Skip to content

Commit

Permalink
chore: unlock cross-spawn range (#6606)
Browse files Browse the repository at this point in the history 
cross-spawn has a vulnerability
moxystudio/node-cross-spawn#167.

This should allow the latest version of the cross-spawn package to work.

## What's the problem this PR addresses?

<!-- Describe the rationale of your PR. -->
<!-- Link all issues that it closes. (Closes/Resolves #xxxx.) -->

...

## How did you fix it?

<!-- A detailed description of your implementation. -->

...

## Checklist

<!--- Don't worry if you miss something, chores are automatically
tested. -->
<!--- This checklist exists to help you remember doing the chores when
you submit a PR. -->
<!--- Put an `x` in all the boxes that apply. -->
- [x] I have read the [Contributing
Guide](https://yarnpkg.com/advanced/contributing).

<!-- See
https://yarnpkg.com/advanced/contributing#preparing-your-pr-to-be-released
for more details. -->
<!-- Check with `yarn version check` and fix with `yarn version check
-i` -->
- [x] I have set the packages that need to be released for my changes to
be effective.

<!-- The "Testing chores" workflow validates that your PR follows our
guidelines. -->
<!-- If it doesn't pass, click on it to see details as to what your PR
might be missing. -->
- [x] I will check that all automated PR checks pass before the PR gets
reviewed.
  • Loading branch information
@lswith
lswith authored Nov 25, 2024
1 parent 2f490dd commit cc2f719
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 15 deletions.
35 changes: 35 additions & 0 deletions .yarn/versions/ce18c01f.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
releases:
"@yarnpkg/core": patch
"@yarnpkg/shell": patch

declined:
- "@yarnpkg/plugin-compat"
- "@yarnpkg/plugin-constraints"
- "@yarnpkg/plugin-dlx"
- "@yarnpkg/plugin-essentials"
- "@yarnpkg/plugin-exec"
- "@yarnpkg/plugin-file"
- "@yarnpkg/plugin-git"
- "@yarnpkg/plugin-github"
- "@yarnpkg/plugin-http"
- "@yarnpkg/plugin-init"
- "@yarnpkg/plugin-interactive-tools"
- "@yarnpkg/plugin-link"
- "@yarnpkg/plugin-nm"
- "@yarnpkg/plugin-npm"
- "@yarnpkg/plugin-npm-cli"
- "@yarnpkg/plugin-pack"
- "@yarnpkg/plugin-patch"
- "@yarnpkg/plugin-pnp"
- "@yarnpkg/plugin-pnpm"
- "@yarnpkg/plugin-stage"
- "@yarnpkg/plugin-typescript"
- "@yarnpkg/plugin-version"
- "@yarnpkg/plugin-workspace-tools"
- "@yarnpkg/builder"
- "@yarnpkg/cli"
- "@yarnpkg/doctor"
- "@yarnpkg/extensions"
- "@yarnpkg/nm"
- "@yarnpkg/pnpify"
- "@yarnpkg/sdks"
2 changes: 1 addition & 1 deletion packages/yarnpkg-core/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"chalk": "^3.0.0",
"ci-info": "^4.0.0",
"clipanion": "^4.0.0-rc.2",
"cross-spawn": "7.0.3",
"cross-spawn": "^7.0.3",
"diff": "^5.1.0",
"dotenv": "^16.3.1",
"fast-glob": "^3.2.2",
Expand Down
2 changes: 1 addition & 1 deletion packages/yarnpkg-shell/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@yarnpkg/parsers": "workspace:^",
"chalk": "^3.0.0",
"clipanion": "^4.0.0-rc.2",
"cross-spawn": "7.0.3",
"cross-spawn": "^7.0.3",
"fast-glob": "^3.2.2",
"micromatch": "^4.0.2",
"tslib": "^2.4.0"
Expand Down
26 changes: 13 additions & 13 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5512,7 +5512,7 @@ __metadata:
ci-info: "npm:^4.0.0"
clipanion: "npm:^4.0.0-rc.2"
comment-json: "npm:^2.2.0"
cross-spawn: "npm:7.0.3"
cross-spawn: "npm:^7.0.3"
diff: "npm:^5.1.0"
dotenv: "npm:^16.3.1"
esbuild: "npm:esbuild-wasm@^0.23.0"
Expand Down Expand Up @@ -6279,7 +6279,7 @@ __metadata:
"@yarnpkg/parsers": "workspace:^"
chalk: "npm:^3.0.0"
clipanion: "npm:^4.0.0-rc.2"
cross-spawn: "npm:7.0.3"
cross-spawn: "npm:^7.0.3"
fast-glob: "npm:^3.2.2"
micromatch: "npm:^4.0.2"
strip-ansi: "npm:^6.0.0"
Expand Down Expand Up @@ -8449,17 +8449,6 @@ __metadata:
languageName: node
linkType: hard

"cross-spawn@npm:7.0.3, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
version: 7.0.3
resolution: "cross-spawn@npm:7.0.3"
dependencies:
path-key: "npm:^3.1.0"
shebang-command: "npm:^2.0.0"
which: "npm:^2.0.1"
checksum: 10/e1a13869d2f57d974de0d9ef7acbf69dc6937db20b918525a01dacb5032129bd552d290d886d981e99f1b624cb03657084cc87bd40f115c07ecf376821c729ce
languageName: node
linkType: hard

"cross-spawn@npm:^6.0.0":
version: 6.0.5
resolution: "cross-spawn@npm:6.0.5"
Expand All @@ -8473,6 +8462,17 @@ __metadata:
languageName: node
linkType: hard

"cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
version: 7.0.3
resolution: "cross-spawn@npm:7.0.3"
dependencies:
path-key: "npm:^3.1.0"
shebang-command: "npm:^2.0.0"
which: "npm:^2.0.1"
checksum: 10/e1a13869d2f57d974de0d9ef7acbf69dc6937db20b918525a01dacb5032129bd552d290d886d981e99f1b624cb03657084cc87bd40f115c07ecf376821c729ce
languageName: node
linkType: hard

"crossws@npm:^0.2.4":
version: 0.2.4
resolution: "crossws@npm:0.2.4"
Expand Down

0 comments on commit cc2f719

Please sign in to comment.