From eb6aa261de23db5e54cde17e04c3dcb764bbc099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torbj=C3=B6rn=20SVENSSON?= <torbjorn.svensson@foss.st.com>
Date: Tue, 28 Jan 2025 12:03:22 +0100
Subject: [PATCH] deps: Bump fix-path to ^4.0.0 to avoid cross-env <6.0.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cross-env 6.0.6 fixes CVE-2024-21538
(https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230).

Contributed by STMicroelectronics

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
---
 package-lock.json              | 115 ++++++++++++++++++++++++++++++++-
 packages/core/README.md        |   2 +-
 packages/electron/README.md    |   2 +-
 packages/electron/package.json |   2 +-
 4 files changed, 117 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7cd6e8ec8da9e..7fcbbb944444b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30672,7 +30672,7 @@
       "license": "EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0",
       "dependencies": {
         "electron-store": "^8.0.0",
-        "fix-path": "^3.0.0",
+        "fix-path": "^4.0.0",
         "native-keymap": "^2.2.1"
       },
       "devDependencies": {
@@ -30683,6 +30683,119 @@
         "electron": "30.1.2"
       }
     },
+    "packages/electron/node_modules/ansi-regex": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz",
+      "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "packages/electron/node_modules/default-shell": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/default-shell/-/default-shell-2.2.0.tgz",
+      "integrity": "sha512-sPpMZcVhRQ0nEMDtuMJ+RtCxt7iHPAMBU+I4tAlo5dU1sjRpNax0crj6nR3qKpvVnckaQ9U38enXcwW9nZJeCw==",
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "packages/electron/node_modules/execa": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz",
+      "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==",
+      "dependencies": {
+        "cross-spawn": "^7.0.3",
+        "get-stream": "^6.0.0",
+        "human-signals": "^2.1.0",
+        "is-stream": "^2.0.0",
+        "merge-stream": "^2.0.0",
+        "npm-run-path": "^4.0.1",
+        "onetime": "^5.1.2",
+        "signal-exit": "^3.0.3",
+        "strip-final-newline": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/execa?sponsor=1"
+      }
+    },
+    "packages/electron/node_modules/fix-path": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/fix-path/-/fix-path-4.0.0.tgz",
+      "integrity": "sha512-g31GX207Tt+psI53ZSaB1egprYbEN0ZYl90aKcO22A2LmCNnFsSq3b5YpoKp3E/QEiWByTXGJOkFQG4S07Bc1A==",
+      "dependencies": {
+        "shell-path": "^3.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "packages/electron/node_modules/get-stream": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz",
+      "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "packages/electron/node_modules/shell-env": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/shell-env/-/shell-env-4.0.1.tgz",
+      "integrity": "sha512-w3oeZ9qg/P6Lu6qqwavvMnB/bwfsz67gPB3WXmLd/n6zuh7TWQZtGa3iMEdmua0kj8rivkwl+vUjgLWlqZOMPw==",
+      "dependencies": {
+        "default-shell": "^2.0.0",
+        "execa": "^5.1.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "packages/electron/node_modules/shell-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shell-path/-/shell-path-3.0.0.tgz",
+      "integrity": "sha512-HNIZ+W/3P0JuVTV03xjGqYKt3e3h0/Z4AH8TQWeth1LBtCusSjICgkdNdb3VZr6mI7ijE2AiFFpgkVMNKsALeQ==",
+      "dependencies": {
+        "shell-env": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "packages/electron/node_modules/strip-ansi": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
+      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
     "packages/external-terminal": {
       "name": "@theia/external-terminal",
       "version": "1.57.0",
diff --git a/packages/core/README.md b/packages/core/README.md
index c1f4280c5e2c0..c403516cd6e22 100644
--- a/packages/core/README.md
+++ b/packages/core/README.md
@@ -74,7 +74,7 @@ export class SomeClass {
   - `native-keymap` (from [`native-keymap@^2.2.1`](https://www.npmjs.com/package/native-keymap))
   - `electron` (from [`electron@30.1.2`](https://www.npmjs.com/package/electron/v/30.1.2))
   - `electron-store` (from [`electron-store@^8.0.0`](https://www.npmjs.com/package/electron-store))
-  - `fix-path` (from [`fix-path@^3.0.0`](https://www.npmjs.com/package/fix-path))
+  - `fix-path` (from [`fix-path@^4.0.0`](https://www.npmjs.com/package/fix-path))
 - `@theia/core/shared/...`
   - `@phosphor/algorithm` (from [`@phosphor/algorithm@1`](https://www.npmjs.com/package/@phosphor/algorithm))
   - `@phosphor/commands` (from [`@phosphor/commands@1`](https://www.npmjs.com/package/@phosphor/commands))
diff --git a/packages/electron/README.md b/packages/electron/README.md
index da669f1164d76..5cad9050320fe 100644
--- a/packages/electron/README.md
+++ b/packages/electron/README.md
@@ -20,7 +20,7 @@ The `@theia/electron` extension bundles all Electron-specific dependencies and c
   - `native-keymap` (from [`native-keymap@^2.2.1`](https://www.npmjs.com/package/native-keymap))
   - `electron` (from [`electron@30.1.2`](https://www.npmjs.com/package/electron/v/30.1.2))
   - `electron-store` (from [`electron-store@^8.0.0`](https://www.npmjs.com/package/electron-store))
-  - `fix-path` (from [`fix-path@^3.0.0`](https://www.npmjs.com/package/fix-path))
+  - `fix-path` (from [`fix-path@^4.0.0`](https://www.npmjs.com/package/fix-path))
 
 ## Additional Information
 
diff --git a/packages/electron/package.json b/packages/electron/package.json
index 40df5e2dc9821..1a4d74311b3c9 100644
--- a/packages/electron/package.json
+++ b/packages/electron/package.json
@@ -4,7 +4,7 @@
   "description": "Theia - Electron utility package",
   "dependencies": {
     "electron-store": "^8.0.0",
-    "fix-path": "^3.0.0",
+    "fix-path": "^4.0.0",
     "native-keymap": "^2.2.1"
   },
   "devDependencies": {