Arlolra has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/381079 )
Change subject: Muck with dependencies for the latest set of nsp warnings ...................................................................... Muck with dependencies for the latest set of nsp warnings Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 --- M .nsprc M npm-shrinkwrap.json M package.json 3 files changed, 15 insertions(+), 28 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid refs/changes/79/381079/1 diff --git a/.nsprc b/.nsprc index d0da284..b800ece 100644 --- a/.nsprc +++ b/.nsprc @@ -1,5 +1,7 @@ { "exceptions": [ - "https://nodesecurity.io/advisories/338" + "https://nodesecurity.io/advisories/338", + // Not affected, https://github.com/expressjs/express/issues/3431 + "https://nodesecurity.io/advisories/535" ] } diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 186df80..c3afcc7 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -420,29 +420,19 @@ } }, "compression": { - "version": "1.7.0", - "from": "compression@1.7.0", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.0.tgz", + "version": "1.7.1", + "from": "compression@1.7.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.1.tgz", "dependencies": { - "bytes": { - "version": "2.5.0", - "from": "bytes@2.5.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz" - }, "debug": { - "version": "2.6.8", - "from": "debug@2.6.8", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz" + "version": "2.6.9", + "from": "debug@2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" }, "ms": { "version": "2.0.0", "from": "ms@2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz" - }, - "safe-buffer": { - "version": "5.1.1", - "from": "safe-buffer@5.1.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz" } } }, @@ -1002,18 +992,13 @@ "dependencies": { "content-type": { "version": "1.0.4", - "from": "content-type@~1.0.2", + "from": "content-type@>=1.0.2 <1.1.0", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" }, "debug": { "version": "2.6.9", "from": "debug@2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" - }, - "finalhandler": { - "version": "1.0.6", - "from": "finalhandler@>=1.0.6 <1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz" }, "ms": { "version": "2.0.0", @@ -1066,9 +1051,9 @@ "dev": true }, "finalhandler": { - "version": "1.1.0", - "from": "finalhandler@1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz", + "version": "1.0.6", + "from": "finalhandler@1.0.6", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz", "dependencies": { "debug": { "version": "2.6.9", diff --git a/package.json b/package.json index f0fa7a5..8f7dcc5 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "async": "^0.9.2", "babybird": "^0.0.1", "body-parser": "^1.18.2", - "compression": "^1.7.0", + "compression": "^1.7.1", "connect-busboy": "^0.0.2", "content-type": "git+https://github.com/wikimedia/content-type#master", "core-js": "^2.5.1", @@ -16,7 +16,7 @@ "entities": "^1.1.1", "express": "^4.15.5", "express-handlebars": "^3.0.0", - "finalhandler": "^1.1.0", + "finalhandler": "^1.0.6", "js-yaml": "^3.8.1", "mediawiki-title": "^0.6.4", "negotiator": "git+https://github.com/arlolra/negotiator#full-parse-access", -- To view, visit https://gerrit.wikimedia.org/r/381079 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/services/parsoid Gerrit-Branch: master Gerrit-Owner: Arlolra <abrea...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits