LineageOS/android_development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
67dda587bbf01c26c8c4040083ddeced64f8db3b
android_development/tools
History
Nataniel Borges 67dda587bb Update dependencies to fix security vulnerability 
npm audit report:

jsonwebtoken  <=8.5.1
Severity: high
jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
fix available via `npm audit fix --force`
Will install auth0@3.0.1, which is a breaking change
node_modules/jsonwebtoken
  auth0  2.13.0 - 3.0.0
  Depends on vulnerable versions of jsonwebtoken
  Depends on vulnerable versions of jwks-rsa
  node_modules/auth0
  jwks-rsa  1.5.1 - 1.12.3
  Depends on vulnerable versions of jsonwebtoken
  node_modules/jwks-rs

Test: npm install && npm run build:all && npm run test:unit
Change-Id: I47dfb353718cd3c40dd7060d2c31cb5e1ebaec43
2022-12-23 15:55:25 +00:00
..
apkcheck
[LSC] Add LOCAL_LICENSE_KINDS to development
2021-02-12 17:13:45 -08:00
axl
bugreport
[LSC] Add LOCAL_LICENSE_KINDS to development
2021-02-12 17:13:45 -08:00
checkcolor
Fix the build dir for check color
2017-02-10 14:05:24 -08:00
compare_failed_tests
Compare results across ABIs
2018-06-07 15:59:50 +08:00
core_connectivity
Add C++ support for coding style check tool.
2018-10-30 10:17:14 +08:00
emulator/skins
delete tests baked into emulator system image
2018-04-09 20:21:40 -07:00
etc1tool
[LSC] Add LOCAL_LICENSE_KINDS to development
2021-02-12 17:13:45 -08:00
findunused
idegen
idegen: Migrate try-finally to try-with-resources for Configuration.java
2022-10-01 10:04:48 +00:00
labpretest
line_endings
Fix license texts.
2022-01-20 19:04:52 +00:00
logblame
logblame: add support for default format logcat
2017-07-13 12:25:17 -07:00
mkstubs
Use asm built from source.
2022-11-16 18:58:59 +00:00
motion
Create motion tools commit
2022-11-07 14:55:00 +01:00
ndk
[LSC] Add LOCAL_LICENSE_KINDS to development
2022-12-15 07:19:34 -08:00
ninja_dependency_analysis
Remove Python enables identical to global defaults.
2022-09-17 11:33:50 +00:00
ops
Add tool to simplify identification of failing tests
2018-04-12 14:36:05 -07:00
ota_analysis
Add test to the MapParser class in OTA_analyzer.
2021-08-18 16:06:32 +00:00
otagui
API Service should return json data directly
2021-08-31 20:06:57 -07:00
privapp_permissions
Support all the partitions in privapp_permissions.py
2020-07-06 22:03:15 -07:00
repo_diff
Remove security vulnerability
2021-08-02 19:31:45 +00:00
repo_pull
repo_pull: Attempt to fetch via ssh first
2022-07-12 13:02:59 +00:00
rmtypedefs
Use asm built from source.
2022-11-16 18:58:59 +00:00
templates
winscope
Don't show new winscope available banner once data is loaded
2022-11-21 18:34:37 +00:00
winscope-ng
Update dependencies to fix security vulnerability
2022-12-23 15:55:25 +00:00
Android.bp
Fix license texts.
2022-01-20 19:04:52 +00:00
make_key
Switch from SHA-1 to SHA-256 for new signing key certs.
2016-02-17 13:19:41 -08:00
monkey
Add a command to run monkeys locally over and over again and collect the results.
2016-12-07 17:07:08 -08:00