[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings
jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/381079 ) Change subject: Muck with dependencies for the latest set of nsp warnings .. Muck with dependencies for the latest set of nsp warnings * finalhandler is downgraded from yesterday because nsp has a bug where it's falsely reporting its dependency, however, this may not be a bad thing to keep the same version express is using at the top level. Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 --- M .nsprc M npm-shrinkwrap.json M package.json 3 files changed, 181 insertions(+), 246 deletions(-) Approvals: Subramanya Sastry: Looks good to me, approved jenkins-bot: Verified diff --git a/.nsprc b/.nsprc index d0da284..b800ece 100644 --- a/.nsprc +++ b/.nsprc @@ -1,5 +1,7 @@ { "exceptions": [ -"https://nodesecurity.io/advisories/338; +"https://nodesecurity.io/advisories/338;, +// Not affected, https://github.com/expressjs/express/issues/3431 +"https://nodesecurity.io/advisories/535; ] } diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 186df80..60e842f 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -420,29 +420,19 @@ } }, "compression": { - "version": "1.7.0", - "from": "compression@1.7.0", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.0.tgz;, + "version": "1.7.1", + "from": "compression@1.7.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.1.tgz;, "dependencies": { -"bytes": { - "version": "2.5.0", - "from": "bytes@2.5.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz; -}, "debug": { - "version": "2.6.8", - "from": "debug@2.6.8", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz; + "version": "2.6.9", + "from": "debug@2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz; }, "ms": { "version": "2.0.0", "from": "ms@2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz; -}, -"safe-buffer": { - "version": "5.1.1", - "from": "safe-buffer@5.1.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz; } } }, @@ -1002,18 +992,13 @@ "dependencies": { "content-type": { "version": "1.0.4", - "from": "content-type@~1.0.2", + "from": "content-type@>=1.0.2 <1.1.0", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz; }, "debug": { "version": "2.6.9", "from": "debug@2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz; -}, -"finalhandler": { - "version": "1.0.6", - "from": "finalhandler@>=1.0.6 <1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz; }, "ms": { "version": "2.0.0", @@ -1066,9 +1051,9 @@ "dev": true }, "finalhandler": { - "version": "1.1.0", - "from": "finalhandler@1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz;, + "version": "1.0.6", + "from": "finalhandler@1.0.6", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;, "dependencies": { "debug": { "version": "2.6.9", @@ -1892,158 +1877,150 @@ "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz; }, "nsp": { - "version": "2.6.3", - "from": "nsp@>=2.6.3 <3.0.0", - "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.6.3.tgz;, + "version": "2.8.1", + "from": "nsp@2.8.1", + "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.8.1.tgz;, "dev": true, "dependencies": { +"agent-base": { + "version": "2.1.1", + "from": "agent-base@https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz;, + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz;, + "dev": true, + "dependencies": { +"semver": { + "version": "5.0.3", + "from": "semver@https://registry.npmjs.org/semver/-/semver-5.0.3.tgz;, + "resolved": "https://registry.npmjs.org/semver/-/semver-5.0.3.tgz;, + "dev": true +} + } +}, +"ansi-regex": { + "version": "2.1.1", + "from": "ansi-regex@https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz;, + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz;, + "dev": true +},
[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Muck with dependencies for the latest set of nsp warnings
Arlolra has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/381079 ) Change subject: Muck with dependencies for the latest set of nsp warnings .. Muck with dependencies for the latest set of nsp warnings Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 --- M .nsprc M npm-shrinkwrap.json M package.json 3 files changed, 15 insertions(+), 28 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid refs/changes/79/381079/1 diff --git a/.nsprc b/.nsprc index d0da284..b800ece 100644 --- a/.nsprc +++ b/.nsprc @@ -1,5 +1,7 @@ { "exceptions": [ -"https://nodesecurity.io/advisories/338; +"https://nodesecurity.io/advisories/338;, +// Not affected, https://github.com/expressjs/express/issues/3431 +"https://nodesecurity.io/advisories/535; ] } diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 186df80..c3afcc7 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -420,29 +420,19 @@ } }, "compression": { - "version": "1.7.0", - "from": "compression@1.7.0", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.0.tgz;, + "version": "1.7.1", + "from": "compression@1.7.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.1.tgz;, "dependencies": { -"bytes": { - "version": "2.5.0", - "from": "bytes@2.5.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz; -}, "debug": { - "version": "2.6.8", - "from": "debug@2.6.8", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz; + "version": "2.6.9", + "from": "debug@2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz; }, "ms": { "version": "2.0.0", "from": "ms@2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz; -}, -"safe-buffer": { - "version": "5.1.1", - "from": "safe-buffer@5.1.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz; } } }, @@ -1002,18 +992,13 @@ "dependencies": { "content-type": { "version": "1.0.4", - "from": "content-type@~1.0.2", + "from": "content-type@>=1.0.2 <1.1.0", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz; }, "debug": { "version": "2.6.9", "from": "debug@2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz; -}, -"finalhandler": { - "version": "1.0.6", - "from": "finalhandler@>=1.0.6 <1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz; }, "ms": { "version": "2.0.0", @@ -1066,9 +1051,9 @@ "dev": true }, "finalhandler": { - "version": "1.1.0", - "from": "finalhandler@1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz;, + "version": "1.0.6", + "from": "finalhandler@1.0.6", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz;, "dependencies": { "debug": { "version": "2.6.9", diff --git a/package.json b/package.json index f0fa7a5..8f7dcc5 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "async": "^0.9.2", "babybird": "^0.0.1", "body-parser": "^1.18.2", -"compression": "^1.7.0", +"compression": "^1.7.1", "connect-busboy": "^0.0.2", "content-type": "git+https://github.com/wikimedia/content-type#master;, "core-js": "^2.5.1", @@ -16,7 +16,7 @@ "entities": "^1.1.1", "express": "^4.15.5", "express-handlebars": "^3.0.0", -"finalhandler": "^1.1.0", +"finalhandler": "^1.0.6", "js-yaml": "^3.8.1", "mediawiki-title": "^0.6.4", "negotiator": "git+https://github.com/arlolra/negotiator#full-parse-access;, -- To view, visit https://gerrit.wikimedia.org/r/381079 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/services/parsoid Gerrit-Branch: master Gerrit-Owner: Arlolra___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits