From c461adff11456734fcb9193b5522cc6451078732 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Wed, 3 Apr 2024 00:53:47 +0300 Subject: [PATCH] Fixed CRITICAL SECURITY ISSUE by updating meteor-node-stubs. Thanks to Meteor developers ! --- package-lock.json | 453 ++++++++++++++++++++++++---------------------- package.json | 2 +- 2 files changed, 234 insertions(+), 221 deletions(-) diff --git a/package-lock.json b/package-lock.json index dcde79d00..ffa7dec98 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1372,44 +1372,71 @@ "integrity": "sha512-SBbbYWvFYvsxHVL+q6ZB8lT3rp2LSvfALD2V52H+MGH2IgJsevy0VtXRkRG0EsUewwOaDTIKBn9DlD8HQ3GSwg==" }, "meteor-node-stubs": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/meteor-node-stubs/-/meteor-node-stubs-1.2.7.tgz", - "integrity": "sha512-20bAFUhEIOD/Cos2nmvhqf2NOKpTf63WVQ+nwuaX2OFj31sU6GL4KkNylkWum8McwsH0LsMr/F+UHhduTX7KRg==", + "version": "1.2.9", + "resolved": "https://registry.npmjs.org/meteor-node-stubs/-/meteor-node-stubs-1.2.9.tgz", + "integrity": "sha512-EKRezc1/PblYtYiK4BOT3h5geWDo9AFBBSYNamPNh8AC5msUbVCcg8kekzAa7r7JPzBX8nZWaXEQVar4t8q/Hg==", "requires": { - "assert": "^2.0.0", + "@meteorjs/crypto-browserify": "^3.12.1", + "assert": "^2.1.0", "browserify-zlib": "^0.2.0", "buffer": "^5.7.1", "console-browserify": "^1.2.0", "constants-browserify": "^1.0.0", - "crypto-browserify": "^3.12.0", - "domain-browser": "^4.22.0", + "domain-browser": "^4.23.0", "elliptic": "^6.5.4", "events": "^3.3.0", "https-browserify": "^1.0.0", "os-browserify": "^0.3.0", - "path-browserify": "^1.0.0", + "path-browserify": "^1.0.1", "process": "^0.11.10", "punycode": "^1.4.1", "querystring-es3": "^0.2.1", - "readable-stream": "^3.6.0", + "readable-stream": "^3.6.2", "stream-browserify": "^3.0.0", "stream-http": "^3.2.0", "string_decoder": "^1.3.0", "timers-browserify": "^2.0.12", "tty-browserify": "0.0.1", - "url": "^0.11.0", - "util": "^0.12.4", + "url": "^0.11.3", + "util": "^0.12.5", "vm-browserify": "^1.1.2" }, "dependencies": { + "@meteorjs/crypto-browserify": { + "version": "3.12.1", + "bundled": true, + "requires": { + "browserify-cipher": "^1.0.1", + "browserify-sign": "^4.2.3", + "create-ecdh": "^4.0.4", + "create-hash": "^1.2.0", + "create-hmac": "^1.1.7", + "diffie-hellman": "^5.0.3", + "hash-base": "~3.0.4", + "inherits": "^2.0.4", + "pbkdf2": "^3.1.2", + "public-encrypt": "^4.0.3", + "randombytes": "^2.1.0", + "randomfill": "^1.0.4" + }, + "dependencies": { + "hash-base": { + "version": "3.0.4", + "bundled": true, + "requires": { + "inherits": "^2.0.1", + "safe-buffer": "^5.0.1" + } + } + } + }, "asn1.js": { - "version": "5.4.1", + "version": "4.10.1", "bundled": true, "requires": { "bn.js": "^4.0.0", "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "safer-buffer": "^2.1.0" + "minimalistic-assert": "^1.0.0" }, "dependencies": { "bn.js": { @@ -1419,17 +1446,18 @@ } }, "assert": { - "version": "2.0.0", + "version": "2.1.0", "bundled": true, "requires": { - "es6-object-assign": "^1.1.0", - "is-nan": "^1.2.1", - "object-is": "^1.0.1", - "util": "^0.12.0" + "call-bind": "^1.0.2", + "is-nan": "^1.3.2", + "object-is": "^1.1.5", + "object.assign": "^4.1.4", + "util": "^0.12.5" } }, "available-typed-arrays": { - "version": "1.0.4", + "version": "1.0.5", "bundled": true }, "base64-js": { @@ -1484,18 +1512,65 @@ } }, "browserify-sign": { - "version": "4.2.1", + "version": "4.2.3", "bundled": true, "requires": { - "bn.js": "^5.1.1", - "browserify-rsa": "^4.0.1", + "bn.js": "^5.2.1", + "browserify-rsa": "^4.1.0", "create-hash": "^1.2.0", "create-hmac": "^1.1.7", - "elliptic": "^6.5.3", + "elliptic": "^6.5.5", + "hash-base": "~3.0", "inherits": "^2.0.4", - "parse-asn1": "^5.1.5", - "readable-stream": "^3.6.0", - "safe-buffer": "^5.2.0" + "parse-asn1": "^5.1.7", + "readable-stream": "^2.3.8", + "safe-buffer": "^5.2.1" + }, + "dependencies": { + "bn.js": { + "version": "5.2.1", + "bundled": true + }, + "hash-base": { + "version": "3.0.4", + "bundled": true, + "requires": { + "inherits": "^2.0.1", + "safe-buffer": "^5.0.1" + } + }, + "readable-stream": { + "version": "2.3.8", + "bundled": true, + "requires": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + }, + "dependencies": { + "safe-buffer": { + "version": "5.1.2", + "bundled": true + } + } + }, + "string_decoder": { + "version": "1.1.1", + "bundled": true, + "requires": { + "safe-buffer": "~5.1.0" + }, + "dependencies": { + "safe-buffer": { + "version": "5.1.2", + "bundled": true + } + } + } } }, "browserify-zlib": { @@ -1522,11 +1597,12 @@ "bundled": true }, "call-bind": { - "version": "1.0.2", + "version": "1.0.5", "bundled": true, "requires": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" } }, "cipher-base": { @@ -1545,6 +1621,10 @@ "version": "1.0.0", "bundled": true }, + "core-util-is": { + "version": "1.0.3", + "bundled": true + }, "create-ecdh": { "version": "4.0.4", "bundled": true, @@ -1582,28 +1662,22 @@ "sha.js": "^2.4.8" } }, - "crypto-browserify": { - "version": "3.12.0", + "define-data-property": { + "version": "1.1.1", "bundled": true, "requires": { - "browserify-cipher": "^1.0.0", - "browserify-sign": "^4.0.0", - "create-ecdh": "^4.0.0", - "create-hash": "^1.1.0", - "create-hmac": "^1.1.0", - "diffie-hellman": "^5.0.0", - "inherits": "^2.0.1", - "pbkdf2": "^3.0.3", - "public-encrypt": "^4.0.0", - "randombytes": "^2.0.0", - "randomfill": "^1.0.3" + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" } }, "define-properties": { - "version": "1.1.3", + "version": "1.2.1", "bundled": true, "requires": { - "object-keys": "^1.0.12" + "define-data-property": "^1.0.1", + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" } }, "des.js": { @@ -1630,11 +1704,11 @@ } }, "domain-browser": { - "version": "4.22.0", + "version": "4.23.0", "bundled": true }, "elliptic": { - "version": "6.5.4", + "version": "6.5.5", "bundled": true, "requires": { "bn.js": "^4.11.9", @@ -1652,41 +1726,6 @@ } } }, - "es-abstract": { - "version": "1.18.3", - "bundled": true, - "requires": { - "call-bind": "^1.0.2", - "es-to-primitive": "^1.2.1", - "function-bind": "^1.1.1", - "get-intrinsic": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.2", - "is-callable": "^1.2.3", - "is-negative-zero": "^2.0.1", - "is-regex": "^1.1.3", - "is-string": "^1.0.6", - "object-inspect": "^1.10.3", - "object-keys": "^1.1.1", - "object.assign": "^4.1.2", - "string.prototype.trimend": "^1.0.4", - "string.prototype.trimstart": "^1.0.4", - "unbox-primitive": "^1.0.1" - } - }, - "es-to-primitive": { - "version": "1.2.1", - "bundled": true, - "requires": { - "is-callable": "^1.1.4", - "is-date-object": "^1.0.1", - "is-symbol": "^1.0.2" - } - }, - "es6-object-assign": { - "version": "1.1.0", - "bundled": true - }, "events": { "version": "3.3.0", "bundled": true @@ -1699,38 +1738,56 @@ "safe-buffer": "^5.1.1" } }, - "foreach": { - "version": "2.0.5", - "bundled": true + "for-each": { + "version": "0.3.3", + "bundled": true, + "requires": { + "is-callable": "^1.1.3" + } }, "function-bind": { - "version": "1.1.1", + "version": "1.1.2", "bundled": true }, "get-intrinsic": { - "version": "1.1.1", + "version": "1.2.2", "bundled": true, "requires": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.1" + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" } }, - "has": { - "version": "1.0.3", + "gopd": { + "version": "1.0.1", "bundled": true, "requires": { - "function-bind": "^1.1.1" + "get-intrinsic": "^1.1.3" } }, - "has-bigints": { + "has-property-descriptors": { + "version": "1.0.1", + "bundled": true, + "requires": { + "get-intrinsic": "^1.2.2" + } + }, + "has-proto": { "version": "1.0.1", "bundled": true }, "has-symbols": { - "version": "1.0.2", + "version": "1.0.3", "bundled": true }, + "has-tostringtag": { + "version": "1.0.0", + "bundled": true, + "requires": { + "has-symbols": "^1.0.2" + } + }, "hash-base": { "version": "3.1.0", "bundled": true, @@ -1748,6 +1805,13 @@ "minimalistic-assert": "^1.0.1" } }, + "hasown": { + "version": "2.0.0", + "bundled": true, + "requires": { + "function-bind": "^1.1.2" + } + }, "hmac-drbg": { "version": "1.0.1", "bundled": true, @@ -1770,34 +1834,23 @@ "bundled": true }, "is-arguments": { - "version": "1.1.0", - "bundled": true, - "requires": { - "call-bind": "^1.0.0" - } - }, - "is-bigint": { - "version": "1.0.2", - "bundled": true - }, - "is-boolean-object": { "version": "1.1.1", "bundled": true, "requires": { - "call-bind": "^1.0.2" + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" } }, "is-callable": { - "version": "1.2.3", - "bundled": true - }, - "is-date-object": { - "version": "1.0.4", + "version": "1.2.7", "bundled": true }, "is-generator-function": { - "version": "1.0.9", - "bundled": true + "version": "1.0.10", + "bundled": true, + "requires": { + "has-tostringtag": "^1.0.0" + } }, "is-nan": { "version": "1.3.2", @@ -1807,44 +1860,17 @@ "define-properties": "^1.1.3" } }, - "is-negative-zero": { - "version": "2.0.1", - "bundled": true - }, - "is-number-object": { - "version": "1.0.5", - "bundled": true - }, - "is-regex": { - "version": "1.1.3", - "bundled": true, - "requires": { - "call-bind": "^1.0.2", - "has-symbols": "^1.0.2" - } - }, - "is-string": { - "version": "1.0.6", - "bundled": true - }, - "is-symbol": { - "version": "1.0.4", - "bundled": true, - "requires": { - "has-symbols": "^1.0.2" - } - }, "is-typed-array": { - "version": "1.1.5", + "version": "1.1.12", "bundled": true, "requires": { - "available-typed-arrays": "^1.0.2", - "call-bind": "^1.0.2", - "es-abstract": "^1.18.0-next.2", - "foreach": "^2.0.5", - "has-symbols": "^1.0.1" + "which-typed-array": "^1.1.11" } }, + "isarray": { + "version": "1.0.0", + "bundled": true + }, "md5.js": { "version": "1.3.5", "bundled": true, @@ -1877,7 +1903,7 @@ "bundled": true }, "object-inspect": { - "version": "1.10.3", + "version": "1.13.1", "bundled": true }, "object-is": { @@ -1893,12 +1919,12 @@ "bundled": true }, "object.assign": { - "version": "4.1.2", + "version": "4.1.4", "bundled": true, "requires": { - "call-bind": "^1.0.0", - "define-properties": "^1.1.3", - "has-symbols": "^1.0.1", + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "has-symbols": "^1.0.3", "object-keys": "^1.1.1" } }, @@ -1911,14 +1937,25 @@ "bundled": true }, "parse-asn1": { - "version": "5.1.6", + "version": "5.1.7", "bundled": true, "requires": { - "asn1.js": "^5.2.0", - "browserify-aes": "^1.0.0", - "evp_bytestokey": "^1.0.0", - "pbkdf2": "^3.0.3", - "safe-buffer": "^5.1.1" + "asn1.js": "^4.10.1", + "browserify-aes": "^1.2.0", + "evp_bytestokey": "^1.0.3", + "hash-base": "~3.0", + "pbkdf2": "^3.1.2", + "safe-buffer": "^5.2.1" + }, + "dependencies": { + "hash-base": { + "version": "3.0.4", + "bundled": true, + "requires": { + "inherits": "^2.0.1", + "safe-buffer": "^5.0.1" + } + } } }, "path-browserify": { @@ -1940,6 +1977,10 @@ "version": "0.11.10", "bundled": true }, + "process-nextick-args": { + "version": "2.0.1", + "bundled": true + }, "public-encrypt": { "version": "4.0.3", "bundled": true, @@ -1962,9 +2003,12 @@ "version": "1.4.1", "bundled": true }, - "querystring": { - "version": "0.2.0", - "bundled": true + "qs": { + "version": "6.11.2", + "bundled": true, + "requires": { + "side-channel": "^1.0.4" + } }, "querystring-es3": { "version": "0.2.1", @@ -1986,7 +2030,7 @@ } }, "readable-stream": { - "version": "3.6.0", + "version": "3.6.2", "bundled": true, "requires": { "inherits": "^2.0.3", @@ -2006,9 +2050,15 @@ "version": "5.2.1", "bundled": true }, - "safer-buffer": { - "version": "2.1.2", - "bundled": true + "set-function-length": { + "version": "1.1.1", + "bundled": true, + "requires": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + } }, "setimmediate": { "version": "1.0.5", @@ -2022,6 +2072,15 @@ "safe-buffer": "^5.0.1" } }, + "side-channel": { + "version": "1.0.4", + "bundled": true, + "requires": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + } + }, "stream-browserify": { "version": "3.0.0", "bundled": true, @@ -2040,22 +2099,6 @@ "xtend": "^4.0.2" } }, - "string.prototype.trimend": { - "version": "1.0.4", - "bundled": true, - "requires": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.3" - } - }, - "string.prototype.trimstart": { - "version": "1.0.4", - "bundled": true, - "requires": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.3" - } - }, "string_decoder": { "version": "1.3.0", "bundled": true, @@ -2074,39 +2117,22 @@ "version": "0.0.1", "bundled": true }, - "unbox-primitive": { - "version": "1.0.1", - "bundled": true, - "requires": { - "function-bind": "^1.1.1", - "has-bigints": "^1.0.1", - "has-symbols": "^1.0.2", - "which-boxed-primitive": "^1.0.2" - } - }, "url": { - "version": "0.11.0", + "version": "0.11.3", "bundled": true, "requires": { - "punycode": "1.3.2", - "querystring": "0.2.0" - }, - "dependencies": { - "punycode": { - "version": "1.3.2", - "bundled": true - } + "punycode": "^1.4.1", + "qs": "^6.11.2" } }, "util": { - "version": "0.12.4", + "version": "0.12.5", "bundled": true, "requires": { "inherits": "^2.0.3", "is-arguments": "^1.0.4", "is-generator-function": "^1.0.7", "is-typed-array": "^1.1.3", - "safe-buffer": "^5.1.2", "which-typed-array": "^1.1.2" } }, @@ -2118,28 +2144,15 @@ "version": "1.1.2", "bundled": true }, - "which-boxed-primitive": { - "version": "1.0.2", - "bundled": true, - "requires": { - "is-bigint": "^1.0.1", - "is-boolean-object": "^1.1.0", - "is-number-object": "^1.0.4", - "is-string": "^1.0.5", - "is-symbol": "^1.0.3" - } - }, "which-typed-array": { - "version": "1.1.4", + "version": "1.1.13", "bundled": true, "requires": { - "available-typed-arrays": "^1.0.2", - "call-bind": "^1.0.0", - "es-abstract": "^1.18.0-next.1", - "foreach": "^2.0.5", - "function-bind": "^1.1.1", - "has-symbols": "^1.0.1", - "is-typed-array": "^1.1.3" + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.4", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-tostringtag": "^1.0.0" } }, "xtend": { diff --git a/package.json b/package.json index c60104013..51a4df3e7 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "markdown-it-emoji": "^2.0.0", "markdown-it-mathjax3": "^4.3.2", "meteor-accounts-t9n": "^2.6.0", - "meteor-node-stubs": "^1.2.7", + "meteor-node-stubs": "^1.2.9", "minio": "^7.1.3", "moment": "^2.29.4", "os": "^0.1.2",