commit 43e3bd26133b06ed117a3a3f10b2bc09e2c2aafc
author Jason M. Bills <jason.m.bills@intel.com> Thu Jul 27 15:34:50 2023 -0700
committer Jason Bills <jason.m.bills@linux.intel.com> Fri Jul 28 18:44:21 2023 +0000
tree a21b17aaef7a494dd715ba5cdb97a425164b38e6
parent 37b22a13319f467e494dcb201570cdde840f8412

Update node-fetch and follow-redirects to fix CVEs

For https://nvd.nist.gov/vuln/detail/CVE-2022-0235, update node-fetch to
2.6.7.

For https://nvd.nist.gov/vuln/detail/CVE-2022-0536 and
https://nvd.nist.gov/vuln/detail/CVE-2022-0155, update follow-redirects
to 1.14.8.

Tested:
Confirmed that I can still log into the web UI.

Change-Id: I044014ac07ce3c88f63b1a66d8677cf80617cd5a
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

package-lock.json

diff --git a/package-lock.json b/package-lock.json
index 4d16dac..539c66d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3303,13 +3303,13 @@
             }
         },
         "@nuxt/opencollective": {
-            "version": "0.3.2",
-            "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.3.2.tgz",
-            "integrity": "sha512-XG7rUdXG9fcafu9KTDIYjJSkRO38EwjlKYIb5TQ/0WDbiTUTtUtgncMscKOYzfsY86kGs05pAuMOR+3Fi0aN3A==",
+            "version": "0.3.3",
+            "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.3.3.tgz",
+            "integrity": "sha512-6IKCd+gP0HliixqZT/p8nW3tucD6Sv/u/eR2A9X4rxT/6hXlMzA4GZQzq4d2qnBAwSwGpmKyzkyTjNjrhaA25A==",
             "requires": {
                 "chalk": "^4.1.0",
                 "consola": "^2.15.0",
-                "node-fetch": "^2.6.1"
+                "node-fetch": "^2.6.7"
             }
         },
         "@sindresorhus/is": {
@@ -5576,7 +5576,7 @@
             "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz",
             "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==",
             "requires": {
-                "follow-redirects": "^1.10.0"
+                "follow-redirects": "^1.14.0"
             }
         },
         "babel-code-frame": {
@@ -10045,9 +10045,9 @@
             }
         },
         "follow-redirects": {
-            "version": "1.13.1",
-            "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.1.tgz",
-            "integrity": "sha512-SSG5xmZh1mkPGyKzjZP8zLjltIfpW32Y5QpdNJyjcfGxK3qo3NDDkZOZSFiGn1A6SclQxY9GzEwAHQ3dmYRWpg=="
+            "version": "1.15.2",
+            "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
+            "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
         },
         "for-each": {
             "version": "0.3.3",
@@ -14732,9 +14732,9 @@
             }
         },
         "node-fetch": {
-            "version": "2.6.1",
-            "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
-            "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
+            "version": "2.6.12",
+            "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.12.tgz",
+            "integrity": "sha512-C/fGU2E8ToujUivIO0H+tpQ6HWo4eEmchoPIoXtxCrVghxdKq+QOHqEZW7tuP3KlV3bC8FRMO5nMCC7Zm1VP6g=="
         },
         "node-forge": {
             "version": "0.10.0",