教程:设置依赖扫描
- Tier: Ultimate
- Offering: GitLab.com
依赖扫描可以在您开发测试应用时自动发现软件依赖中的安全漏洞。例如,依赖扫描会让您知道应用程序是否使用了已知存在漏洞的外部(开源)库。您可以随后采取措施保护您的应用。
本教程将展示如何创建一个示例易受攻击的应用程序,然后:
- 如何检测、分类和处理应用程序依赖中的漏洞。
- 如何在合并请求中检测漏洞。
要设置依赖扫描:
开始之前
确保已启用 Gitpod。Gitpod 是一种按需云开发环境。详情请参阅 Gitpod。或者,您可以使用自己的开发环境。在这种情况下,您需要安装 Yarn 和 Node.js。
创建示例应用程序文件
首先,在一个新项目中,创建配置管道的文件,并添加可扫描漏洞的依赖项。
-
使用默认值创建一个空白项目。
-
在
main分支中创建以下文件。文件名:
.gitlab-ci.ymlstages: - build - test include: - template: Jobs/Dependency-Scanning.gitlab-ci.yml # 覆盖依赖扫描作业 gemnasium-dependency_scanning: tags: [ saas-linux-large-amd64 ] rules: - if: $CI_COMMIT_BRANCH == "main" - if: $CI_MERGE_REQUEST_IID文件名:
index.js// 引入框架并实例化 const fastify = require('fastify')({ logger: true }) const path = require('path') //const fetch = require('node-fetch') fastify.register(require('fastify-static'), { root: path.join(__dirname, 'public'), prefix: '/' }) fastify.register(require('./routes'), { message: "hello" }) // fastify.register(require('fastify-redis'), { url: constants.redisUrl, /* 其他 Redis 选项 */ }) // 启动服务器! const start = async () => { try { await fastify.listen(8080, "0.0.0.0") fastify.log.info(`server listening on ${fastify.server.address().port}`) } catch (error) { fastify.log.error(error) //process.exit(1) } } start()文件名:
package.json{ "dependencies": { "fastify": "2.14.1", "fastify-static": "2.0.0" } }文件名:
yarn.lock使用 Yarn 锁定文件 部分中显示的内容。
-
进入 构建 > 管道,确认最新的管道成功完成。
在管道中,依赖扫描会运行,并且漏洞会被自动检测到。
对漏洞进行分类
漏洞报告提供了关于漏洞的重要信息。通常您会根据组织的政策对漏洞进行分类。在本教程中,您将忽略中等严重性的漏洞,仅确认高严重性漏洞。
要对漏洞进行分类:
-
进入 安全 > 漏洞报告。
-
选择每一行中的复选框,选择每个中等严重性的漏洞。
-
从 设置状态 下拉列表中选择 忽略。从 忽略原因 下拉列表中选择 用于测试,添加评论 “用于测试”,然后选择 更改状态。
中等严重性的漏洞被过滤掉,只剩下高严重性漏洞。
-
选择 高 漏洞的描述。
建议的解决方案是升级
fastify包。通常您会进一步调查这一点,但对于本教程,您可以认为此漏洞已确认。 -
从 状态 下拉列表中选择 确认,然后选择 更改状态。
解决高严重性漏洞
只剩高严重性漏洞待解决了。从分类步骤中你知道需要升级 fastify 包。
修复该漏洞:
-
在左侧边栏中,选择 搜索或前往 并找到你的项目。
-
在右上角,选择 代码 > Gitpod 并在新标签页中打开 Gitpod。
-
如果出现提示,选择 继续使用 GitLab,然后选择 授权。
-
在 新建工作区 页面,选择 继续。
-
在 终端 面板中,输入以下命令创建新分支。
git checkout -b update_packages main -
在 终端 面板中,运行命令
yarn upgrade --latest。这会更新项目的依赖项和yarn.lock文件。 -
在 终端 面板中,运行以下命令提交更改。这将触发 CI/CD 管道。
git add package.json yarn.lock git commit -m "Update package versions" git push --set-upstream origin update_packages -
切换到 GitLab 浏览器标签页。
-
进入 代码 > 合并请求,然后选择 创建合并请求。
-
在 新建合并请求 页面,滚动到底部并选择 创建合并请求。等待合并请求管道完成。
-
刷新页面,然后选择 合并。
-
等待管道成功完成。
-
进入 安全 > 漏洞报告。
-
选择 高 严重性漏洞的描述。
一条横幅确认该漏洞已在
main分支中得到解决。你通常需通过验证yarn.lock文件中指定的fastify包版本来手动确认这一点。在本教程中,你可以跳过验证步骤。 -
在 状态 下拉列表中选择 已解决,然后选择 更改状态。
-
进入 安全 > 漏洞报告。
你现在应看到漏洞报告中未列出任何漏洞。
在合并请求中测试漏洞检测
你现在知道了如何对漏洞进行分类和解决。现在,为了了解如何在合并请求中检测新的潜在漏洞,添加一个已知存在漏洞的依赖项。
添加新漏洞:
-
切换到 Gitpod 标签页。如果超时了,选择 打开工作区。
-
在 终端 面板中运行以下命令以更新本地
main分支:git checkout main git fetch origin git rebase origin/main -
在 终端 面板中运行以下命令创建新分支:
git checkout -b add_dependency main -
在文件资源管理器侧边栏中,选择
package.json文件。 -
向
package.json文件的dependencies部分添加以下行。"axios": "0.21.0", -
在 终端 面板中,运行以下命令安装添加到
package.json文件中的依赖项。yarn install -
在 终端 面板中,运行以下命令提交更改。这将在 GitLab 上触发 CI/CD 管道。
git add package.json yarn.lock git commit -m "Add dependency" git push --set-upstream origin add_dependency -
切换到 GitLab 浏览器标签页。
-
进入 代码 > 合并请求,然后选择 创建合并请求。
-
在 新建合并请求 页面,滚动到底部并选择 创建合并请求。
等待合并请求管道完成,然后刷新页面。合并请求安全小组件会警告新的潜在漏洞。这些漏洞仅存在于 add_dependency 分支中,而非 main 分支。
你现在知道如何:
- 检测应用程序依赖项中的漏洞。
- 对漏洞进行分类和解决。
- 在合并请求中检测新漏洞。
Yarn 锁文件内容
# 这是一个自动生成的文件。请勿直接编辑此文件。yarn 锁文件 v1
abstract-logging@^2.0.0: version “2.0.1” resolved “https://registry.yarnpkg.com/abstract-logging/-/abstract-logging-2.0.1.tgz#6b0c371df212db7129b57d2e7fcf282b8bf1c839” integrity sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA==
ajv@^6.10.2, ajv@^6.11.0, ajv@^6.12.0: version “6.12.6” resolved “https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4” integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== dependencies: fast-deep-equal “^3.1.1” fast-json-stable-stringify “^2.0.0” json-schema-traverse “^0.4.1” uri-js “^4.2.2”
archy@^1.0.0: version “1.0.0” resolved “https://registry.yarnpkg.com/archy/-/archy-1.0.0.tgz#f9c8c13757cc1dd7bc379ac77b2c62a5c2868c40” integrity sha512-Xg+9RwCg/0p32teKdGMPTPnVXKD0w3DfHnFTficozsAgsvq2XenPJq/MYpzzQ/v8zrOyJn6Ds39VA4JIDwFfqw==
atomic-sleep@^1.0.0: version “1.0.0” resolved “https://registry.yarnpkg.com/atomic-sleep/-/atomic-sleep-1.0.0.tgz#eb85b77a601fc932cfe432c5acd364a9e2c9075b” integrity sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==
avvio@^6.3.1: version “6.5.0” resolved “https://registry.yarnpkg.com/avvio/-/avvio-6.5.0.tgz#d2cf119967fe90d2156afc29de350ced800cdaab” integrity sha512-BmzcZ7gFpyFJsW8G+tfQw8vJNUboA9SDkkHLZ9RAALhvw/rplfWwni8Ee1rA11zj/J7/E5EvZmweusVvTHjWCA== dependencies: archy “^1.0.0” debug “^4.0.0” fastq “^1.6.0”
cookie@^0.4.0: version “0.4.2” resolved “https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432” integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==
debug@2.6.9: version “2.6.9” resolved “https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f” integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== dependencies: ms “2.0.0”
debug@^4.0.0: version “4.3.4” resolved “https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865” integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== dependencies: ms “2.1.2”
deepmerge@^4.2.2: version “4.2.2” resolved “https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955” integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
depd@~1.1.2: version “1.1.2” resolved “https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9” integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==
destroy@~1.0.4: version “1.0.4” resolved “https://registry.yarnpkg.com/destroy/-/destroy-1.0.4.tgz#978857442c44749e4206613e37946205826abd80” integrity sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg==
ee-first@1.1.1: version “1.1.1” resolved “https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d” integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
encodeurl@~1.0.2: version “1.0.2” resolved “https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59” integrity sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==
escape-html@~1.0.3: version “1.0.3” resolved “https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988” integrity sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==
etag@~1.8.1: version “1.8.1” resolved “https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887” integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==
fast-decode-uri-component@^1.0.0: version “1.0.1” resolved “https://registry.yarnpkg.com/fast-decode-uri-component/-/fast-decode-uri-component-1.0.1.tgz#46f8b6c22b30ff7a81357d4f59abfae938202543” integrity sha512-WKgKWg5eUxvRZGwW8FvfbaH7AXSh2cL+3j5fMGzUMCxWBJ3dV3a7Wz8y2f/uQ0e3B6WmodD3oS54jTQ9HVTIIg==
fast-deep-equal@^3.1.1: version “3.1.3” resolved “https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525” integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
fast-json-stable-stringify@^2.0.0: version “2.1.0” resolved “https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633”
完整性校验值 sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==
fast-json-stringify@^1.18.0:
版本 "1.21.0"
解析地址 "https://registry.yarnpkg.com/fast-json-stringify/-/fast-json-stringify-1.21.0.tgz#51bc8c6d77d8c7b2cc7e5fa754f7f909f9e1262f"
完整性校验值 sha512-xY6gyjmHN3AK1Y15BCbMpeO9+dea5ePVsp3BouHCdukcx0hOHbXwFhRodhcI0NpZIgDChSeAKkHW9YjKvhwKBA==
依赖项:
ajv "^6.11.0"
deepmerge "^4.2.2"
string-similarity "^4.0.1"
fast-redact@^2.0.0:
版本 "2.1.0"
解析地址 "https://registry.yarnpkg.com/fast-redact/-/fast-redact-2.1.0.tgz#dfe3c1ca69367fb226f110aa4ec10ec85462ffdf"
完整性校验值 sha512-0LkHpTLyadJavq9sRzzyqIoMZemWli77K2/MGOkafrR64B9ItrvZ9aT+jluvNDsv0YEHjSNhlMBtbokuoqii4A==
fast-safe-stringify@^2.0.7:
版本 "2.1.1"
解析地址 "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884"
完整性校验值 sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==
fastify-plugin@^1.2.0:
版本 "1.6.1"
解析地址 "https://registry.yarnpkg.com/fastify-plugin/-/fastify-plugin-1.6.1.tgz#122f5a5eeb630d55c301713145a9d188e6d5dd5b"
完整性校验值 sha512-APBcb27s+MjaBIerFirYmBLatoPCgmHZM6XP0K+nDL9k0yX8NJPWDY1RAC3bh6z+AB5ULS2j31BUfLMT3uaZ4A==
依赖项:
semver "^6.3.0"
fastify-static@2.0.0:
版本 "2.0.0"
解析地址 "https://registry.yarnpkg.com/fastify-static/-/fastify-static-2.0.0.tgz#674f3f3180e8b055e5e1ee1bcee68114cfb09a8f"
完整性校验值 sha512-8YQ4QWcSR3YJTFLpExXIej2GzCHThowyLUUxt1uZN8rBEEI2T2ZcaRXPmkaNcaUiKzLXceGjdbJm5yByp5dlkA==
依赖项:
fastify-plugin "^1.2.0"
readable-stream "^3.0.2"
send "^0.16.0"
fastify@2.14.1:
版本 "2.14.1"
解析地址 "https://registry.yarnpkg.com/fastify/-/fastify-2.14.1.tgz#2946e8e9adebcd1b4f634178c8fb7162fb816cf4"
完整性校验值 sha512-nSL8AgIdFCpZmFwjqB5Zzv+3/1KpwwVtB/h88Q4Og8njYbkddKGpuQlQ2tHUULXPTJrLZ7wop6olzx6HEbHdpw==
依赖项:
abstract-logging "^2.0.0"
ajv "^6.12.0"
avvio "^6.3.1"
fast-json-stringify "^1.18.0"
find-my-way "^2.2.2"
flatstr "^1.0.12"
light-my-request "^3.7.3"
middie "^4.1.0"
pino "^5.17.0"
proxy-addr "^2.0.6"
readable-stream "^3.6.0"
rfdc "^1.1.2"
secure-json-parse "^2.1.0"
tiny-lru "^7.0.2"
fastq@^1.6.0:
版本 "1.13.0"
解析地址 "https://registry.yarnpkg.com/fastq/-/fastq-1.13.0.tgz#616760f88a7526bdfc596b7cab8c18938c36b98c"
完整性校验值 sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==
依赖项:
reusify "^1.0.4"
find-my-way@^2.2.2:
版本 "2.2.5"
解析地址 "https://registry.yarnpkg.com/find-my-way/-/find-my-way-2.2.5.tgz#86ce825266fa28cd962e538a45ec2aaa84c3d514"
完整性校验值 sha512-GjRZZlGcGmTh9t+6Xrj5K0YprpoAFCAiCPgmAH9Kb09O4oX6hYuckDfnDipYj+Q7B1GtYWSzDI5HEecNYscLQg==
依赖项:
fast-decode-uri-component "^1.0.0"
safe-regex2 "^2.0.0"
semver-store "^0.3.0"
flatstr@^1.0.12:
版本 "1.0.12"
解析地址 "https://registry.yarnpkg.com/flatstr/-/flatstr-1.0.12.tgz#c2ba6a08173edbb6c9640e3055b95e287ceb5931"
完整性校验值 sha512-4zPxDyhCyiN2wIAtSLI6gc82/EjqZc1onI4Mz/l0pWrAlsSfYH/2ZIcU+e3oA2wDwbzIWNKwa23F8rh6+DRWkw==
forwarded@0.2.0:
版本 "0.2.0"
解析地址 "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
完整性校验值 sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
fresh@0.5.2:
版本 "0.5.2"
解析地址 "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
完整性校验值 sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==
http-errors@~1.6.2:
版本 "1.6.3"
解析地址 "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d"
完整性校验值 sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==
依赖项:
depd "~1.1.2"
inherits "2.0.3"
setprototypeof "1.1.0"
statuses ">= 1.4.0 < 2"
inherits@2.0.3:
版本 "2.0.3"
解析地址 "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
完整性校验值 sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==
inherits@^2.0.3:
版本 "2.0.4"
解析地址 "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
完整性校验值 sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
ipaddr.js@1.9.1:
版本 "1.9.1"
解析地址 "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3"
完整性校验值 sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
json-schema-traverse@^0.4.1:
版本 "0.4.1"resolved “https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660” integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==
light-my-request@^3.7.3: version “3.8.0” resolved “https://registry.yarnpkg.com/light-my-request/-/light-my-request-3.8.0.tgz#7da96786e4d479371b25cfd524ee05d5d583dae8” integrity sha512-cIOWmNsgoStysmkzcv2EwvLwMb2hEm6oqKMerG/b5ey9F0we2Qony8cAZgBktmGPYUvPyKsDCzMcYU6fXbpWew== dependencies: ajv “^6.10.2” cookie “^0.4.0” readable-stream “^3.4.0” set-cookie-parser “^2.4.1”
middie@^4.1.0: version “4.1.0” resolved “https://registry.yarnpkg.com/middie/-/middie-4.1.0.tgz#0fe986c83d5081489514ca1a2daba5ca36263436” integrity sha512-eylPpZA+K3xO9kpDjagoPkEUkNcWV3EAo5OEz0MqsekUpT7KbnQkk8HNZkh4phx2vvOAmNNZuLRWF9lDDHPpVQ== dependencies: path-to-regexp “^4.0.0” reusify “^1.0.2”
mime@1.4.1: version “1.4.1” resolved “https://registry.yarnpkg.com/mime/-/mime-1.4.1.tgz#121f9ebc49e3766f311a76e1fa1c8003c4b03aa6” integrity sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ==
ms@2.0.0: version “2.0.0” resolved “https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8” integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==
ms@2.1.2: version “2.1.2” resolved “https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009” integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
on-finished@~2.3.0: version “2.3.0” resolved “https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947” integrity sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww== dependencies: ee-first “1.1.1”
path-to-regexp@^4.0.0: version “4.0.5” resolved “https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-4.0.5.tgz#2d4fd140af9a369bf7b68f77a7fdc340490f4239” integrity sha512-l+fTaGG2N9ZRpCEUj5fG1VKdDLaiqwCIvPngpnxzREhcdobhZC4ou4w984HBu72DqAJ5CfcdV6tjqNOunfpdsQ==
pino-std-serializers@^2.4.2: version “2.5.0” resolved “https://registry.yarnpkg.com/pino-std-serializers/-/pino-std-serializers-2.5.0.tgz#40ead781c65a0ce7ecd9c1c33f409d31fe712315” integrity sha512-wXqbqSrIhE58TdrxxlfLwU9eDhrzppQDvGhBEr1gYbzzM4KKo3Y63gSjiDXRKLVS2UOXdPNR2v+KnQgNrs+xUg==
pino@^5.17.0: version “5.17.0” resolved “https://registry.yarnpkg.com/pino/-/pino-5.17.0.tgz#b9def314e82402154f89a25d76a31f20ca84b4c8” integrity sha512-LqrqmRcJz8etUjyV0ddqB6OTUutCgQULPFg2b4dtijRHUsucaAdBgSUW58vY6RFSX+NT8963F+q0tM6lNwGShA== dependencies: fast-redact “^2.0.0” fast-safe-stringify “^2.0.7” flatstr “^1.0.12” pino-std-serializers “^2.4.2” quick-format-unescaped “^3.0.3” sonic-boom “^0.7.5”
proxy-addr@^2.0.6: version “2.0.7” resolved “https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025” integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg== dependencies: forwarded “0.2.0” ipaddr.js “1.9.1”
punycode@^2.1.0: version “2.1.1” resolved “https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec” integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
quick-format-unescaped@^3.0.3: version “3.0.3” resolved “https://registry.yarnpkg.com/quick-format-unescaped/-/quick-format-unescaped-3.0.3.tgz#fb3e468ac64c01d22305806c39f121ddac0d1fb9” integrity sha512-dy1yjycmn9blucmJLXOfZDx1ikZJUi6E8bBZLnhPG5gBrVhHXx2xVyqqgKBubVNEXmx51dBACMHpoMQK/N/AXQ==
range-parser@~1.2.0: version “1.2.1” resolved “https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031” integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
readable-stream@^3.0.2, readable-stream@^3.4.0, readable-stream@^3.6.0: version “3.6.0” resolved “https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.0.tgz#337bbda3adc0706bd3e024426a286d4b4b2c9198” integrity sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA== dependencies: inherits “^2.0.3” string_decoder “^1.1.1” util-deprecate “^1.0.1”
ret@~0.2.0: version “0.2.2” resolved “https://registry.yarnpkg.com/ret/-/ret-0.2.2.tgz#b6861782a1f4762dce43402a71eb7a283f44573c” integrity sha512-M0b3YWQs7R3Z917WRQy1HHA7Ba7D8hvZg6UE5mLykJxQVE2ju0IXbGlaHPPlkY+WN7wFP+wUMXmBFA0aV6vYGQ==
reusify@^1.0.2, reusify@^1.0.4: version “1.0.4” resolved “https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76”
完整性 sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==