From 58c90d8c3b3f387a4b842d4b2df87c23c4f2fd72 Mon Sep 17 00:00:00 2001 From: Chris Brame Date: Tue, 15 Jun 2021 14:15:45 -0400 Subject: [PATCH] fix(security): security fix 2 #413 --- package.json | 4 +- src/controllers/accounts.js | 3 +- src/controllers/api/v1/tickets.js | 11 +-- src/controllers/main.js | 3 +- src/controllers/tickets.js | 4 +- src/models/ticket.js | 3 +- src/socketio/ticketSocket.js | 5 +- yarn.lock | 144 +++++++++++++++++++++++------- 8 files changed, 130 insertions(+), 47 deletions(-) diff --git a/package.json b/package.json index aa0fa4a2d..c6f5fc5de 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "ldapjs": "1.0.2", "lodash": "4.17.11", "mailparser": "2.4.3", - "marked": "0.6.1", + "marked": "2.0.7", "matchdep": "2.0.0", "memoize-one": "5.0.0", "mkdirp": "0.5.1", @@ -97,7 +97,7 @@ "redux-saga-thunk": "0.7.3", "request": "2.88.0", "rimraf": "2.6.3", - "sanitize-html": "1.20.0", + "sanitize-html": "2.4.0", "script-loader": "0.7.2", "semver": "5.6.0", "serve-favicon": "2.5.0", diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js index 6e90d73ae..2c074351d 100644 --- a/src/controllers/accounts.js +++ b/src/controllers/accounts.js @@ -19,6 +19,7 @@ var userSchema = require('../models/user') var groupSchema = require('../models/group') var permissions = require('../permissions') var emitter = require('../emitter') +var xss = require('xss') var accountsController = {} @@ -51,7 +52,7 @@ accountsController.signup = function (req, res) { if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) { content.data.privacyPolicy = 'No Privacy Policy has been set.' } else { - content.data.privacyPolicy = marked(privacyPolicy.value) + content.data.privacyPolicy = xss(marked(privacyPolicy.value)) } return res.render('pub_signup', content) diff --git a/src/controllers/api/v1/tickets.js b/src/controllers/api/v1/tickets.js index b6eba9d17..fdc95d1a6 100644 --- a/src/controllers/api/v1/tickets.js +++ b/src/controllers/api/v1/tickets.js @@ -442,7 +442,7 @@ apiTickets.create = function (req, res) { var tIssue = ticket.issue tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
') tIssue = sanitizeHtml(tIssue).trim() - ticket.issue = marked(tIssue) + ticket.issue = xss(marked(tIssue)) ticket.history = [HistoryItem] ticket.subscribers = [req.user._id] @@ -603,8 +603,8 @@ apiTickets.createPublicTicket = function (req, res) { group: group._id, type: ticketType._id, priority: _.first(ticketType.priorities)._id, // TODO: change when priority order is complete! - subject: sanitizeHtml(postData.ticket.subject).trim(), - issue: sanitizeHtml(postData.ticket.issue).trim(), + subject: xss(sanitizeHtml(postData.ticket.subject).trim()), + issue: xss(sanitizeHtml(postData.ticket.issue).trim()), history: [HistoryItem], subscribers: [savedUser._id] }) @@ -614,6 +614,7 @@ apiTickets.createPublicTicket = function (req, res) { tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
') tIssue = sanitizeHtml(tIssue).trim() ticket.issue = marked(tIssue) + ticket.issue = xss(ticket.issue) ticket.save(function (err, t) { if (err) return next(err) @@ -912,7 +913,7 @@ apiTickets.postComment = function (req, res) { var Comment = { owner: owner, date: new Date(), - comment: marked(comment) + comment: xss(marked(comment)) } t.updated = Date.now() @@ -984,7 +985,7 @@ apiTickets.postInternalNote = function (req, res) { var Note = { owner: payload.owner || req.user._id, date: new Date(), - note: marked(payload.note) + note: xss(marked(payload.note)) } ticket.updated = Date.now() diff --git a/src/controllers/main.js b/src/controllers/main.js index b1b280d57..4c691388a 100644 --- a/src/controllers/main.js +++ b/src/controllers/main.js @@ -18,6 +18,7 @@ var path = require('path') var passport = require('passport') var winston = require('winston') var pkg = require('../../package') +var xss = require('xss') var mainController = {} @@ -77,7 +78,7 @@ mainController.about = function (req, res) { if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) { content.data.privacyPolicy = 'No Privacy Policy has been set.' } else { - content.data.privacyPolicy = marked(privacyPolicy.value) + content.data.privacyPolicy = xss(marked(privacyPolicy.value)) } return res.render('about', content) diff --git a/src/controllers/tickets.js b/src/controllers/tickets.js index c3bb51c8e..8f303a53b 100644 --- a/src/controllers/tickets.js +++ b/src/controllers/tickets.js @@ -17,7 +17,7 @@ var winston = require('winston') var groupSchema = require('../models/group') var departmentSchema = require('../models/department') var permissions = require('../permissions') - +var xss = require('xss') /** * @since 1.0 * @author Chris Brame @@ -57,7 +57,7 @@ ticketsController.pubNewIssue = function (req, res) { if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) { content.data.privacyPolicy = 'No Privacy Policy has been set.' } else { - content.data.privacyPolicy = marked(privacyPolicy.value) + content.data.privacyPolicy = xss(marked(privacyPolicy.value)) } return res.render('pub_createTicket', content) diff --git a/src/models/ticket.js b/src/models/ticket.js index 1405fd1f9..a8b47dfac 100644 --- a/src/models/ticket.js +++ b/src/models/ticket.js @@ -19,6 +19,7 @@ var _ = require('lodash') var moment = require('moment') var sanitizeHtml = require('sanitize-html') // var redisCache = require('../cache/rediscache'); +var xss = require('xss') // Needed - For Population var groupSchema = require('./group') @@ -439,7 +440,7 @@ ticketSchema.methods.setIssue = function (ownerId, issue, callback) { var self = this issue = issue.replace(/(\r\n|\n\r|\r|\n)/g, '
') issue = sanitizeHtml(issue).trim() - self.issue = marked(issue) + self.issue = xss(marked(issue)) var historyItem = { action: 'ticket:update:issue', diff --git a/src/socketio/ticketSocket.js b/src/socketio/ticketSocket.js index a806f7c0c..158f9d388 100644 --- a/src/socketio/ticketSocket.js +++ b/src/socketio/ticketSocket.js @@ -23,6 +23,7 @@ var prioritySchema = require('../models/ticketpriority') var userSchema = require('../models/user') var roleSchema = require('../models/role') var permissions = require('../permissions') +var xss = require('xss') var events = {} @@ -332,7 +333,7 @@ events.onSetCommentText = function (socket) { comment = sanitizeHtml(comment).trim() - var markedComment = marked(comment) + var markedComment = xss(marked(comment)) ticketSchema.getTicketById(ticketId, function (err, ticket) { if (err) return winston.error(err) @@ -384,7 +385,7 @@ events.onSetNoteText = function (socket) { marked.setOptions({ breaks: true }) - var markedNote = marked(note) + var markedNote = xss(marked(note)) ticketSchema.getTicketById(ticketId, function (err, ticket) { if (err) return winston.error(err) diff --git a/yarn.lock b/yarn.lock index ae93a6286..2148016c4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1635,7 +1635,7 @@ array-union@^1.0.1, array-union@^1.0.2: dependencies: array-uniq "^1.0.1" -array-uniq@^1.0.1, array-uniq@^1.0.2: +array-uniq@^1.0.1: version "1.0.3" resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6" integrity sha1-r2rId6Jcx/dOBYiUdThY39sk/bY= @@ -2913,6 +2913,11 @@ color-name@1.1.3: resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25" integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU= +colorette@^1.2.2: + version "1.2.2" + resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.2.2.tgz#cbcc79d5e99caea2dbf10eb3a26fd8b3e6acfa94" + integrity sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w== + colors@1.0.3, colors@1.0.x: version "1.0.3" resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b" @@ -3691,6 +3696,11 @@ deepmerge@3.0.0: resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-3.0.0.tgz#ca7903b34bfa1f8c2eab6779280775a411bfc6ba" integrity sha512-a8z8bkgHsAML+uHLqmMS83HHlpy3PvZOOuiTQqaa3wu8ZVg3h0hqHk6aCsGdOnZV2XMM/FRimNGjUh0KCcmHBw== +deepmerge@^4.2.2: + version "4.2.2" + resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955" + integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg== + defaults@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d" @@ -3892,6 +3902,15 @@ dom-serializer@0, dom-serializer@~0.1.0: domelementtype "~1.1.1" entities "~1.1.1" +dom-serializer@^1.0.1: + version "1.3.2" + resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-1.3.2.tgz#6206437d32ceefaec7161803230c7a20bc1b4d91" + integrity sha512-5c54Bk5Dw4qAxNOI1pFEizPSjVsx5+bpJKmL2kPn8JhBUq2q09tTCa3mjijun2NfK78NMouDYNMBkOrPZiS+ig== + dependencies: + domelementtype "^2.0.1" + domhandler "^4.2.0" + entities "^2.0.0" + domain-browser@^1.1.1: version "1.2.0" resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.2.0.tgz#3d31f50191a6749dd1375a7f522e823d42e54eda" @@ -3902,6 +3921,11 @@ domelementtype@1, domelementtype@^1.3.0, domelementtype@^1.3.1: resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.1.tgz#d048c44b37b0d10a7f2a3d5fee3f4333d790481f" integrity sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w== +domelementtype@^2.0.1, domelementtype@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.2.0.tgz#9a0b6c2782ed6a1c7323d42267183df9bd8b1d57" + integrity sha512-DtBMo82pv1dFtUmHyr48beiuq792Sxohr+8Hm9zoxklYPfa6n0Z3Byjj2IV7bmr2IyqClnqEQhfgHJJ5QF0R5A== + domelementtype@~1.1.1: version "1.1.3" resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b" @@ -3921,6 +3945,13 @@ domhandler@^2.3.0: dependencies: domelementtype "1" +domhandler@^4.0.0, domhandler@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-4.2.0.tgz#f9768a5f034be60a89a27c2e4d0f74eba0d8b059" + integrity sha512-zk7sgt970kzPks2Bf+dwT/PLzghLnsivb9CcxkvR8Mzr66Olr0Ofd8neSbglHJHaHa2MadfoSdNlKYAaafmWfA== + dependencies: + domelementtype "^2.2.0" + domutils@1.5, domutils@1.5.1: version "1.5.1" resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf" @@ -3937,6 +3968,15 @@ domutils@^1.5.1: dom-serializer "0" domelementtype "1" +domutils@^2.5.2: + version "2.7.0" + resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.7.0.tgz#8ebaf0c41ebafcf55b0b72ec31c56323712c5442" + integrity sha512-8eaHa17IwJUPAiB+SoTYBo5mCdeMgdcAoXJ59m6DT1vw+5iLS3gNoqYaRowaBKtGVrOF1Jz4yDTgYKLK2kvfJg== + dependencies: + dom-serializer "^1.0.1" + domelementtype "^2.2.0" + domhandler "^4.2.0" + dot-prop@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-3.0.0.tgz#1b708af094a49c9a0e7dbcad790aba539dac1177" @@ -4216,6 +4256,11 @@ entities@^1.1.1, entities@~1.1.1: resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56" integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w== +entities@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55" + integrity sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A== + env-ci@^3.0.0: version "3.2.0" resolved "https://registry.yarnpkg.com/env-ci/-/env-ci-3.2.0.tgz#982f02a0501ca8c43bf0765c5bd3d83ffb28b23a" @@ -4316,6 +4361,11 @@ escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1 resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= +escape-string-regexp@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" + integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== + escodegen@1.8.x: version "1.8.1" resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.8.1.tgz#5a5b53af4693110bebb0867aa3430dd3b70a1018" @@ -6097,7 +6147,7 @@ htmlparser2@3.8.x: entities "1.0" readable-stream "1.1" -htmlparser2@^3.10.0, htmlparser2@^3.9.0: +htmlparser2@^3.9.0: version "3.10.1" resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.10.1.tgz#bd679dc3f59897b6a34bb10749c855bb53a9392f" integrity sha512-IgieNijUMbkDovyoKObU1DUhm1iwNYE/fuifEoEHfd1oZKZDaONBSkal7Y01shxsM49R4XaMdGez3WnF9UfiCQ== @@ -6121,6 +6171,16 @@ htmlparser2@^3.9.1, htmlparser2@^3.9.2: inherits "^2.0.1" readable-stream "^3.0.6" +htmlparser2@^6.0.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-6.1.0.tgz#c4d762b6c3371a05dbe65e94ae43a9f845fb8fb7" + integrity sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A== + dependencies: + domelementtype "^2.0.1" + domhandler "^4.0.0" + domutils "^2.5.2" + entities "^2.0.0" + http-cache-semantics@^3.8.1: version "3.8.1" resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz#39b0e16add9b605bf0a9ef3d9daaf4843b4cacd2" @@ -6790,6 +6850,11 @@ is-plain-object@^2.0.1, is-plain-object@^2.0.3, is-plain-object@^2.0.4: dependencies: isobject "^3.0.1" +is-plain-object@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344" + integrity sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q== + is-promise@^2.0.0, is-promise@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/is-promise/-/is-promise-2.1.0.tgz#79a2a9ece7f096e80f36d2b2f3bc16c1ff4bf3fa" @@ -7253,6 +7318,11 @@ kind-of@^6.0.0, kind-of@^6.0.2: resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.2.tgz#01146b36a6218e64e58f3a8d66de5d7fc6f6d051" integrity sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA== +klona@^2.0.3: + version "2.0.4" + resolved "https://registry.yarnpkg.com/klona/-/klona-2.0.4.tgz#7bb1e3affb0cb8624547ef7e8f6708ea2e39dfc0" + integrity sha512-ZRbnvdg/NxqzC7L9Uyqzf4psi1OM4Cuc+sJAkQPjO6XkQIJTNbfK2Rsmbw8fx1p2mkZdp2FZYo2+LwXYY/uwIA== + latest-version@^3.0.0: version "3.1.0" resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-3.1.0.tgz#a205383fea322b33b5ae3b18abee0dc2f356ee15" @@ -7742,11 +7812,6 @@ lodash.merge@^4.4.0, lodash.merge@^4.6.0: resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.1.tgz#adc25d9cb99b9391c59624f379fbba60d7111d54" integrity sha512-AOYza4+Hf5z1/0Hztxpm2/xiPZgi/cjMqdnKTUWTBSKchJlxXXuUSxCCl8rJlf4g6yww/j6mA8nC8Hw/EZWxKQ== -lodash.mergewith@^4.6.1: - version "4.6.1" - resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.1.tgz#639057e726c3afbdb3e7d42741caa8d6e4335927" - integrity sha512-eWw5r+PYICtEBgrBE5hhlT6aAa75f411bgDz/ZL2KZqYV03USvucsxcHUIlGTDTECs1eunpI7HOV7U+WLDvNdQ== - lodash.once@^4.0.0: version "4.1.1" resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac" @@ -8064,10 +8129,10 @@ marked-terminal@^3.2.0: node-emoji "^1.4.1" supports-hyperlinks "^1.0.1" -marked@0.6.1: - version "0.6.1" - resolved "https://registry.yarnpkg.com/marked/-/marked-0.6.1.tgz#a63addde477bca9613028de4b2bc3629e53a0562" - integrity sha512-+H0L3ibcWhAZE02SKMqmvYsErLo4EAVJxu5h3bHBBDvvjeWXtl92rGUSBYHL2++5Y+RSNgl8dYOAXcYe7lp1fA== +marked@2.0.7: + version "2.0.7" + resolved "https://registry.yarnpkg.com/marked/-/marked-2.0.7.tgz#bc5b857a09071b48ce82a1f7304913a993d4b7d1" + integrity sha512-BJXxkuIfJchcXOJWTT2DOL+yFWifFv2yGYOUzvXg8Qz610QKw+sHCvTMYwA+qWGhlA2uivBezChZ/pBy1tWdkQ== marked@^0.6.0: version "0.6.0" @@ -8656,6 +8721,11 @@ nan@^2.13.2: resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.2.tgz#f5376400695168f4cc694ac9393d0c9585eeea19" integrity sha512-M2ufzIiINKCuDfBSAUr1vWQ+vuVcA9kqx8JJUsbQi6yf1uGRyb7HfpdfUr5qLXf3B/t8dPvcjhKMmlfnP47EzQ== +nanoid@^3.1.23: + version "3.1.23" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.23.tgz#f744086ce7c2bc47ee0a8472574d5c78e4183a81" + integrity sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw== + nanomatch@^1.2.9: version "1.2.13" resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119" @@ -9661,6 +9731,11 @@ parse-passwd@^1.0.0: resolved "https://registry.yarnpkg.com/parse-passwd/-/parse-passwd-1.0.0.tgz#6d5b934a456993b23d37f40a382d6f1666a8e5c6" integrity sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY= +parse-srcset@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/parse-srcset/-/parse-srcset-1.0.2.tgz#f2bd221f6cc970a938d88556abc589caaaa2bde1" + integrity sha1-8r0iH2zJcKk42IVWq8WJyqqiveE= + parse5@^3.0.1: version "3.0.3" resolved "https://registry.yarnpkg.com/parse5/-/parse5-3.0.3.tgz#042f792ffdd36851551cf4e9e066b3874ab45b5c" @@ -10048,6 +10123,15 @@ postcss@^7.0.5, postcss@^7.0.6: source-map "^0.6.1" supports-color "^6.1.0" +postcss@^8.0.2: + version "8.3.4" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.3.4.tgz#41ece1c43f2f7c74dc7d90144047ce052757b822" + integrity sha512-/tZY0PXExXXnNhKv3TOvZAOUYRyuqcCbBm2c17YMDK0PlVII3K7/LKdt3ScHL+hhouddjUWi+1sKDf9xXW+8YA== + dependencies: + colorette "^1.2.2" + nanoid "^3.1.23" + source-map-js "^0.6.2" + precond@0.2: version "0.2.3" resolved "https://registry.yarnpkg.com/precond/-/precond-0.2.3.tgz#aa9591bcaa24923f1e0f4849d240f47efc1075ac" @@ -11320,21 +11404,18 @@ safefs@^3.1.2: resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -sanitize-html@1.20.0: - version "1.20.0" - resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.20.0.tgz#9a602beb1c9faf960fb31f9890f61911cc4d9156" - integrity sha512-BpxXkBoAG+uKCHjoXFmox6kCSYpnulABoGcZ/R3QyY9ndXbIM5S94eOr1IqnzTG8TnbmXaxWoDDzKC5eJv7fEQ== +sanitize-html@2.4.0: + version "2.4.0" + resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-2.4.0.tgz#8da7524332eb210d968971621b068b53f17ab5a3" + integrity sha512-Y1OgkUiTPMqwZNRLPERSEi39iOebn2XJLbeiGOBhaJD/yLqtLGu6GE5w7evx177LeGgSE+4p4e107LMiydOf6A== dependencies: - chalk "^2.4.1" - htmlparser2 "^3.10.0" - lodash.clonedeep "^4.5.0" - lodash.escaperegexp "^4.1.2" - lodash.isplainobject "^4.0.6" - lodash.isstring "^4.0.1" - lodash.mergewith "^4.6.1" - postcss "^7.0.5" - srcset "^1.0.0" - xtend "^4.0.1" + deepmerge "^4.2.2" + escape-string-regexp "^4.0.0" + htmlparser2 "^6.0.0" + is-plain-object "^5.0.0" + klona "^2.0.3" + parse-srcset "^1.0.2" + postcss "^8.0.2" saslprep@^1.0.0: version "1.0.2" @@ -12039,6 +12120,11 @@ source-list-map@^2.0.0: resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.1.tgz#3993bd873bfc48479cca9ea3a547835c7c154b34" integrity sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw== +source-map-js@^0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-0.6.2.tgz#0bb5de631b41cfbda6cfba8bd05a80efdfd2385e" + integrity sha512-/3GptzWzu0+0MBQFrDKzw/DvvMTUORvgY6k6jd/VS6iCR4RDTKWH6v6WPwQoUO8667uQEf9Oe38DxAYWY5F/Ug== + source-map-resolve@^0.5.0: version "0.5.2" resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.2.tgz#72e2cc34095543e43b2c62b2c4c10d4a9054f259" @@ -12178,14 +12264,6 @@ sprintf-js@~1.0.2: resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= -srcset@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/srcset/-/srcset-1.0.0.tgz#a5669de12b42f3b1d5e83ed03c71046fc48f41ef" - integrity sha1-pWad4StC87HV6D7QPHEEb8SPQe8= - dependencies: - array-uniq "^1.0.2" - number-is-nan "^1.0.0" - sshpk@^1.7.0: version "1.16.1" resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"