From 69e65b7bd4f63255cd5dbcb6853b1393be5dd45c Mon Sep 17 00:00:00 2001 From: Sumit Morchhale Date: Fri, 20 Mar 2026 15:12:15 +0530 Subject: [PATCH 1/5] fix vulner --- package-lock.json | 21 +++++---------------- package.json | 5 +++-- 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index bdc26be0..57142556 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "async-mutex": "^0.5.0", - "azure-pipelines-tool-lib": "^2.0.8", + "azure-pipelines-tool-lib": "2.0.8", "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", @@ -3169,18 +3169,6 @@ "uuid": "^3.0.1" } }, - "node_modules/azure-pipelines-task-lib/node_modules/minimatch": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.5.tgz", - "integrity": "sha512-tUpxzX0VAzJHjLu0xUfFv1gwVp9ba3IOuRAVH2EGuRW8a5emA2FlACLqiT/lDVtS1W+TGNwqz3sWaNyLgDJWuw==", - "license": "ISC", - "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, "node_modules/azure-pipelines-task-lib/node_modules/semver": { "version": "5.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", @@ -6443,9 +6431,10 @@ } }, "node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", + "license": "ISC", "dependencies": { "brace-expansion": "^1.1.7" }, diff --git a/package.json b/package.json index a657eb2e..572ecff9 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ ], "dependencies": { "async-mutex": "^0.5.0", - "azure-pipelines-tool-lib": "^2.0.8", + "azure-pipelines-tool-lib": "2.0.8", "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", @@ -55,7 +55,8 @@ "typescript": "^5.6.3" }, "overrides": { - "bluebird": "3.7.2" + "bluebird": "3.7.2", + "minimatch": "^3.1.4" }, "publishConfig": { "registry": "https://npm.pkg.github.com" From 5468a285a0a2e1d359fed11e1a992c989443035c Mon Sep 17 00:00:00 2001 From: Sumit Morchhale Date: Fri, 20 Mar 2026 15:38:59 +0530 Subject: [PATCH 2/5] fix tar version --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 57142556..6e630c9f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", - "tar": "^7.5.8", + "tar": "7.5.11", "unzipper": "^0.12.3" }, "devDependencies": { @@ -7500,9 +7500,9 @@ } }, "node_modules/tar": { - "version": "7.5.9", - "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.9.tgz", - "integrity": "sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg==", + "version": "7.5.11", + "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.11.tgz", + "integrity": "sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==", "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/fs-minipass": "^4.0.0", diff --git a/package.json b/package.json index 572ecff9..51d1f610 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", - "tar": "^7.5.8", + "tar": "^7.5.11", "unzipper": "^0.12.3" }, "scripts": { From df41f68262f0d5de3c52a74be023e93fd64c330e Mon Sep 17 00:00:00 2001 From: Sumit Morchhale Date: Fri, 20 Mar 2026 15:55:10 +0530 Subject: [PATCH 3/5] fix flatted version --- package-lock.json | 9 +++++---- package.json | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6e630c9f..37b371e4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", - "tar": "7.5.11", + "tar": "^7.5.11", "unzipper": "^0.12.3" }, "devDependencies": { @@ -4538,9 +4538,10 @@ } }, "node_modules/flatted": { - "version": "3.2.9", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.9.tgz", - "integrity": "sha512-36yxDn5H7OFZQla0/jFJmbIKTdZAQHngCedGxiMmpNfEZM0sdEeT+WczLQrjK6D7o2aiyLYDnkw0R3JK0Qv1RQ==" + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz", + "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==", + "license": "ISC" }, "node_modules/follow-redirects": { "version": "1.15.9", diff --git a/package.json b/package.json index 51d1f610..6f69786a 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,8 @@ }, "overrides": { "bluebird": "3.7.2", - "minimatch": "^3.1.4" + "minimatch": "^3.1.4", + "flatted": "3.4.2" }, "publishConfig": { "registry": "https://npm.pkg.github.com" From 65484a26081ccf1f5908895dfff123b04430f38c Mon Sep 17 00:00:00 2001 From: Sumit Morchhale Date: Fri, 20 Mar 2026 16:08:15 +0530 Subject: [PATCH 4/5] fix qs --- package-lock.json | 6 +++--- package.json | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 37b371e4..60d68596 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6884,9 +6884,9 @@ } }, "node_modules/qs": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", - "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", + "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" diff --git a/package.json b/package.json index 6f69786a..9bff46dd 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,8 @@ "overrides": { "bluebird": "3.7.2", "minimatch": "^3.1.4", - "flatted": "3.4.2" + "flatted": "3.4.2", + "qs": "6.14.2" }, "publishConfig": { "registry": "https://npm.pkg.github.com" From c1b88407af3630d1629822bb5cfe163a1f482b39 Mon Sep 17 00:00:00 2001 From: Sumit Morchhale Date: Fri, 20 Mar 2026 16:22:58 +0530 Subject: [PATCH 5/5] fix --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 60d68596..21fb4280 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "async-mutex": "^0.5.0", - "azure-pipelines-tool-lib": "2.0.8", + "azure-pipelines-tool-lib": "^2.0.8", "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2", diff --git a/package.json b/package.json index 9bff46dd..09390ee6 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ ], "dependencies": { "async-mutex": "^0.5.0", - "azure-pipelines-tool-lib": "2.0.8", + "azure-pipelines-tool-lib": "^2.0.8", "https-proxy-agent": "^7.0.6", "log4js": "^6.9.1", "node-fetch": "^3.3.2",