From a5852ba36b5daa69566d89329eef032a3da18027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Attila=20Ve=C4=8Derek?= Date: Fri, 19 Feb 2021 21:00:43 +0100 Subject: [PATCH] Update y18n to fix CVE-2020-7774 --- node_modules/y18n/CHANGELOG.md | 7 +++++++ node_modules/y18n/index.js | 2 +- node_modules/y18n/package.json | 16 ++++++++-------- package-lock.json | 6 +++--- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/node_modules/y18n/CHANGELOG.md b/node_modules/y18n/CHANGELOG.md index c259076ad6da2..a3d5bcd534916 100644 --- a/node_modules/y18n/CHANGELOG.md +++ b/node_modules/y18n/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### 4.0.1 (2020-11-30) + +### Bug Fixes + +* address prototype pollution issue ([#108](https://www.github.com/yargs/y18n/issues/108)) ([a9ac604](https://www.github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25)) + # [4.0.0](https://github.com/yargs/y18n/compare/v3.2.1...v4.0.0) (2017-10-10) diff --git a/node_modules/y18n/index.js b/node_modules/y18n/index.js index d72068162876a..727362aac0664 100644 --- a/node_modules/y18n/index.js +++ b/node_modules/y18n/index.js @@ -11,7 +11,7 @@ function Y18N (opts) { this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true // internal stuff. - this.cache = {} + this.cache = Object.create(null) this.writeQueue = [] } diff --git a/node_modules/y18n/package.json b/node_modules/y18n/package.json index 24016e224a737..82bff6dc7e01c 100644 --- a/node_modules/y18n/package.json +++ b/node_modules/y18n/package.json @@ -1,8 +1,8 @@ { "_from": "y18n@^4.0.0", - "_id": "y18n@4.0.0", + "_id": "y18n@4.0.1", "_inBundle": false, - "_integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==", + "_integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==", "_location": "/y18n", "_phantomChildren": {}, "_requested": { @@ -18,13 +18,13 @@ "_requiredBy": [ "/cacache", "/libnpx", - "/npm-profile/cacache", - "/npm-registry-fetch/cacache" + "/nyc/yargs", + "/yargs" ], - "_resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", - "_shasum": "95ef94f85ecc81d007c264e190a120f0a3c8566b", + "_resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "_shasum": "8db2b83c31c5d75099bb890b23f3094891e247d4", "_spec": "y18n@^4.0.0", - "_where": "/Users/rebecca/code/npm/node_modules/cacache", + "_where": "/Users/avecerek/Code/vecerek/cli/node_modules/cacache", "author": { "name": "Ben Coe", "email": "ben@npmjs.com" @@ -66,5 +66,5 @@ "release": "standard-version", "test": "nyc mocha" }, - "version": "4.0.0" + "version": "4.0.1" } diff --git a/package-lock.json b/package-lock.json index dcb81c9349668..7a7815dd944f6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6156,9 +6156,9 @@ "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68=" }, "y18n": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", - "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==" + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==" }, "yallist": { "version": "3.0.3",