moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 00:16:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-73610 nodejs: Small updates to required packages

Browse source 
The main goal of this issue is to avoid scanners (Dependabot
and friends), reporting about security issues with the current
xmldom 0.6.0 package.

Note that this doesn't affect prod at all, because it's a dev
dependency, hardly exploitable. So it's not a security fix, just
a security_benefit, if something.

So here, we are updating from xmldom 0.6.0 to @xmldom/xmldom 0.8.7
(note that the package was renamed in 0.7.0, so it's the very same)

Also, when proceeding with the changes, it was detected that we
are incorrectly declaring @babel/eslint-parser as a normal dependency
instead of a development one, so we are also fixing that little detail.

The commands executed to get the changes above applied have been:

- nvm use
- npm install @xmldom/xmldom@^0.8.7 --save-dev
- npm uninstall xmldom
- npm install @babel/eslint-parser@^7.17.0 --save-dev

(we haven't run a complete re-install because we only want to modify
the minimum possible at this stage).
This commit is contained in:
Eloy Lafuente (stronk7) 2023-04-04 18:23:33 +02:00
parent 7d8f31dbe7
commit 7d9d0f35a0
3 changed files with 446 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.grunt/components.js
View file

@ -156,7 +156,7 @@ const getThirdPartyLibsList = relativeTo => {
* @returns {array} * @returns {array}
*/ */
const getThirdPartyPaths = () => { const getThirdPartyPaths = () => {
const DOMParser = require('xmldom').DOMParser; const DOMParser = require('@xmldom/xmldom').DOMParser;
const fs = require('fs'); const fs = require('fs');
const path = require('path'); const path = require('path');
const xpath = require('xpath'); const xpath = require('xpath');

578
npm-shrinkwrap.json generated
View file

File diff suppressed because it is too large Load diff

6
package.json
View file

@ -4,11 +4,13 @@
"description": "Moodle", "description": "Moodle",
"devDependencies": { "devDependencies": {
"@babel/core": "7.17.5", "@babel/core": "7.17.5",
"@babel/eslint-parser": "^7.21.3",
"@babel/plugin-proposal-class-properties": "7.16.7", "@babel/plugin-proposal-class-properties": "7.16.7",
"@babel/plugin-proposal-json-strings": "7.16.7", "@babel/plugin-proposal-json-strings": "7.16.7",
"@babel/plugin-syntax-dynamic-import": "7.8.3", "@babel/plugin-syntax-dynamic-import": "7.8.3",
"@babel/plugin-syntax-import-meta": "7.10.4", "@babel/plugin-syntax-import-meta": "7.10.4",
"@babel/preset-env": "7.16.11", "@babel/preset-env": "7.16.11",
"@xmldom/xmldom": "^0.8.7",
"ajv": "8.10.0", "ajv": "8.10.0",
"async": "3.2.3", "async": "3.2.3",
"babel-eslint": "10.1.0", "babel-eslint": "10.1.0",
@ -46,13 +48,9 @@
"stylelint": "13.3.3", "stylelint": "13.3.3",
"stylelint-checkstyle-formatter": "0.1.2", "stylelint-checkstyle-formatter": "0.1.2",
"stylelint-csstree-validator": "1.8.0", "stylelint-csstree-validator": "1.8.0",
"xmldom": "^0.6.0",
"xpath": "0.0.32" "xpath": "0.0.32"
}, },
"engines": { "engines": {
"node": ">=16.14.0 <17" "node": ">=16.14.0 <17"
},
"dependencies": {
"@babel/eslint-parser": "^7.17.0"
} }
} }