[CG] Fix CG alert about underscore version. (#10606)

Fix CG CVE-2021-23358
2022-04-24 19:18:55 +08:00 · 2022-04-24 19:18:55 +08:00 · 48f5c0ebff
commit 48f5c0ebff
parent 5779a92d99
2 changed files with 121 additions and 0 deletions
--- a/src/thrift_0_13_0/Makefile
+++ b/src/thrift_0_13_0/Makefile
@ -25,6 +25,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	# Disable php perl and few other packages as they need additional packages to be installed
 	patch -p1 < ../patch/0001-Remove-unneeded-packages.patch
 	patch -p1 < ../patch/0002-Remove-minimist-packages.patch
+	patch -p1 < ../patch/0003-Remove-underscore-packages.patch
 	DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR)
 	popd

--- a/src/thrift_0_13_0/patch/0003-Remove-underscore-packages.patch
+++ b/src/thrift_0_13_0/patch/0003-Remove-underscore-packages.patch
@ -0,0 +1,120 @@
+diff --git a/lib/js/package-lock.json b/lib/js/package-lock.json
+index 2d84fb05a..96c555fc0 100644
+--- a/lib/js/package-lock.json
+++ b/lib/js/package-lock.json
+@@ -2274,8 +2274,7 @@
+         "mkdirp": "~0.5.1",
+         "requizzle": "~0.2.1",
+         "strip-json-comments": "~2.0.1",
+-        "taffydb": "2.6.2",
+-        "underscore": "~1.8.3"
+        "taffydb": "2.6.2"
+       }
+     },
+     "jshint": {
+@@ -3331,17 +3330,7 @@
+     "requizzle": {
+       "version": "0.2.1",
+       "resolved": "https://registry.npmjs.org/requizzle/-/requizzle-0.2.1.tgz",
+-      "integrity": "sha1-aUPDUwxNmn5G8c3dUcFY/GcM294=",
+-      "requires": {
+-        "underscore": "~1.6.0"
+-      },
+-      "dependencies": {
+-        "underscore": {
+-          "version": "1.6.0",
+-          "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz",
+-          "integrity": "sha1-izixDKze9jM3uLJOT/htRa6lKag="
+-        }
+-      }
+      "integrity": "sha1-aUPDUwxNmn5G8c3dUcFY/GcM294="
+     },
+     "resolve": {
+       "version": "1.1.7",
+@@ -4078,25 +4067,10 @@
+         "xtend": "^4.0.1"
+       }
+     },
+-    "underscore": {
+-      "version": "1.8.3",
+-      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
+-      "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI="
+-    },
+     "underscore-contrib": {
+       "version": "0.3.0",
+       "resolved": "https://registry.npmjs.org/underscore-contrib/-/underscore-contrib-0.3.0.tgz",
+-      "integrity": "sha1-ZltmwkeD+PorGMn4y7Dix9SMJsc=",
+-      "requires": {
+-        "underscore": "1.6.0"
+-      },
+-      "dependencies": {
+-        "underscore": {
+-          "version": "1.6.0",
+-          "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz",
+-          "integrity": "sha1-izixDKze9jM3uLJOT/htRa6lKag="
+-        }
+-      }
+      "integrity": "sha1-ZltmwkeD+PorGMn4y7Dix9SMJsc="
+     },
+     "underscore.string": {
+       "version": "3.3.5",
+diff --git a/lib/ts/package-lock.json b/lib/ts/package-lock.json
+index e79c55d97..3f1f822ce 100644
+--- a/lib/ts/package-lock.json
+++ b/lib/ts/package-lock.json
+@@ -2630,8 +2630,7 @@
+         "mkdirp": "~0.5.1",
+         "requizzle": "~0.2.1",
+         "strip-json-comments": "~2.0.1",
+-        "taffydb": "2.6.2",
+-        "underscore": "~1.8.3"
+        "taffydb": "2.6.2"
+       }
+     },
+     "jshint": {
+@@ -3847,17 +3846,7 @@
+     "requizzle": {
+       "version": "0.2.1",
+       "resolved": "https://registry.npmjs.org/requizzle/-/requizzle-0.2.1.tgz",
+-      "integrity": "sha1-aUPDUwxNmn5G8c3dUcFY/GcM294=",
+-      "requires": {
+-        "underscore": "~1.6.0"
+-      },
+-      "dependencies": {
+-        "underscore": {
+-          "version": "1.6.0",
+-          "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz",
+-          "integrity": "sha1-izixDKze9jM3uLJOT/htRa6lKag="
+-        }
+-      }
+      "integrity": "sha1-aUPDUwxNmn5G8c3dUcFY/GcM294="
+     },
+     "resolve": {
+       "version": "1.9.0",
+@@ -4585,25 +4574,10 @@
+         "xtend": "^4.0.1"
+       }
+     },
+-    "underscore": {
+-      "version": "1.8.3",
+-      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
+-      "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI="
+-    },
+     "underscore-contrib": {
+       "version": "0.3.0",
+       "resolved": "https://registry.npmjs.org/underscore-contrib/-/underscore-contrib-0.3.0.tgz",
+-      "integrity": "sha1-ZltmwkeD+PorGMn4y7Dix9SMJsc=",
+-      "requires": {
+-        "underscore": "1.6.0"
+-      },
+-      "dependencies": {
+-        "underscore": {
+-          "version": "1.6.0",
+-          "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz",
+-          "integrity": "sha1-izixDKze9jM3uLJOT/htRa6lKag="
+-        }
+-      }
+      "integrity": "sha1-ZltmwkeD+PorGMn4y7Dix9SMJsc="
+     },
+     "underscore.string": {
+       "version": "3.3.5",