From 9c498c58cb5134b18ebd3ee5f6c0b5c9470a6601 Mon Sep 17 00:00:00 2001 From: Hugo Bernier Date: Sun, 12 Apr 2020 01:45:57 -0400 Subject: [PATCH] Fixed two security exploit --- .../config/package-solution.json | 2 +- .../react-project-online/package-lock.json | 69 ++++++++++++------- samples/react-project-online/package.json | 6 +- 3 files changed, 50 insertions(+), 27 deletions(-) diff --git a/samples/react-project-online/config/package-solution.json b/samples/react-project-online/config/package-solution.json index 6cff93bfe..db23cf7c6 100644 --- a/samples/react-project-online/config/package-solution.json +++ b/samples/react-project-online/config/package-solution.json @@ -3,7 +3,7 @@ "solution": { "name": "react-project-online-client-side-solution", "id": "9a8c9f6c-e756-49cc-bc51-75a9a6c57dce", - "version": "1.0.0.0", + "version": "1.4.0.0", "includeClientSideAssets": true, "isDomainIsolated": false }, diff --git a/samples/react-project-online/package-lock.json b/samples/react-project-online/package-lock.json index 34b46bec1..9c23b363e 100644 --- a/samples/react-project-online/package-lock.json +++ b/samples/react-project-online/package-lock.json @@ -8507,6 +8507,33 @@ "integrity": "sha1-uI+UqCzzi4eR1YBG6kAprYjKmdE=", "dev": true }, + "lodash.template": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz", + "integrity": "sha1-+M3sxhaaJVvpCYrosMU9N4kx0U8=", + "dev": true, + "requires": { + "lodash._basecopy": "^3.0.0", + "lodash._basetostring": "^3.0.0", + "lodash._basevalues": "^3.0.0", + "lodash._isiterateecall": "^3.0.0", + "lodash._reinterpolate": "^3.0.0", + "lodash.escape": "^3.0.0", + "lodash.keys": "^3.0.0", + "lodash.restparam": "^3.0.0", + "lodash.templatesettings": "^3.0.0" + } + }, + "lodash.templatesettings": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/lodash.templatesettings/-/lodash.templatesettings-3.1.1.tgz", + "integrity": "sha1-+zB4RHU7Zrnxr6VOJix0UwfbqOU=", + "dev": true, + "requires": { + "lodash._reinterpolate": "^3.0.0", + "lodash.escape": "^3.0.0" + } + }, "object-assign": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-3.0.0.tgz", @@ -11781,8 +11808,7 @@ "lodash._reinterpolate": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz", - "integrity": "sha1-DM8tiRZq8Ds2Y8eWU4t1rG4RTZ0=", - "dev": true + "integrity": "sha1-DM8tiRZq8Ds2Y8eWU4t1rG4RTZ0=" }, "lodash._root": { "version": "3.0.1", @@ -11881,30 +11907,20 @@ "dev": true }, "lodash.template": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz", - "integrity": "sha1-+M3sxhaaJVvpCYrosMU9N4kx0U8=", - "dev": true, + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz", + "integrity": "sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==", "requires": { - "lodash._basecopy": "^3.0.0", - "lodash._basetostring": "^3.0.0", - "lodash._basevalues": "^3.0.0", - "lodash._isiterateecall": "^3.0.0", "lodash._reinterpolate": "^3.0.0", - "lodash.escape": "^3.0.0", - "lodash.keys": "^3.0.0", - "lodash.restparam": "^3.0.0", - "lodash.templatesettings": "^3.0.0" + "lodash.templatesettings": "^4.0.0" } }, "lodash.templatesettings": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/lodash.templatesettings/-/lodash.templatesettings-3.1.1.tgz", - "integrity": "sha1-+zB4RHU7Zrnxr6VOJix0UwfbqOU=", - "dev": true, + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz", + "integrity": "sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==", "requires": { - "lodash._reinterpolate": "^3.0.0", - "lodash.escape": "^3.0.0" + "lodash._reinterpolate": "^3.0.0" } }, "lodash.uniq": { @@ -15237,10 +15253,9 @@ "dev": true }, "serialize-javascript": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz", - "integrity": "sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==", - "dev": true + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-3.0.0.tgz", + "integrity": "sha512-skZcHYw2vEX4bw90nAr2iTTsz6x2SrHEnfxgKYmZlvJYBEZrvbKtobJWlQ20zczKb3bsHHXXTYt48zBA7ni9cw==" }, "serve-index": { "version": "1.9.1", @@ -16064,6 +16079,12 @@ "ajv-keywords": "^3.1.0" } }, + "serialize-javascript": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz", + "integrity": "sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==", + "dev": true + }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", diff --git a/samples/react-project-online/package.json b/samples/react-project-online/package.json index ecf450fa9..9034b0a70 100644 --- a/samples/react-project-online/package.json +++ b/samples/react-project-online/package.json @@ -1,6 +1,6 @@ { "name": "react-project-online", - "version": "0.0.1", + "version": "1.4.0", "private": true, "main": "lib/index.js", "engines": { @@ -26,7 +26,9 @@ "@types/webpack-env": "1.13.1", "office-ui-fabric-react": "6.189.2", "react": "16.8.5", - "react-dom": "16.8.5" + "react-dom": "16.8.5", + "lodash.template": ">=4.5.0", + "serialize-javascript": ">=2.1.1" }, "resolutions": { "@types/react": "16.8.8"