subject:"\[MediaWiki\-commits\] \[Gerrit\] mediawiki...parsoid\[master\]\: Muck with dependencies for the latest set of nsp warnings"

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings

2017-09-27 Thread jenkins-bot (Code Review)

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/381079 )

Change subject: Muck with dependencies for the latest set of nsp warnings
..


Muck with dependencies for the latest set of nsp warnings

 * finalhandler is downgraded from yesterday because nsp has a bug
   where it's falsely reporting its dependency, however, this may
   not be a bad thing to keep the same version express is using at
   the top level.

Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99
---
M .nsprc
M npm-shrinkwrap.json
M package.json
3 files changed, 181 insertions(+), 246 deletions(-)

Approvals:
  Subramanya Sastry: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/.nsprc b/.nsprc
index d0da284..b800ece 100644
--- a/.nsprc
+++ b/.nsprc
@@ -1,5 +1,7 @@
 {
   "exceptions": [
-"https://nodesecurity.io/advisories/338;
+"https://nodesecurity.io/advisories/338;,
+// Not affected, https://github.com/expressjs/express/issues/3431
+"https://nodesecurity.io/advisories/535;
   ]
 }
diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json
index 186df80..60e842f 100644
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
@@ -420,29 +420,19 @@
   }
 },
 "compression": {
-  "version": "1.7.0",
-  "from": "compression@1.7.0",
-  "resolved": 
"https://registry.npmjs.org/compression/-/compression-1.7.0.tgz;,
+  "version": "1.7.1",
+  "from": "compression@1.7.1",
+  "resolved": 
"https://registry.npmjs.org/compression/-/compression-1.7.1.tgz;,
   "dependencies": {
-"bytes": {
-  "version": "2.5.0",
-  "from": "bytes@2.5.0",
-  "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz;
-},
 "debug": {
-  "version": "2.6.8",
-  "from": "debug@2.6.8",
-  "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz;
+  "version": "2.6.9",
+  "from": "debug@2.6.9",
+  "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz;
 },
 "ms": {
   "version": "2.0.0",
   "from": "ms@2.0.0",
   "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz;
-},
-"safe-buffer": {
-  "version": "5.1.1",
-  "from": "safe-buffer@5.1.1",
-  "resolved": 
"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz;
 }
   }
 },
@@ -1002,18 +992,13 @@
   "dependencies": {
 "content-type": {
   "version": "1.0.4",
-  "from": "content-type@~1.0.2",
+  "from": "content-type@>=1.0.2 <1.1.0",
   "resolved": 
"https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz;
 },
 "debug": {
   "version": "2.6.9",
   "from": "debug@2.6.9",
   "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz;
-},
-"finalhandler": {
-  "version": "1.0.6",
-  "from": "finalhandler@>=1.0.6 <1.1.0",
-  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;
 },
 "ms": {
   "version": "2.0.0",
@@ -1066,9 +1051,9 @@
   "dev": true
 },
 "finalhandler": {
-  "version": "1.1.0",
-  "from": "finalhandler@1.1.0",
-  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz;,
+  "version": "1.0.6",
+  "from": "finalhandler@1.0.6",
+  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;,
   "dependencies": {
 "debug": {
   "version": "2.6.9",
@@ -1892,158 +1877,150 @@
   "resolved": 
"https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz;
 },
 "nsp": {
-  "version": "2.6.3",
-  "from": "nsp@>=2.6.3 <3.0.0",
-  "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.6.3.tgz;,
+  "version": "2.8.1",
+  "from": "nsp@2.8.1",
+  "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.8.1.tgz;,
   "dev": true,
   "dependencies": {
+"agent-base": {
+  "version": "2.1.1",
+  "from": 
"agent-base@https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz;,
+  "resolved": 
"https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz;,
+  "dev": true,
+  "dependencies": {
+"semver": {
+  "version": "5.0.3",
+  "from": 
"semver@https://registry.npmjs.org/semver/-/semver-5.0.3.tgz;,
+  "resolved": 
"https://registry.npmjs.org/semver/-/semver-5.0.3.tgz;,
+  "dev": true
+}
+  }
+},
+"ansi-regex": {
+  "version": "2.1.1",
+  "from": 
"ansi-regex@https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz;,
+  "resolved": 
"https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz;,
+  "dev": true
+},

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings

2017-09-27 Thread Arlolra (Code Review)

Arlolra has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/381079 )

Change subject: Muck with dependencies for the latest set of nsp warnings
..

Muck with dependencies for the latest set of nsp warnings

Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99
---
M .nsprc
M npm-shrinkwrap.json
M package.json
3 files changed, 15 insertions(+), 28 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid 
refs/changes/79/381079/1

diff --git a/.nsprc b/.nsprc
index d0da284..b800ece 100644
--- a/.nsprc
+++ b/.nsprc
@@ -1,5 +1,7 @@
 {
   "exceptions": [
-"https://nodesecurity.io/advisories/338;
+"https://nodesecurity.io/advisories/338;,
+// Not affected, https://github.com/expressjs/express/issues/3431
+"https://nodesecurity.io/advisories/535;
   ]
 }
diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json
index 186df80..c3afcc7 100644
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
@@ -420,29 +420,19 @@
   }
 },
 "compression": {
-  "version": "1.7.0",
-  "from": "compression@1.7.0",
-  "resolved": 
"https://registry.npmjs.org/compression/-/compression-1.7.0.tgz;,
+  "version": "1.7.1",
+  "from": "compression@1.7.1",
+  "resolved": 
"https://registry.npmjs.org/compression/-/compression-1.7.1.tgz;,
   "dependencies": {
-"bytes": {
-  "version": "2.5.0",
-  "from": "bytes@2.5.0",
-  "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz;
-},
 "debug": {
-  "version": "2.6.8",
-  "from": "debug@2.6.8",
-  "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz;
+  "version": "2.6.9",
+  "from": "debug@2.6.9",
+  "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz;
 },
 "ms": {
   "version": "2.0.0",
   "from": "ms@2.0.0",
   "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz;
-},
-"safe-buffer": {
-  "version": "5.1.1",
-  "from": "safe-buffer@5.1.1",
-  "resolved": 
"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz;
 }
   }
 },
@@ -1002,18 +992,13 @@
   "dependencies": {
 "content-type": {
   "version": "1.0.4",
-  "from": "content-type@~1.0.2",
+  "from": "content-type@>=1.0.2 <1.1.0",
   "resolved": 
"https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz;
 },
 "debug": {
   "version": "2.6.9",
   "from": "debug@2.6.9",
   "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz;
-},
-"finalhandler": {
-  "version": "1.0.6",
-  "from": "finalhandler@>=1.0.6 <1.1.0",
-  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;
 },
 "ms": {
   "version": "2.0.0",
@@ -1066,9 +1051,9 @@
   "dev": true
 },
 "finalhandler": {
-  "version": "1.1.0",
-  "from": "finalhandler@1.1.0",
-  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz;,
+  "version": "1.0.6",
+  "from": "finalhandler@1.0.6",
+  "resolved": 
"https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;,
   "dependencies": {
 "debug": {
   "version": "2.6.9",
diff --git a/package.json b/package.json
index f0fa7a5..8f7dcc5 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
 "async": "^0.9.2",
 "babybird": "^0.0.1",
 "body-parser": "^1.18.2",
-"compression": "^1.7.0",
+"compression": "^1.7.1",
 "connect-busboy": "^0.0.2",
 "content-type": "git+https://github.com/wikimedia/content-type#master;,
 "core-js": "^2.5.1",
@@ -16,7 +16,7 @@
 "entities": "^1.1.1",
 "express": "^4.15.5",
 "express-handlebars": "^3.0.0",
-"finalhandler": "^1.1.0",
+"finalhandler": "^1.0.6",
 "js-yaml": "^3.8.1",
 "mediawiki-title": "^0.6.4",
 "negotiator": 
"git+https://github.com/arlolra/negotiator#full-parse-access;,

-- 
To view, visit https://gerrit.wikimedia.org/r/381079
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings

2 matches

Site Navigation

Mail list logo

Footer information