fix: make typescript version to stick to 4.1.x

npm-audit.html

@@ -55,7 +55,7 @@ <h5 class="card-title">
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            November 28th 2020, 3:10:07 am
+                            February 24th 2021, 12:06:16 pm
                         </h5>
                         <p class="card-text">Last updated</p>
                     </div>
@@ -85,7 +85,7 @@ <h5 class="card-title">
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            0
+                            1
                         </h5>
                         <p class="card-text">
                             <span class="badge badge-secondary">moderate</span>
@@ -95,7 +95,7 @@ <h5 class="card-title">
                 <div class="card">
                     <div class="card-body">
                         <h5 class="card-title">
-                            1
+                            0
                         </h5>
                         <p class="card-text">
                             <span class="badge badge-primary">low</span>
@@ -130,16 +130,17 @@ <h5 class="card-title">
                     <tbody>
                         <tr>
                             <th scope="row">
-                                <a href="https://npmjs.com/advisories/1179" data-toggle="modal" data-target="#advisory-modal-1179">Prototype Pollution</a>
+                                <a href="https://npmjs.com/advisories/1623" data-toggle="modal" data-target="#advisory-modal-1623">Regular Expression Denial of Service</a>
                             </th>
                             <td>
-                                <a href="https://npmjs.com/package/minimist" target="_blank"
-                                    rel="noopener">minimist</a>
+                                <a href="https://npmjs.com/package/marked" target="_blank"
+                                    rel="noopener">marked</a>
                             </td>
-                            <td data-order="4"><span
-                                    class="badge badge-primary">low</span></td>
+                            <td data-order="3"><span
+                                    class="badge badge-secondary">moderate</span></td>
                             <td>
-                                CWE-471
+                                CWE-400
+                                , CVE-2021-21306
                             </td>
                         </tr>
                     </tbody>
@@ -149,13 +150,13 @@ <h5 class="card-title">
     </div>
 
 
-    <div class="modal" tabindex="-1" role="dialog" id="advisory-modal-1179">
+    <div class="modal" tabindex="-1" role="dialog" id="advisory-modal-1623">
         <div class="modal-dialog modal-lg" role="document">
             <div class="modal-content">
                 <div class="modal-header">
                     <h5 class="modal-title">
-                        <span class="badge badge-primary">low</span>
-                        Prototype Pollution
+                        <span class="badge badge-secondary">moderate</span>
+                        Regular Expression Denial of Service
                     </h5>
                     <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                         <span aria-hidden="true">&times;</span>
@@ -166,45 +167,46 @@ <h5 class="modal-title">
                         <div class="col-md-6">
                             <ul>
                                 <li>Module:
-                                    <a href="https://npmjs.com/package/minimist" target="_blank"
-                                        rel="noopener">minimist</a>
+                                    <a href="https://npmjs.com/package/marked" target="_blank"
+                                        rel="noopener">marked</a>
                                 </li>
-                                <li>Published: September 23rd 2019 </li>
-                                <li>Reported by: Checkmarx Research Team</li>
-                                <li>CWE-471</li>
+                                <li>Published: February 24th 2021 </li>
+                                <li>Reported by: Anonymous</li>
+                                <li>CWE-400</li>
+                                <li>CVE-2021-21306</li>
                             </ul>
                         </div>
                         <div class="col-md-6">
                             <ul>
-                                <li>Vulnerable: &lt;0.2.1 || &gt;&#x3D;1.0.0 &lt;1.2.3</li>
-                                <li>Patched: &gt;&#x3D;0.2.1 &lt;1.0.0 || &gt;&#x3D;1.2.3</li>
-                                <li>Exploitability: 1</li>
+                                <li>Vulnerable: &gt;&#x3D;1.1.1 &lt;2.0.0</li>
+                                <li>Patched: &gt;&#x3D;2.0.0</li>
+                                <li>Exploitability: 5</li>
                             </ul>
                         </div>
                     </div>
                     <h3>Overview</h3>
-                    <p class="card-text"><p>Affected versions of <code>minimist</code> are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of <code>Object</code>, causing the addition or modification of an existing property that will exist on all objects.<br>Parsing the argument <code>--__proto__.y=Polluted</code> adds a <code>y</code> property with value <code>Polluted</code> to all objects. The argument <code>--__proto__=Polluted</code> raises and uncaught error and crashes the application.<br>This is exploitable if attackers have control over the arguments being passed to <code>minimist</code>.</p>
+                    <p class="card-text"><p>In affected versions of <code>marked</code>, a Denial of Service attack can affect anyone who processes user generated code.</p>
 </p>
 
                     <h3>Findings</h3>
                     <ul>
-                        <li>@adonisjs/sink&gt;mrm-core&gt;minimist </li>
+                        <li>@adonisjs/sink&gt;marked </li>
                     </ul>
 
                     <h3>Remediation</h3>
-                    <p class="card-text"><p>Upgrade to versions 0.2.1, 1.2.3 or later.</p>
+                    <p class="card-text"><p>Upgrade to version 2.0.0 or later</p>
 </p>
 
                     <h3>References</h3>
                     <p class="card-text"><ul>
-<li><a href="https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95">GitHub commit 1</a></li>
-<li><a href="https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94">GitHub commit 2</a></li>
+<li><a href="https://github.com/advisories/GHSA-4r62-v4vq-hr96">GitHub Advisory</a></li>
+<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-21306">CVE</a></li>
 </ul>
 </p>
 
                 </div>
                 <div class="modal-footer">
-                    <a class="btn btn-raised mr-2 btn-primary" href="https://npmjs.com/advisories/1179" target="_blank" rel="noopener">More about
+                    <a class="btn btn-raised mr-2 btn-primary" href="https://npmjs.com/advisories/1623" target="_blank" rel="noopener">More about
                         this vulnerability</a>
                     <button type="button" class="btn btn-raised btn-secondary" data-dismiss="modal">Close</button>
                 </div>

tasks/InstallDependencies/index.ts

@@ -41,7 +41,7 @@ const task: TaskFn = async (_, logger, { pkg, client, boilerplate }) => {
 	/**
 	 * Required dev dependencies
 	 */
-	pkg.install('typescript')
+	pkg.install('typescript', '~4.1')
 	pkg.install('youch')
 	pkg.install('youch-terminal')
 	pkg.install('pino-pretty')