From cf0a17407abc577c27420a1c8a4a0c08c7cefce9 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 7 Dec 2022 13:54:04 -0700 Subject: [PATCH] deps: ssri@10.0.1 --- node_modules/.gitignore | 3 + .../ssri/node_modules/minipass/LICENSE | 15 + .../ssri/node_modules/minipass/index.d.ts | 147 ++++ .../ssri/node_modules/minipass/index.js | 657 ++++++++++++++++++ .../ssri/node_modules/minipass/package.json | 56 ++ node_modules/ssri/package.json | 10 +- package-lock.json | 25 +- package.json | 2 +- workspaces/arborist/package.json | 2 +- workspaces/libnpmpublish/package.json | 2 +- 10 files changed, 905 insertions(+), 14 deletions(-) create mode 100644 node_modules/ssri/node_modules/minipass/LICENSE create mode 100644 node_modules/ssri/node_modules/minipass/index.d.ts create mode 100644 node_modules/ssri/node_modules/minipass/index.js create mode 100644 node_modules/ssri/node_modules/minipass/package.json diff --git a/node_modules/.gitignore b/node_modules/.gitignore index e8aaba04b408e..b116ee563df36 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -240,6 +240,9 @@ !/spdx-expression-parse !/spdx-license-ids !/ssri +!/ssri/node_modules/ +/ssri/node_modules/* +!/ssri/node_modules/minipass !/string_decoder !/string-width !/strip-ansi diff --git a/node_modules/ssri/node_modules/minipass/LICENSE b/node_modules/ssri/node_modules/minipass/LICENSE new file mode 100644 index 0000000000000..bf1dece2e1f12 --- /dev/null +++ b/node_modules/ssri/node_modules/minipass/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) 2017-2022 npm, Inc., Isaac Z. Schlueter, and Contributors + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/ssri/node_modules/minipass/index.d.ts b/node_modules/ssri/node_modules/minipass/index.d.ts new file mode 100644 index 0000000000000..f68ce8a259c47 --- /dev/null +++ b/node_modules/ssri/node_modules/minipass/index.d.ts @@ -0,0 +1,147 @@ +/// + +// Note: marking anything protected or private in the exported +// class will limit Minipass's ability to be used as the base +// for mixin classes. +import { EventEmitter } from 'events' +import { Stream } from 'stream' + +declare namespace Minipass { + type Encoding = BufferEncoding | 'buffer' | null + + interface Writable extends EventEmitter { + end(): any + write(chunk: any, ...args: any[]): any + } + + interface Readable extends EventEmitter { + pause(): any + resume(): any + pipe(): any + } + + type DualIterable = Iterable & AsyncIterable + + type ContiguousData = Buffer | ArrayBufferLike | ArrayBufferView | string + + type BufferOrString = Buffer | string + + interface StringOptions { + encoding: BufferEncoding + objectMode?: boolean + async?: boolean + } + + interface BufferOptions { + encoding?: null | 'buffer' + objectMode?: boolean + async?: boolean + } + + interface ObjectModeOptions { + objectMode: true + async?: boolean + } + + interface PipeOptions { + end?: boolean + proxyErrors?: boolean + } + + type Options = T extends string + ? StringOptions + : T extends Buffer + ? BufferOptions + : ObjectModeOptions +} + +declare class Minipass< + RType extends any = Buffer, + WType extends any = RType extends Minipass.BufferOrString + ? Minipass.ContiguousData + : RType + > + extends Stream + implements Minipass.DualIterable +{ + static isStream(stream: any): stream is Minipass.Readable | Minipass.Writable + + readonly bufferLength: number + readonly flowing: boolean + readonly writable: boolean + readonly readable: boolean + readonly paused: boolean + readonly emittedEnd: boolean + readonly destroyed: boolean + + /** + * Technically writable, but mutating it can change the type, + * so is not safe to do in TypeScript. + */ + readonly objectMode: boolean + async: boolean + + /** + * Note: encoding is not actually read-only, and setEncoding(enc) + * exists. However, this type definition will insist that TypeScript + * programs declare the type of a Minipass stream up front, and if + * that type is string, then an encoding MUST be set in the ctor. If + * the type is Buffer, then the encoding must be missing, or set to + * 'buffer' or null. If the type is anything else, then objectMode + * must be set in the constructor options. So there is effectively + * no allowed way that a TS program can set the encoding after + * construction, as doing so will destroy any hope of type safety. + * TypeScript does not provide many options for changing the type of + * an object at run-time, which is what changing the encoding does. + */ + readonly encoding: Minipass.Encoding + // setEncoding(encoding: Encoding): void + + // Options required if not reading buffers + constructor( + ...args: RType extends Buffer + ? [] | [Minipass.Options] + : [Minipass.Options] + ) + + write(chunk: WType, cb?: () => void): boolean + write(chunk: WType, encoding?: Minipass.Encoding, cb?: () => void): boolean + read(size?: number): RType + end(cb?: () => void): this + end(chunk: any, cb?: () => void): this + end(chunk: any, encoding?: Minipass.Encoding, cb?: () => void): this + pause(): void + resume(): void + promise(): Promise + collect(): Promise + + concat(): RType extends Minipass.BufferOrString ? Promise : never + destroy(er?: any): void + pipe(dest: W, opts?: Minipass.PipeOptions): W + unpipe(dest: W): void + + /** + * alias for on() + */ + addEventHandler(event: string, listener: (...args: any[]) => any): this + + on(event: string, listener: (...args: any[]) => any): this + on(event: 'data', listener: (chunk: RType) => any): this + on(event: 'error', listener: (error: any) => any): this + on( + event: + | 'readable' + | 'drain' + | 'resume' + | 'end' + | 'prefinish' + | 'finish' + | 'close', + listener: () => any + ): this + + [Symbol.iterator](): Iterator + [Symbol.asyncIterator](): AsyncIterator +} + +export = Minipass diff --git a/node_modules/ssri/node_modules/minipass/index.js b/node_modules/ssri/node_modules/minipass/index.js new file mode 100644 index 0000000000000..d5003ed9a5754 --- /dev/null +++ b/node_modules/ssri/node_modules/minipass/index.js @@ -0,0 +1,657 @@ +'use strict' +const proc = typeof process === 'object' && process ? process : { + stdout: null, + stderr: null, +} +const EE = require('events') +const Stream = require('stream') +const SD = require('string_decoder').StringDecoder + +const EOF = Symbol('EOF') +const MAYBE_EMIT_END = Symbol('maybeEmitEnd') +const EMITTED_END = Symbol('emittedEnd') +const EMITTING_END = Symbol('emittingEnd') +const EMITTED_ERROR = Symbol('emittedError') +const CLOSED = Symbol('closed') +const READ = Symbol('read') +const FLUSH = Symbol('flush') +const FLUSHCHUNK = Symbol('flushChunk') +const ENCODING = Symbol('encoding') +const DECODER = Symbol('decoder') +const FLOWING = Symbol('flowing') +const PAUSED = Symbol('paused') +const RESUME = Symbol('resume') +const BUFFER = Symbol('buffer') +const PIPES = Symbol('pipes') +const BUFFERLENGTH = Symbol('bufferLength') +const BUFFERPUSH = Symbol('bufferPush') +const BUFFERSHIFT = Symbol('bufferShift') +const OBJECTMODE = Symbol('objectMode') +const DESTROYED = Symbol('destroyed') +const EMITDATA = Symbol('emitData') +const EMITEND = Symbol('emitEnd') +const EMITEND2 = Symbol('emitEnd2') +const ASYNC = Symbol('async') + +const defer = fn => Promise.resolve().then(fn) + +// TODO remove when Node v8 support drops +const doIter = global._MP_NO_ITERATOR_SYMBOLS_ !== '1' +const ASYNCITERATOR = doIter && Symbol.asyncIterator + || Symbol('asyncIterator not implemented') +const ITERATOR = doIter && Symbol.iterator + || Symbol('iterator not implemented') + +// events that mean 'the stream is over' +// these are treated specially, and re-emitted +// if they are listened for after emitting. +const isEndish = ev => + ev === 'end' || + ev === 'finish' || + ev === 'prefinish' + +const isArrayBuffer = b => b instanceof ArrayBuffer || + typeof b === 'object' && + b.constructor && + b.constructor.name === 'ArrayBuffer' && + b.byteLength >= 0 + +const isArrayBufferView = b => !Buffer.isBuffer(b) && ArrayBuffer.isView(b) + +class Pipe { + constructor (src, dest, opts) { + this.src = src + this.dest = dest + this.opts = opts + this.ondrain = () => src[RESUME]() + dest.on('drain', this.ondrain) + } + unpipe () { + this.dest.removeListener('drain', this.ondrain) + } + // istanbul ignore next - only here for the prototype + proxyErrors () {} + end () { + this.unpipe() + if (this.opts.end) + this.dest.end() + } +} + +class PipeProxyErrors extends Pipe { + unpipe () { + this.src.removeListener('error', this.proxyErrors) + super.unpipe() + } + constructor (src, dest, opts) { + super(src, dest, opts) + this.proxyErrors = er => dest.emit('error', er) + src.on('error', this.proxyErrors) + } +} + +module.exports = class Minipass extends Stream { + constructor (options) { + super() + this[FLOWING] = false + // whether we're explicitly paused + this[PAUSED] = false + this[PIPES] = [] + this[BUFFER] = [] + this[OBJECTMODE] = options && options.objectMode || false + if (this[OBJECTMODE]) + this[ENCODING] = null + else + this[ENCODING] = options && options.encoding || null + if (this[ENCODING] === 'buffer') + this[ENCODING] = null + this[ASYNC] = options && !!options.async || false + this[DECODER] = this[ENCODING] ? new SD(this[ENCODING]) : null + this[EOF] = false + this[EMITTED_END] = false + this[EMITTING_END] = false + this[CLOSED] = false + this[EMITTED_ERROR] = null + this.writable = true + this.readable = true + this[BUFFERLENGTH] = 0 + this[DESTROYED] = false + if (options && options.debugExposeBuffer === true) { + Object.defineProperty(this, 'buffer', { get: () => this[BUFFER] }) + } + if (options && options.debugExposePipes === true) { + Object.defineProperty(this, 'pipes', { get: () => this[PIPES] }) + } + } + + get bufferLength () { return this[BUFFERLENGTH] } + + get encoding () { return this[ENCODING] } + set encoding (enc) { + if (this[OBJECTMODE]) + throw new Error('cannot set encoding in objectMode') + + if (this[ENCODING] && enc !== this[ENCODING] && + (this[DECODER] && this[DECODER].lastNeed || this[BUFFERLENGTH])) + throw new Error('cannot change encoding') + + if (this[ENCODING] !== enc) { + this[DECODER] = enc ? new SD(enc) : null + if (this[BUFFER].length) + this[BUFFER] = this[BUFFER].map(chunk => this[DECODER].write(chunk)) + } + + this[ENCODING] = enc + } + + setEncoding (enc) { + this.encoding = enc + } + + get objectMode () { return this[OBJECTMODE] } + set objectMode (om) { this[OBJECTMODE] = this[OBJECTMODE] || !!om } + + get ['async'] () { return this[ASYNC] } + set ['async'] (a) { this[ASYNC] = this[ASYNC] || !!a } + + write (chunk, encoding, cb) { + if (this[EOF]) + throw new Error('write after end') + + if (this[DESTROYED]) { + this.emit('error', Object.assign( + new Error('Cannot call write after a stream was destroyed'), + { code: 'ERR_STREAM_DESTROYED' } + )) + return true + } + + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + + if (!encoding) + encoding = 'utf8' + + const fn = this[ASYNC] ? defer : f => f() + + // convert array buffers and typed array views into buffers + // at some point in the future, we may want to do the opposite! + // leave strings and buffers as-is + // anything else switches us into object mode + if (!this[OBJECTMODE] && !Buffer.isBuffer(chunk)) { + if (isArrayBufferView(chunk)) + chunk = Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength) + else if (isArrayBuffer(chunk)) + chunk = Buffer.from(chunk) + else if (typeof chunk !== 'string') + // use the setter so we throw if we have encoding set + this.objectMode = true + } + + // handle object mode up front, since it's simpler + // this yields better performance, fewer checks later. + if (this[OBJECTMODE]) { + /* istanbul ignore if - maybe impossible? */ + if (this.flowing && this[BUFFERLENGTH] !== 0) + this[FLUSH](true) + + if (this.flowing) + this.emit('data', chunk) + else + this[BUFFERPUSH](chunk) + + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + + if (cb) + fn(cb) + + return this.flowing + } + + // at this point the chunk is a buffer or string + // don't buffer it up or send it to the decoder + if (!chunk.length) { + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + if (cb) + fn(cb) + return this.flowing + } + + // fast-path writing strings of same encoding to a stream with + // an empty buffer, skipping the buffer/decoder dance + if (typeof chunk === 'string' && + // unless it is a string already ready for us to use + !(encoding === this[ENCODING] && !this[DECODER].lastNeed)) { + chunk = Buffer.from(chunk, encoding) + } + + if (Buffer.isBuffer(chunk) && this[ENCODING]) + chunk = this[DECODER].write(chunk) + + // Note: flushing CAN potentially switch us into not-flowing mode + if (this.flowing && this[BUFFERLENGTH] !== 0) + this[FLUSH](true) + + if (this.flowing) + this.emit('data', chunk) + else + this[BUFFERPUSH](chunk) + + if (this[BUFFERLENGTH] !== 0) + this.emit('readable') + + if (cb) + fn(cb) + + return this.flowing + } + + read (n) { + if (this[DESTROYED]) + return null + + if (this[BUFFERLENGTH] === 0 || n === 0 || n > this[BUFFERLENGTH]) { + this[MAYBE_EMIT_END]() + return null + } + + if (this[OBJECTMODE]) + n = null + + if (this[BUFFER].length > 1 && !this[OBJECTMODE]) { + if (this.encoding) + this[BUFFER] = [this[BUFFER].join('')] + else + this[BUFFER] = [Buffer.concat(this[BUFFER], this[BUFFERLENGTH])] + } + + const ret = this[READ](n || null, this[BUFFER][0]) + this[MAYBE_EMIT_END]() + return ret + } + + [READ] (n, chunk) { + if (n === chunk.length || n === null) + this[BUFFERSHIFT]() + else { + this[BUFFER][0] = chunk.slice(n) + chunk = chunk.slice(0, n) + this[BUFFERLENGTH] -= n + } + + this.emit('data', chunk) + + if (!this[BUFFER].length && !this[EOF]) + this.emit('drain') + + return chunk + } + + end (chunk, encoding, cb) { + if (typeof chunk === 'function') + cb = chunk, chunk = null + if (typeof encoding === 'function') + cb = encoding, encoding = 'utf8' + if (chunk) + this.write(chunk, encoding) + if (cb) + this.once('end', cb) + this[EOF] = true + this.writable = false + + // if we haven't written anything, then go ahead and emit, + // even if we're not reading. + // we'll re-emit if a new 'end' listener is added anyway. + // This makes MP more suitable to write-only use cases. + if (this.flowing || !this[PAUSED]) + this[MAYBE_EMIT_END]() + return this + } + + // don't let the internal resume be overwritten + [RESUME] () { + if (this[DESTROYED]) + return + + this[PAUSED] = false + this[FLOWING] = true + this.emit('resume') + if (this[BUFFER].length) + this[FLUSH]() + else if (this[EOF]) + this[MAYBE_EMIT_END]() + else + this.emit('drain') + } + + resume () { + return this[RESUME]() + } + + pause () { + this[FLOWING] = false + this[PAUSED] = true + } + + get destroyed () { + return this[DESTROYED] + } + + get flowing () { + return this[FLOWING] + } + + get paused () { + return this[PAUSED] + } + + [BUFFERPUSH] (chunk) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] += 1 + else + this[BUFFERLENGTH] += chunk.length + this[BUFFER].push(chunk) + } + + [BUFFERSHIFT] () { + if (this[BUFFER].length) { + if (this[OBJECTMODE]) + this[BUFFERLENGTH] -= 1 + else + this[BUFFERLENGTH] -= this[BUFFER][0].length + } + return this[BUFFER].shift() + } + + [FLUSH] (noDrain) { + do {} while (this[FLUSHCHUNK](this[BUFFERSHIFT]())) + + if (!noDrain && !this[BUFFER].length && !this[EOF]) + this.emit('drain') + } + + [FLUSHCHUNK] (chunk) { + return chunk ? (this.emit('data', chunk), this.flowing) : false + } + + pipe (dest, opts) { + if (this[DESTROYED]) + return + + const ended = this[EMITTED_END] + opts = opts || {} + if (dest === proc.stdout || dest === proc.stderr) + opts.end = false + else + opts.end = opts.end !== false + opts.proxyErrors = !!opts.proxyErrors + + // piping an ended stream ends immediately + if (ended) { + if (opts.end) + dest.end() + } else { + this[PIPES].push(!opts.proxyErrors ? new Pipe(this, dest, opts) + : new PipeProxyErrors(this, dest, opts)) + if (this[ASYNC]) + defer(() => this[RESUME]()) + else + this[RESUME]() + } + + return dest + } + + unpipe (dest) { + const p = this[PIPES].find(p => p.dest === dest) + if (p) { + this[PIPES].splice(this[PIPES].indexOf(p), 1) + p.unpipe() + } + } + + addListener (ev, fn) { + return this.on(ev, fn) + } + + on (ev, fn) { + const ret = super.on(ev, fn) + if (ev === 'data' && !this[PIPES].length && !this.flowing) + this[RESUME]() + else if (ev === 'readable' && this[BUFFERLENGTH] !== 0) + super.emit('readable') + else if (isEndish(ev) && this[EMITTED_END]) { + super.emit(ev) + this.removeAllListeners(ev) + } else if (ev === 'error' && this[EMITTED_ERROR]) { + if (this[ASYNC]) + defer(() => fn.call(this, this[EMITTED_ERROR])) + else + fn.call(this, this[EMITTED_ERROR]) + } + return ret + } + + get emittedEnd () { + return this[EMITTED_END] + } + + [MAYBE_EMIT_END] () { + if (!this[EMITTING_END] && + !this[EMITTED_END] && + !this[DESTROYED] && + this[BUFFER].length === 0 && + this[EOF]) { + this[EMITTING_END] = true + this.emit('end') + this.emit('prefinish') + this.emit('finish') + if (this[CLOSED]) + this.emit('close') + this[EMITTING_END] = false + } + } + + emit (ev, data, ...extra) { + // error and close are only events allowed after calling destroy() + if (ev !== 'error' && ev !== 'close' && ev !== DESTROYED && this[DESTROYED]) + return + else if (ev === 'data') { + return !data ? false + : this[ASYNC] ? defer(() => this[EMITDATA](data)) + : this[EMITDATA](data) + } else if (ev === 'end') { + return this[EMITEND]() + } else if (ev === 'close') { + this[CLOSED] = true + // don't emit close before 'end' and 'finish' + if (!this[EMITTED_END] && !this[DESTROYED]) + return + const ret = super.emit('close') + this.removeAllListeners('close') + return ret + } else if (ev === 'error') { + this[EMITTED_ERROR] = data + const ret = super.emit('error', data) + this[MAYBE_EMIT_END]() + return ret + } else if (ev === 'resume') { + const ret = super.emit('resume') + this[MAYBE_EMIT_END]() + return ret + } else if (ev === 'finish' || ev === 'prefinish') { + const ret = super.emit(ev) + this.removeAllListeners(ev) + return ret + } + + // Some other unknown event + const ret = super.emit(ev, data, ...extra) + this[MAYBE_EMIT_END]() + return ret + } + + [EMITDATA] (data) { + for (const p of this[PIPES]) { + if (p.dest.write(data) === false) + this.pause() + } + const ret = super.emit('data', data) + this[MAYBE_EMIT_END]() + return ret + } + + [EMITEND] () { + if (this[EMITTED_END]) + return + + this[EMITTED_END] = true + this.readable = false + if (this[ASYNC]) + defer(() => this[EMITEND2]()) + else + this[EMITEND2]() + } + + [EMITEND2] () { + if (this[DECODER]) { + const data = this[DECODER].end() + if (data) { + for (const p of this[PIPES]) { + p.dest.write(data) + } + super.emit('data', data) + } + } + + for (const p of this[PIPES]) { + p.end() + } + const ret = super.emit('end') + this.removeAllListeners('end') + return ret + } + + // const all = await stream.collect() + collect () { + const buf = [] + if (!this[OBJECTMODE]) + buf.dataLength = 0 + // set the promise first, in case an error is raised + // by triggering the flow here. + const p = this.promise() + this.on('data', c => { + buf.push(c) + if (!this[OBJECTMODE]) + buf.dataLength += c.length + }) + return p.then(() => buf) + } + + // const data = await stream.concat() + concat () { + return this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this.collect().then(buf => + this[OBJECTMODE] + ? Promise.reject(new Error('cannot concat in objectMode')) + : this[ENCODING] ? buf.join('') : Buffer.concat(buf, buf.dataLength)) + } + + // stream.promise().then(() => done, er => emitted error) + promise () { + return new Promise((resolve, reject) => { + this.on(DESTROYED, () => reject(new Error('stream destroyed'))) + this.on('error', er => reject(er)) + this.on('end', () => resolve()) + }) + } + + // for await (let chunk of stream) + [ASYNCITERATOR] () { + const next = () => { + const res = this.read() + if (res !== null) + return Promise.resolve({ done: false, value: res }) + + if (this[EOF]) + return Promise.resolve({ done: true }) + + let resolve = null + let reject = null + const onerr = er => { + this.removeListener('data', ondata) + this.removeListener('end', onend) + reject(er) + } + const ondata = value => { + this.removeListener('error', onerr) + this.removeListener('end', onend) + this.pause() + resolve({ value: value, done: !!this[EOF] }) + } + const onend = () => { + this.removeListener('error', onerr) + this.removeListener('data', ondata) + resolve({ done: true }) + } + const ondestroy = () => onerr(new Error('stream destroyed')) + return new Promise((res, rej) => { + reject = rej + resolve = res + this.once(DESTROYED, ondestroy) + this.once('error', onerr) + this.once('end', onend) + this.once('data', ondata) + }) + } + + return { next } + } + + // for (let chunk of stream) + [ITERATOR] () { + const next = () => { + const value = this.read() + const done = value === null + return { value, done } + } + return { next } + } + + destroy (er) { + if (this[DESTROYED]) { + if (er) + this.emit('error', er) + else + this.emit(DESTROYED) + return this + } + + this[DESTROYED] = true + + // throw away all buffered data, it's never coming out + this[BUFFER].length = 0 + this[BUFFERLENGTH] = 0 + + if (typeof this.close === 'function' && !this[CLOSED]) + this.close() + + if (er) + this.emit('error', er) + else // if no error to emit, still reject pending promises + this.emit(DESTROYED) + + return this + } + + static isStream (s) { + return !!s && (s instanceof Minipass || s instanceof Stream || + s instanceof EE && ( + typeof s.pipe === 'function' || // readable + (typeof s.write === 'function' && typeof s.end === 'function') // writable + )) + } +} diff --git a/node_modules/ssri/node_modules/minipass/package.json b/node_modules/ssri/node_modules/minipass/package.json new file mode 100644 index 0000000000000..ca30e694aa449 --- /dev/null +++ b/node_modules/ssri/node_modules/minipass/package.json @@ -0,0 +1,56 @@ +{ + "name": "minipass", + "version": "4.0.0", + "description": "minimal implementation of a PassThrough stream", + "main": "index.js", + "types": "index.d.ts", + "dependencies": { + "yallist": "^4.0.0" + }, + "devDependencies": { + "@types/node": "^17.0.41", + "end-of-stream": "^1.4.0", + "prettier": "^2.6.2", + "tap": "^16.2.0", + "through2": "^2.0.3", + "ts-node": "^10.8.1", + "typescript": "^4.7.3" + }, + "scripts": { + "test": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "postpublish": "git push origin --follow-tags" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/minipass.git" + }, + "keywords": [ + "passthrough", + "stream" + ], + "author": "Isaac Z. Schlueter (http://blog.izs.me/)", + "license": "ISC", + "files": [ + "index.d.ts", + "index.js" + ], + "tap": { + "check-coverage": true + }, + "engines": { + "node": ">=8" + }, + "prettier": { + "semi": false, + "printWidth": 80, + "tabWidth": 2, + "useTabs": false, + "singleQuote": true, + "jsxSingleQuote": false, + "bracketSameLine": true, + "arrowParens": "avoid", + "endOfLine": "lf" + } +} diff --git a/node_modules/ssri/package.json b/node_modules/ssri/package.json index 156d50ee6939a..65b14bc5a7970 100644 --- a/node_modules/ssri/package.json +++ b/node_modules/ssri/package.json @@ -1,6 +1,6 @@ { "name": "ssri", - "version": "10.0.0", + "version": "10.0.1", "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", "main": "lib/index.js", "files": [ @@ -47,11 +47,11 @@ "author": "GitHub Inc.", "license": "ISC", "dependencies": { - "minipass": "^3.1.1" + "minipass": "^4.0.0" }, "devDependencies": { - "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "4.5.1", + "@npmcli/eslint-config": "^4.0.0", + "@npmcli/template-oss": "4.10.0", "tap": "^16.0.1" }, "engines": { @@ -59,6 +59,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.5.1" + "version": "4.10.0" } } diff --git a/package-lock.json b/package-lock.json index 3642267bd831a..f02ac90a3031e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -145,7 +145,7 @@ "read-package-json-fast": "^3.0.1", "rimraf": "^3.0.2", "semver": "^7.3.8", - "ssri": "^10.0.0", + "ssri": "^10.0.1", "tar": "^6.1.12", "text-table": "~0.2.0", "tiny-relative-date": "^1.3.0", @@ -11635,16 +11635,29 @@ "dev": true }, "node_modules/ssri": { - "version": "10.0.0", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-10.0.1.tgz", + "integrity": "sha512-WVy6di9DlPOeBWEjMScpNipeSX2jIZBGEn5Uuo8Q7aIuFEuDX0pw8RxcOjlD1TWP4obi24ki7m/13+nFpcbXrw==", "inBundle": true, - "license": "ISC", "dependencies": { - "minipass": "^3.1.1" + "minipass": "^4.0.0" }, "engines": { "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/ssri/node_modules/minipass": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-4.0.0.tgz", + "integrity": "sha512-g2Uuh2jEKoht+zvO6vJqXmYpflPqzRBT+Th2h01DKh5z7wbY/AZ2gCQ78cP70YoHPyFdY30YBV5WxgLOEwOykw==", + "inBundle": true, + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/stack-utils": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.5.tgz", @@ -15067,7 +15080,7 @@ "promise-call-limit": "^1.0.1", "read-package-json-fast": "^3.0.1", "semver": "^7.3.7", - "ssri": "^10.0.0", + "ssri": "^10.0.1", "treeverse": "^3.0.0", "walk-up-path": "^1.0.0" }, @@ -15261,7 +15274,7 @@ "npm-package-arg": "^10.1.0", "npm-registry-fetch": "^14.0.3", "semver": "^7.3.7", - "ssri": "^10.0.0" + "ssri": "^10.0.1" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", diff --git a/package.json b/package.json index b8bd75a64ae01..2aa625df398e8 100644 --- a/package.json +++ b/package.json @@ -112,7 +112,7 @@ "read-package-json-fast": "^3.0.1", "rimraf": "^3.0.2", "semver": "^7.3.8", - "ssri": "^10.0.0", + "ssri": "^10.0.1", "tar": "^6.1.12", "text-table": "~0.2.0", "tiny-relative-date": "^1.3.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index c461aba3176fb..c3b957e6f74cd 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -33,7 +33,7 @@ "promise-call-limit": "^1.0.1", "read-package-json-fast": "^3.0.1", "semver": "^7.3.7", - "ssri": "^10.0.0", + "ssri": "^10.0.1", "treeverse": "^3.0.0", "walk-up-path": "^1.0.0" }, diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index f6d6a3cd54e44..ec09f0380ad18 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -43,7 +43,7 @@ "npm-package-arg": "^10.1.0", "npm-registry-fetch": "^14.0.3", "semver": "^7.3.7", - "ssri": "^10.0.0" + "ssri": "^10.0.1" }, "engines": { "node": "^14.17.0 || ^16.13.0 || >=18.0.0"