fix: updating json-schema to prevent vulnerability issue

460bfaba · [MSFT] Sally Ransom · Sumra Zafar · 62624ad7 · 460bfaba · 460bfaba
Commit 460bfaba authored Nov 17, 2021 by [MSFT] Sally Ransom Committed by Sumra Zafar Nov 17, 2021
--- a/NOTICE
+++ b/NOTICE
@@ -7,7 +7,7 @@ AFL-3.0
 ========================================================================
 The following software have components provided under the terms of this license:

- json-schema (from http://github.com/kriszyp/json-schema)
+- json-schema (from https://www.npmjs.com/package/json-schema)

 ========================================================================
 Apache-2.0
@@ -48,7 +48,7 @@ The following software have components provided under the terms of this license:
 - aws-sign2 (from https://www.npmjs.com/package/aws-sign2)
 - boto3 (from https://github.com/boto/boto3)
 - botocore (from https://github.com/boto/botocore)
- browser-request (from http://github.com/iriscouch/browser-request)
+- browser-request (from https://www.npmjs.com/package/browser-request)
 - caseless (from https://www.npmjs.com/package/caseless)
 - cloudant-follow (from https://www.npmjs.com/package/cloudant-follow)
 - cluster-key-slot (from https://www.npmjs.com/package/cluster-key-slot)
@@ -123,7 +123,7 @@ The following software have components provided under the terms of this license:
 - continuation-local-storage (from https://www.npmjs.com/package/continuation-local-storage)
 - docutils (from http://docutils.sourceforge.net/)
 - dotenv (from https://www.npmjs.com/package/dotenv)
- emitter-listener (from https://github.com/othiym23/emitter-listener)
+- emitter-listener (from https://www.npmjs.com/package/emitter-listener)
 - ieee754 (from https://www.npmjs.com/package/ieee754)
 - node-forge (from https://www.npmjs.com/package/node-forge)
 - node-forge (from https://www.npmjs.com/package/node-forge)
@@ -135,9 +135,9 @@ The following software have components provided under the terms of this license:
 - qs (from https://www.npmjs.com/package/qs)
 - qs (from https://www.npmjs.com/package/qs)
 - rc (from https://www.npmjs.com/package/rc)
- shimmer (from https://github.com/othiym23/shimmer#readme)
+- shimmer (from https://www.npmjs.com/package/shimmer)
 - source-map (from https://www.npmjs.com/package/source-map)
- sprintf-js (from https://github.com/alexei/sprintf.js#readme)
+- sprintf-js (from https://www.npmjs.com/package/sprintf-js)
 - tough-cookie (from https://www.npmjs.com/package/tough-cookie)
 - tough-cookie (from https://www.npmjs.com/package/tough-cookie)
 - tslib (from https://www.npmjs.com/package/tslib)
@@ -174,7 +174,7 @@ The following software have components provided under the terms of this license:
 - google-gax (from https://www.npmjs.com/package/google-gax)
 - idna (from https://github.com/kjd/idna)
 - ieee754 (from https://www.npmjs.com/package/ieee754)
- json-schema (from http://github.com/kriszyp/json-schema)
+- json-schema (from https://www.npmjs.com/package/json-schema)
 - node-forge (from https://www.npmjs.com/package/node-forge)
 - node-forge (from https://www.npmjs.com/package/node-forge)
 - node-pre-gyp (from https://www.npmjs.com/package/node-pre-gyp)
@@ -187,13 +187,13 @@ The following software have components provided under the terms of this license:
 - qs (from https://www.npmjs.com/package/qs)
 - rc (from https://www.npmjs.com/package/rc)
 - source-map (from https://www.npmjs.com/package/source-map)
- sprintf-js (from https://github.com/alexei/sprintf.js#readme)
+- sprintf-js (from https://www.npmjs.com/package/sprintf-js)
 - stack-chain (from https://www.npmjs.com/package/stack-chain)
 - tough-cookie (from https://www.npmjs.com/package/tough-cookie)
 - tough-cookie (from https://www.npmjs.com/package/tough-cookie)
 - tslib (from https://www.npmjs.com/package/tslib)
 - uri-js (from https://www.npmjs.com/package/uri-js)
- url-template (from https://github.com/bramstein/url-template)
+- url-template (from https://www.npmjs.com/package/url-template)
 - uuid (from https://www.npmjs.com/package/uuid)
 - uuid (from https://www.npmjs.com/package/uuid)
 - uuid (from https://www.npmjs.com/package/uuid)
@@ -202,13 +202,6 @@ The following software have components provided under the terms of this license:
 - xss-filters (from https://www.npmjs.com/package/xss-filters)
 - yamljs (from https://www.npmjs.com/package/yamljs)

-========================================================================
-BSD-3-Clause-Clear
-========================================================================
-The following software have components provided under the terms of this license:
-
- sprintf-js (from https://github.com/alexei/sprintf.js#readme)
-
 ========================================================================
 CC-BY-4.0
 ========================================================================
@@ -240,7 +233,6 @@ GPL-3.0-only
 The following software have components provided under the terms of this license:

 - docutils (from http://docutils.sourceforge.net/)
- xmlrunner (from https://github.com/pycontribs/xmlrunner)

 ========================================================================
 GPL-3.0-or-later
@@ -272,7 +264,7 @@ The following software have components provided under the terms of this license:
 - har-schema (from https://www.npmjs.com/package/har-schema)
 - has-unicode (from https://www.npmjs.com/package/has-unicode)
 - ignore-walk (from https://www.npmjs.com/package/ignore-walk)
- inflight (from https://github.com/isaacs/inflight)
+- inflight (from https://www.npmjs.com/package/inflight)
 - inherits (from https://www.npmjs.com/package/inherits)
 - inherits (from https://www.npmjs.com/package/inherits)
 - ini (from https://www.npmjs.com/package/ini)
@@ -280,7 +272,7 @@ The following software have components provided under the terms of this license:
 - json-stringify-safe (from https://github.com/isaacs/json-stringify-safe)
 - jwtproxy (from https://www.npmjs.com/package/jwtproxy)
 - lockfile (from https://www.npmjs.com/package/lockfile)
- log-driver (from https://github.com/cainus/logdriver)
+- log-driver (from https://www.npmjs.com/package/log-driver)
 - lru-cache (from https://www.npmjs.com/package/lru-cache)
 - lru-cache (from https://www.npmjs.com/package/lru-cache)
 - lru-cache (from https://www.npmjs.com/package/lru-cache)
@@ -306,12 +298,12 @@ The following software have components provided under the terms of this license:
 - semver (from https://www.npmjs.com/package/semver)
 - semver (from https://www.npmjs.com/package/semver)
 - semver (from https://www.npmjs.com/package/semver)
- set-blocking (from https://github.com/yargs/set-blocking#readme)
+- set-blocking (from https://www.npmjs.com/package/set-blocking)
 - setprototypeof (from https://www.npmjs.com/package/setprototypeof)
 - signal-exit (from https://www.npmjs.com/package/signal-exit)
 - stealthy-require (from https://www.npmjs.com/package/stealthy-require)
 - tar (from https://www.npmjs.com/package/tar)
- which (from https://github.com/isaacs/node-which#readme)
+- which (from https://www.npmjs.com/package/which)
 - which-module (from https://www.npmjs.com/package/which-module)
 - wide-align (from https://www.npmjs.com/package/wide-align)
 - wrappy (from https://github.com/npm/wrappy)
@@ -431,7 +423,7 @@ The following software have components provided under the terms of this license:
 - body-parser (from https://www.npmjs.com/package/body-parser)
 - botocore (from https://github.com/boto/botocore)
 - brace-expansion (from https://www.npmjs.com/package/brace-expansion)
- browser-request (from http://github.com/iriscouch/browser-request)
+- browser-request (from https://www.npmjs.com/package/browser-request)
 - buffer (from https://www.npmjs.com/package/buffer)
 - buffer (from https://www.npmjs.com/package/buffer)
 - buffer-from (from https://www.npmjs.com/package/buffer-from)
@@ -465,7 +457,7 @@ The following software have components provided under the terms of this license:
 - content-disposition (from https://www.npmjs.com/package/content-disposition)
 - content-type (from https://www.npmjs.com/package/content-type)
 - cookie (from https://www.npmjs.com/package/cookie)
- cookie-signature (from https://github.com/visionmedia/node-cookie-signature)
+- cookie-signature (from https://www.npmjs.com/package/cookie-signature)
 - copyfiles (from https://www.npmjs.com/package/copyfiles)
 - core-util-is (from https://www.npmjs.com/package/core-util-is)
 - cors (from https://www.npmjs.com/package/cors)
@@ -492,14 +484,14 @@ The following software have components provided under the terms of this license:
 - delayed-stream (from https://www.npmjs.com/package/delayed-stream)
 - delegates (from https://www.npmjs.com/package/delegates)
 - depd (from https://www.npmjs.com/package/depd)
- destroy (from https://github.com/stream-utils/destroy)
+- destroy (from https://www.npmjs.com/package/destroy)
 - diagnostic-channel (from https://www.npmjs.com/package/diagnostic-channel)
 - diagnostic-channel-publishers (from https://www.npmjs.com/package/diagnostic-channel-publishers)
 - dot-prop (from https://www.npmjs.com/package/dot-prop)
 - dot-prop (from https://www.npmjs.com/package/dot-prop)
 - duplexify (from https://www.npmjs.com/package/duplexify)
 - ecc-jsbn (from https://www.npmjs.com/package/ecc-jsbn)
- ee-first (from https://github.com/jonathanong/ee-first)
+- ee-first (from https://www.npmjs.com/package/ee-first)
 - emoji-regex (from https://www.npmjs.com/package/emoji-regex)
 - enabled (from https://www.npmjs.com/package/enabled)
 - encodeurl (from https://www.npmjs.com/package/encodeurl)
@@ -578,13 +570,13 @@ The following software have components provided under the terms of this license:
 - iconv-lite (from https://www.npmjs.com/package/iconv-lite)
 - ignore-walk (from https://www.npmjs.com/package/ignore-walk)
 - imurmurhash (from https://www.npmjs.com/package/imurmurhash)
- inflight (from https://github.com/isaacs/inflight)
+- inflight (from https://www.npmjs.com/package/inflight)
 - inherits (from https://www.npmjs.com/package/inherits)
 - inherits (from https://www.npmjs.com/package/inherits)
 - ini (from https://www.npmjs.com/package/ini)
 - ioredis (from https://www.npmjs.com/package/ioredis)
 - ipaddr.js (from https://www.npmjs.com/package/ipaddr.js)
- is (from https://github.com/enricomarino/is)
+- is (from https://www.npmjs.com/package/is)
 - is-arrayish (from https://www.npmjs.com/package/is-arrayish)
 - is-buffer (from https://www.npmjs.com/package/is-buffer)
 - is-callable (from https://www.npmjs.com/package/is-callable)
@@ -610,15 +602,15 @@ The following software have components provided under the terms of this license:
 - isstream (from https://github.com/rvagg/isstream)
 - jmespath (from https://github.com/jmespath/jmespath.py)
 - jmespath (from https://www.npmjs.com/package/jmespath)
- jsbn (from https://github.com/andyperlitch/jsbn)
+- jsbn (from https://www.npmjs.com/package/jsbn)
 - json-bigint (from https://www.npmjs.com/package/json-bigint)
 - json-bigint (from https://www.npmjs.com/package/json-bigint)
- json-schema (from http://github.com/kriszyp/json-schema)
+- json-schema (from https://www.npmjs.com/package/json-schema)
 - json-schema-traverse (from https://www.npmjs.com/package/json-schema-traverse)
 - json-stringify-safe (from https://github.com/isaacs/json-stringify-safe)
 - jsonfile (from https://www.npmjs.com/package/jsonfile)
 - jsonwebtoken (from https://www.npmjs.com/package/jsonwebtoken)
- jsprim (from https://github.com/davepacheco/node-jsprim)
+- jsprim (from https://www.npmjs.com/package/jsprim)
 - jwa (from https://www.npmjs.com/package/jwa)
 - jwa (from https://www.npmjs.com/package/jwa)
 - jwks-rsa (from https://www.npmjs.com/package/jwks-rsa)
@@ -643,7 +635,7 @@ The following software have components provided under the terms of this license:
 - lodash.mapvalues (from https://www.npmjs.com/package/lodash.mapvalues)
 - lodash.once (from https://www.npmjs.com/package/lodash.once)
 - lodash.snakecase (from https://www.npmjs.com/package/lodash.snakecase)
- log-driver (from https://github.com/cainus/logdriver)
+- log-driver (from https://www.npmjs.com/package/log-driver)
 - logform (from https://www.npmjs.com/package/logform)
 - lru-cache (from https://www.npmjs.com/package/lru-cache)
 - lru-cache (from https://www.npmjs.com/package/lru-cache)
@@ -652,9 +644,9 @@ The following software have components provided under the terms of this license:
 - macos-release (from https://www.npmjs.com/package/macos-release)
 - make-dir (from https://www.npmjs.com/package/make-dir)
 - map-obj (from https://www.npmjs.com/package/map-obj)
- media-typer (from https://github.com/jshttp/media-typer)
+- media-typer (from https://www.npmjs.com/package/media-typer)
 - merge-descriptors (from https://www.npmjs.com/package/merge-descriptors)
- methods (from https://github.com/jshttp/methods)
+- methods (from https://www.npmjs.com/package/methods)
 - mime (from https://www.npmjs.com/package/mime)
 - mime (from https://www.npmjs.com/package/mime)
 - mime-db (from https://www.npmjs.com/package/mime-db)
@@ -694,7 +686,7 @@ The following software have components provided under the terms of this license:
 - npm-packlist (from https://www.npmjs.com/package/npm-packlist)
 - npm-run-path (from https://www.npmjs.com/package/npm-run-path)
 - npmlog (from https://www.npmjs.com/package/npmlog)
- number-is-nan (from https://github.com/sindresorhus/number-is-nan#readme)
+- number-is-nan (from https://www.npmjs.com/package/number-is-nan)
 - object-assign (from https://www.npmjs.com/package/object-assign)
 - object-hash (from https://www.npmjs.com/package/object-hash)
 - object-inspect (from https://www.npmjs.com/package/object-inspect)
@@ -703,14 +695,14 @@ The following software have components provided under the terms of this license:
 - object.assign (from https://www.npmjs.com/package/object.assign)
 - object.assign (from https://www.npmjs.com/package/object.assign)
 - object.getownpropertydescriptors (from https://www.npmjs.com/package/object.getownpropertydescriptors)
- on-finished (from https://github.com/jshttp/on-finished)
+- on-finished (from https://www.npmjs.com/package/on-finished)
 - once (from https://github.com/isaacs/once#readme)
 - one-time (from https://www.npmjs.com/package/one-time)
 - onetime (from https://www.npmjs.com/package/onetime)
 - open (from https://www.npmjs.com/package/open)
- os-homedir (from https://github.com/sindresorhus/os-homedir)
+- os-homedir (from https://www.npmjs.com/package/os-homedir)
 - os-name (from https://www.npmjs.com/package/os-name)
- os-tmpdir (from https://github.com/sindresorhus/os-tmpdir)
+- os-tmpdir (from https://www.npmjs.com/package/os-tmpdir)
 - osenv (from https://www.npmjs.com/package/osenv)
 - p-defer (from https://www.npmjs.com/package/p-defer)
 - p-finally (from https://www.npmjs.com/package/p-finally)
@@ -722,7 +714,7 @@ The following software have components provided under the terms of this license:
 - p-try (from https://www.npmjs.com/package/p-try)
 - parseurl (from https://www.npmjs.com/package/parseurl)
 - path-exists (from https://www.npmjs.com/package/path-exists)
- path-is-absolute (from https://github.com/sindresorhus/path-is-absolute)
+- path-is-absolute (from https://www.npmjs.com/package/path-is-absolute)
 - path-key (from https://www.npmjs.com/package/path-key)
 - path-parse (from https://www.npmjs.com/package/path-parse)
 - path-to-regexp (from https://www.npmjs.com/package/path-to-regexp)
@@ -739,8 +731,8 @@ The following software have components provided under the terms of this license:
 - psl (from https://www.npmjs.com/package/psl)
 - pump (from https://www.npmjs.com/package/pump)
 - pumpify (from https://www.npmjs.com/package/pumpify)
- punycode (from https://mths.be/punycode)
- punycode (from https://mths.be/punycode)
+- punycode (from https://www.npmjs.com/package/punycode)
+- punycode (from https://www.npmjs.com/package/punycode)
 - querystring (from https://www.npmjs.com/package/querystring)
 - range-parser (from https://www.npmjs.com/package/range-parser)
 - raw-body (from https://www.npmjs.com/package/raw-body)
@@ -776,7 +768,7 @@ The following software have components provided under the terms of this license:
 - semver (from https://www.npmjs.com/package/semver)
 - send (from https://www.npmjs.com/package/send)
 - serve-static (from https://www.npmjs.com/package/serve-static)
- set-blocking (from https://github.com/yargs/set-blocking#readme)
+- set-blocking (from https://www.npmjs.com/package/set-blocking)
 - setprototypeof (from https://www.npmjs.com/package/setprototypeof)
 - shebang-command (from https://www.npmjs.com/package/shebang-command)
 - shebang-regex (from https://www.npmjs.com/package/shebang-regex)
@@ -789,7 +781,7 @@ The following software have components provided under the terms of this license:
 - snakeize (from https://www.npmjs.com/package/snakeize)
 - source-map-support (from https://www.npmjs.com/package/source-map-support)
 - split-array-stream (from https://www.npmjs.com/package/split-array-stream)
- sshpk (from https://github.com/arekinath/node-sshpk#readme)
+- sshpk (from https://www.npmjs.com/package/sshpk)
 - stack-chain (from https://www.npmjs.com/package/stack-chain)
 - stack-trace (from https://github.com/felixge/node-stack-trace)
 - standard-as-callback (from https://www.npmjs.com/package/standard-as-callback)
@@ -832,7 +824,7 @@ The following software have components provided under the terms of this license:
 - tslib (from https://www.npmjs.com/package/tslib)
 - tslib (from https://www.npmjs.com/package/tslib)
 - tunnel (from https://www.npmjs.com/package/tunnel)
- tweetnacl (from https://dchest.github.io/tweetnacl-js)
+- tweetnacl (from https://www.npmjs.com/package/tweetnacl)
 - type-fest (from https://www.npmjs.com/package/type-fest)
 - type-is (from https://www.npmjs.com/package/type-is)
 - typedarray (from https://github.com/substack/typedarray)
@@ -845,7 +837,7 @@ The following software have components provided under the terms of this license:
 - url (from https://www.npmjs.com/package/url)
 - url-join (from https://www.npmjs.com/package/url-join)
 - urllib3 (from https://urllib3.readthedocs.io/)
- util-deprecate (from https://github.com/TooTallNate/util-deprecate)
+- util-deprecate (from https://www.npmjs.com/package/util-deprecate)
 - util.promisify (from https://www.npmjs.com/package/util.promisify)
 - utils-merge (from https://www.npmjs.com/package/utils-merge)
 - uuid (from https://www.npmjs.com/package/uuid)
@@ -855,7 +847,7 @@ The following software have components provided under the terms of this license:
 - uuid (from https://www.npmjs.com/package/uuid)
 - vary (from https://www.npmjs.com/package/vary)
 - verror (from https://www.npmjs.com/package/verror)
- which (from https://github.com/isaacs/node-which#readme)
+- which (from https://www.npmjs.com/package/which)
 - which-module (from https://www.npmjs.com/package/which-module)
 - wide-align (from https://www.npmjs.com/package/wide-align)
 - windows-release (from https://www.npmjs.com/package/windows-release)
@@ -921,7 +913,7 @@ Unlicense
 ========================================================================
 The following software have components provided under the terms of this license:

- tweetnacl (from https://dchest.github.io/tweetnacl-js)
+- tweetnacl (from https://www.npmjs.com/package/tweetnacl)

 ========================================================================
 W3C
@@ -945,17 +937,14 @@ The following software have components provided under the terms of this license:
 - kuler (from https://www.npmjs.com/package/kuler)
 - node-forge (from https://www.npmjs.com/package/node-forge)
 - node-forge (from https://www.npmjs.com/package/node-forge)
- tweetnacl (from https://dchest.github.io/tweetnacl-js)
+- tweetnacl (from https://www.npmjs.com/package/tweetnacl)

 ========================================================================
 unknown
 ========================================================================
 The following software have components provided under the terms of this license:

- deep-extend (from https://www.npmjs.com/package/deep-extend)
- for-each (from https://www.npmjs.com/package/for-each)
 - jmespath (from https://www.npmjs.com/package/jmespath)
- json-schema (from http://github.com/kriszyp/json-schema)
 - querystring (from https://www.npmjs.com/package/querystring)
 - sax (from https://www.npmjs.com/package/sax)


--- a/devops/osdu/cloud-providers/azure-seismic-store-service.yml
+++ b/devops/osdu/cloud-providers/azure-seismic-store-service.yml
@@ -65,10 +65,10 @@ azure_test:
    INTEGRATION_TESTER: $AZURE_PRINCIPAL_ID
  script:
    - apt-get update
-    - apt-get install -y python
-    - apt-get install -y python-pip
-    - pip install msal
-    - svctoken=$(python devops/scripts/azure_jwt_client.py)
+    - apt-get install -y python3
+    - apt-get install -y python3-pip
+    - pip3 install msal
+    - svctoken=$(python3 devops/scripts/azure_jwt_client.py)
    - echo $svctoken
    - npm install -g newman
    - chmod +x ./tests/e2e/run_e2e_tests.sh

--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
@@ -6696,9 +6696,9 @@
         "optional": true
      },
      "json-schema": {
-         "version": "0.2.3",
-         "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
-         "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM="
+         "version": "0.4.0",
+         "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+         "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="
      },
      "json-schema-traverse": {
         "version": "0.4.1",