Bump require-in-the-middle from v6.0.0 to v7.2.0 (#163164)

2025-04-24 09:48:58 -04:00 · 2023-08-04 23:27:17 +02:00 · 2023-08-04 23:27:17 +02:00 · 872f011e77
commit 872f011e77
parent f2e23d7cc0
4 changed files with 9 additions and 18 deletions
--- a/package.json
+++ b/package.json
@ -977,7 +977,7 @@
    "remark-gfm": "1.0.0",
    "remark-parse-no-trim": "^8.0.4",
    "remark-stringify": "^8.0.3",
-    "require-in-the-middle": "^6.0.0",
+    "require-in-the-middle": "^7.2.0",
    "reselect": "^4.1.6",
    "rison-node": "1.0.2",
    "rxjs": "^7.5.5",
--- a/src/setup_node_env/harden/child_process.js
+++ b/src/setup_node_env/harden/child_process.js
@ -6,13 +6,13 @@
 * Side Public License, v 1.
 */

-var hook = require('require-in-the-middle');
+var ritm = require('require-in-the-middle');

 // Ensure, when spawning a new child process, that the `options` and the
 // `options.env` object passed to the child process function doesn't inherit
 // from `Object.prototype`. This protects against similar RCE vulnerabilities
 // as described in CVE-2019-7609
-hook(['child_process'], function (cp) {
+new ritm.Hook(['child_process'], function (cp) {
  // The `exec` function is currently just a wrapper around `execFile`. So for
  // now there's no need to patch it. If this changes in the future, our tests
  // will fail and we can uncomment the line below.
--- a/src/setup_node_env/harden/lodash_template.js
+++ b/src/setup_node_env/harden/lodash_template.js
@ -6,26 +6,26 @@
 * Side Public License, v 1.
 */

-var hook = require('require-in-the-middle');
+var ritm = require('require-in-the-middle');
 var isIterateeCall = require('lodash/_isIterateeCall');

-hook(['lodash'], function (lodash) {
+new ritm.Hook(['lodash'], function (lodash) {
  // we use lodash.template here to harden third-party usage of this otherwise banned function.
  // eslint-disable-next-line no-restricted-properties
  lodash.template = createProxy(lodash.template);
  return lodash;
 });

-hook(['lodash/template'], function (template) {
+new ritm.Hook(['lodash/template'], function (template) {
  return createProxy(template);
 });

-hook(['lodash/fp'], function (fp) {
+new ritm.Hook(['lodash/fp'], function (fp) {
  fp.template = createFpProxy(fp.template);
  return fp;
 });

-hook(['lodash/fp/template'], function (template) {
+new ritm.Hook(['lodash/fp/template'], function (template) {
  return createFpProxy(template);
 });

--- a/yarn.lock
+++ b/yarn.lock
@ -25557,16 +25557,7 @@ require-from-string@^2.0.2:
  resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909"
  integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==

-require-in-the-middle@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/require-in-the-middle/-/require-in-the-middle-6.0.0.tgz#01cc6416286fb5e672d0fe031d996f8bc202509d"
-  integrity sha512-+dtWQ7l2lqQDxheaG3jjyN1QI37gEwvzACSgjYi4/C2y+ZTUMeRW8BIOm+9NBKvwaMBUSZfPXVOt1skB0vBkRw==
-  dependencies:
-    debug "^4.1.1"
-    module-details-from-path "^1.0.3"
-    resolve "^1.22.1"
-
-require-in-the-middle@^7.0.1, require-in-the-middle@^7.1.1:
+require-in-the-middle@^7.0.1, require-in-the-middle@^7.1.1, require-in-the-middle@^7.2.0:
  version "7.2.0"
  resolved "https://registry.yarnpkg.com/require-in-the-middle/-/require-in-the-middle-7.2.0.tgz#b539de8f00955444dc8aed95e17c69b0a4f10fcf"
  integrity sha512-3TLx5TGyAY6AOqLBoXmHkNql0HIf2RGbuMgCDT2WO/uGVAPJs6h7Kl+bN6TIZGd9bWhWPwnDnTHGtW8Iu77sdw==