fix(deps): bump tmp to >=0.2.6 to fix path traversal vulnerability
Adds a pnpm override for `tmp` in both the `frontend` and `desktop` workspaces to force the patched version (0.2.6). The previous transitive resolutions (`tmp@0.0.33` via external-editor in frontend, `tmp@0.2.3` via tmp-promise in desktop) are vulnerable to a path traversal via unsanitized prefix/postfix that enables directory escape. Addresses Dependabot alerts #234 (desktop) and #235 (frontend).
This commit is contained in:
parent
98affb265a
commit
7be5026113
|
|
@ -76,7 +76,8 @@
|
|||
"minimatch": "^10.2.3",
|
||||
"tar": "^7.5.11",
|
||||
"@tootallnate/once": "^3.0.1",
|
||||
"picomatch": ">=4.0.4"
|
||||
"picomatch": ">=4.0.4",
|
||||
"tmp": ">=0.2.6"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ overrides:
|
|||
tar: ^7.5.11
|
||||
'@tootallnate/once': ^3.0.1
|
||||
picomatch: '>=4.0.4'
|
||||
tmp: '>=0.2.6'
|
||||
|
||||
importers:
|
||||
|
||||
|
|
@ -1461,8 +1462,8 @@ packages:
|
|||
tmp-promise@3.0.3:
|
||||
resolution: {integrity: sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==}
|
||||
|
||||
tmp@0.2.3:
|
||||
resolution: {integrity: sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==}
|
||||
tmp@0.2.6:
|
||||
resolution: {integrity: sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==}
|
||||
engines: {node: '>=14.14'}
|
||||
|
||||
toidentifier@1.0.1:
|
||||
|
|
@ -3386,9 +3387,9 @@ snapshots:
|
|||
|
||||
tmp-promise@3.0.3:
|
||||
dependencies:
|
||||
tmp: 0.2.3
|
||||
tmp: 0.2.6
|
||||
|
||||
tmp@0.2.3: {}
|
||||
tmp@0.2.6: {}
|
||||
|
||||
toidentifier@1.0.1: {}
|
||||
|
||||
|
|
|
|||
|
|
@ -175,7 +175,8 @@
|
|||
"serialize-javascript": "^7.0.5",
|
||||
"flatted": "^3.4.1",
|
||||
"ip-address": ">=10.1.1",
|
||||
"postcss": ">=8.5.10"
|
||||
"postcss": ">=8.5.10",
|
||||
"tmp": ">=0.2.6"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ overrides:
|
|||
flatted: ^3.4.1
|
||||
ip-address: '>=10.1.1'
|
||||
postcss: '>=8.5.10'
|
||||
tmp: '>=0.2.6'
|
||||
|
||||
importers:
|
||||
|
||||
|
|
@ -5301,10 +5302,6 @@ packages:
|
|||
orderedmap@2.1.1:
|
||||
resolution: {integrity: sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g==}
|
||||
|
||||
os-tmpdir@1.0.2:
|
||||
resolution: {integrity: sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==}
|
||||
engines: {node: '>=0.10.0'}
|
||||
|
||||
otplib@12.0.1:
|
||||
resolution: {integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==}
|
||||
|
||||
|
|
@ -6495,9 +6492,9 @@ packages:
|
|||
resolution: {integrity: sha512-8PWx8tvC4jDB39BQw1m4x8y5MH1BcQ5xHeL2n7UVFulMPH/3Q0uiamahFJ3lXA0zO2SUyRXuVVbWSDmstlt9YA==}
|
||||
hasBin: true
|
||||
|
||||
tmp@0.0.33:
|
||||
resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==}
|
||||
engines: {node: '>=0.6.0'}
|
||||
tmp@0.2.6:
|
||||
resolution: {integrity: sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==}
|
||||
engines: {node: '>=14.14'}
|
||||
|
||||
to-regex-range@5.0.1:
|
||||
resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
|
||||
|
|
@ -11218,7 +11215,7 @@ snapshots:
|
|||
dependencies:
|
||||
chardet: 0.7.0
|
||||
iconv-lite: 0.4.24
|
||||
tmp: 0.0.33
|
||||
tmp: 0.2.6
|
||||
|
||||
extract-zip@2.0.1:
|
||||
dependencies:
|
||||
|
|
@ -12411,8 +12408,6 @@ snapshots:
|
|||
|
||||
orderedmap@2.1.1: {}
|
||||
|
||||
os-tmpdir@1.0.2: {}
|
||||
|
||||
otplib@12.0.1:
|
||||
dependencies:
|
||||
'@otplib/core': 12.0.1
|
||||
|
|
@ -13819,9 +13814,7 @@ snapshots:
|
|||
dependencies:
|
||||
tldts-core: 7.0.19
|
||||
|
||||
tmp@0.0.33:
|
||||
dependencies:
|
||||
os-tmpdir: 1.0.2
|
||||
tmp@0.2.6: {}
|
||||
|
||||
to-regex-range@5.0.1:
|
||||
dependencies:
|
||||
|
|
|
|||
Loading…
Reference in New Issue