From 66260c7f75417eb9e799bb608d6ac646cad6d1bc Mon Sep 17 00:00:00 2001 From: huggy <6511667+makeding@users.noreply.github.com> Date: Wed, 3 Mar 2021 19:35:10 +0800 Subject: [PATCH] update pug #CVE-2021-21353 https://github.com/pugjs/pug/issues/3312 --- package.json | 2 +- yarn.lock | 35 ++++++++++++++++++++--------------- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/package.json b/package.json index f746ca7..a6c813c 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "@babel/runtime": "^7.12.5", "node-fetch": "^2.6.1", "node-sass": "^5.0.0", - "pug": "^3.0.0", + "pug": "^3.0.2", "react": "17.0.1", "react-dom": "^17.0.1", "react-router-dom": "^5.2.0" diff --git a/yarn.lock b/yarn.lock index 6e81090..8192938 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6150,10 +6150,10 @@ pug-attrs@^3.0.0: js-stringify "^1.0.2" pug-runtime "^3.0.0" -pug-code-gen@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/pug-code-gen/-/pug-code-gen-3.0.1.tgz#ff3b337b100c494ea63ef766091d27f7d73acb7e" - integrity sha512-xJIGvmXTQlkJllq6hqxxjRWcay2F9CU69TuAuiVZgHK0afOhG5txrQOcZyaPHBvSWCU/QQOqEp5XCH94rRZpBQ== +pug-code-gen@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/pug-code-gen/-/pug-code-gen-3.0.2.tgz#ad190f4943133bf186b60b80de483100e132e2ce" + integrity sha512-nJMhW16MbiGRiyR4miDTQMRWDgKplnHyeLvioEJYbk1RsPI3FuA3saEP8uwnTb2nTJEKBU90NFVWJBk4OU5qyg== dependencies: constantinople "^4.0.1" doctypes "^1.1.0" @@ -6180,10 +6180,10 @@ pug-filters@^4.0.0: pug-walk "^2.0.0" resolve "^1.15.1" -pug-lexer@^5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/pug-lexer/-/pug-lexer-5.0.0.tgz#0b779e7d8cbf0f103803675be96351942fd9a727" - integrity sha512-52xMk8nNpuyQ/M2wjZBN5gXQLIylaGkAoTk5Y1pBhVqaopaoj8Z0iVzpbFZAqitL4RHNVDZRnJDsqEYe99Ti0A== +pug-lexer@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/pug-lexer/-/pug-lexer-5.0.1.tgz#ae44628c5bef9b190b665683b288ca9024b8b0d5" + integrity sha512-0I6C62+keXlZPZkOJeVam9aBLVP2EnbeDw3An+k0/QlqdwH6rv8284nko14Na7c0TtqtogfWXcRoFE4O4Ff20w== dependencies: character-parser "^2.2.0" is-expression "^4.0.0" @@ -6218,6 +6218,11 @@ pug-runtime@^3.0.0: resolved "https://registry.yarnpkg.com/pug-runtime/-/pug-runtime-3.0.0.tgz#d523025fdc0a1efe70929d1fd3a2d24121ffffb6" integrity sha512-GoEPcmQNnaTsePEdVA05bDpY+Op5VLHKayg08AQiqJBWU/yIaywEYv7TetC5dEQS3fzBBoyb2InDcZEg3mPTIA== +pug-runtime@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/pug-runtime/-/pug-runtime-3.0.1.tgz#f636976204723f35a8c5f6fad6acda2a191b83d7" + integrity sha512-L50zbvrQ35TkpHwv0G6aLSuueDRwc/97XdY8kL3tOT0FmhgG7UypU3VztfV/LATAvmUfYi4wNxSajhSAeNN+Kg== + pug-strip-comments@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/pug-strip-comments/-/pug-strip-comments-2.0.0.tgz#f94b07fd6b495523330f490a7f554b4ff876303e" @@ -6230,18 +6235,18 @@ pug-walk@^2.0.0: resolved "https://registry.yarnpkg.com/pug-walk/-/pug-walk-2.0.0.tgz#417aabc29232bb4499b5b5069a2b2d2a24d5f5fe" integrity sha512-yYELe9Q5q9IQhuvqsZNwA5hfPkMJ8u92bQLIMcsMxf/VADjNtEYptU+inlufAFYcWdHlwNfZOEnOOQrZrcyJCQ== -pug@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/pug/-/pug-3.0.0.tgz#101eecd7a236cd9906e420e17799d4d57f2b7d93" - integrity sha512-inmsJyFBSHZaiGLaguoFgJGViX0If6AcfcElimvwj9perqjDpUpw79UIEDZbWFmoGVidh08aoE+e8tVkjVJPCw== +pug@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/pug/-/pug-3.0.2.tgz#f35c7107343454e43bc27ae0ff76c731b78ea535" + integrity sha512-bp0I/hiK1D1vChHh6EfDxtndHji55XP/ZJKwsRqrz6lRia6ZC2OZbdAymlxdVFwd1L70ebrVJw4/eZ79skrIaw== dependencies: - pug-code-gen "^3.0.0" + pug-code-gen "^3.0.2" pug-filters "^4.0.0" - pug-lexer "^5.0.0" + pug-lexer "^5.0.1" pug-linker "^4.0.0" pug-load "^3.0.0" pug-parser "^6.0.0" - pug-runtime "^3.0.0" + pug-runtime "^3.0.1" pug-strip-comments "^2.0.0" pump@^3.0.0: