From e4765404844a0b6795752b2bc6f9b9107fe713be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Attila=20Ve=C4=8Derek?= Date: Fri, 19 Feb 2021 21:00:43 +0100 Subject: [PATCH] Update y18n to fix CVE-2020-7774 PR-URL: https://github.com/npm/cli/pull/2737 Credit: @vecerek Close: #2737 Reviewed-by: @ruyadorno --- node_modules/y18n/CHANGELOG.md | 7 +++++++ node_modules/y18n/index.js | 2 +- node_modules/y18n/package.json | 30 ++++++++++++++++-------------- package-lock.json | 6 +++--- 4 files changed, 27 insertions(+), 18 deletions(-) diff --git a/node_modules/y18n/CHANGELOG.md b/node_modules/y18n/CHANGELOG.md index c259076ad6da2..a3d5bcd534916 100644 --- a/node_modules/y18n/CHANGELOG.md +++ b/node_modules/y18n/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### 4.0.1 (2020-11-30) + +### Bug Fixes + +* address prototype pollution issue ([#108](https://www.github.com/yargs/y18n/issues/108)) ([a9ac604](https://www.github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25)) + # [4.0.0](https://github.com/yargs/y18n/compare/v3.2.1...v4.0.0) (2017-10-10) diff --git a/node_modules/y18n/index.js b/node_modules/y18n/index.js index d72068162876a..727362aac0664 100644 --- a/node_modules/y18n/index.js +++ b/node_modules/y18n/index.js @@ -11,7 +11,7 @@ function Y18N (opts) { this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true // internal stuff. - this.cache = {} + this.cache = Object.create(null) this.writeQueue = [] } diff --git a/node_modules/y18n/package.json b/node_modules/y18n/package.json index 24016e224a737..a8bab2cc194f8 100644 --- a/node_modules/y18n/package.json +++ b/node_modules/y18n/package.json @@ -1,30 +1,32 @@ { - "_from": "y18n@^4.0.0", - "_id": "y18n@4.0.0", + "_from": "y18n@4.0.1", + "_id": "y18n@4.0.1", "_inBundle": false, - "_integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==", + "_integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==", "_location": "/y18n", "_phantomChildren": {}, "_requested": { - "type": "range", + "type": "version", "registry": true, - "raw": "y18n@^4.0.0", + "raw": "y18n@4.0.1", "name": "y18n", "escapedName": "y18n", - "rawSpec": "^4.0.0", + "rawSpec": "4.0.1", "saveSpec": null, - "fetchSpec": "^4.0.0" + "fetchSpec": "4.0.1" }, "_requiredBy": [ + "#USER", + "/", "/cacache", "/libnpx", - "/npm-profile/cacache", - "/npm-registry-fetch/cacache" + "/nyc/yargs", + "/yargs" ], - "_resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", - "_shasum": "95ef94f85ecc81d007c264e190a120f0a3c8566b", - "_spec": "y18n@^4.0.0", - "_where": "/Users/rebecca/code/npm/node_modules/cacache", + "_resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "_shasum": "8db2b83c31c5d75099bb890b23f3094891e247d4", + "_spec": "y18n@4.0.1", + "_where": "/Users/ruyadorno/Documents/workspace/cli-release/cli", "author": { "name": "Ben Coe", "email": "ben@npmjs.com" @@ -66,5 +68,5 @@ "release": "standard-version", "test": "nyc mocha" }, - "version": "4.0.0" + "version": "4.0.1" } diff --git a/package-lock.json b/package-lock.json index dcb81c9349668..7a7815dd944f6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6156,9 +6156,9 @@ "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68=" }, "y18n": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz", - "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==" + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", + "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==" }, "yallist": { "version": "3.0.3",