From 76121bc49ce1d5417202ce0a567e4f0f00c75667 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Tue, 5 Apr 2022 17:40:30 +0200 Subject: [PATCH] upgrade @braintree/sanitize-url to v6.0.0 Resolves: CVE-2021-23648 diff --git a/package.json b/package.json index 831586ad88..ab8b142ed9 100644 --- a/package.json +++ b/package.json @@ -209,7 +209,6 @@ "@sentry/utils": "5.24.2", "@torkelo/react-select": "3.0.8", "@types/antlr4": "^4.7.1", - "@types/braintree__sanitize-url": "4.0.0", "@types/common-tags": "^1.8.0", "@types/hoist-non-react-statics": "3.3.1", "@types/jsurl": "^1.2.28", diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json index b24b1af2f4..c3f1b4e181 100644 --- a/packages/grafana-data/package.json +++ b/packages/grafana-data/package.json @@ -22,7 +22,7 @@ "typecheck": "tsc --noEmit" }, "dependencies": { - "@braintree/sanitize-url": "4.0.0", + "@braintree/sanitize-url": "6.0.0", "@types/d3-interpolate": "^1.3.1", "apache-arrow": "0.16.0", "eventemitter3": "4.0.7", @@ -36,7 +36,6 @@ "@rollup/plugin-commonjs": "16.0.0", "@rollup/plugin-json": "4.1.0", "@rollup/plugin-node-resolve": "10.0.0", - "@types/braintree__sanitize-url": "4.0.0", "@types/jest": "26.0.15", "@types/jquery": "3.3.38", "@types/lodash": "4.14.123", diff --git a/yarn.lock b/yarn.lock index 3f5e5b80d6..a84bfebaa7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3030,10 +3030,10 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== -"@braintree/sanitize-url@4.0.0": - version "4.0.0" - resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-4.0.0.tgz#2cda79ffd67b6ea919a63b5e1a883b92d636e844" - integrity sha512-bOoFoTxuEUuri/v1q0OXN0HIrZ2EiZlRSKdveU8vS5xf2+g0TmpXhmxkTc1s+XWR5xZNoVU4uvf/Mher98tfLw== +"@braintree/sanitize-url@6.0.0": + version "6.0.0" + resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f" + integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w== "@cnakazawa/watch@^1.0.3": version "1.0.3" @@ -5752,11 +5752,6 @@ resolved "https://registry.yarnpkg.com/@types/braces/-/braces-3.0.0.tgz#7da1c0d44ff1c7eb660a36ec078ea61ba7eb42cb" integrity sha512-TbH79tcyi9FHwbyboOKeRachRq63mSuWYXOflsNO9ZyE5ClQ/JaozNKl+aWUq87qPNsXasXxi2AbgfwIJ+8GQw== -"@types/braintree__sanitize-url@4.0.0": - version "4.0.0" - resolved "https://registry.yarnpkg.com/@types/braintree__sanitize-url/-/braintree__sanitize-url-4.0.0.tgz#0e8a834501f8c375d4b3fb8dcf9398a08ebe068d" - integrity sha512-69eGJ8808/WfTJGsvMi1pxQ9UG5Z+llD1x9ash5QX+qvxElDD+eYNAn19cTEVTq6WwUqrqlaTWVCKaTRFTuGmA== - "@types/cheerio@*": version "0.22.13" resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.13.tgz#5eecda091a24514185dcba99eda77e62bf6523e6"