diff --git a/LICENSE-THIRD-PARTY b/LICENSE-THIRD-PARTY index 5d1d6ed..f35625c 100644 --- a/LICENSE-THIRD-PARTY +++ b/LICENSE-THIRD-PARTY @@ -6341,7 +6341,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ****************************** uuid -9.0.1 +14.0.0 The MIT License (MIT) Copyright (c) 2010-2020 Robert Kieffer and other contributors diff --git a/overrides/LICENSE-THIRD-PARTY b/overrides/LICENSE-THIRD-PARTY index 5d1d6ed..f35625c 100644 --- a/overrides/LICENSE-THIRD-PARTY +++ b/overrides/LICENSE-THIRD-PARTY @@ -6341,7 +6341,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ****************************** uuid -9.0.1 +14.0.0 The MIT License (MIT) Copyright (c) 2010-2020 Robert Kieffer and other contributors diff --git a/package-lock-overrides/sagemaker.series/package-lock.json b/package-lock-overrides/sagemaker.series/package-lock.json index 5b97eb4..5bdccb3 100644 --- a/package-lock-overrides/sagemaker.series/package-lock.json +++ b/package-lock-overrides/sagemaker.series/package-lock.json @@ -297,15 +297,6 @@ "node": ">=12.0.0" } }, - "node_modules/@azure/core-http/node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true, - "bin": { - "uuid": "dist/bin/uuid" - } - }, "node_modules/@azure/core-lro": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@azure/core-lro/-/core-lro-2.2.1.tgz", @@ -16427,15 +16418,16 @@ "dev": true }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/v8-inspect-profiler": { diff --git a/package-lock-overrides/sagemaker.series/remote/package-lock.json b/package-lock-overrides/sagemaker.series/remote/package-lock.json index 2051862..ef4b727 100644 --- a/package-lock-overrides/sagemaker.series/remote/package-lock.json +++ b/package-lock-overrides/sagemaker.series/remote/package-lock.json @@ -811,15 +811,16 @@ } }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/vscode-oniguruma": { diff --git a/package-lock-overrides/web-embedded-with-terminal.series/package-lock.json b/package-lock-overrides/web-embedded-with-terminal.series/package-lock.json index e3b677b..a4010c5 100644 --- a/package-lock-overrides/web-embedded-with-terminal.series/package-lock.json +++ b/package-lock-overrides/web-embedded-with-terminal.series/package-lock.json @@ -295,15 +295,6 @@ "node": ">=12.0.0" } }, - "node_modules/@azure/core-http/node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true, - "bin": { - "uuid": "dist/bin/uuid" - } - }, "node_modules/@azure/core-lro": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@azure/core-lro/-/core-lro-2.2.1.tgz", @@ -16390,15 +16381,16 @@ "dev": true }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/v8-inspect-profiler": { diff --git a/package-lock-overrides/web-embedded-with-terminal.series/remote/package-lock.json b/package-lock-overrides/web-embedded-with-terminal.series/remote/package-lock.json index 121be17..ca48289 100644 --- a/package-lock-overrides/web-embedded-with-terminal.series/remote/package-lock.json +++ b/package-lock-overrides/web-embedded-with-terminal.series/remote/package-lock.json @@ -764,15 +764,16 @@ } }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/vscode-oniguruma": { diff --git a/package-lock-overrides/web-embedded.series/package-lock.json b/package-lock-overrides/web-embedded.series/package-lock.json index e3b677b..a4010c5 100644 --- a/package-lock-overrides/web-embedded.series/package-lock.json +++ b/package-lock-overrides/web-embedded.series/package-lock.json @@ -295,15 +295,6 @@ "node": ">=12.0.0" } }, - "node_modules/@azure/core-http/node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true, - "bin": { - "uuid": "dist/bin/uuid" - } - }, "node_modules/@azure/core-lro": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@azure/core-lro/-/core-lro-2.2.1.tgz", @@ -16390,15 +16381,16 @@ "dev": true }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/v8-inspect-profiler": { diff --git a/package-lock-overrides/web-embedded.series/remote/package-lock.json b/package-lock-overrides/web-embedded.series/remote/package-lock.json index 121be17..ca48289 100644 --- a/package-lock-overrides/web-embedded.series/remote/package-lock.json +++ b/package-lock-overrides/web-embedded.series/remote/package-lock.json @@ -764,15 +764,16 @@ } }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/vscode-oniguruma": { diff --git a/package-lock-overrides/web-server.series/package-lock.json b/package-lock-overrides/web-server.series/package-lock.json index 1e32e34..d756c35 100644 --- a/package-lock-overrides/web-server.series/package-lock.json +++ b/package-lock-overrides/web-server.series/package-lock.json @@ -297,15 +297,6 @@ "node": ">=12.0.0" } }, - "node_modules/@azure/core-http/node_modules/uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", - "dev": true, - "bin": { - "uuid": "dist/bin/uuid" - } - }, "node_modules/@azure/core-lro": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@azure/core-lro/-/core-lro-2.2.1.tgz", @@ -16441,15 +16432,16 @@ "dev": true }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/v8-inspect-profiler": { diff --git a/package-lock-overrides/web-server.series/remote/package-lock.json b/package-lock-overrides/web-server.series/remote/package-lock.json index 2051862..ef4b727 100644 --- a/package-lock-overrides/web-server.series/remote/package-lock.json +++ b/package-lock-overrides/web-server.series/remote/package-lock.json @@ -811,15 +811,16 @@ } }, "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { - "uuid": "dist/bin/uuid" + "uuid": "dist-node/bin/uuid" } }, "node_modules/vscode-oniguruma": { diff --git a/patches/common/override-uuid-ghsa-w5hq.diff b/patches/common/override-uuid-ghsa-w5hq.diff new file mode 100644 index 0000000..8362e91 --- /dev/null +++ b/patches/common/override-uuid-ghsa-w5hq.diff @@ -0,0 +1,29 @@ +Description: Override uuid to ^14.0.0 under @vscode/deviceid to fix GHSA-w5hq-g745-h8pq (out-of-bounds write in v3/v5/v6) +Author: Amazon Web Services +Index: b/package.json +=================================================================== +--- a/package.json ++++ b/package.json +@@ -241,7 +241,8 @@ + "playwright": "^1.55.1", + "@tootallnate/once": "^3.0.1", + "picomatch": "^2.3.2", +- "follow-redirects": "^1.16.0" ++ "follow-redirects": "^1.16.0", ++ "uuid": "^14.0.0" + }, + "repository": { + "type": "git", +Index: b/remote/package.json +=================================================================== +--- a/remote/package.json ++++ b/remote/package.json +@@ -46,6 +46,7 @@ + "node-gyp-build": "4.8.1", + "@tootallnate/once": "^3.0.1", + "picomatch": "^2.3.2", +- "follow-redirects": "^1.16.0" ++ "follow-redirects": "^1.16.0", ++ "uuid": "^14.0.0" + } + } diff --git a/patches/sagemaker.series b/patches/sagemaker.series index 498ea99..8401864 100644 --- a/patches/sagemaker.series +++ b/patches/sagemaker.series @@ -21,6 +21,7 @@ common/fix-ts-rootdir-webpack.diff common/fix-terminal-autoreplies.diff common/override-picomatch.diff common/override-follow-redirects.diff +common/override-uuid-ghsa-w5hq.diff web-server/suppress-known-errors-build-integration.diff web-server/local-storage.diff web-server/base-path.diff diff --git a/patches/web-embedded-with-terminal.series b/patches/web-embedded-with-terminal.series index d2eb7e6..ed30df2 100644 --- a/patches/web-embedded-with-terminal.series +++ b/patches/web-embedded-with-terminal.series @@ -21,6 +21,7 @@ common/fix-ts-rootdir-webpack.diff common/fix-terminal-autoreplies.diff common/override-picomatch.diff common/override-follow-redirects.diff +common/override-uuid-ghsa-w5hq.diff web-embedded/readd-workbench.diff web-embedded/suppress-known-errors-build-integration.diff web-embedded/disable-built-in-walkthroughs-from-c.diff diff --git a/patches/web-embedded.series b/patches/web-embedded.series index 6121985..0b6b512 100644 --- a/patches/web-embedded.series +++ b/patches/web-embedded.series @@ -21,6 +21,7 @@ common/fix-ts-rootdir-webpack.diff common/fix-terminal-autoreplies.diff common/override-picomatch.diff common/override-follow-redirects.diff +common/override-uuid-ghsa-w5hq.diff web-embedded/readd-workbench.diff web-embedded/suppress-known-errors-build-integration.diff web-embedded/disable-built-in-walkthroughs-from-c.diff diff --git a/patches/web-server.series b/patches/web-server.series index b0dac37..cfe4887 100644 --- a/patches/web-server.series +++ b/patches/web-server.series @@ -21,6 +21,7 @@ common/fix-ts-rootdir-webpack.diff common/fix-terminal-autoreplies.diff common/override-picomatch.diff common/override-follow-redirects.diff +common/override-uuid-ghsa-w5hq.diff web-server/suppress-known-errors-build-integration.diff web-server/local-storage.diff web-server/base-path.diff