0", - "@superset-ui/legacy-plugin-chart-table": "^0.11.0", + "@superset-ui/legacy-plugin-chart-table": "^0.11.4", "@superset-ui/legacy-plugin-chart-treemap": "^0.11.0", "@superset-ui/legacy-plugin-chart-word-cloud": "^0.11.0", "@superset-ui/legacy-plugin-chart-world-map": "^0.11.0", "@superset-ui/legacy-preset-chart-big-number": "^0.11.0", "@superset-ui/legacy-preset-chart-deckgl": "^0.1.0", - "@superset-ui/legacy-preset-chart-nvd3": "^0.11.0", + "@superset-ui/legacy-preset-chart-nvd3": "^0.11.4", "@superset-ui/number-format": "^0.12.1", "@superset-ui/plugin-chart-table": "^0.11.0", "@superset-ui/preset-chart-xy": "^0.11.0", @@ -98,7 +98,7 @@ "d3-color": "^1.2.0", "d3-scale": "^2.1.2", "dnd-core": "^2.6.0", - "dompurify": "^1.0.3", + "dompurify": "^2.0.7", "geolib": "^2.0.24", "immutable": "^3.8.2", "jquery": "^3.4.1",
