From ee97b94d122a510e83570dae99f79cd90a61980b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 31 Jan 2023 08:44:50 -0600 Subject: [PATCH] =?UTF-8?q?fix(deps):=20update=20dependency=20underscore.s?= =?UTF-8?q?tring=20to=20v3.3.6=20=F0=9F=8C=9F=20(#25574)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Bill Glesias --- cli/CHANGELOG.md | 5 +++++ packages/data-context/package.json | 2 +- packages/driver/package.json | 2 +- packages/server/package.json | 2 +- yarn.lock | 12 ++++++------ 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md index 55b2ad3c72..b29ed52d06 100644 --- a/cli/CHANGELOG.md +++ b/cli/CHANGELOG.md @@ -8,6 +8,11 @@ _Released 01/31/2023 (PENDING)_ - Fixed an issue where alternative Microsoft Edge Beta, Canary, and Dev binary versions were not being discovered by Cypress. Fixes [#25455](https://github.com/cypress-io/cypress/issues/25455). +**Dependency Updates:** + +- Upgraded [`underscore.string`](https://github.com/esamattis/underscore.string/blob/HEAD/CHANGELOG.markdown) from `3.3.5` to `3.3.6` to reference rebuilt assets after security patch to fix regular expression DDOS exploit. + Fixed in [#25574](https://github.com/cypress-io/cypress/pull/25574). + ## 12.4.1 _Released 01/27/2023_ diff --git a/packages/data-context/package.json b/packages/data-context/package.json index b1cf044de0..66b79ad63c 100644 --- a/packages/data-context/package.json +++ b/packages/data-context/package.json @@ -51,7 +51,7 @@ "semver": "7.3.2", "simple-git": "3.15.0", "stringify-object": "^3.0.0", - "underscore.string": "^3.3.5", + "underscore.string": "^3.3.6", "wonka": "^4.0.15" }, "devDependencies": { diff --git a/packages/driver/package.json b/packages/driver/package.json index d732747868..747ddc0cde 100644 --- a/packages/driver/package.json +++ b/packages/driver/package.json @@ -78,7 +78,7 @@ "sinon": "8.1.1", "source-map": "0.8.0-beta.0", "text-mask-addons": "3.8.0", - "underscore.string": "3.3.5", + "underscore.string": "3.3.6", "unfetch": "4.1.0", "url-parse": "1.5.9", "vanilla-text-mask": "5.1.1", diff --git a/packages/server/package.json b/packages/server/package.json index c5f6de9b84..5dbb1b1d3f 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -120,7 +120,7 @@ "tree-kill": "1.2.2", "ts-node": "^10.9.1", "tslib": "2.3.1", - "underscore.string": "3.3.5", + "underscore.string": "3.3.6", "url-parse": "1.5.9", "uuid": "8.3.2", "widest-line": "3.1.0" diff --git a/yarn.lock b/yarn.lock index 26f1a694ed..d217abcefe 100644 --- a/yarn.lock +++ b/yarn.lock @@ -27305,7 +27305,7 @@ sponge-case@^1.0.1: dependencies: tslib "^2.0.3" -sprintf-js@^1.0.3, sprintf-js@^1.1.2: +sprintf-js@^1.1.1, sprintf-js@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673" integrity sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug== @@ -29111,12 +29111,12 @@ unc-path-regex@^0.1.0, unc-path-regex@^0.1.2: resolved "https://registry.yarnpkg.com/unc-path-regex/-/unc-path-regex-0.1.2.tgz#e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa" integrity sha1-5z3T17DXxe2G+6xrCufYxqadUPo= -underscore.string@3.3.5, underscore.string@^3.3.5: - version "3.3.5" - resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.5.tgz#fc2ad255b8bd309e239cbc5816fd23a9b7ea4023" - integrity sha512-g+dpmgn+XBneLmXXo+sGlW5xQEt4ErkS3mgeN2GFbremYeMBSJKr9Wf2KJplQVaiPY/f7FN6atosWYNm9ovrYg== +underscore.string@3.3.6, underscore.string@^3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.6.tgz#ad8cf23d7423cb3b53b898476117588f4e2f9159" + integrity sha512-VoC83HWXmCrF6rgkyxS9GHv8W9Q5nhMKho+OadDJGzL2oDYbYEppBaCMH6pFlwLeqj2QS+hhkw2kpXkSdD1JxQ== dependencies: - sprintf-js "^1.0.3" + sprintf-js "^1.1.1" util-deprecate "^1.0.2" underscore@^1.8.3: