From ea52970460b74dc06871301d1e14e9b0d4fe5e0a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 14 Nov 2025 23:12:40 +0000 Subject: [PATCH] fix: jupyterlab/staging/package.json & jupyterlab/staging/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-VEGAEXPRESSION-13961124 --- jupyterlab/staging/package.json | 2 +- jupyterlab/staging/yarn.lock | 69 +++++++++++++++++++++++++++++++-- 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/jupyterlab/staging/package.json b/jupyterlab/staging/package.json index 46a3a2783e23..46b921d1f220 100644 --- a/jupyterlab/staging/package.json +++ b/jupyterlab/staging/package.json @@ -172,7 +172,7 @@ "@jupyterlab/ui-components-extension": "~4.0.0-alpha.6", "@jupyterlab/user-extension": "~4.0.0-alpha.6", "@jupyterlab/vdom-extension": "~4.0.0-alpha.6", - "@jupyterlab/vega5-extension": "~4.0.0-alpha.6" + "@jupyterlab/vega5-extension": "~4.0.0" }, "devDependencies": { "@jupyterlab/builder": "^4.0.0-alpha.6", diff --git a/jupyterlab/staging/yarn.lock b/jupyterlab/staging/yarn.lock index c50b5646d2ee..fd8b3bab1a03 100644 --- a/jupyterlab/staging/yarn.lock +++ b/jupyterlab/staging/yarn.lock @@ -1380,7 +1380,7 @@ "@jupyterlab/rendermime" "^4.0.0-alpha.6" "@jupyterlab/translation" "^4.0.0-alpha.6" -"@jupyterlab/rendermime-interfaces@^3.11.6", "@jupyterlab/rendermime-interfaces@^4.0.0-alpha.6", "@jupyterlab/rendermime-interfaces@~4.0.0-alpha.6": +"@jupyterlab/rendermime-interfaces@^3.11.6", "@jupyterlab/rendermime-interfaces@^3.8.13", "@jupyterlab/rendermime-interfaces@^4.0.0-alpha.6", "@jupyterlab/rendermime-interfaces@~4.0.0-alpha.6": version "4.0.0-alpha.6" resolved "https://registry.yarnpkg.com/@jupyterlab%2frendermime-interfaces/-/rendermime-interfaces-4.0.0-alpha.6.tgz#af85c1d1615b010b2f829eb87e115aeb030eda9e" integrity sha512-1luboGk8iyNHbWVzFJ/dDREqK/WTl9OB6QiIovv+IXg/wVp7iQ0kkZ7+GtRR12xC6ElegoUdz4cfKsk/DfZlXw== @@ -1819,6 +1819,18 @@ vega-embed "^6.2.1" vega-lite "^5.1.0" +"@jupyterlab/vega5-extension@~4.0.0": + version "4.0.13" + resolved "https://registry.yarnpkg.com/@jupyterlab/vega5-extension/-/vega5-extension-4.0.13.tgz#c39700712d6547c925269f0dd2ba15118ff12196" + integrity sha512-e+Ty9etFLvnX3DRxVkDcoz1UDi27smaAc5LQrHo9tF2eu1MmyTWfp+6waRvZ4J6GaLfCNzgfXg1/sJcgi4sMWg== + dependencies: + "@jupyterlab/rendermime-interfaces" "^3.8.13" + "@lumino/coreutils" "^2.1.2" + "@lumino/widgets" "^2.3.0" + vega "^5.20.0" + vega-embed "^6.2.1" + vega-lite "^5.6.1-next.1" + "@lumino/algorithm@^1.9.1", "@lumino/algorithm@^2.0.2": version "1.9.1" resolved "https://registry.yarnpkg.com/@lumino/algorithm/-/algorithm-1.9.1.tgz#a870598e031f5ee85e20e77ce7bfffbb0dffd7f5" @@ -1853,7 +1865,7 @@ "@lumino/signaling" "^1.10.1" "@lumino/virtualdom" "^1.14.1" -"@lumino/coreutils@^1.11.1", "@lumino/coreutils@^1.12.0", "@lumino/coreutils@^2.2.0": +"@lumino/coreutils@^1.11.1", "@lumino/coreutils@^1.12.0", "@lumino/coreutils@^2.1.2", "@lumino/coreutils@^2.2.0": version "1.12.0" resolved "https://registry.yarnpkg.com/@lumino%2fcoreutils/-/coreutils-1.12.0.tgz#fbdef760f736eaf2bd396a5c6fc3a68a4b449b15" integrity sha512-DSglh4ylmLi820CNx9soJmDJCpUgymckdWeGWuN0Ash5g60oQvrQDfosVxEhzmNvtvXv45WZEqSBzDP6E5SEmQ== @@ -1944,7 +1956,7 @@ dependencies: "@lumino/algorithm" "^1.9.1" -"@lumino/widgets@^1.30.0", "@lumino/widgets@^1.31.1", "@lumino/widgets@^2.5.0": +"@lumino/widgets@^1.30.0", "@lumino/widgets@^1.31.1", "@lumino/widgets@^2.3.0", "@lumino/widgets@^2.5.0": version "1.31.1" resolved "https://registry.yarnpkg.com/@lumino%2fwidgets/-/widgets-1.31.1.tgz#c9c0b8c7940b412e55369fa277392bf86c6e4136" integrity sha512-4RzAMqWwWHa5IiaQaeIbiZdIBm/FOg6ub0w8dG3km0k+zIQyA4LFq2dbB1w6SHT1d06N+L/ebYfgvMFswPENag== @@ -2851,6 +2863,15 @@ cliui@^7.0.2: strip-ansi "^6.0.0" wrap-ansi "^7.0.0" +cliui@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa" + integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== + dependencies: + string-width "^4.2.0" + strip-ansi "^6.0.1" + wrap-ansi "^7.0.0" + clone-deep@^4.0.1: version "4.0.1" resolved "https://registry.yarnpkg.com/clone-deep/-/clone-deep-4.0.1.tgz#c19fd9bdbbf85942b4fd979c84dcf7d5f07c2387" @@ -4638,6 +4659,11 @@ json-stringify-pretty-compact@^3.0.0, json-stringify-pretty-compact@~3.0.0: resolved "https://registry.yarnpkg.com/json-stringify-pretty-compact/-/json-stringify-pretty-compact-3.0.0.tgz#f71ef9d82ef16483a407869556588e91b681d9ab" integrity sha512-Rc2suX5meI0S3bfdZuA7JMFBGkJ875ApfVyq2WHELjBiiG22My/l7/8zPpH/CfFVQHuVLd8NLR0nv6vi0BYYKA== +json-stringify-pretty-compact@~4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/json-stringify-pretty-compact/-/json-stringify-pretty-compact-4.0.0.tgz#cf4844770bddee3cb89a6170fe4b00eee5dbf1d4" + integrity sha512-3CNZ2DnrpByG9Nqj6Xo8vqbjT4F6N+tb4Gb28ESAZjYZ5yqvmc56J+/kuIwkaAMOyblTQhUW7PxMkUb8Q36N3Q== + json-stringify-safe@~5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb" @@ -6295,7 +6321,7 @@ steno@^0.4.1: dependencies: graceful-fs "^4.1.3" -string-width@^4.1.0, string-width@^4.2.0: +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -6558,6 +6584,11 @@ tslib@^2.0.3, tslib@^2.2.0, tslib@~2.2.0: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.2.0.tgz#fb2c475977e35e241311ede2693cee1ec6698f5c" integrity sha512-gS9GVHRU+RGn5KQM2rllAlR3dU6m7AcpJKdtH8gFvQiC4Otgk98XnmMU+nZenHt/+VhnBPWwgrJsyrdcw6i23w== +tslib@~2.8.1: + version "2.8.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f" + integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w== + tsscmp@1.0.6: version "1.0.6" resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb" @@ -6929,6 +6960,18 @@ vega-lite@^5.1.0: vega-util "~1.16.1" yargs "~16.2.0" +vega-lite@^5.6.1-next.1: + version "5.23.0" + resolved "https://registry.yarnpkg.com/vega-lite/-/vega-lite-5.23.0.tgz#342cbe8e5ccd3e3eeb4721818b1d5cb26b60ad8a" + integrity sha512-l4J6+AWE3DIjvovEoHl2LdtCUkfm4zs8Xxx7INwZEAv+XVb6kR6vIN1gt3t2gN2gs/y4DYTs/RPoTeYAuEg6mA== + dependencies: + json-stringify-pretty-compact "~4.0.0" + tslib "~2.8.1" + vega-event-selector "~3.0.1" + vega-expression "~5.1.1" + vega-util "~1.17.2" + yargs "~17.7.2" + vega-loader@^4.5.2, vega-loader@~4.5.2: version "4.5.2" resolved "https://registry.yarnpkg.com/vega-loader/-/vega-loader-4.5.2.tgz#7212f093c397b153f69f7e6cfef47817c17c5c01" @@ -7528,6 +7571,11 @@ yargs-parser@^20.2.2: resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.4.tgz#b42890f14566796f85ae8e3a25290d205f154a54" integrity sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA== +yargs-parser@^21.1.1: + version "21.1.1" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35" + integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== + yargs@~16.2.0: version "16.2.0" resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66" @@ -7541,6 +7589,19 @@ yargs@~16.2.0: y18n "^5.0.5" yargs-parser "^20.2.2" +yargs@~17.7.2: + version "17.7.2" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269" + integrity sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== + dependencies: + cliui "^8.0.1" + escalade "^3.1.1" + get-caller-file "^2.0.5" + require-directory "^2.1.1" + string-width "^4.2.3" + y18n "^5.0.5" + yargs-parser "^21.1.1" + yarn-deduplicate@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/yarn-deduplicate/-/yarn-deduplicate-2.1.1.tgz#500a3010e4bdee3c3250936e210910c7cae3d75d"