From a368f66c112577fb2be28994b7693f8a69708d01 Mon Sep 17 00:00:00 2001 From: Brian Donovan <1938+eventualbuddha@users.noreply.github.com> Date: Mon, 20 Mar 2023 09:53:08 -0700 Subject: [PATCH] chore: upgrade luxon Mitigation for CVE-2023-22467 (see https://github.com/moment/moment/pull/6015#issuecomment-1152961973) --- apps/central-scan/backend/package.json | 2 +- apps/mark/frontend/package.json | 2 +- apps/scan/backend/package.json | 2 +- libs/ballot-interpreter-nh/package.json | 2 +- libs/test-utils/package.json | 2 +- libs/types/package.json | 2 +- libs/ui/package.json | 2 +- libs/utils/package.json | 2 +- pnpm-lock.yaml | 49 +++++++++---------------- 9 files changed, 26 insertions(+), 39 deletions(-) diff --git a/apps/central-scan/backend/package.json b/apps/central-scan/backend/package.json index 4e8fbba5d5..8231f2e1b3 100644 --- a/apps/central-scan/backend/package.json +++ b/apps/central-scan/backend/package.json @@ -65,7 +65,7 @@ "jest-diff": "^26.6.2", "js-sha256": "^0.9.0", "jszip": "^3.9.1", - "luxon": "^1.27.0", + "luxon": "^3.0.0", "memory-streams": "^0.1.3", "multer": "^1.4.2", "ora": "^5.2.0", diff --git a/apps/mark/frontend/package.json b/apps/mark/frontend/package.json index 82981b7fab..80771bfdb2 100644 --- a/apps/mark/frontend/package.json +++ b/apps/mark/frontend/package.json @@ -93,7 +93,7 @@ "history": "^4.10.1", "http-proxy-middleware": "1.0.6", "lodash.camelcase": "^4.3.0", - "luxon": "^1.26.0", + "luxon": "^3.0.0", "mini-css-extract-plugin": "0.11.3", "mockdate": "^3.0.2", "normalize.css": "^8.0.1", diff --git a/apps/scan/backend/package.json b/apps/scan/backend/package.json index 2ac98efdd7..95ff376931 100644 --- a/apps/scan/backend/package.json +++ b/apps/scan/backend/package.json @@ -63,7 +63,7 @@ "got": "^11.8.2", "js-sha256": "^0.9.0", "jszip": "^3.9.1", - "luxon": "^1.27.0", + "luxon": "^3.0.0", "memory-streams": "^0.1.3", "rxjs": "^7.5.5", "tmp": "^0.2.1", diff --git a/libs/ballot-interpreter-nh/package.json b/libs/ballot-interpreter-nh/package.json index e274be0afe..c33fd407ee 100644 --- a/libs/ballot-interpreter-nh/package.json +++ b/libs/ballot-interpreter-nh/package.json @@ -33,7 +33,7 @@ "he": "^1.2.0", "js-sha256": "^0.9.0", "jsdom": "^20.0.1", - "luxon": "^2.3.0", + "luxon": "^3.0.0", "tmp": "^0.2.1", "zod": "3.14.4" }, diff --git a/libs/test-utils/package.json b/libs/test-utils/package.json index 0ea8529b93..5530db4b43 100644 --- a/libs/test-utils/package.json +++ b/libs/test-utils/package.json @@ -43,7 +43,7 @@ "fast-check": "^2.18.0", "jest-diff": "^27.3.1", "js-sha256": "^0.9.0", - "luxon": "1.26.0", + "luxon": "^3.0.0", "zip-stream": "^4.1.0" }, "devDependencies": { diff --git a/libs/types/package.json b/libs/types/package.json index fb5d71c6c5..d4dd8033c6 100644 --- a/libs/types/package.json +++ b/libs/types/package.json @@ -40,7 +40,7 @@ "@antongolub/iso8601": "^1.2.1", "@votingworks/basics": "workspace:*", "js-sha256": "^0.9.0", - "luxon": "^2.4.0", + "luxon": "^3.0.0", "util": "^0.12.4", "zod": "3.14.4" }, diff --git a/libs/ui/package.json b/libs/ui/package.json index a44da7838f..73b2d09854 100644 --- a/libs/ui/package.json +++ b/libs/ui/package.json @@ -54,7 +54,7 @@ "debug": "^4.3.2", "deep-eql": "^4.0.0", "dompurify": "^2.0.12", - "luxon": "1.26.0", + "luxon": "^3.0.0", "normalize.css": "^8.0.1", "pluralize": "^8.0.0", "polished": "^4.2.2", diff --git a/libs/utils/package.json b/libs/utils/package.json index cc2161309d..a12c20f354 100644 --- a/libs/utils/package.json +++ b/libs/utils/package.json @@ -44,7 +44,7 @@ "fetch-mock": "^9.11.0", "jest-fetch-mock": "^3.0.3", "jszip": "^3.9.1", - "luxon": "^1.27.0", + "luxon": "^3.0.0", "moment": "^2.29.1", "randombytes": "^2.1.0", "readline": "^1.3.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d521de224e..229b23c5e4 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -670,7 +670,7 @@ importers: js-sha256: ^0.9.0 jszip: ^3.9.1 lint-staged: ^10.5.3 - luxon: ^1.27.0 + luxon: ^3.0.0 memory-streams: ^0.1.3 multer: ^1.4.2 nodemon: ^2.0.20 @@ -713,7 +713,7 @@ importers: jest-diff: 26.6.2 js-sha256: 0.9.0 jszip: 3.9.1 - luxon: 1.27.0 + luxon: 3.3.0 memory-streams: 0.1.3 multer: 1.4.2 ora: 5.2.0 @@ -1188,7 +1188,7 @@ importers: jest-watch-typeahead: 0.6.1 lint-staged: ^10.2.4 lodash.camelcase: ^4.3.0 - luxon: ^1.26.0 + luxon: ^3.0.0 mini-css-extract-plugin: 0.11.3 mockdate: ^3.0.2 node-fetch: ^2.6.0 @@ -1261,7 +1261,7 @@ importers: history: 4.10.1 http-proxy-middleware: 1.0.6_debug@4.3.4 lodash.camelcase: 4.3.0 - luxon: 1.27.0 + luxon: 3.3.0 mini-css-extract-plugin: 0.11.3_webpack@4.44.2 mockdate: 3.0.5 normalize.css: 8.0.1 @@ -1474,7 +1474,7 @@ importers: js-sha256: ^0.9.0 jszip: ^3.9.1 lint-staged: ^10.5.3 - luxon: ^1.27.0 + luxon: ^3.0.0 memory-streams: ^0.1.3 nock: ^13.1.0 nodemon: ^2.0.20 @@ -1517,7 +1517,7 @@ importers: got: 11.8.2 js-sha256: 0.9.0 jszip: 3.9.1 - luxon: 1.27.0 + luxon: 3.3.0 memory-streams: 0.1.3 rxjs: 7.5.7 tmp: 0.2.1 @@ -2147,7 +2147,7 @@ importers: jest-watch-typeahead: ^0.6.4 js-sha256: ^0.9.0 jsdom: ^20.0.1 - luxon: ^2.3.0 + luxon: ^3.0.0 tmp: ^0.2.1 ts-jest: ^29.0.5 typescript: 4.6.3 @@ -2165,7 +2165,7 @@ importers: he: 1.2.0 js-sha256: 0.9.0 jsdom: 20.0.1_canvas@2.9.1 - luxon: 2.3.1 + luxon: 3.3.0 tmp: 0.2.1 zod: 3.14.4 devDependencies: @@ -3200,7 +3200,7 @@ importers: jest-watch-typeahead: ^0.6.4 js-sha256: ^0.9.0 lint-staged: ^11.0.0 - luxon: 1.26.0 + luxon: ^3.0.0 prettier: ^2.6.2 react: ^17.0.1 react-dom: ^17.0.1 @@ -3219,7 +3219,7 @@ importers: fast-check: 2.18.0 jest-diff: 27.5.1 js-sha256: 0.9.0 - luxon: 1.26.0 + luxon: 3.3.0 zip-stream: 4.1.0 devDependencies: '@types/jest': 27.0.3 @@ -3278,7 +3278,7 @@ importers: jest-watch-typeahead: ^2.2.2 js-sha256: ^0.9.0 lint-staged: ^11.0.0 - luxon: ^2.4.0 + luxon: ^3.0.0 prettier: ^2.6.2 sort-package-json: ^1.50.0 ts-jest: ^29.0.5 @@ -3289,7 +3289,7 @@ importers: '@antongolub/iso8601': 1.2.1 '@votingworks/basics': link:../basics js-sha256: 0.9.0 - luxon: 2.4.0 + luxon: 3.3.0 util: 0.12.4 zod: 3.14.4 devDependencies: @@ -3392,7 +3392,7 @@ importers: lint-staged: ^11.0.0 lodash.clonedeep: ^4.5.0 lorem-ipsum: ^2.0.8 - luxon: 1.26.0 + luxon: ^3.0.0 mockdate: ^3.0.5 normalize.css: ^8.0.1 parse-css-color: ^0.2.1 @@ -3435,7 +3435,7 @@ importers: debug: 4.3.2 deep-eql: 4.0.0 dompurify: 2.3.8 - luxon: 1.26.0 + luxon: 3.3.0 normalize.css: 8.0.1 pluralize: 8.0.0 polished: 4.2.2 @@ -3549,7 +3549,7 @@ importers: jest-watch-typeahead: ^2.2.2 jszip: ^3.9.1 lint-staged: ^11.0.0 - luxon: ^1.27.0 + luxon: ^3.0.0 mockdate: ^3.0.5 moment: ^2.29.1 prettier: ^2.6.2 @@ -3571,7 +3571,7 @@ importers: fetch-mock: 9.11.0 jest-fetch-mock: 3.0.3 jszip: 3.9.1 - luxon: 1.27.0 + luxon: 3.3.0 moment: 2.29.1 randombytes: 2.1.0 readline: 1.3.0 @@ -25332,21 +25332,8 @@ packages: dependencies: yallist: 4.0.0 - /luxon/1.26.0: - resolution: {integrity: sha512-+V5QIQ5f6CDXQpWNICELwjwuHdqeJM1UenlZWx5ujcRMc9venvluCjFb4t5NYLhb6IhkbMVOxzVuOqkgMxee2A==} - dev: false - - /luxon/1.27.0: - resolution: {integrity: sha512-VKsFsPggTA0DvnxtJdiExAucKdAnwbCCNlMM5ENvHlxubqWd0xhZcdb4XgZ7QFNhaRhilXCFxHuoObP5BNA4PA==} - dev: false - - /luxon/2.3.1: - resolution: {integrity: sha512-I8vnjOmhXsMSlNMZlMkSOvgrxKJl0uOsEzdGgGNZuZPaS9KlefpE9KV95QFftlJSC+1UyCC9/I69R02cz/zcCA==} - engines: {node: '>=12'} - dev: false - - /luxon/2.4.0: - resolution: {integrity: sha512-w+NAwWOUL5hO0SgwOHsMBAmZ15SoknmQXhSO0hIbJCAmPKSsGeK8MlmhYh2w6Iib38IxN2M+/ooXWLbeis7GuA==} + /luxon/3.3.0: + resolution: {integrity: sha512-An0UCfG/rSiqtAIiBPO0Y9/zAnHUZxAMiCpTd5h2smgsj7GGmcenvrvww2cqNA8/4A5ZrD1gJpHN2mIHZQF+Mg==} engines: {node: '>=12'} dev: false