fix(GHSA-64g7-mvw6-v9qj): upgraded shelljs (#28)

jaybuidl · web-flow · commit ff3bb351a10e · 2022-01-21T01:31:34.000Z
Github Actions don't allow clearing the cache right now, it is planned for end of 2022, this is to force a cache miss and workaround the limitation: actions/cache#2 Upgrading both yarn and typescript to the next minor version because of a weird checksum mismatch on a typescript patch.
diff --git a/.github/workflows/contracts-testing.yml b/.github/workflows/contracts-testing.yml
@@ -28,11 +28,9 @@ jobs:
         path: | 
           ~/.npm
           **/node_modules
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
+        key: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
         restore-keys: |
-          ${{ runner.os }}-build-${{ env.cache-name }}-
-          ${{ runner.os }}-build-
-          ${{ runner.os }}-
+          ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-
           
     #- name: Install parent dependencies
     #  run: |
diff --git a/.yarn/releases/yarn-3.1.1.cjs b/.yarn/releases/yarn-3.1.1.cjs
diff --git a/.yarnrc.yml b/.yarnrc.yml
@@ -1,3 +1,3 @@
 nodeLinker: node-modules
 
-yarnPath: .yarn/releases/yarn-3.1.0.cjs
+yarnPath: .yarn/releases/yarn-3.1.1.cjs
diff --git a/contracts/package.json b/contracts/package.json
@@ -44,10 +44,11 @@
     "hardhat-watcher": "^2.1.1",
     "json-schema": "^0.4.0",
     "mocha": "^9.1.3",
+    "shelljs": "0.8.5",
     "solhint": "^3.3.6",
     "solidity-coverage": "^0.7.17",
     "ts-node": "^10.4.0",
     "typechain": "^5.2.0",
-    "typescript": "^4.4.4"
+    "typescript": "^4.4.5"
   }
 }
diff --git a/package.json b/package.json
@@ -16,7 +16,7 @@
     "subgraph",
     "web"
   ],
-  "packageManager": "yarn@3.1.0",
+  "packageManager": "yarn@3.1.1",
   "volta": {
     "node": "16.13.0"
   },
diff --git a/yarn.lock b/yarn.lock
@@ -1017,11 +1017,12 @@ __metadata:
     hardhat-watcher: ^2.1.1
     json-schema: ^0.4.0
     mocha: ^9.1.3
+    shelljs: 0.8.5
     solhint: ^3.3.6
     solidity-coverage: ^0.7.17
     ts-node: ^10.4.0
     typechain: ^5.2.0
-    typescript: ^4.4.4
+    typescript: ^4.4.5
   languageName: unknown
   linkType: soft
 
@@ -13755,6 +13756,19 @@ __metadata:
   languageName: node
   linkType: hard
 
+"shelljs@npm:0.8.5":
+  version: 0.8.5
+  resolution: "shelljs@npm:0.8.5"
+  dependencies:
+    glob: ^7.0.0
+    interpret: ^1.0.0
+    rechoir: ^0.6.2
+  bin:
+    shjs: bin/shjs
+  checksum: 7babc46f732a98f4c054ec1f048b55b9149b98aa2da32f6cf9844c434b43c6251efebd6eec120937bd0999e13811ebd45efe17410edb3ca938f82f9381302748
+  languageName: node
+  linkType: hard
+
 "shelljs@npm:^0.8.3":
   version: 0.8.4
   resolution: "shelljs@npm:0.8.4"
@@ -15303,7 +15317,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"typescript@npm:^4.4.3, typescript@npm:^4.4.4":
+"typescript@npm:^4.4.3":
   version: 4.4.4
   resolution: "typescript@npm:4.4.4"
   bin:
@@ -15313,7 +15327,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"typescript@patch:typescript@^4.4.3#~builtin<compat/typescript>, typescript@patch:typescript@^4.4.4#~builtin<compat/typescript>":
+"typescript@npm:^4.4.5":
+  version: 4.5.5
+  resolution: "typescript@npm:4.5.5"
+  bin:
+    tsc: bin/tsc
+    tsserver: bin/tsserver
+  checksum: 506f4c919dc8aeaafa92068c997f1d213b9df4d9756d0fae1a1e7ab66b585ab3498050e236113a1c9e57ee08c21ec6814ca7a7f61378c058d79af50a4b1f5a5e
+  languageName: node
+  linkType: hard
+
+"typescript@patch:typescript@^4.4.3#~builtin<compat/typescript>":
   version: 4.4.4
   resolution: "typescript@patch:typescript@npm%3A4.4.4#~builtin<compat/typescript>::version=4.4.4&hash=493e53"
   bin:
@@ -15323,6 +15347,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"typescript@patch:typescript@^4.4.5#~builtin<compat/typescript>":
+  version: 4.5.5
+  resolution: "typescript@patch:typescript@npm%3A4.5.5#~builtin<compat/typescript>::version=4.5.5&hash=493e53"
+  bin:
+    tsc: bin/tsc
+    tsserver: bin/tsserver
+  checksum: c05c318d79c690f101d7ffb34cd6c7d6bbd884d3af9cefe7749ad0cd6be43c7082f098280982ca945dcba23fde34a08fed9602bb26540936baf8c0520727d3ba
+  languageName: node
+  linkType: hard
+
 "typewise-core@npm:^1.2, typewise-core@npm:^1.2.0":
   version: 1.2.0
   resolution: "typewise-core@npm:1.2.0"

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`nodeLinker: node-modules`
`2`	`2`
`3`		`-yarnPath: .yarn/releases/yarn-3.1.0.cjs`
	`3`	`+yarnPath: .yarn/releases/yarn-3.1.1.cjs`
Original file line number	Diff line number	Diff line change
`@@ -44,10 +44,11 @@`
`44`	`44`	`"hardhat-watcher": "^2.1.1",`
`45`	`45`	`"json-schema": "^0.4.0",`
`46`	`46`	`"mocha": "^9.1.3",`
	`47`	`+ "shelljs": "0.8.5",`
`47`	`48`	`"solhint": "^3.3.6",`
`48`	`49`	`"solidity-coverage": "^0.7.17",`
`49`	`50`	`"ts-node": "^10.4.0",`
`50`	`51`	`"typechain": "^5.2.0",`
`51`		`- "typescript": "^4.4.4"`
	`52`	`+ "typescript": "^4.4.5"`
`52`	`53`	`}`
`53`	`54`	`}`
-Original file line number
+Diff line change
     "subgraph",
     "web"
   ],
 -  "packageManager": "[email protected].0",
 +  "packageManager": "[email protected].1",
   "volta": {
     "node": "16.13.0"
   },