From 93b30801b9b08b23dd2224e37c1139bb19375090 Mon Sep 17 00:00:00 2001 From: "Jayanth Bujula (from Dev Box)" Date: Wed, 9 Jul 2025 11:28:34 -0700 Subject: [PATCH 1/4] Overrided brace-expansion with latest version to avoid vulnerability. --- package-lock.json | 68 ++++++++++------------------------------------- package.json | 3 +++ 2 files changed, 17 insertions(+), 54 deletions(-) diff --git a/package-lock.json b/package-lock.json index c4c1676c..82570606 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1159,15 +1159,6 @@ "node": ">=16.0.0" } }, - "node_modules/@microsoft/powerplatform-cli-wrapper/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0" - } - }, "node_modules/@microsoft/powerplatform-cli-wrapper/node_modules/glob": { "version": "11.0.2", "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.2.tgz", @@ -2436,10 +2427,13 @@ } }, "node_modules/balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "license": "MIT" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-3.0.1.tgz", + "integrity": "sha512-vjtV3hiLqYDNRoiAv0zC4QaGAMPomEoq83PRmYIofPswwZurCeWR5LByXm7SyoL0Zh5+2z0+HC7jG8gSZJUh0w==", + "license": "MIT", + "engines": { + "node": ">= 16" + } }, "node_modules/bare-events": { "version": "2.5.4", @@ -2541,14 +2535,15 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-4.0.1.tgz", + "integrity": "sha512-YClrbvTCXGe70pU2JiEiPLYXO9gQkyxYeKpJIQHVS/gOs6EWMQP2RYBwjFLNT322Ji8TOC3IMPfsYCedNpzKfA==", "license": "MIT", "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^3.0.0" + }, + "engines": { + "node": ">= 18" } }, "node_modules/braces": { @@ -3165,13 +3160,6 @@ "node": ">= 14" } }, - "node_modules/concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true, - "license": "MIT" - }, "node_modules/console-browserify": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/console-browserify/-/console-browserify-1.2.0.tgz", @@ -4783,15 +4771,6 @@ "node": ">= 10.13.0" } }, - "node_modules/glob/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0" - } - }, "node_modules/glob/node_modules/minimatch": { "version": "9.0.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", @@ -6940,16 +6919,6 @@ "node": ">= 14.0.0" } }, - "node_modules/mocha/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0" - } - }, "node_modules/mocha/node_modules/cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -8004,15 +7973,6 @@ "minimatch": "^5.1.0" } }, - "node_modules/readdir-glob/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0" - } - }, "node_modules/readdir-glob/node_modules/minimatch": { "version": "5.1.6", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", diff --git a/package.json b/package.json index 732c31f1..a40d9487 100644 --- a/package.json +++ b/package.json @@ -70,5 +70,8 @@ "fs-extra": "^11.2.0", "js-yaml": "^4.1", "uuid": "^9.0.1" + }, + "overrides": { + "brace-expansion": ">=2.0.2" } } From 3ddc0777f204d30aa393a5f97c57f6c139dde456 Mon Sep 17 00:00:00 2001 From: "Jayanth Bujula (from Dev Box)" Date: Wed, 9 Jul 2025 11:50:29 -0700 Subject: [PATCH 2/4] updated fix --- package-lock.json | 12 ++++++------ package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 82570606..7b8ab751 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1212,7 +1212,7 @@ "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^4.0.1" }, "engines": { "node": "20 || >=22" @@ -4777,7 +4777,7 @@ "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^4.0.1" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -5210,7 +5210,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^4.0.1" }, "engines": { "node": "*" @@ -6847,7 +6847,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^4.0.1" }, "engines": { "node": "*" @@ -6959,7 +6959,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^4.0.1" }, "engines": { "node": ">=10" @@ -7979,7 +7979,7 @@ "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^4.0.1" }, "engines": { "node": ">=10" diff --git a/package.json b/package.json index a40d9487..a0ba8cf6 100644 --- a/package.json +++ b/package.json @@ -72,6 +72,6 @@ "uuid": "^9.0.1" }, "overrides": { - "brace-expansion": ">=2.0.2" + "brace-expansion": "4.0.1" } } From a2a5beeef24dbf4837e6441d878e6733e0daaa6d Mon Sep 17 00:00:00 2001 From: "Jayanth Bujula (from Dev Box)" Date: Wed, 9 Jul 2025 12:17:36 -0700 Subject: [PATCH 3/4] update to version 2.0.2 --- package-lock.json | 20 ++++++++++---------- package.json | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7b8ab751..b871571d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1212,7 +1212,7 @@ "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==", "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^2.0.1" }, "engines": { "node": "20 || >=22" @@ -2535,12 +2535,12 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-4.0.1.tgz", - "integrity": "sha512-YClrbvTCXGe70pU2JiEiPLYXO9gQkyxYeKpJIQHVS/gOs6EWMQP2RYBwjFLNT322Ji8TOC3IMPfsYCedNpzKfA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", "license": "MIT", "dependencies": { - "balanced-match": "^3.0.0" + "balanced-match": "^1.0.0" }, "engines": { "node": ">= 18" @@ -4777,7 +4777,7 @@ "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^2.0.1" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -5210,7 +5210,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^1.1.7" }, "engines": { "node": "*" @@ -6847,7 +6847,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^1.1.7" }, "engines": { "node": "*" @@ -6959,7 +6959,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^2.0.1" }, "engines": { "node": ">=10" @@ -7979,7 +7979,7 @@ "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", "license": "ISC", "dependencies": { - "brace-expansion": "^4.0.1" + "brace-expansion": "^2.0.1" }, "engines": { "node": ">=10" diff --git a/package.json b/package.json index a0ba8cf6..4e12f8f6 100644 --- a/package.json +++ b/package.json @@ -72,6 +72,6 @@ "uuid": "^9.0.1" }, "overrides": { - "brace-expansion": "4.0.1" + "brace-expansion": "2.0.2" } } From 2f9b8d2aa503ae698303986502eb3e142cb9c4e0 Mon Sep 17 00:00:00 2001 From: "Jayanth Bujula (from Dev Box)" Date: Wed, 9 Jul 2025 12:36:52 -0700 Subject: [PATCH 4/4] updated with package dependencies --- package-lock.json | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index b871571d..da9bb8ed 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1212,7 +1212,7 @@ "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^2.0.2" }, "engines": { "node": "20 || >=22" @@ -2427,13 +2427,10 @@ } }, "node_modules/balanced-match": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-3.0.1.tgz", - "integrity": "sha512-vjtV3hiLqYDNRoiAv0zC4QaGAMPomEoq83PRmYIofPswwZurCeWR5LByXm7SyoL0Zh5+2z0+HC7jG8gSZJUh0w==", - "license": "MIT", - "engines": { - "node": ">= 16" - } + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "license": "MIT" }, "node_modules/bare-events": { "version": "2.5.4", @@ -4777,7 +4774,7 @@ "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^2.0.2" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -5210,7 +5207,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.2" }, "engines": { "node": "*" @@ -6847,7 +6844,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.2" }, "engines": { "node": "*" @@ -6959,7 +6956,7 @@ "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^2.0.2" }, "engines": { "node": ">=10" @@ -7979,7 +7976,7 @@ "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^2.0.2" }, "engines": { "node": ">=10"