Merge 9a7e55b3e0 into 4fe5352931

.github/workflows/build_source_release.yml

@@ -8,15 +8,16 @@ on:
 
 jobs:
   build:
-    name: build
+    name: Build
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@v1
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
 
-    - name: archive
+    - name: Archive
       id: archive
       run: |
         VERSION=${{ github.event.release.tag_name }}
@@ -28,12 +29,8 @@ jobs:
         tar cJf $TARBALL $PKGNAME
         echo "tarball=$TARBALL" >> $GITHUB_OUTPUT
 
-    - name: upload tarball
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Upload tarball
+      uses: softprops/action-gh-release@v2
       with:
-        upload_url: ${{ github.event.release.upload_url }}
-        asset_path: ./${{ steps.archive.outputs.tarball }}
-        asset_name: ${{ steps.archive.outputs.tarball }}
-        asset_content_type: application/gzip
+        files: ./${{ steps.archive.outputs.tarball }}
+        name: ${{ steps.archive.outputs.tarball }}

.github/workflows/coverity.yml

@@ -1,4 +1,3 @@
-
 name: Coverity
 
 on:
@@ -10,28 +9,36 @@ permissions:
 
 jobs:
   scan:
+    name: Scan
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'SoftEtherVPN' }}
+    if: github.repository_owner == 'SoftEtherVPN'
     steps:
-    - uses: actions/checkout@v2
+
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Install apt dependencies
       run: |
         sudo apt-get update
         sudo apt-get install -y cmake gcc g++ libncurses5-dev libreadline-dev libssl-dev make zlib1g-dev libsodium-dev
+
     - name: Download Coverity build tool
       run: |
         wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=SoftEtherVPN%2FSoftEtherVPN" -O coverity_tool.tar.gz
         mkdir coverity_tool
         tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+
     - name: Configure
       run: |
         ./configure
+
     - name: Build with Coverity build tool
       run: |
         export PATH=`pwd`/coverity_tool/bin:$PATH
         cov-build --dir cov-int make -C build
+
     - name: Submit build result to Coverity Scan
       run: |
         tar czvf cov.tar.gz cov-int

.github/workflows/fedora-rawhide.yml

@@ -19,15 +19,18 @@ jobs:
     container:
       image: fedora:rawhide
     steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: true
+
     - name: Install dependencies
       run: |
         dnf -y install git cmake ncurses-devel openssl-devel libsodium-devel readline-devel zlib-devel gcc-c++ clang
+
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        submodules: true
+
     - name: Compile with ${{ matrix.cc }}
       run: |
         export CC=${{ matrix.cc }}
         ./configure
         make -C build
-

.github/workflows/linux.yml

@@ -1,3 +1,4 @@
+name: Linux
 on: [push, pull_request]
 
 permissions:
@@ -5,14 +6,16 @@ permissions:
 
 jobs:
   build_and_test:
+    name: Build
     runs-on: ubuntu-latest
     steps:
+
     - uses: actions/checkout@v4
       with:
         submodules: true
 
     - name: Install dependencies
-      run: sudo apt update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
+      run: sudo apt-get update && sudo apt-get -y install cmake gcc g++ ninja-build libncurses5-dev libreadline-dev libsodium-dev libssl-dev make zlib1g-dev liblz4-dev libnl-genl-3-dev 
 
     - name: Build
       run: |

.github/workflows/macos.yml

@@ -1,3 +1,4 @@
+name: macOS
 on: [push, pull_request, workflow_dispatch]
 
 permissions:
@@ -11,18 +12,21 @@ jobs:
     name: ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v1
+
+    - uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Install dependencies
       run: |
         brew install libsodium
+
     - name: Compile 
       run: |
         ./configure
         make -C build
+
     - name: Test 
       run: |
         otool -L build/vpnserver
         .ci/memory-leak-test.sh
-

.github/workflows/musl.yml

@@ -1,4 +1,4 @@
-name: alpine/musl
+name: Alpine/musl
 
 on: [push, pull_request]
 
@@ -7,17 +7,22 @@ permissions:
 
 jobs:
   musl:
-      name: gcc
-      runs-on: ubuntu-latest
-      container:
-        image: alpine:latest
-      steps:
-      - uses: actions/checkout@v1
-        with:
-          submodules: true
+    name: gcc
+    runs-on: ubuntu-latest
+    container:
+      image: alpine:latest
+    steps:
+
       - name: Install dependencies
         run: apk add binutils --no-cache build-base readline-dev openssl-dev ncurses-dev git cmake zlib-dev libsodium-dev gnu-libiconv 
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
       - name: Configure
         run: ./configure
+
       - name: make 
-        run: make -C build
+        run: make -C build

.github/workflows/stb_check.yml

@@ -1,3 +1,4 @@
+name: STB Check
 on: [push, pull_request]
 
 permissions:
@@ -5,12 +6,16 @@ permissions:
 
 jobs:
   check:
+      name: Check
       runs-on: ubuntu-latest
       steps:
-      - uses: actions/checkout@v1
+
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
           submodules: true
+
       - name: Check
         run: |
           cd developer_tools/stbchecker
-          dotnet run ../../src/bin/hamcore
+          dotnet run ../../src/bin/hamcore

.github/workflows/windows.yml

@@ -1,3 +1,4 @@
+name: Windows
 on: [push, pull_request]
 
 permissions:
@@ -14,19 +15,24 @@ jobs:
     runs-on: windows-latest
     name: ${{ matrix.platform.ARCHITECTURE }}
     steps:
-    - uses: actions/checkout@v4
+
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         submodules: true
+
     - name: Cache vcpkg
       uses: actions/cache@v4
       with:
         path: 'build/vcpkg_installed/'
         key: vcpkg-${{ matrix.platform.VCPKG_TRIPLET }}
+
     - name: Set version variables
       run: |
         $v = python version.py
         echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
       shell: pwsh
+
     - name: Build
       env:
         ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@@ -44,11 +50,14 @@ jobs:
         vpnsetup /SFXMODE:vpnclient /SFXOUT:"installers\softether-vpnclient-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
         vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
       shell: cmd
+
     - name: Test
       shell: powershell
       run: |
         . .ci/appveyor-vpntest.ps1
-    - uses: actions/upload-artifact@v4
+
+    - name: Upload built binaries
+      uses: actions/upload-artifact@v4
       with:
         if-no-files-found: error
         name: Binaries-${{ matrix.platform.ARCHITECTURE }}
@@ -56,8 +65,10 @@ jobs:
           build/*.exe
           build/*.pdb
           build/*.se2
-    - uses: actions/upload-artifact@v4
+
+    - name: Upload installers
+      uses: actions/upload-artifact@v4
       with:
         if-no-files-found: error
         name: Installers-${{ matrix.platform.ARCHITECTURE }}
-        path: build/installers
+        path: build/installers

.github/workflows/windows_release.yml

@@ -14,16 +14,19 @@ permissions:
 
 jobs:
   release:
+    name: Release
     runs-on: windows-latest
     outputs:
       upload_url: "${{ steps.create_release.outputs.upload_url }}"
     steps:
+
       - name: "Checkout repository"
         uses: actions/checkout@v4
 
       - name: "Create GitHub release"
         id: create_release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
+
   build-windows:
     name: ${{ matrix.platform.ARCHITECTURE }}
     runs-on: windows-latest
@@ -35,15 +38,18 @@ jobs:
           { ARCHITECTURE: x64, COMPILER_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/Llvm/x64/bin/clang-cl.exe", VCPKG_TRIPLET: "x64-windows-static", VCVARS_PATH: "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/Build/vcvars64.bat"}
         ]
     steps:
+
       - name: "Checkout repository"
         uses: actions/checkout@v4
         with:
           submodules: true
+
       - name: Cache vcpkg
         uses: actions/cache@v4
         with:
           path: 'build/vcpkg_installed/'
           key: vcpkg-release-${{ matrix.platform.VCPKG_TRIPLET }}
+ 
       - name: Set version variables
         run: |
           $b=(Get-Content CMakeSettings.json | Out-String | ConvertFrom-Json).environments.BuildNumber		
@@ -51,6 +57,7 @@ jobs:
           $v = python version.py
           echo "VERSION=$v" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
         shell: pwsh
+
       - name: Build
         env:
           ARCHITECTURE: ${{ matrix.platform.ARCHITECTURE }}
@@ -68,27 +75,19 @@ jobs:
           vpnsetup /SFXMODE:vpnserver_vpnbridge /SFXOUT:"installers\softether-vpnserver_vpnbridge-%VERSION%.%BUILD_NUMBER%.%ARCHITECTURE%.exe"
         shell: cmd
 
-      - name: dir
+      - name: Show directory items
         run: |
           Get-ChildItem -Recurse build/installers
         shell: pwsh
 
       - name: "Upload softether-vpnclient"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
+        uses: softprops/action-gh-release@v2
         with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
+          files: "build/installers/softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          name: "softether-vpnclient-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          
       - name: "Upload softether-vpnserver_vpnbridge"
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: "${{ github.token }}"
+        uses: softprops/action-gh-release@v2
         with:
-          upload_url: "${{ needs.release.outputs.upload_url }}"
-          asset_path: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
-          asset_content_type: "application/octet-stream"
-
+          files: "build/installers/softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"
+          name: "softether-vpnserver_vpnbridge-${{ env.VERSION }}.${{ env.BUILD_NUMBER }}.${{ matrix.platform.ARCHITECTURE }}.exe"

developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/package-lock.json

@@ -65,23 +65,12 @@
       }
     },
     "braces": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
       "dev": true,
       "requires": {
-        "fill-range": "^7.1.1"
-      },
-      "dependencies": {
-        "fill-range": {
-          "version": "7.1.1",
-          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
-          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
-          "dev": true,
-          "requires": {
-            "to-regex-range": "^5.0.1"
-          }
-        }
+        "fill-range": "^7.0.1"
       }
     },
     "builtin-modules": {
@@ -162,6 +151,15 @@
       "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
       "dev": true
     },
+    "fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dev": true,
+      "requires": {
+        "to-regex-range": "^5.0.1"
+      }
+    },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",

src/Cedar/Proto_IKE.c

@@ -463,13 +463,39 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	seq = READ_UINT(src + sizeof(UINT));
 
 	// Search and retrieve the IPsec SA from SPI
-
-	// thank to @phillibert report, responding to bad SA might lead to amplification
-	// according to RFC4303 we should drop such packets
-
 	ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
 	if (ipsec_sa == NULL)
 	{
+		// Invalid SPI
+		UINT64 init_cookie = Rand64();
+		UINT64 resp_cookie = 0;
+		IKE_CLIENT *c = NULL;
+		IKE_CLIENT t;
+
+
+		Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
+		t.ClientPort = p->SrcPort;
+		Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
+		t.ServerPort = p->DestPort;
+		t.CurrentIkeSa = NULL;
+
+		if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
+		{
+			t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
+		}
+
+		c = Search(ike->ClientList, &t);
+
+		if (c != NULL && c->CurrentIkeSa != NULL)
+		{
+			init_cookie = c->CurrentIkeSa->InitiatorCookie;
+			resp_cookie = c->CurrentIkeSa->ResponderCookie;
+		}
+
+		SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
+			init_cookie, resp_cookie);
+
+		SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
 		return;
 	}
 

src/Mayaqua/Encrypt.c

@@ -88,7 +88,6 @@ int ssl_clientcert_index = 0;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 static OSSL_PROVIDER *ossl_provider_legacy = NULL;
 static OSSL_PROVIDER *ossl_provider_default = NULL;
-static OSSL_PROVIDER *ossl_provider_oqsprovider = NULL;
 #endif
 
 LOCK **ssl_lock_obj = NULL;
@@ -3975,12 +3974,6 @@ void FreeCryptLibrary()
 		OSSL_PROVIDER_unload(ossl_provider_legacy);
 		ossl_provider_legacy = NULL;
 	}
-
-	if (ossl_provider_oqsprovider != NULL)
-	{
-		OSSL_PROVIDER_unload(ossl_provider_oqsprovider);
-		ossl_provider_oqsprovider = NULL;
-	}
 #endif
 }
 
@@ -4003,7 +3996,6 @@ void InitCryptLibrary()
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");
 	ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");
-	ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider");
 #endif
 
 	ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);

src/Mayaqua/Network.c

@@ -11905,10 +11905,6 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 		Unlock(openssl_lock);
 	}
 
-	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);
-	#endif
-	
 	if (sock->ServerMode)
 	{
 //		Lock(ssl_connect_lock);
@@ -11988,7 +11984,7 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 		//		Unlock(ssl_connect_lock);
 	}
 	else
-	{	
+	{
 		prev_timeout = GetTimeout(sock);
 		SetTimeout(sock, ssl_timeout);
 		// Client mode
@@ -12289,7 +12285,6 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 				Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 				return 0;
 			}
-			ERR_clear_error();
 			ret = SSL_peek(ssl, &c, sizeof(c));
 		}
 		Unlock(sock->ssl_lock);
@@ -12321,11 +12316,9 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 #endif
 					)
 				{
-					UINT ssl_err_no;
-					while (ssl_err_no = ERR_get_error()){
-						Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
-					};
+					UINT ssl_err_no = ERR_get_error();
 
+					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 					Disconnect(sock);
 					return 0;
 				}
@@ -12357,7 +12350,6 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 		ttparam = NewSocketTimeout(sock);
 #endif // UNIX_SOLARIS
 
-		ERR_clear_error();
 		ret = SSL_read(ssl, data, size);
 
 		// Stop the timeout thread
@@ -12428,11 +12420,9 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 #endif
 				)
 			{
-				UINT ssl_err_no;
-				while (ssl_err_no = ERR_get_error()) {
-					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
-				};
+				UINT ssl_err_no = ERR_get_error();
 
+				Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
 				Disconnect(sock);
 				return 0;
 			}
@@ -12441,8 +12431,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			return SOCK_LATER;
 		}
 	}
-	Debug("%s %u e=%u SecureRecv() Disconnect\n", __FILE__, __LINE__, e);
 	Disconnect(sock);
+	Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
 	return 0;
 }
 
@@ -12469,7 +12459,6 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 			return 0;
 		}
 
-		ERR_clear_error();
 		ret = SSL_write(ssl, data, size);
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 		if (ret < 0) // OpenSSL version < 3.0.0
@@ -12513,22 +12502,12 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
 		// Confirmation of the error value
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
-			if (e == SSL_ERROR_SSL)
-			{
-				UINT ssl_err_no;
-				while (ssl_err_no = ERR_get_error()) {
-					Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
-				};
-
-				Disconnect(sock);
-				return 0;
-			}
-
 			sock->WriteBlocked = true;
 			return SOCK_LATER;
 		}
+		Debug("%s %u e=%u\n", __FILE__, __LINE__, e);
 	}
-	Debug("%s %u e=%u SecureSend() Disconnect\n", __FILE__, __LINE__, e);
+	//Debug("%s %u SecureSend() Disconnect\n", __FILE__, __LINE__);
 	Disconnect(sock);
 	return 0;
 }

src/Mayaqua/Network.h

@@ -59,10 +59,6 @@ struct DYN_VALUE
 
 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#define PQ_GROUP_LIST				"p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
-#endif
-
 // SSL logging function
 //#define	ENABLE_SSL_LOGGING
 #define	SSL_LOGGING_DIRNAME			"@ssl_log"

src/bin/hamcore/wwwroot/admin/default/package-lock.json

@@ -373,23 +373,12 @@
       }
     },
     "braces": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
-      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
       "dev": true,
       "requires": {
-        "fill-range": "^7.1.1"
-      },
-      "dependencies": {
-        "fill-range": {
-          "version": "7.1.1",
-          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
-          "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
-          "dev": true,
-          "requires": {
-            "to-regex-range": "^5.0.1"
-          }
-        }
+        "fill-range": "^7.0.1"
       }
     },
     "browserslist": {
@@ -614,6 +603,15 @@
       "integrity": "sha512-eRnCtTTtGZFpQCwhJiUOuxPQWRXVKYDn0b2PeHfXL6/Zi53SLAzAHfVhVWK2AryC/WH05kGfxhFIPvTF0SXQzg==",
       "dev": true
     },
+    "fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dev": true,
+      "requires": {
+        "to-regex-range": "^5.0.1"
+      }
+    },
     "find-up": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",