fix: security vulnerabilities from fast-xml-parser and semver packages (#18)

Co-authored-by: Verinder Singh <[email protected]>

Author: verinderpb

NOTICE.txt

@@ -16,8 +16,8 @@ This software includes third party software subject to the following copyrights:
 @aws-cdk/[email protected]                             Apache-2.0
 @aws-cdk/[email protected]                             Apache-2.0
 @aws-cdk/[email protected]                   Apache-2.0
-@aws-cdk/aws-servicecatalogappregistry-alpha@2.76.0-alpha.0  Apache-2.0
-@aws-cdk/aws-synthetics-alpha@2.76.0-alpha.0                 Apache-2.0
+@aws-cdk/aws-servicecatalogappregistry-alpha@2.85.0-alpha.0  Apache-2.0
+@aws-cdk/aws-synthetics-alpha@2.85.0-alpha.0                 Apache-2.0
 @balena/[email protected]                                   Apache-2.0
 @colors/[email protected]                                         MIT
 @dabh/[email protected]                                      MIT
@@ -30,7 +30,7 @@ [email protected]                                           MIT
 [email protected]                                                  MIT
 [email protected]                                          ISC
 [email protected]                                 MIT
-aws-cdk-lib@2.76.0                                           Apache-2.0
+aws-cdk-lib@2.85.0                                           Apache-2.0
 [email protected]                                             Apache-2.0
 [email protected]                                         MIT
 [email protected]                                              MIT
@@ -248,7 +248,7 @@ [email protected]                                      Python-2.0
 [email protected]                                  MIT
 [email protected]                                         MIT
 [email protected]                                 ISC
-aws-cdk-lib@2.76.0                                  Apache-2.0
+aws-cdk-lib@2.85.0                                  Apache-2.0
 [email protected]                                MIT
 [email protected]                             Apache-2.0
 [email protected]                      Apache-2.0

source/blueprint-infrastructure/package-lock.json

@@ -26,7 +26,7 @@
         "@types/node": "^18.14.5",
         "@typescript-eslint/eslint-plugin": "^5.54.1",
         "@typescript-eslint/parser": "^5.54.1",
-        "aws-cdk": "^2.76.0",
+        "aws-cdk": "^2.85.0",
         "aws-lambda": "^1.0.7",
         "aws-sdk-client-mock": "^2.0.1",
         "constructs": "^10.1.84",
@@ -53,10 +53,14 @@
         "@aws-sdk/client-sns": "^3.310.0",
         "@aws-sdk/lib-dynamodb": "^3.310.0",
         "@octokit/rest": "^19.0.3",
-        "aws-cdk-lib": "^2.76.0",
+        "aws-cdk-lib": "^2.85.0",
         "js-yaml": "^4.1.0",
         "js-yaml-cloudformation-schema": "^1.0.0",
         "source-map-support": "^0.5.21",
         "winston": "^3.8.1"
+    },
+    "overrides": {
+        "fast-xml-parser": "^4.2.5",
+        "semver": "^7.5.3"
     }
 }

source/blueprint-infrastructure/package.json

@@ -81,6 +81,7 @@
         "nth-check": "^2.0.1",
         "jest": "^29.3.1",
         "webpack": "^5.81.0",
-        "yaml": "^2.2.2"
+        "yaml": "^2.2.2",
+        "fast-xml-parser": "^4.2.5"
     }
 }

source/blueprint-ui/package.json

@@ -7916,17 +7916,12 @@ fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6:
   resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
   integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==
 
-[email protected]:
-  version "3.19.0"
-  resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-3.19.0.tgz#cb637ec3f3999f51406dd8ff0e6fc4d83e520d01"
-  integrity sha512-4pXwmBplsCPv8FOY1WRakF970TjNGnGnfbOnLqjlYvMiF1SR3yOHyxMR/YCXpPTOspNF5gwudqktIP4VsWkvBg==
-
-fast-xml-parser@^3.16.0:
-  version "3.21.1"
-  resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz#152a1d51d445380f7046b304672dd55d15c9e736"
-  integrity sha512-FTFVjYoBOZTJekiUsawGsSYV9QL0A+zDYCRj7y34IO6Jg+2IMYEtQa+bbictpdpV8dHxXywqU7C0gRDEOFtBFg==
+[email protected], fast-xml-parser@^3.16.0, fast-xml-parser@^4.2.5:
+  version "4.2.5"
+  resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz#a6747a09296a6cb34f2ae634019bf1738f3b421f"
+  integrity sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==
   dependencies:
-    strnum "^1.0.4"
+    strnum "^1.0.5"
 
 fastq@^1.6.0:
   version "1.15.0"
@@ -13069,7 +13064,7 @@ strip-json-comments@^3.1.0, strip-json-comments@^3.1.1:
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
   integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
 
-strnum@^1.0.4:
+strnum@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/strnum/-/strnum-1.0.5.tgz#5c4e829fe15ad4ff0d20c3db5ac97b73c9b072db"
   integrity sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==

source/blueprint-ui/yarn.lock

@@ -15,14 +15,14 @@
     "devDependencies": {
         "@types/jest": "^28.1.7",
         "@types/node": "^18.7.11",
-        "aws-cdk": "^2.76.0",
+        "aws-cdk": "^2.85.0",
         "jest": "^26.4.2",
         "ts-jest": "^28.0.8",
         "ts-node": "^10.9.1",
         "typescript": "^4.8.4"
     },
     "dependencies": {
-        "aws-cdk-lib": "^2.76.0",
+        "aws-cdk-lib": "^2.85.0",
         "constructs": "^10.1.84",
         "source-map-support": "^0.5.16"
     }