jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/381079 )
Change subject: Muck with dependencies for the latest set of nsp warnings ...................................................................... Muck with dependencies for the latest set of nsp warnings * finalhandler is downgraded from yesterday because nsp has a bug where it's falsely reporting its dependency, however, this may not be a bad thing to keep the same version express is using at the top level. Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 --- M .nsprc M npm-shrinkwrap.json M package.json 3 files changed, 181 insertions(+), 246 deletions(-) Approvals: Subramanya Sastry: Looks good to me, approved jenkins-bot: Verified diff --git a/.nsprc b/.nsprc index d0da284..b800ece 100644 --- a/.nsprc +++ b/.nsprc @@ -1,5 +1,7 @@ { "exceptions": [ - "https://nodesecurity.io/advisories/338" + "https://nodesecurity.io/advisories/338", + // Not affected, https://github.com/expressjs/express/issues/3431 + "https://nodesecurity.io/advisories/535" ] } diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 186df80..60e842f 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -420,29 +420,19 @@ } }, "compression": { - "version": "1.7.0", - "from": "compression@1.7.0", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.0.tgz", + "version": "1.7.1", + "from": "compression@1.7.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.1.tgz", "dependencies": { - "bytes": { - "version": "2.5.0", - "from": "bytes@2.5.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.5.0.tgz" - }, "debug": { - "version": "2.6.8", - "from": "debug@2.6.8", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz" + "version": "2.6.9", + "from": "debug@2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" }, "ms": { "version": "2.0.0", "from": "ms@2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz" - }, - "safe-buffer": { - "version": "5.1.1", - "from": "safe-buffer@5.1.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz" } } }, @@ -1002,18 +992,13 @@ "dependencies": { "content-type": { "version": "1.0.4", - "from": "content-type@~1.0.2", + "from": "content-type@>=1.0.2 <1.1.0", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz" }, "debug": { "version": "2.6.9", "from": "debug@2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" - }, - "finalhandler": { - "version": "1.0.6", - "from": "finalhandler@>=1.0.6 <1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz" }, "ms": { "version": "2.0.0", @@ -1066,9 +1051,9 @@ "dev": true }, "finalhandler": { - "version": "1.1.0", - "from": "finalhandler@1.1.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz", + "version": "1.0.6", + "from": "finalhandler@1.0.6", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.6.tgz", "dependencies": { "debug": { "version": "2.6.9", @@ -1892,158 +1877,150 @@ "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz" }, "nsp": { - "version": "2.6.3", - "from": "nsp@>=2.6.3 <3.0.0", - "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.6.3.tgz", + "version": "2.8.1", + "from": "nsp@2.8.1", + "resolved": "https://registry.npmjs.org/nsp/-/nsp-2.8.1.tgz", "dev": true, "dependencies": { + "agent-base": { + "version": "2.1.1", + "from": "agent-base@https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-2.1.1.tgz", + "dev": true, + "dependencies": { + "semver": { + "version": "5.0.3", + "from": "semver@https://registry.npmjs.org/semver/-/semver-5.0.3.tgz", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.0.3.tgz", + "dev": true + } + } + }, + "ansi-regex": { + "version": "2.1.1", + "from": "ansi-regex@https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "dev": true + }, + "ansi-styles": { + "version": "2.2.1", + "from": "ansi-styles@https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "dev": true + }, + "boom": { + "version": "2.10.1", + "from": "boom@https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", + "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", + "dev": true + }, "chalk": { "version": "1.1.3", "from": "chalk@1.1.3", "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", - "dev": true, - "dependencies": { - "ansi-styles": { - "version": "2.2.1", - "from": "ansi-styles@2.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", - "dev": true - }, - "escape-string-regexp": { - "version": "1.0.5", - "from": "escape-string-regexp@1.0.5", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "dev": true - }, - "has-ansi": { - "version": "2.0.0", - "from": "has-ansi@2.0.0", - "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", - "dev": true, - "dependencies": { - "ansi-regex": { - "version": "2.0.0", - "from": "ansi-regex@2.0.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz", - "dev": true - } - } - }, - "strip-ansi": { - "version": "3.0.1", - "from": "strip-ansi@3.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "dev": true, - "dependencies": { - "ansi-regex": { - "version": "2.0.0", - "from": "ansi-regex@2.0.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz", - "dev": true - } - } - }, - "supports-color": { - "version": "2.0.0", - "from": "supports-color@2.0.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", - "dev": true - } - } + "dev": true }, "cli-table": { "version": "0.3.1", "from": "cli-table@0.3.1", "resolved": "https://registry.npmjs.org/cli-table/-/cli-table-0.3.1.tgz", - "dev": true, - "dependencies": { - "colors": { - "version": "1.0.3", - "from": "colors@1.0.3", - "resolved": "https://registry.npmjs.org/colors/-/colors-1.0.3.tgz", - "dev": true - } - } + "dev": true + }, + "cliclopts": { + "version": "1.1.1", + "from": "cliclopts@https://registry.npmjs.org/cliclopts/-/cliclopts-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/cliclopts/-/cliclopts-1.1.1.tgz", + "dev": true + }, + "colors": { + "version": "1.0.3", + "from": "colors@https://registry.npmjs.org/colors/-/colors-1.0.3.tgz", + "resolved": "https://registry.npmjs.org/colors/-/colors-1.0.3.tgz", + "dev": true }, "cvss": { - "version": "1.0.1", - "from": "cvss@1.0.1", - "resolved": "https://registry.npmjs.org/cvss/-/cvss-1.0.1.tgz", + "version": "1.0.2", + "from": "cvss@https://registry.npmjs.org/cvss/-/cvss-1.0.2.tgz", + "resolved": "https://registry.npmjs.org/cvss/-/cvss-1.0.2.tgz", + "dev": true + }, + "debug": { + "version": "2.6.9", + "from": "debug@https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "dev": true + }, + "deep-extend": { + "version": "0.4.2", + "from": "deep-extend@https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz", + "dev": true + }, + "escape-string-regexp": { + "version": "1.0.5", + "from": "escape-string-regexp@https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "dev": true + }, + "extend": { + "version": "3.0.1", + "from": "extend@https://registry.npmjs.org/extend/-/extend-3.0.1.tgz", + "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz", + "dev": true + }, + "has-ansi": { + "version": "2.0.0", + "from": "has-ansi@https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "dev": true + }, + "hoek": { + "version": "2.16.3", + "from": "hoek@https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", + "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", "dev": true }, "https-proxy-agent": { "version": "1.0.0", "from": "https-proxy-agent@1.0.0", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz", - "dev": true, - "dependencies": { - "agent-base": { - "version": "2.0.1", - "from": "agent-base@2.0.1", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-2.0.1.tgz", - "dev": true, - "dependencies": { - "semver": { - "version": "5.0.3", - "from": "semver@5.0.3", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.0.3.tgz", - "dev": true - } - } - }, - "debug": { - "version": "2.2.0", - "from": "debug@2.2.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", - "dev": true, - "dependencies": { - "ms": { - "version": "0.7.1", - "from": "ms@0.7.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", - "dev": true - } - } - }, - "extend": { - "version": "3.0.0", - "from": "extend@3.0.0", - "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz", - "dev": true - } - } + "dev": true + }, + "ini": { + "version": "1.3.4", + "from": "ini@https://registry.npmjs.org/ini/-/ini-1.3.4.tgz", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.4.tgz", + "dev": true + }, + "isemail": { + "version": "1.2.0", + "from": "isemail@https://registry.npmjs.org/isemail/-/isemail-1.2.0.tgz", + "resolved": "https://registry.npmjs.org/isemail/-/isemail-1.2.0.tgz", + "dev": true }, "joi": { "version": "6.10.1", "from": "joi@6.10.1", "resolved": "https://registry.npmjs.org/joi/-/joi-6.10.1.tgz", - "dev": true, - "dependencies": { - "hoek": { - "version": "2.16.3", - "from": "hoek@2.16.3", - "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", - "dev": true - }, - "isemail": { - "version": "1.2.0", - "from": "isemail@1.2.0", - "resolved": "https://registry.npmjs.org/isemail/-/isemail-1.2.0.tgz", - "dev": true - }, - "moment": { - "version": "2.12.0", - "from": "moment@2.12.0", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.12.0.tgz", - "dev": true - }, - "topo": { - "version": "1.1.0", - "from": "topo@1.1.0", - "resolved": "https://registry.npmjs.org/topo/-/topo-1.1.0.tgz", - "dev": true - } - } + "dev": true + }, + "minimist": { + "version": "1.2.0", + "from": "minimist@https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", + "dev": true + }, + "moment": { + "version": "2.18.1", + "from": "moment@https://registry.npmjs.org/moment/-/moment-2.18.1.tgz", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.18.1.tgz", + "dev": true + }, + "ms": { + "version": "2.0.0", + "from": "ms@https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "dev": true }, "nodesecurity-npm-utils": { "version": "5.0.0", @@ -2052,108 +2029,64 @@ "dev": true }, "path-is-absolute": { - "version": "1.0.0", - "from": "path-is-absolute@1.0.0", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.0.tgz", + "version": "1.0.1", + "from": "path-is-absolute@https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", "dev": true }, "rc": { - "version": "1.1.6", - "from": "rc@1.1.6", - "resolved": "https://registry.npmjs.org/rc/-/rc-1.1.6.tgz", - "dev": true, - "dependencies": { - "deep-extend": { - "version": "0.4.1", - "from": "deep-extend@0.4.1", - "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.1.tgz", - "dev": true - }, - "ini": { - "version": "1.3.4", - "from": "ini@1.3.4", - "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.4.tgz", - "dev": true - }, - "minimist": { - "version": "1.2.0", - "from": "minimist@1.2.0", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", - "dev": true - }, - "strip-json-comments": { - "version": "1.0.4", - "from": "strip-json-comments@1.0.4", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-1.0.4.tgz", - "dev": true - } - } + "version": "1.2.1", + "from": "rc@https://registry.npmjs.org/rc/-/rc-1.2.1.tgz", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.1.tgz", + "dev": true }, "semver": { - "version": "5.1.0", - "from": "semver@5.1.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.1.0.tgz", + "version": "5.4.1", + "from": "semver@https://registry.npmjs.org/semver/-/semver-5.4.1.tgz", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.4.1.tgz", + "dev": true + }, + "strip-ansi": { + "version": "3.0.1", + "from": "strip-ansi@https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "dev": true + }, + "strip-json-comments": { + "version": "2.0.1", + "from": "strip-json-comments@https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", "dev": true }, "subcommand": { - "version": "2.0.3", - "from": "subcommand@2.0.3", - "resolved": "https://registry.npmjs.org/subcommand/-/subcommand-2.0.3.tgz", - "dev": true, - "dependencies": { - "cliclopts": { - "version": "1.1.1", - "from": "cliclopts@1.1.1", - "resolved": "https://registry.npmjs.org/cliclopts/-/cliclopts-1.1.1.tgz", - "dev": true - }, - "debug": { - "version": "2.2.0", - "from": "debug@2.2.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", - "dev": true, - "dependencies": { - "ms": { - "version": "0.7.1", - "from": "ms@0.7.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", - "dev": true - } - } - }, - "minimist": { - "version": "1.2.0", - "from": "minimist@1.2.0", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", - "dev": true - }, - "xtend": { - "version": "4.0.1", - "from": "xtend@4.0.1", - "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", - "dev": true - } - } + "version": "2.1.0", + "from": "subcommand@https://registry.npmjs.org/subcommand/-/subcommand-2.1.0.tgz", + "resolved": "https://registry.npmjs.org/subcommand/-/subcommand-2.1.0.tgz", + "dev": true + }, + "supports-color": { + "version": "2.0.0", + "from": "supports-color@https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "dev": true + }, + "topo": { + "version": "1.1.0", + "from": "topo@https://registry.npmjs.org/topo/-/topo-1.1.0.tgz", + "resolved": "https://registry.npmjs.org/topo/-/topo-1.1.0.tgz", + "dev": true }, "wreck": { "version": "6.3.0", "from": "wreck@6.3.0", "resolved": "https://registry.npmjs.org/wreck/-/wreck-6.3.0.tgz", - "dev": true, - "dependencies": { - "boom": { - "version": "2.10.1", - "from": "boom@2.10.1", - "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", - "dev": true - }, - "hoek": { - "version": "2.16.3", - "from": "hoek@2.16.3", - "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", - "dev": true - } - } + "dev": true + }, + "xtend": { + "version": "4.0.1", + "from": "xtend@https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz", + "dev": true } } }, diff --git a/package.json b/package.json index f0fa7a5..f5c5699 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "async": "^0.9.2", "babybird": "^0.0.1", "body-parser": "^1.18.2", - "compression": "^1.7.0", + "compression": "^1.7.1", "connect-busboy": "^0.0.2", "content-type": "git+https://github.com/wikimedia/content-type#master", "core-js": "^2.5.1", @@ -16,7 +16,7 @@ "entities": "^1.1.1", "express": "^4.15.5", "express-handlebars": "^3.0.0", - "finalhandler": "^1.1.0", + "finalhandler": "^1.0.6", "js-yaml": "^3.8.1", "mediawiki-title": "^0.6.4", "negotiator": "git+https://github.com/arlolra/negotiator#full-parse-access", @@ -42,7 +42,7 @@ "istanbul": "^0.4.5", "mocha": "^2.5.3", "nock": "^8.2.1", - "nsp": "^2.6.3", + "nsp": "^2.8.1", "supertest": "^1.2.0" }, "main": "lib/index.js", -- To view, visit https://gerrit.wikimedia.org/r/381079 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ia4940d426bddd98ab7a4d7b43e0e32287540ec99 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/services/parsoid Gerrit-Branch: master Gerrit-Owner: Arlolra <abrea...@wikimedia.org> Gerrit-Reviewer: Arlolra <abrea...@wikimedia.org> Gerrit-Reviewer: Subramanya Sastry <ssas...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits