From 5614e6724e5131f33197ecbc1998058e9794aae9 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 4 Mar 2021 00:12:26 +0100 Subject: [PATCH 01/16] Fix URL scanning in note length validator and preview card fetching (#15827) * Add tests * Fix URL scanning in note length validator and preview card fetching --- app/lib/language_detector.rb | 2 +- app/services/fetch_link_card_service.rb | 15 +++++---- app/validators/note_length_validator.rb | 2 +- app/validators/status_length_validator.rb | 8 +---- spec/services/fetch_link_card_service_spec.rb | 8 +++++ spec/validators/note_length_validator_spec.rb | 33 +++++++++++++++++++ 6 files changed, 52 insertions(+), 16 deletions(-) create mode 100644 spec/validators/note_length_validator_spec.rb diff --git a/app/lib/language_detector.rb b/app/lib/language_detector.rb index 2cc8ac6158..40452eddc9 100644 --- a/app/lib/language_detector.rb +++ b/app/lib/language_detector.rb @@ -69,7 +69,7 @@ class LanguageDetector def simplify_text(text) new_text = remove_html(text) - new_text.gsub!(FetchLinkCardService::URL_PATTERN, '') + new_text.gsub!(FetchLinkCardService::URL_PATTERN, '\1') new_text.gsub!(Account::MENTION_RE, '') new_text.gsub!(Tag::HASHTAG_RE) { |string| string.gsub(/[#_]/, '#' => '', '_' => ' ').gsub(/[a-z][A-Z]|[a-zA-Z][\d]/) { |s| s.insert(1, ' ') }.downcase } new_text.gsub!(/:#{CustomEmoji::SHORTCODE_RE_FRAGMENT}:/, '') diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index d4e4931e67..fa1636e411 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -2,12 +2,13 @@ class FetchLinkCardService < BaseService URL_PATTERN = %r{ - ( # $1 URL - (https?:\/\/) # $2 Protocol (required) - (#{Twitter::TwitterText::Regex[:valid_domain]}) # $3 Domain(s) - (?::(#{Twitter::TwitterText::Regex[:valid_port_number]}))? # $4 Port number (optional) - (/#{Twitter::TwitterText::Regex[:valid_url_path]}*)? # $5 URL Path and anchor - (\?#{Twitter::TwitterText::Regex[:valid_url_query_chars]}*#{Twitter::TwitterText::Regex[:valid_url_query_ending_chars]})? # $6 Query String + (#{Twitter::TwitterText::Regex[:valid_url_preceding_chars]}) # $1 preceeding chars + ( # $2 URL + (https?:\/\/) # $3 Protocol (required) + (#{Twitter::TwitterText::Regex[:valid_domain]}) # $4 Domain(s) + (?::(#{Twitter::TwitterText::Regex[:valid_port_number]}))? # $5 Port number (optional) + (/#{Twitter::TwitterText::Regex[:valid_url_path]}*)? # $6 URL Path and anchor + (\?#{Twitter::TwitterText::Regex[:valid_url_query_chars]}*#{Twitter::TwitterText::Regex[:valid_url_query_ending_chars]})? # $7 Query String ) }iox @@ -63,7 +64,7 @@ class FetchLinkCardService < BaseService def parse_urls if @status.local? - urls = @status.text.scan(URL_PATTERN).map { |array| Addressable::URI.parse(array[0]).normalize } + urls = @status.text.scan(URL_PATTERN).map { |array| Addressable::URI.parse(array[1]).normalize } else html = Nokogiri::HTML(@status.text) links = html.css('a') diff --git a/app/validators/note_length_validator.rb b/app/validators/note_length_validator.rb index 7ea2bb3e53..554ad49ce2 100644 --- a/app/validators/note_length_validator.rb +++ b/app/validators/note_length_validator.rb @@ -15,7 +15,7 @@ class NoteLengthValidator < ActiveModel::EachValidator return '' if value.nil? value.dup.tap do |new_text| - new_text.gsub!(FetchLinkCardService::URL_PATTERN, 'x' * 23) + new_text.gsub!(FetchLinkCardService::URL_PATTERN, StatusLengthValidator::URL_PLACEHOLDER) new_text.gsub!(Account::MENTION_RE, '@\2') end end diff --git a/app/validators/status_length_validator.rb b/app/validators/status_length_validator.rb index b56c5a3212..d036f19256 100644 --- a/app/validators/status_length_validator.rb +++ b/app/validators/status_length_validator.rb @@ -2,12 +2,6 @@ class StatusLengthValidator < ActiveModel::Validator MAX_CHARS = 500 - URL_PATTERN = %r{ - (?: - (#{Twitter::TwitterText::Regex[:valid_url_preceding_chars]}) - (#{FetchLinkCardService::URL_PATTERN}) - ) - }iox URL_PLACEHOLDER = "\1#{'x' * 23}" def validate(status) @@ -35,7 +29,7 @@ class StatusLengthValidator < ActiveModel::Validator return '' if @status.text.nil? @status.text.dup.tap do |new_text| - new_text.gsub!(URL_PATTERN, URL_PLACEHOLDER) + new_text.gsub!(FetchLinkCardService::URL_PATTERN, URL_PLACEHOLDER) new_text.gsub!(Account::MENTION_RE, '@\2') end end diff --git a/spec/services/fetch_link_card_service_spec.rb b/spec/services/fetch_link_card_service_spec.rb index 8b296cc704..736a6078dd 100644 --- a/spec/services/fetch_link_card_service_spec.rb +++ b/spec/services/fetch_link_card_service_spec.rb @@ -77,6 +77,14 @@ RSpec.describe FetchLinkCardService, type: :service do expect(a_request(:get, 'http://example.com/test-')).to have_been_made.at_least_once end end + + context do + let(:status) { Fabricate(:status, text: 'testhttp://example.com/sjis') } + + it 'does not fetch URLs with not isolated from their surroundings' do + expect(a_request(:get, 'http://example.com/sjis')).to_not have_been_made + end + end end context 'in a remote status' do diff --git a/spec/validators/note_length_validator_spec.rb b/spec/validators/note_length_validator_spec.rb new file mode 100644 index 0000000000..6e9b4e132f --- /dev/null +++ b/spec/validators/note_length_validator_spec.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe NoteLengthValidator do + subject { NoteLengthValidator.new(attributes: { note: true }, maximum: 500) } + + describe '#validate' do + it 'adds an error when text is over 500 characters' do + text = 'a' * 520 + account = double(note: text, errors: double(add: nil)) + + subject.validate_each(account, 'note', text) + expect(account.errors).to have_received(:add) + end + + it 'counts URLs as 23 characters flat' do + text = ('a' * 476) + " http://#{'b' * 30}.com/example" + account = double(note: text, errors: double(add: nil)) + + subject.validate_each(account, 'note', text) + expect(account.errors).to_not have_received(:add) + end + + it 'does not count non-autolinkable URLs as 23 characters flat' do + text = ('a' * 476) + "http://#{'b' * 30}.com/example" + account = double(note: text, errors: double(add: nil)) + + subject.validate_each(account, 'note', text) + expect(account.errors).to have_received(:add) + end + end +end From 27d3fc99a96bba0b4dc6f44498cbd6dd6fa1a903 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 06:38:52 +0900 Subject: [PATCH 02/16] Bump capistrano from 3.15.0 to 3.16.0 (#15818) * Bump capistrano from 3.15.0 to 3.16.0 Bumps [capistrano](https://github.com/capistrano/capistrano) from 3.15.0 to 3.16.0. - [Release notes](https://github.com/capistrano/capistrano/releases) - [Commits](https://github.com/capistrano/capistrano/compare/v3.15.0...v3.16.0) Signed-off-by: dependabot[bot] * 3.16 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yamagishi Kazutoshi --- Gemfile | 2 +- Gemfile.lock | 6 +++--- config/deploy.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 53ee517fe8..ad4ef1f746 100644 --- a/Gemfile +++ b/Gemfile @@ -143,7 +143,7 @@ group :development do gem 'brakeman', '~> 4.10', require: false gem 'bundler-audit', '~> 0.7', require: false - gem 'capistrano', '~> 3.15' + gem 'capistrano', '~> 3.16' gem 'capistrano-rails', '~> 1.6' gem 'capistrano-rbenv', '~> 2.2' gem 'capistrano-yarn', '~> 2.0' diff --git a/Gemfile.lock b/Gemfile.lock index 8d1e669625..c09fd23a5c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -116,7 +116,7 @@ GEM bundler (>= 1.2.0, < 3) thor (>= 0.18, < 2) byebug (11.1.3) - capistrano (3.15.0) + capistrano (3.16.0) airbrussh (>= 1.0.0) i18n rake (>= 10.0.0) @@ -608,7 +608,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sshkit (1.21.1) + sshkit (1.21.2) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) stackprof (0.2.16) @@ -702,7 +702,7 @@ DEPENDENCIES browser bullet (~> 6.1) bundler-audit (~> 0.7) - capistrano (~> 3.15) + capistrano (~> 3.16) capistrano-rails (~> 1.6) capistrano-rbenv (~> 2.2) capistrano-yarn (~> 2.0) diff --git a/config/deploy.rb b/config/deploy.rb index c0d72f48ff..f844cc8714 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -lock '3.15.0' +lock '3.16.0' set :repo_url, ENV.fetch('REPO', 'https://github.com/tootsuite/mastodon.git') set :branch, ENV.fetch('BRANCH', 'master') From 0e982e751fa3af7dc9a6427dcd7c7cd7d0323011 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 06:39:10 +0900 Subject: [PATCH 03/16] Bump @babel/preset-env from 7.13.8 to 7.13.9 (#15825) Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.13.8 to 7.13.9. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.13.9/packages/babel-preset-env) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index bff9db5667..dfa8bb7093 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ "@babel/plugin-proposal-decorators": "^7.13.5", "@babel/plugin-transform-react-inline-elements": "^7.12.13", "@babel/plugin-transform-runtime": "^7.13.8", - "@babel/preset-env": "^7.13.8", + "@babel/preset-env": "^7.13.9", "@babel/preset-react": "^7.12.13", "@babel/runtime": "^7.13.8", "@clusterws/cws": "^3.0.0", diff --git a/yarn.lock b/yarn.lock index 4d6fb4b220..4c9be37a75 100644 --- a/yarn.lock +++ b/yarn.lock @@ -828,10 +828,10 @@ "@babel/helper-create-regexp-features-plugin" "^7.12.13" "@babel/helper-plugin-utils" "^7.12.13" -"@babel/preset-env@^7.13.8": - version "7.13.8" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.13.8.tgz#1133d7ae806d6bf981b7a1a49e336d4d88db1953" - integrity sha512-Sso1xOpV4S3ofnxW2DsWTE5ziRk62jEAKLGuQ+EJHC+YHTbFG38QUTixO3JVa1cYET9gkJhO1pMu+/+2dDhKvw== +"@babel/preset-env@^7.13.9": + version "7.13.9" + resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.13.9.tgz#3ee5f233316b10d066d7f379c6d1e13a96853654" + integrity sha512-mcsHUlh2rIhViqMG823JpscLMesRt3QbMsv1+jhopXEb3W2wXvQ9QoiOlZI9ZbR3XqPtaFpZwEZKYqGJnGMZTQ== dependencies: "@babel/compat-data" "^7.13.8" "@babel/helper-compilation-targets" "^7.13.8" From c28056347e652d13bedf2a76257854492b8779a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 06:39:25 +0900 Subject: [PATCH 04/16] Bump css-loader from 5.1.0 to 5.1.1 (#15823) Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/webpack-contrib/css-loader/releases) - [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/css-loader/compare/v5.1.0...v5.1.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index dfa8bb7093..e7b0b63c1f 100644 --- a/package.json +++ b/package.json @@ -86,7 +86,7 @@ "color-blend": "^3.0.1", "compression-webpack-plugin": "^6.1.1", "cross-env": "^7.0.3", - "css-loader": "^5.1.0", + "css-loader": "^5.1.1", "cssnano": "^4.1.10", "detect-passive-events": "^2.0.3", "dotenv": "^8.2.0", diff --git a/yarn.lock b/yarn.lock index 4c9be37a75..79aa6a39ea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3368,10 +3368,10 @@ css-list-helpers@^1.0.1: dependencies: tcomb "^2.5.0" -css-loader@^5.1.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-5.1.0.tgz#7c39af036c6674712659ca43a43a80d972bff506" - integrity sha512-mFs3Xe2UrzRzL0+ML6e7Q2e/Ozp/WpDcam0l1X+rXgkuFjjsNSrjiyimG6malUOZGVuEjzKp1NqEqN3exG7ZqQ== +css-loader@^5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-5.1.1.tgz#9362d444a0f7c08c148a109596715c904e252879" + integrity sha512-5FfhpjwtuRgxqmusDidowqmLlcb+1HgnEDMsi2JhiUrZUcoc+cqw+mUtMIF/+OfeMYaaFCLYp1TaIt9H6I/fKA== dependencies: camelcase "^6.2.0" cssesc "^3.0.0" From c27d32029647ded6d8420232028d2e381a6a8f9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 06:39:46 +0900 Subject: [PATCH 05/16] Bump parallel_tests from 3.4.0 to 3.5.0 (#15813) Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/grosser/parallel_tests/releases) - [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md) - [Commits](https://github.com/grosser/parallel_tests/compare/v3.4.0...v3.5.0) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index ad4ef1f746..d192178187 100644 --- a/Gemfile +++ b/Gemfile @@ -125,7 +125,7 @@ group :test do gem 'rspec-sidekiq', '~> 3.1' gem 'simplecov', '~> 0.21', require: false gem 'webmock', '~> 3.12' - gem 'parallel_tests', '~> 3.4' + gem 'parallel_tests', '~> 3.5' gem 'rspec_junit_formatter', '~> 0.4' end diff --git a/Gemfile.lock b/Gemfile.lock index c09fd23a5c..6f623f962d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -400,7 +400,7 @@ GEM av (~> 0.9.0) paperclip (>= 2.5.2) parallel (1.20.1) - parallel_tests (3.4.0) + parallel_tests (3.5.0) parallel parser (3.0.0.0) ast (~> 2.4.1) @@ -763,7 +763,7 @@ DEPENDENCIES paperclip (~> 6.0) paperclip-av-transcoder (~> 0.6) parallel (~> 1.20) - parallel_tests (~> 3.4) + parallel_tests (~> 3.5) parslet pg (~> 1.2) pghero (~> 2.7) From 59c6aab739cd60c904dae885f262df149f52b228 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 11:28:27 +0900 Subject: [PATCH 06/16] Bump @babel/plugin-transform-runtime from 7.13.8 to 7.13.9 (#15824) Bumps [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) from 7.13.8 to 7.13.9. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.13.9/packages/babel-plugin-transform-runtime) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index e7b0b63c1f..9cb2ef2485 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "@babel/plugin-proposal-class-properties": "^7.8.3", "@babel/plugin-proposal-decorators": "^7.13.5", "@babel/plugin-transform-react-inline-elements": "^7.12.13", - "@babel/plugin-transform-runtime": "^7.13.8", + "@babel/plugin-transform-runtime": "^7.13.9", "@babel/preset-env": "^7.13.9", "@babel/preset-react": "^7.12.13", "@babel/runtime": "^7.13.8", diff --git a/yarn.lock b/yarn.lock index 79aa6a39ea..937ad0d81a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -765,10 +765,10 @@ dependencies: "@babel/helper-plugin-utils" "^7.12.13" -"@babel/plugin-transform-runtime@^7.13.8": - version "7.13.8" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.13.8.tgz#8c9a16db6cb6c2a1f748e36ae23558b92d223010" - integrity sha512-6UbZ7P0FuuJiiUyRCfDgLw4PIG9bR2x6swHocv4qNZItkhXad0WsN6YX0deILuyZY2++meDKiDMuSVcejDZN0Q== +"@babel/plugin-transform-runtime@^7.13.9": + version "7.13.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.13.9.tgz#744d3103338a0d6c90dee0497558150b490cee07" + integrity sha512-XCxkY/wBI6M6Jj2mlWxkmqbKPweRanszWbF3Tyut+hKh+PHcuIH/rSr/7lmmE7C3WW+HSIm2GT+d5jwmheuB0g== dependencies: "@babel/helper-module-imports" "^7.12.13" "@babel/helper-plugin-utils" "^7.13.0" From a0ac5987e7122ff7bc817b8bf5354d71b99568b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 11:28:41 +0900 Subject: [PATCH 07/16] Bump @babel/runtime from 7.13.8 to 7.13.9 (#15821) Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.13.8 to 7.13.9. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.13.9/packages/babel-runtime) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 9cb2ef2485..7397b80fb3 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "@babel/plugin-transform-runtime": "^7.13.9", "@babel/preset-env": "^7.13.9", "@babel/preset-react": "^7.12.13", - "@babel/runtime": "^7.13.8", + "@babel/runtime": "^7.13.9", "@clusterws/cws": "^3.0.0", "@gamestdio/websocket": "^0.3.2", "@github/webauthn-json": "^0.5.7", diff --git a/yarn.lock b/yarn.lock index 937ad0d81a..ec1e41eb1d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -939,10 +939,10 @@ dependencies: regenerator-runtime "^0.12.0" -"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.5", "@babel/runtime@^7.13.8", "@babel/runtime@^7.2.0", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2": - version "7.13.8" - resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.13.8.tgz#cc886a85c072df1de23670dc1aa59fc116c4017c" - integrity sha512-CwQljpw6qSayc0fRG1soxHAKs1CnQMOChm4mlQP6My0kf9upVGizj/KhlTTgyUnETmHpcUXjaluNAkteRFuafg== +"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.12.1", "@babel/runtime@^7.12.5", "@babel/runtime@^7.13.9", "@babel/runtime@^7.2.0", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2": + version "7.13.9" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.13.9.tgz#97dbe2116e2630c489f22e0656decd60aaa1fcee" + integrity sha512-aY2kU+xgJ3dJ1eU6FMB9EH8dIe8dmusF1xEku52joLvw6eAFN0AI+WxCLDnpev2LEejWBAy2sBvBOBAjI3zmvA== dependencies: regenerator-runtime "^0.13.4" From a6b127eac797744fb7f652af75ef7c75c733432d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 12:00:23 +0900 Subject: [PATCH 08/16] Bump i18n-tasks from 0.9.33 to 0.9.34 (#15834) Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.33 to 0.9.34. - [Release notes](https://github.com/glebm/i18n-tasks/releases) - [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md) - [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.33...v0.9.34) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6f623f962d..70bc83ceba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -277,7 +277,7 @@ GEM rainbow (>= 2.0.0) i18n (1.8.9) concurrent-ruby (~> 1.0) - i18n-tasks (0.9.33) + i18n-tasks (0.9.34) activesupport (>= 4.0.2) ast (>= 2.1.0) erubi @@ -619,7 +619,7 @@ GEM strong_migrations (0.7.6) activerecord (>= 5) temple (0.8.2) - terminal-table (2.0.0) + terminal-table (3.0.0) unicode-display_width (~> 1.1, >= 1.1.1) terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) From c3786b29b7730b8c858320599508a20b11884108 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Mar 2021 12:32:37 +0900 Subject: [PATCH 09/16] Bump puma from 5.2.1 to 5.2.2 (#15836) Bumps [puma](https://github.com/puma/puma) from 5.2.1 to 5.2.2. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.2.1...v5.2.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 70bc83ceba..0990c1d903 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -361,7 +361,7 @@ GEM net-scp (3.0.0) net-ssh (>= 2.6.5, < 7.0.0) net-ssh (6.1.0) - nio4r (2.5.5) + nio4r (2.5.7) nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) @@ -432,7 +432,7 @@ GEM pry-rails (0.3.9) pry (>= 0.10.4) public_suffix (4.0.6) - puma (5.2.1) + puma (5.2.2) nio4r (~> 2.0) pundit (2.1.0) activesupport (>= 3.0.0) From 67c5cdea4016405483d493d1efb3765a58587d1c Mon Sep 17 00:00:00 2001 From: Claire Date: Sun, 7 Mar 2021 07:06:56 +0100 Subject: [PATCH 10/16] Fix some ignored brakeman warnings (#15829) --- app/views/admin/accounts/index.html.haml | 2 +- app/views/admin/action_logs/index.html.haml | 2 +- .../admin/email_domain_blocks/index.html.haml | 2 +- app/views/admin/instances/index.html.haml | 2 +- config/brakeman.ignore | 124 ------------------ 5 files changed, 4 insertions(+), 128 deletions(-) diff --git a/app/views/admin/accounts/index.html.haml b/app/views/admin/accounts/index.html.haml index 8eac226e08..398ab4bb46 100644 --- a/app/views/admin/accounts/index.html.haml +++ b/app/views/admin/accounts/index.html.haml @@ -51,6 +51,6 @@ %th= t('admin.accounts.most_recent_activity') %th %tbody - = render @accounts + = render partial: 'account', collection: @accounts = paginate @accounts diff --git a/app/views/admin/action_logs/index.html.haml b/app/views/admin/action_logs/index.html.haml index e7d9054d9f..f7f73150b4 100644 --- a/app/views/admin/action_logs/index.html.haml +++ b/app/views/admin/action_logs/index.html.haml @@ -23,6 +23,6 @@ = t 'admin.action_logs.empty' - else .announcements-list - = render @action_logs + = render partial: 'action_log', collection: @action_logs = paginate @action_logs diff --git a/app/views/admin/email_domain_blocks/index.html.haml b/app/views/admin/email_domain_blocks/index.html.haml index 6015cfac0a..fa5d86b67a 100644 --- a/app/views/admin/email_domain_blocks/index.html.haml +++ b/app/views/admin/email_domain_blocks/index.html.haml @@ -14,6 +14,6 @@ %th= t('admin.email_domain_blocks.domain') %th %tbody - = render @email_domain_blocks + = render partial: 'email_domain_block', collection: @email_domain_blocks = paginate @email_domain_blocks diff --git a/app/views/admin/instances/index.html.haml b/app/views/admin/instances/index.html.haml index 5f20e7ec04..7c7958786d 100644 --- a/app/views/admin/instances/index.html.haml +++ b/app/views/admin/instances/index.html.haml @@ -36,6 +36,6 @@ %div.muted-hint.center-text = t 'admin.instances.empty' - else - = render @instances + = render partial: 'instance', collection: @instances = paginate @instances diff --git a/config/brakeman.ignore b/config/brakeman.ignore index dcbfd02b4e..2d47a9aaf0 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -40,99 +40,6 @@ "confidence": "Weak", "note": "" }, - { - "warning_type": "Dynamic Render Path", - "warning_code": 15, - "fingerprint": "20a660939f2bbf8c665e69f2844031c0564524689a9570a0091ed94846212020", - "check_name": "Render", - "message": "Render path contains parameter value", - "file": "app/views/admin/action_logs/index.html.haml", - "line": 26, - "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", - "code": "render(action => Admin::ActionLogFilter.new(filter_params).results.page(params[:page]), {})", - "render_path": [ - { - "type": "controller", - "class": "Admin::ActionLogsController", - "method": "index", - "line": 8, - "file": "app/controllers/admin/action_logs_controller.rb", - "rendered": { - "name": "admin/action_logs/index", - "file": "app/views/admin/action_logs/index.html.haml" - } - } - ], - "location": { - "type": "template", - "template": "admin/action_logs/index" - }, - "user_input": "params[:page]", - "confidence": "Weak", - "note": "" - }, - { - "warning_type": "Dynamic Render Path", - "warning_code": 15, - "fingerprint": "371fe16dc4c9d6ab08a20437d65be4825776107a67c38f6d4780a9c703cd44a5", - "check_name": "Render", - "message": "Render path contains parameter value", - "file": "app/views/admin/email_domain_blocks/index.html.haml", - "line": 17, - "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", - "code": "render(action => EmailDomainBlock.where(:parent_id => nil).includes(:children).order(:id => :desc).page(params[:page]), {})", - "render_path": [ - { - "type": "controller", - "class": "Admin::EmailDomainBlocksController", - "method": "index", - "line": 10, - "file": "app/controllers/admin/email_domain_blocks_controller.rb", - "rendered": { - "name": "admin/email_domain_blocks/index", - "file": "app/views/admin/email_domain_blocks/index.html.haml" - } - } - ], - "location": { - "type": "template", - "template": "admin/email_domain_blocks/index" - }, - "user_input": "params[:page]", - "confidence": "Weak", - "note": "" - }, - { - "warning_type": "Dynamic Render Path", - "warning_code": 15, - "fingerprint": "4704e8093e3e0561bf705f892e8fc6780419f8255f4440b1c0afd09339bd6446", - "check_name": "Render", - "message": "Render path contains parameter value", - "file": "app/views/admin/instances/index.html.haml", - "line": 39, - "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", - "code": "render(action => filtered_instances.page(params[:page]), {})", - "render_path": [ - { - "type": "controller", - "class": "Admin::InstancesController", - "method": "index", - "line": 10, - "file": "app/controllers/admin/instances_controller.rb", - "rendered": { - "name": "admin/instances/index", - "file": "app/views/admin/instances/index.html.haml" - } - } - ], - "location": { - "type": "template", - "template": "admin/instances/index" - }, - "user_input": "params[:page]", - "confidence": "Weak", - "note": "" - }, { "warning_type": "Redirect", "warning_code": 18, @@ -253,37 +160,6 @@ "confidence": "Medium", "note": "" }, - { - "warning_type": "Dynamic Render Path", - "warning_code": 15, - "fingerprint": "9f31d941f3910dba2e9bfcd81aef4513249bd24c02d0f98e13ad44fdeeccd0e8", - "check_name": "Render", - "message": "Render path contains parameter value", - "file": "app/views/admin/accounts/index.html.haml", - "line": 54, - "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/", - "code": "render(action => filtered_accounts.page(params[:page]), {})", - "render_path": [ - { - "type": "controller", - "class": "Admin::AccountsController", - "method": "index", - "line": 12, - "file": "app/controllers/admin/accounts_controller.rb", - "rendered": { - "name": "admin/accounts/index", - "file": "app/views/admin/accounts/index.html.haml" - } - } - ], - "location": { - "type": "template", - "template": "admin/accounts/index" - }, - "user_input": "params[:page]", - "confidence": "Weak", - "note": "" - }, { "warning_type": "Redirect", "warning_code": 18, From 0c334449861c94a8105dea043144092c10635efa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Mar 2021 22:50:13 +0900 Subject: [PATCH 11/16] Bump webmock from 3.12.0 to 3.12.1 (#15851) Bumps [webmock](https://github.com/bblimke/webmock) from 3.12.0 to 3.12.1. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.12.0...v3.12.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0990c1d903..94f7beb98f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -665,7 +665,7 @@ GEM safety_net_attestation (~> 0.4.0) securecompare (~> 1.0) tpm-key_attestation (~> 0.9.0) - webmock (3.12.0) + webmock (3.12.1) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) From 7d8f33b572173e3b4b63307454a47f55cf25b691 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Mar 2021 22:50:39 +0900 Subject: [PATCH 12/16] Bump parallel_tests from 3.5.0 to 3.5.1 (#15853) Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/grosser/parallel_tests/releases) - [Changelog](https://github.com/grosser/parallel_tests/blob/master/CHANGELOG.md) - [Commits](https://github.com/grosser/parallel_tests/compare/v3.5.0...v3.5.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 94f7beb98f..30fb3ba854 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -400,7 +400,7 @@ GEM av (~> 0.9.0) paperclip (>= 2.5.2) parallel (1.20.1) - parallel_tests (3.5.0) + parallel_tests (3.5.1) parallel parser (3.0.0.0) ast (~> 2.4.1) From fd01196fcec70a7f059f46c9cedb3f6bf6079427 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Mar 2021 22:50:51 +0900 Subject: [PATCH 13/16] Bump ox from 2.14.1 to 2.14.2 (#15854) Bumps [ox](https://github.com/ohler55/ox) from 2.14.1 to 2.14.2. - [Release notes](https://github.com/ohler55/ox/releases) - [Changelog](https://github.com/ohler55/ox/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/ox/compare/v2.14.1...v2.14.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 30fb3ba854..0589ceef14 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -389,7 +389,7 @@ GEM openssl (2.2.0) openssl-signature_algorithm (0.4.0) orm_adapter (0.5.0) - ox (2.14.1) + ox (2.14.2) paperclip (6.0.0) activemodel (>= 4.2.0) activesupport (>= 4.2.0) From 8095373972219d277f4ac4bf3b8c8c35b7977d92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Mar 2021 23:04:54 +0900 Subject: [PATCH 14/16] Bump react-textarea-autosize from 8.3.1 to 8.3.2 (#15838) Bumps [react-textarea-autosize](https://github.com/Andarist/react-textarea-autosize) from 8.3.1 to 8.3.2. - [Release notes](https://github.com/Andarist/react-textarea-autosize/releases) - [Changelog](https://github.com/Andarist/react-textarea-autosize/blob/master/CHANGELOG.md) - [Commits](https://github.com/Andarist/react-textarea-autosize/compare/v8.3.1...v8.3.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 7397b80fb3..42fd6d4ed7 100644 --- a/package.json +++ b/package.json @@ -142,7 +142,7 @@ "react-select": "^3.2.0", "react-sparklines": "^1.7.0", "react-swipeable-views": "^0.13.9", - "react-textarea-autosize": "^8.3.1", + "react-textarea-autosize": "^8.3.2", "react-toggle": "^4.1.1", "redis": "^3.0.2", "redux": "^4.0.5", diff --git a/yarn.lock b/yarn.lock index ec1e41eb1d..bb37f4330e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8979,10 +8979,10 @@ react-test-renderer@^16.14.0: react-is "^16.8.6" scheduler "^0.19.1" -react-textarea-autosize@^8.3.1: - version "8.3.1" - resolved "https://registry.yarnpkg.com/react-textarea-autosize/-/react-textarea-autosize-8.3.1.tgz#b942a934cc660ecfc645717d1fb84344b69dcb15" - integrity sha512-Vk02C3RWKLjx1wSwcVuPwfTuyGIemBB2MjDi01OnBYxKWSJFA/O7IOzr9FrO8AuRlkupk4X6Kjew2mYyEDXi0A== +react-textarea-autosize@^8.3.2: + version "8.3.2" + resolved "https://registry.yarnpkg.com/react-textarea-autosize/-/react-textarea-autosize-8.3.2.tgz#4f9374d357b0a6f6469956726722549124a1b2db" + integrity sha512-JrMWVgQSaExQByP3ggI1eA8zF4mF0+ddVuX7acUeK2V7bmrpjVOY72vmLz2IXFJSAXoY3D80nEzrn0GWajWK3Q== dependencies: "@babel/runtime" "^7.10.2" use-composed-ref "^1.0.0" From d1e5a1babcbe17002a4556899e7839c2611fb512 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Mar 2021 23:05:35 +0900 Subject: [PATCH 15/16] Bump rspec-rails from 4.0.2 to 4.1.0 (#15852) Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/rspec/rspec-rails/releases) - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](https://github.com/rspec/rspec-rails/compare/v4.0.2...v4.1.0) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index d192178187..b504950355 100644 --- a/Gemfile +++ b/Gemfile @@ -109,7 +109,7 @@ group :development, :test do gem 'i18n-tasks', '~> 0.9', require: false gem 'pry-byebug', '~> 3.9' gem 'pry-rails', '~> 0.3' - gem 'rspec-rails', '~> 4.0' + gem 'rspec-rails', '~> 4.1' end group :production, :test do diff --git a/Gemfile.lock b/Gemfile.lock index 0589ceef14..55d73e9aad 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -524,10 +524,10 @@ GEM rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-mocks (3.10.1) + rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-rails (4.0.2) + rspec-rails (4.1.0) actionpack (>= 4.2) activesupport (>= 4.2) railties (>= 4.2) @@ -538,7 +538,7 @@ GEM rspec-sidekiq (3.1.0) rspec-core (~> 3.0, >= 3.0.0) sidekiq (>= 2.4.0) - rspec-support (3.10.1) + rspec-support (3.10.2) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rubocop (1.9.1) @@ -788,7 +788,7 @@ DEPENDENCIES redis-namespace (~> 1.8) redis-rails (~> 5.0) rqrcode (~> 1.2) - rspec-rails (~> 4.0) + rspec-rails (~> 4.1) rspec-sidekiq (~> 3.1) rspec_junit_formatter (~> 0.4) rubocop (~> 1.9) From f2ca6c7a172deb9309c793adb87cdc4b46974a44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Mar 2021 11:08:10 +0900 Subject: [PATCH 16/16] Bump elliptic from 6.5.3 to 6.5.4 (#15864) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/yarn.lock b/yarn.lock index bb37f4330e..7adcc4ab0f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2405,10 +2405,10 @@ bmp-js@^0.1.0: resolved "https://registry.yarnpkg.com/bmp-js/-/bmp-js-0.1.0.tgz#e05a63f796a6c1ff25f4771ec7adadc148c07233" integrity sha1-4Fpj95amwf8l9Hcex62twUjAcjM= -bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.4.0: - version "4.11.9" - resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828" - integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw== +bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9: + version "4.12.0" + resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88" + integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA== bn.js@^5.1.1: version "5.1.3" @@ -2486,7 +2486,7 @@ bricks.js@^1.7.0: dependencies: knot.js "^1.1.5" -brorand@^1.0.1: +brorand@^1.0.1, brorand@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f" integrity sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8= @@ -3930,17 +3930,17 @@ electron-to-chromium@^1.3.649: integrity sha512-gFQe7HBb0lbOMqK2GAS5/1F+B0IMdYiAgB9OT/w1F4M7lgJK2aNOMNOM622aEax+nS1cTMytkiT0uMOkbtFmHw== elliptic@^6.5.3: - version "6.5.3" - resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6" - integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw== + version "6.5.4" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb" + integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ== dependencies: - bn.js "^4.4.0" - brorand "^1.0.1" + bn.js "^4.11.9" + brorand "^1.1.0" hash.js "^1.0.0" - hmac-drbg "^1.0.0" - inherits "^2.0.1" - minimalistic-assert "^1.0.0" - minimalistic-crypto-utils "^1.0.0" + hmac-drbg "^1.0.1" + inherits "^2.0.4" + minimalistic-assert "^1.0.1" + minimalistic-crypto-utils "^1.0.1" emittery@^0.7.1: version "0.7.1" @@ -5289,7 +5289,7 @@ history@^4.7.2: value-equal "^0.4.0" warning "^3.0.0" -hmac-drbg@^1.0.0: +hmac-drbg@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1" integrity sha1-0nRXAQJabHdabFRXk+1QL8DGSaE= @@ -7144,7 +7144,7 @@ minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1: resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimalistic-crypto-utils@^1.0.0, minimalistic-crypto-utils@^1.0.1: +minimalistic-crypto-utils@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a" integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=