Blob Blame History Raw
From 76121bc49ce1d5417202ce0a567e4f0f00c75667 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Tue, 5 Apr 2022 17:40:30 +0200
Subject: [PATCH] upgrade @braintree/sanitize-url to v6.0.0

Resolves: CVE-2021-23648

diff --git a/package.json b/package.json
index 831586ad88..ab8b142ed9 100644
--- a/package.json
+++ b/package.json
@@ -209,7 +209,6 @@
     "@sentry/utils": "5.24.2",
     "@torkelo/react-select": "3.0.8",
     "@types/antlr4": "^4.7.1",
-    "@types/braintree__sanitize-url": "4.0.0",
     "@types/common-tags": "^1.8.0",
     "@types/hoist-non-react-statics": "3.3.1",
     "@types/jsurl": "^1.2.28",
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
index b24b1af2f4..c3f1b4e181 100644
--- a/packages/grafana-data/package.json
+++ b/packages/grafana-data/package.json
@@ -22,7 +22,7 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@braintree/sanitize-url": "4.0.0",
+    "@braintree/sanitize-url": "6.0.0",
     "@types/d3-interpolate": "^1.3.1",
     "apache-arrow": "0.16.0",
     "eventemitter3": "4.0.7",
@@ -36,7 +36,6 @@
     "@rollup/plugin-commonjs": "16.0.0",
     "@rollup/plugin-json": "4.1.0",
     "@rollup/plugin-node-resolve": "10.0.0",
-    "@types/braintree__sanitize-url": "4.0.0",
     "@types/jest": "26.0.15",
     "@types/jquery": "3.3.38",
     "@types/lodash": "4.14.123",
diff --git a/yarn.lock b/yarn.lock
index 3f5e5b80d6..a84bfebaa7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3030,10 +3030,10 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@braintree/sanitize-url@4.0.0":
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-4.0.0.tgz#2cda79ffd67b6ea919a63b5e1a883b92d636e844"
-  integrity sha512-bOoFoTxuEUuri/v1q0OXN0HIrZ2EiZlRSKdveU8vS5xf2+g0TmpXhmxkTc1s+XWR5xZNoVU4uvf/Mher98tfLw==
+"@braintree/sanitize-url@6.0.0":
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
+  integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
 
 "@cnakazawa/watch@^1.0.3":
   version "1.0.3"
@@ -5752,11 +5752,6 @@
   resolved "https://registry.yarnpkg.com/@types/braces/-/braces-3.0.0.tgz#7da1c0d44ff1c7eb660a36ec078ea61ba7eb42cb"
   integrity sha512-TbH79tcyi9FHwbyboOKeRachRq63mSuWYXOflsNO9ZyE5ClQ/JaozNKl+aWUq87qPNsXasXxi2AbgfwIJ+8GQw==
 
-"@types/braintree__sanitize-url@4.0.0":
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/@types/braintree__sanitize-url/-/braintree__sanitize-url-4.0.0.tgz#0e8a834501f8c375d4b3fb8dcf9398a08ebe068d"
-  integrity sha512-69eGJ8808/WfTJGsvMi1pxQ9UG5Z+llD1x9ash5QX+qvxElDD+eYNAn19cTEVTq6WwUqrqlaTWVCKaTRFTuGmA==
-
 "@types/cheerio@*":
   version "0.22.13"
   resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.13.tgz#5eecda091a24514185dcba99eda77e62bf6523e6"