From 7d42112b744e83bd3c0017a00bea8765d2a36662 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 30 Mar 2021 06:44:55 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 --- package.json | 4 ++-- yarn.lock | 42 ++++++++++++++++-------------------------- 2 files changed, 18 insertions(+), 28 deletions(-) diff --git a/package.json b/package.json index 588d520b..ee7c8349 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ }, "dependencies": { "backbone": "^1.3.3", - "backbone.marionette": "^2.4.7", + "backbone.marionette": "^3.0.0", "backbone.radio": "^2.0.0", "bootstrap": "^3.3.7", "eonasdan-bootstrap-datetimepicker": "git+https://github.com/Eonasdan/bootstrap-datetimepicker.git", @@ -62,7 +62,7 @@ "jspm": "^0.16.53", "moment": "^2.17.1", "moment-timezone": "^0.4.1", - "underscore": "^1.8.3" + "underscore": "^1.12.1" }, "engines": { "node": ">=4.2.6" diff --git a/yarn.lock b/yarn.lock index 0702d657..3533a275 100644 --- a/yarn.lock +++ b/yarn.lock @@ -639,34 +639,18 @@ babylon@^6.18.0: version "6.18.0" resolved "https://registry.yarnpkg.com/babylon/-/babylon-6.18.0.tgz#af2f3b88fa6f5c1e4c634d1a0f8eac4f55b395e3" -backbone.babysitter@^0.1.0: - version "0.1.12" - resolved "https://registry.yarnpkg.com/backbone.babysitter/-/backbone.babysitter-0.1.12.tgz#7ca946434eeefbde1a553605c74b7049b6dfafc1" - dependencies: - backbone ">=0.9.9 <=1.3.x" - underscore ">=1.4.0 <=1.8.3" - -backbone.marionette@^2.4.7: - version "2.4.7" - resolved "https://registry.yarnpkg.com/backbone.marionette/-/backbone.marionette-2.4.7.tgz#a573d21b9c464741b80de18351faeacf1872e25f" +backbone.marionette@^3.0.0: + version "3.5.1" + resolved "https://registry.yarnpkg.com/backbone.marionette/-/backbone.marionette-3.5.1.tgz#cb22ca68cf986cbcda9fdb544fb785dd66f8f248" + integrity sha1-yyLKaM+YbLzan9tUT7eF3Wb48kg= dependencies: - backbone "1.0.0 - 1.3.x" - backbone.babysitter "^0.1.0" - backbone.wreqr "^1.0.0" - underscore "1.4.4 - 1.8.3" + backbone.radio "^2.0.0" backbone.radio@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/backbone.radio/-/backbone.radio-2.0.0.tgz#bbe8672b373e313f99f36d2fbcf583fe77d04f42" -backbone.wreqr@^1.0.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/backbone.wreqr/-/backbone.wreqr-1.4.0.tgz#7682030c9aaf090ecd873b21dbf48501693b2696" - dependencies: - backbone ">=0.9.9 <=1.3.x" - underscore ">=1.3.3 <=1.8.3" - -"backbone@1.0.0 - 1.3.x", "backbone@>=0.9.9 <=1.3.x", backbone@^1.3.3: +backbone@^1.3.3: version "1.3.3" resolved "https://registry.yarnpkg.com/backbone/-/backbone-1.3.3.tgz#4cc80ea7cb1631ac474889ce40f2f8bc683b2999" dependencies: @@ -1574,9 +1558,10 @@ fd-slicer@~1.0.1: dependencies: pend "~1.2.0" -"file-saver@git+https://github.com/eligrey/FileSaver.js.git": - version "1.3.3" - resolved "git+https://github.com/eligrey/FileSaver.js.git#c347c51f6e6e56221b2fa3d8c9b32e181f76355c" +file-saver@^1.3.3: + version "1.3.8" + resolved "https://registry.yarnpkg.com/file-saver/-/file-saver-1.3.8.tgz#e68a30c7cb044e2fb362b428469feb291c2e09d8" + integrity sha512-spKHSBQIxxS81N/O21WmuXA2F6wppUCsutpzenOeZzOCCJ5gEfcbqJP983IrpLXzYmXnMUa6J03SubcNPdKrlg== filename-regex@^2.0.0: version "2.0.1" @@ -4424,10 +4409,15 @@ unc-path-regex@^0.1.0: version "0.1.2" resolved "https://registry.yarnpkg.com/unc-path-regex/-/unc-path-regex-0.1.2.tgz#e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa" -"underscore@1.4.4 - 1.8.3", "underscore@>=1.3.3 <=1.8.3", "underscore@>=1.4.0 <=1.8.3", underscore@>=1.8.3, underscore@^1.8.3: +underscore@>=1.8.3: version "1.8.3" resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.8.3.tgz#4f3fb53b106e6097fcf9cb4109f2a5e9bdfa5022" +underscore@^1.12.1: + version "1.12.1" + resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.12.1.tgz#7bb8cc9b3d397e201cf8553336d262544ead829e" + integrity sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw== + unique-stream@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/unique-stream/-/unique-stream-1.0.0.tgz#d59a4a75427447d9aa6c91e70263f8d26a4b104b"