From fddf7cddc452074a1e0b8d420459a3378e39ddb7 Mon Sep 17 00:00:00 2001
From: suhussai <suhussai@ualberta.ca>
Date: Tue, 11 Jun 2024 16:40:39 -0600
Subject: [PATCH] add fix for CVE-2024-4068 (#56)

---
 .projen/deps.json  |  5 +++++
 .projen/tasks.json |  4 ++--
 .projenrc.ts       |  1 +
 package-lock.json  | 15 ++++++++-------
 package.json       |  1 +
 5 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/.projen/deps.json b/.projen/deps.json
index 9c9f09a..2d101c9 100644
--- a/.projen/deps.json
+++ b/.projen/deps.json
@@ -29,6 +29,11 @@
       "version": "2.140.0",
       "type": "build"
     },
+    {
+      "name": "braces",
+      "version": ">=3.0.3",
+      "type": "build"
+    },
     {
       "name": "eslint-config-prettier",
       "type": "build"
diff --git a/.projen/tasks.json b/.projen/tasks.json
index 589911d..c1ebce4 100644
--- a/.projen/tasks.json
+++ b/.projen/tasks.json
@@ -264,13 +264,13 @@
       },
       "steps": [
         {
-          "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@aws-cdk/aws-kinesisfirehose-alpha,@types/jest,aws-cdk,eslint-config-prettier,eslint-import-resolver-typescript,eslint-plugin-header,eslint-plugin-import,eslint-plugin-prettier,jest,jsii-diff,jsii-docgen,jsii-pacmak,jsii-rosetta,jsii,prettier,projen,ts-jest,ts-node,typescript,@aws-cdk/aws-kinesisfirehose-destinations-alpha,@aws-cdk/aws-lambda-python-alpha,cdk-nag"
+          "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@aws-cdk/aws-kinesisfirehose-alpha,@types/jest,aws-cdk,braces,eslint-config-prettier,eslint-import-resolver-typescript,eslint-plugin-header,eslint-plugin-import,eslint-plugin-prettier,jest,jsii-diff,jsii-docgen,jsii-pacmak,jsii-rosetta,jsii,prettier,projen,ts-jest,ts-node,typescript,@aws-cdk/aws-kinesisfirehose-destinations-alpha,@aws-cdk/aws-lambda-python-alpha,cdk-nag"
         },
         {
           "exec": "npm install"
         },
         {
-          "exec": "npm update @aws-cdk/aws-kinesisfirehose-alpha @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk eslint-config-prettier eslint-import-resolver-typescript eslint-plugin-header eslint-plugin-import eslint-plugin-prettier eslint jest jest-junit jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii prettier projen standard-version ts-jest ts-node typescript aws-cdk-lib constructs @aws-cdk/aws-kinesisfirehose-destinations-alpha @aws-cdk/aws-lambda-python-alpha cdk-nag"
+          "exec": "npm update @aws-cdk/aws-kinesisfirehose-alpha @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk braces eslint-config-prettier eslint-import-resolver-typescript eslint-plugin-header eslint-plugin-import eslint-plugin-prettier eslint jest jest-junit jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii prettier projen standard-version ts-jest ts-node typescript aws-cdk-lib constructs @aws-cdk/aws-kinesisfirehose-destinations-alpha @aws-cdk/aws-lambda-python-alpha cdk-nag"
         },
         {
           "exec": "npx projen"
diff --git a/.projenrc.ts b/.projenrc.ts
index cf940af..08a5950 100644
--- a/.projenrc.ts
+++ b/.projenrc.ts
@@ -44,6 +44,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
     `aws-cdk@${CDK_VERSION}`,
     'eslint-plugin-header',
     `@aws-cdk/aws-kinesisfirehose-alpha@${CDK_VERSION}-alpha.0`,
+    `braces@>=3.0.3`, // fixes CVE-2024-4068
   ],
   github: true,
   jsiiVersion: JSII_VERSION,
diff --git a/package-lock.json b/package-lock.json
index 13a4e6a..3173865 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -22,6 +22,7 @@
         "@typescript-eslint/parser": "^6",
         "aws-cdk": "2.140.0",
         "aws-cdk-lib": "2.140.0",
+        "braces": ">=3.0.3",
         "constructs": "10.0.5",
         "eslint": "^8",
         "eslint-config-prettier": "^9.1.0",
@@ -2590,12 +2591,12 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -4381,9 +4382,9 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dev": true,
       "dependencies": {
         "to-regex-range": "^5.0.1"
diff --git a/package.json b/package.json
index 00f9667..f14ef29 100644
--- a/package.json
+++ b/package.json
@@ -42,6 +42,7 @@
     "@typescript-eslint/parser": "^6",
     "aws-cdk": "2.140.0",
     "aws-cdk-lib": "2.140.0",
+    "braces": ">=3.0.3",
     "constructs": "10.0.5",
     "eslint": "^8",
     "eslint-config-prettier": "^9.1.0",