Arlolra has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/381079 )
Change subject: Muck with dependencies for the latest set of nsp warnings
......................................................................
Muck with dependencies for the latest set of nsp warnings
Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99
---
M .nsprc
M npm-shrinkwrap.json
M package.json
3 files changed, 15 insertions(+), 28 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid
refs/changes/79/381079/1
diff --git a/.nsprc b/.nsprc
index d0da284..b800ece 100644
--- a/.nsprc
+++ b/.nsprc
@@ -1,5 +1,7 @@
{
"exceptions": [
- "https://nodesecurity.io/advisories/338";
+ "https://nodesecurity.io/advisories/338";,
+ // Not affected, https://github.com/expressjs/express/issues/3431
+ "https://nodesecurity.io/advisories/535";
]
}
diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json
index 186df80..c3afcc7 100644
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
@@ -420,29 +420,19 @@
}
},
"compression": {
- "version": "1.7.0",
- "from": "compression@1.7.0",
- "resolved":
"https://registry.npmjs.org/compression/-/compression-1.7.0.tgz";,
+ "version": "1.7.1",
+ "from": "compression@1.7.1",
+ "resolved":
"https://registry.npmjs.org/compression/-/compression-1.7.1.tgz";,
"dependencies": {
- "bytes": {
- "version": "2.5.0",
- "from": "bytes@2.5.0",
- "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz";
- },
"debug": {
- "version": "2.6.8",
- "from": "debug@2.6.8",
- "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz";
+ "version": "2.6.9",
+ "from": "debug@2.6.9",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz";
},
"ms": {
"version": "2.0.0",
"from": "ms@2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz";
- },
- "safe-buffer": {
- "version": "5.1.1",
- "from": "safe-buffer@5.1.1",
- "resolved":
"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz";
}
}
},
@@ -1002,18 +992,13 @@
"dependencies": {
"content-type": {
"version": "1.0.4",
- "from": "content-type@~1.0.2",
+ "from": "content-type@>=1.0.2 <1.1.0",
"resolved":
"https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz";
},
"debug": {
"version": "2.6.9",
"from": "debug@2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz";
- },
- "finalhandler": {
- "version": "1.0.6",
- "from": "finalhandler@>=1.0.6 <1.1.0",
- "resolved":
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz";
},
"ms": {
"version": "2.0.0",
@@ -1066,9 +1051,9 @@
"dev": true
},
"finalhandler": {
- "version": "1.1.0",
- "from": "finalhandler@1.1.0",
- "resolved":
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz";,
+ "version": "1.0.6",
+ "from": "finalhandler@1.0.6",
+ "resolved":
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz";,
"dependencies": {
"debug": {
"version": "2.6.9",
diff --git a/package.json b/package.json
index f0fa7a5..8f7dcc5 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
"async": "^0.9.2",
"babybird": "^0.0.1",
"body-parser": "^1.18.2",
- "compression": "^1.7.0",
+ "compression": "^1.7.1",
"connect-busboy": "^0.0.2",
"content-type": "git+https://github.com/wikimedia/content-type#master";,
"core-js": "^2.5.1",
@@ -16,7 +16,7 @@
"entities": "^1.1.1",
"express": "^4.15.5",
"express-handlebars": "^3.0.0",
- "finalhandler": "^1.1.0",
+ "finalhandler": "^1.0.6",
"js-yaml": "^3.8.1",
"mediawiki-title": "^0.6.4",
"negotiator":
"git+https://github.com/arlolra/negotiator#full-parse-access";,
--
To view, visit https://gerrit.wikimedia.org/r/381079
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra <abrea...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
