AngularJS: vulnerability: npm audit fix
https://github.com/advisories/GHSA-89mq-4x47-5v83
"In AngularJS before 1.7.9 the function merge() could be tricked
into adding or modifying properties of Object.prototype using
a __proto__ payload."
Although, don't see how this is a real threat to the webui
fixed anyway.
https://github.com/angular/angular.js/compare/v1.7.8...v1.7.9
The difference between 1.7.8 and 1.7.9 is small.
Discussion in the works to move any from AngularJS
https://lists.ozlabs.org/pipermail/openbmc/2019-November/019431.html
Tested: Built and loaded on a Witherspoon
Change-Id: Ibe2c9671203a76cd8b4dbb8b1dbbaae2a8230138
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/package-lock.json b/package-lock.json
index d0a4732..a00fc41 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1190,9 +1190,9 @@
"dev": true
},
"angular": {
- "version": "1.7.8",
- "resolved": "https://registry.npmjs.org/angular/-/angular-1.7.8.tgz",
- "integrity": "sha512-wtef/y4COxM7ZVhddd7JtAAhyYObq9YXKar9tsW7558BImeVYteJiTxCKeJOL45lJ/+7B4wrAC49j8gTFYEthg=="
+ "version": "1.7.9",
+ "resolved": "https://registry.npmjs.org/angular/-/angular-1.7.9.tgz",
+ "integrity": "sha512-5se7ZpcOtu0MBFlzGv5dsM1quQDoDeUTwZrWjGtTNA7O88cD8TEk5IEKCTDa3uECV9XnvKREVUr7du1ACiWGFQ=="
},
"angular-animate": {
"version": "1.7.8",
@@ -2313,32 +2313,6 @@
"supports-color": "^5.3.0"
}
},
- "cheerio": {
- "version": "1.0.0-rc.3",
- "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.3.tgz",
- "integrity": "sha512-0td5ijfUPuubwLUu0OBoe98gZj8C/AA+RW3v67GPlGOrvxWjZmBXiBCRU+I8VEiNyJzjth40POfHiz2RB3gImA==",
- "dev": true,
- "requires": {
- "css-select": "~1.2.0",
- "dom-serializer": "~0.1.1",
- "entities": "~1.1.1",
- "htmlparser2": "^3.9.1",
- "lodash": "^4.15.0",
- "parse5": "^3.0.1"
- },
- "dependencies": {
- "dom-serializer": {
- "version": "0.1.1",
- "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.1.1.tgz",
- "integrity": "sha512-l0IU0pPzLWSHBcieZbpOKgkIn3ts3vAh7ZuFyXNwJxJXk/c4Gwj9xaTJwIDVQCXawWD0qb3IzMGH5rglQaO0XA==",
- "dev": true,
- "requires": {
- "domelementtype": "^1.3.0",
- "entities": "^1.1.1"
- }
- }
- }
- },
"chokidar": {
"version": "2.1.6",
"resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.1.6.tgz",
@@ -3359,15 +3333,6 @@
"integrity": "sha1-sXrtguirWeUt2cGbF1bg/BhyBMI=",
"dev": true
},
- "domhandler": {
- "version": "2.4.2",
- "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-2.4.2.tgz",
- "integrity": "sha512-JiK04h0Ht5u/80fdLMCEmV4zkNh2BcoMFBmZ/91WtYZ8qVXSKjiw7fXMgFPnHcSZgOo3XdinHvmnDUeMf5R4wA==",
- "dev": true,
- "requires": {
- "domelementtype": "1"
- }
- },
"domutils": {
"version": "1.5.1",
"resolved": "https://registry.npmjs.org/domutils/-/domutils-1.5.1.tgz",
@@ -5270,39 +5235,6 @@
}
}
},
- "htmlparser2": {
- "version": "3.10.1",
- "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-3.10.1.tgz",
- "integrity": "sha512-IgieNijUMbkDovyoKObU1DUhm1iwNYE/fuifEoEHfd1oZKZDaONBSkal7Y01shxsM49R4XaMdGez3WnF9UfiCQ==",
- "dev": true,
- "requires": {
- "domelementtype": "^1.3.1",
- "domhandler": "^2.3.0",
- "domutils": "^1.5.1",
- "entities": "^1.1.1",
- "inherits": "^2.0.1",
- "readable-stream": "^3.1.1"
- },
- "dependencies": {
- "domelementtype": {
- "version": "1.3.1",
- "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz",
- "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==",
- "dev": true
- },
- "readable-stream": {
- "version": "3.4.0",
- "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.4.0.tgz",
- "integrity": "sha512-jItXPLmrSR8jmTRmRWJXCnGJsfy85mB3Wd/uINMXA65yrnFo0cPClFIUWzo2najVNSl+mx7/4W8ttlLWJe99pQ==",
- "dev": true,
- "requires": {
- "inherits": "^2.0.3",
- "string_decoder": "^1.1.1",
- "util-deprecate": "^1.0.1"
- }
- }
- }
- },
"http-deceiver": {
"version": "1.2.7",
"resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz",
@@ -7029,15 +6961,6 @@
"integrity": "sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=",
"dev": true
},
- "parse5": {
- "version": "3.0.3",
- "resolved": "https://registry.npmjs.org/parse5/-/parse5-3.0.3.tgz",
- "integrity": "sha512-rgO9Zg5LLLkfJF9E6CCmXlSE4UVceloys8JrFqCcHloC3usd/kJCyPDwH2SOlzix2j3xaP9sUX3e8+kvkuleAA==",
- "dev": true,
- "requires": {
- "@types/node": "*"
- }
- },
"parseurl": {
"version": "1.3.3",
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
diff --git a/package.json b/package.json
index 48f4cb1..04c02dc 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
],
"dependencies": {
"@novnc/novnc": "1.1.0",
- "angular": "1.7.8",
+ "angular": "1.7.9",
"angular-animate": "1.7.8",
"angular-clipboard": "1.7.0",
"angular-cookies": "1.7.8",
@@ -50,8 +50,8 @@
"ng-toast": "2.0.0",
"pkg-dir": "4.2.0",
"regenerator-runtime": "0.13.3",
- "xterm": "3.14.5",
- "text-encoding": "0.7.0"
+ "text-encoding": "0.7.0",
+ "xterm": "3.14.5"
},
"peerDependencies": {},
"devDependencies": {