From e657791f55ab7193db2a9074c3a86d67df896a37 Mon Sep 17 00:00:00 2001 From: Thijs Louisse Date: Mon, 19 Feb 2024 16:57:11 +0100 Subject: [PATCH 1/2] fix: remove vulnerability by updating `ip` package --- .changeset/grumpy-foxes-laugh.md | 12 ++++++ package-lock.json | 38 ++++++++++++++----- packages/dev-server/package.json | 2 +- .../test-runner-browserstack/package.json | 2 +- packages/test-runner-core/package.json | 2 +- packages/test-runner-saucelabs/package.json | 2 +- 6 files changed, 45 insertions(+), 13 deletions(-) create mode 100644 .changeset/grumpy-foxes-laugh.md diff --git a/.changeset/grumpy-foxes-laugh.md b/.changeset/grumpy-foxes-laugh.md new file mode 100644 index 000000000..c6d54bca9 --- /dev/null +++ b/.changeset/grumpy-foxes-laugh.md @@ -0,0 +1,12 @@ +--- +'@web/test-runner-browserstack': patch +'@web/test-runner-saucelabs': patch +'@web/test-runner-core': patch +'@web/dev-server': patch +--- + +Vulnerability fix in `ip` package. +For more info, see: + +- https://github.com/advisories/GHSA-78xj-cgh5-2h22 +- https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 diff --git a/package-lock.json b/package-lock.json index 936c3cd72..82b9b3d25 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35747,20 +35747,20 @@ }, "packages/dev-server": { "name": "@web/dev-server", - "version": "0.4.1", + "version": "0.4.2", "license": "MIT", "dependencies": { "@babel/code-frame": "^7.12.11", "@types/command-line-args": "^5.0.0", "@web/config-loader": "^0.3.0", - "@web/dev-server-core": "^0.7.0", + "@web/dev-server-core": "^0.7.1", "@web/dev-server-rollup": "^0.6.1", "camelcase": "^6.2.0", "command-line-args": "^5.1.1", "command-line-usage": "^7.0.1", "debounce": "^1.2.0", "deepmerge": "^4.2.2", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanocolors": "^0.2.1", "open": "^8.0.2", "portfinder": "^1.0.32" @@ -35780,7 +35780,7 @@ }, "packages/dev-server-core": { "name": "@web/dev-server-core", - "version": "0.7.0", + "version": "0.7.1", "license": "MIT", "dependencies": { "@types/koa": "^2.11.6", @@ -36307,6 +36307,11 @@ "node": ">=12.20.0" } }, + "packages/dev-server/node_modules/ip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + }, "packages/dev-server/node_modules/table-layout": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/table-layout/-/table-layout-3.0.2.tgz", @@ -36348,7 +36353,7 @@ }, "packages/mocks": { "name": "@web/mocks", - "version": "1.1.0", + "version": "1.1.1", "license": "MIT", "dependencies": { "@storybook/manager-api": "^7.0.0", @@ -36738,7 +36743,7 @@ }, "packages/storybook-builder": { "name": "@web/storybook-builder", - "version": "0.1.5", + "version": "0.1.6", "license": "MIT", "dependencies": { "@chialab/esbuild-plugin-commonjs": "^0.17.2", @@ -36995,7 +37000,7 @@ "dependencies": { "@web/test-runner-webdriver": "^0.8.0", "browserstack-local": "^1.4.8", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanoid": "^3.1.25" }, "devDependencies": { @@ -37007,6 +37012,11 @@ "node": ">=18.0.0" } }, + "packages/test-runner-browserstack/node_modules/ip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + }, "packages/test-runner-chrome": { "name": "@web/test-runner-chrome", "version": "0.15.0", @@ -37085,7 +37095,7 @@ "debounce": "^1.2.0", "dependency-graph": "^0.11.0", "globby": "^11.0.1", - "ip": "^1.1.5", + "ip": "^2.0.1", "istanbul-lib-coverage": "^3.0.0", "istanbul-lib-report": "^3.0.1", "istanbul-reports": "^3.0.2", @@ -37121,6 +37131,11 @@ "node": ">=8" } }, + "packages/test-runner-core/node_modules/ip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + }, "packages/test-runner-core/node_modules/istanbul-lib-report": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", @@ -37276,7 +37291,7 @@ "license": "MIT", "dependencies": { "@web/test-runner-webdriver": "^0.8.0", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanoid": "^3.1.25", "saucelabs": "^7.2.0", "webdriver": "^8.8.6", @@ -37292,6 +37307,11 @@ "node": ">=18.0.0" } }, + "packages/test-runner-saucelabs/node_modules/ip": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==" + }, "packages/test-runner-selenium": { "name": "@web/test-runner-selenium", "version": "0.7.0", diff --git a/packages/dev-server/package.json b/packages/dev-server/package.json index bbbb69b9a..eafade42e 100644 --- a/packages/dev-server/package.json +++ b/packages/dev-server/package.json @@ -65,7 +65,7 @@ "command-line-usage": "^7.0.1", "debounce": "^1.2.0", "deepmerge": "^4.2.2", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanocolors": "^0.2.1", "open": "^8.0.2", "portfinder": "^1.0.32" diff --git a/packages/test-runner-browserstack/package.json b/packages/test-runner-browserstack/package.json index 7d691b431..30b5f9d38 100644 --- a/packages/test-runner-browserstack/package.json +++ b/packages/test-runner-browserstack/package.json @@ -48,7 +48,7 @@ "dependencies": { "@web/test-runner-webdriver": "^0.8.0", "browserstack-local": "^1.4.8", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanoid": "^3.1.25" }, "devDependencies": { diff --git a/packages/test-runner-core/package.json b/packages/test-runner-core/package.json index 37383ba9d..85fbade0f 100644 --- a/packages/test-runner-core/package.json +++ b/packages/test-runner-core/package.json @@ -68,7 +68,7 @@ "debounce": "^1.2.0", "dependency-graph": "^0.11.0", "globby": "^11.0.1", - "ip": "^1.1.5", + "ip": "^2.0.1", "istanbul-lib-coverage": "^3.0.0", "istanbul-lib-report": "^3.0.1", "istanbul-reports": "^3.0.2", diff --git a/packages/test-runner-saucelabs/package.json b/packages/test-runner-saucelabs/package.json index 33025d863..86d3c16ab 100644 --- a/packages/test-runner-saucelabs/package.json +++ b/packages/test-runner-saucelabs/package.json @@ -47,7 +47,7 @@ ], "dependencies": { "@web/test-runner-webdriver": "^0.8.0", - "ip": "^1.1.5", + "ip": "^2.0.1", "nanoid": "^3.1.25", "saucelabs": "^7.2.0", "webdriver": "^8.8.6", From 5b006003b70fff3d6d3c36bf0c97dcc3f9835566 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 19 Feb 2024 19:09:38 +0000 Subject: [PATCH 2/2] Version Packages --- .changeset/grumpy-foxes-laugh.md | 12 ------------ integration/test-runner/package.json | 2 +- packages/dev-server/CHANGELOG.md | 10 ++++++++++ packages/dev-server/package.json | 2 +- packages/test-runner-browserstack/CHANGELOG.md | 10 ++++++++++ packages/test-runner-browserstack/package.json | 2 +- packages/test-runner-core/CHANGELOG.md | 10 ++++++++++ packages/test-runner-core/package.json | 2 +- packages/test-runner-saucelabs/CHANGELOG.md | 10 ++++++++++ packages/test-runner-saucelabs/package.json | 2 +- 10 files changed, 45 insertions(+), 17 deletions(-) delete mode 100644 .changeset/grumpy-foxes-laugh.md diff --git a/.changeset/grumpy-foxes-laugh.md b/.changeset/grumpy-foxes-laugh.md deleted file mode 100644 index c6d54bca9..000000000 --- a/.changeset/grumpy-foxes-laugh.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -'@web/test-runner-browserstack': patch -'@web/test-runner-saucelabs': patch -'@web/test-runner-core': patch -'@web/dev-server': patch ---- - -Vulnerability fix in `ip` package. -For more info, see: - -- https://github.com/advisories/GHSA-78xj-cgh5-2h22 -- https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 diff --git a/integration/test-runner/package.json b/integration/test-runner/package.json index 4841c858c..1b1a2408f 100644 --- a/integration/test-runner/package.json +++ b/integration/test-runner/package.json @@ -21,7 +21,7 @@ }, "dependencies": { "@web/dev-server-legacy": "^2.1.0", - "@web/test-runner-core": "^0.13.0" + "@web/test-runner-core": "^0.13.1" }, "devDependencies": { "@esm-bundle/chai": "^4.1.5" diff --git a/packages/dev-server/CHANGELOG.md b/packages/dev-server/CHANGELOG.md index 71ebfe103..a5eb9d86a 100644 --- a/packages/dev-server/CHANGELOG.md +++ b/packages/dev-server/CHANGELOG.md @@ -1,5 +1,15 @@ # @web/dev-server +## 0.4.3 + +### Patch Changes + +- e657791f: Vulnerability fix in `ip` package. + For more info, see: + + - https://github.com/advisories/GHSA-78xj-cgh5-2h22 + - https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 + ## 0.4.2 ### Patch Changes diff --git a/packages/dev-server/package.json b/packages/dev-server/package.json index eafade42e..e23ea8c66 100644 --- a/packages/dev-server/package.json +++ b/packages/dev-server/package.json @@ -1,6 +1,6 @@ { "name": "@web/dev-server", - "version": "0.4.2", + "version": "0.4.3", "publishConfig": { "access": "public" }, diff --git a/packages/test-runner-browserstack/CHANGELOG.md b/packages/test-runner-browserstack/CHANGELOG.md index b37923be3..57ba1dc52 100644 --- a/packages/test-runner-browserstack/CHANGELOG.md +++ b/packages/test-runner-browserstack/CHANGELOG.md @@ -1,5 +1,15 @@ # @web/test-runner-browserstack +## 0.7.1 + +### Patch Changes + +- e657791f: Vulnerability fix in `ip` package. + For more info, see: + + - https://github.com/advisories/GHSA-78xj-cgh5-2h22 + - https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 + ## 0.7.0 ### Minor Changes diff --git a/packages/test-runner-browserstack/package.json b/packages/test-runner-browserstack/package.json index 30b5f9d38..c39fc9304 100644 --- a/packages/test-runner-browserstack/package.json +++ b/packages/test-runner-browserstack/package.json @@ -1,6 +1,6 @@ { "name": "@web/test-runner-browserstack", - "version": "0.7.0", + "version": "0.7.1", "publishConfig": { "access": "public" }, diff --git a/packages/test-runner-core/CHANGELOG.md b/packages/test-runner-core/CHANGELOG.md index 90cc64d3e..b4ad3d61f 100644 --- a/packages/test-runner-core/CHANGELOG.md +++ b/packages/test-runner-core/CHANGELOG.md @@ -1,5 +1,15 @@ # @web/test-runner-core +## 0.13.1 + +### Patch Changes + +- e657791f: Vulnerability fix in `ip` package. + For more info, see: + + - https://github.com/advisories/GHSA-78xj-cgh5-2h22 + - https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 + ## 0.13.0 ### Minor Changes diff --git a/packages/test-runner-core/package.json b/packages/test-runner-core/package.json index 85fbade0f..5c11f6ca8 100644 --- a/packages/test-runner-core/package.json +++ b/packages/test-runner-core/package.json @@ -1,6 +1,6 @@ { "name": "@web/test-runner-core", - "version": "0.13.0", + "version": "0.13.1", "publishConfig": { "access": "public" }, diff --git a/packages/test-runner-saucelabs/CHANGELOG.md b/packages/test-runner-saucelabs/CHANGELOG.md index 66c6d8acf..f1959d2f7 100644 --- a/packages/test-runner-saucelabs/CHANGELOG.md +++ b/packages/test-runner-saucelabs/CHANGELOG.md @@ -1,5 +1,15 @@ # @web/test-runner-saucelabs +## 0.11.1 + +### Patch Changes + +- e657791f: Vulnerability fix in `ip` package. + For more info, see: + + - https://github.com/advisories/GHSA-78xj-cgh5-2h22 + - https://github.com/indutny/node-ip/issues/136#issuecomment-1952083593 + ## 0.11.0 ### Minor Changes diff --git a/packages/test-runner-saucelabs/package.json b/packages/test-runner-saucelabs/package.json index 86d3c16ab..574770ea2 100644 --- a/packages/test-runner-saucelabs/package.json +++ b/packages/test-runner-saucelabs/package.json @@ -1,6 +1,6 @@ { "name": "@web/test-runner-saucelabs", - "version": "0.11.0", + "version": "0.11.1", "publishConfig": { "access": "public" },