From f544212270802f6f7263b76d4ad5f750c81d415a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Sep 2024 01:42:20 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610 --- package-lock.json | 46 +++++++++++++++++++++++++++++++--------------- package.json | 4 ++-- 2 files changed, 33 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index 91f3851..7e3333c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@auth0/thumbprint": "0.0.6", "archiver": "^3.0.0", "async": "~2.6.4", - "axios": "^1.6.4", + "axios": "^1.6.8", "binary": "^0.3.0", "body-parser": "^1.19.2", "cb": "~0.1.0", @@ -28,7 +28,7 @@ "express-passport-logout": "~0.1.0", "express-session": "^1.15.6", "freeport": "~1.0.2", - "jsonwebtoken": "^8.5.1", + "jsonwebtoken": "^9.0.2", "kerberos-server": "^1.0.0", "ldapjs": "^2.3.2", "lodash": "^4.17.21", @@ -630,11 +630,12 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.6.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.4.tgz", - "integrity": "sha512-heJnIs6N4aa1eSthhN9M5ioILu8Wi8vmQW9iHQ9NUvfkJb0lEEDUiIdQNAuBtfUt3FxReaKdpQA5DbmMOqzF/A==", + "version": "1.6.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", + "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -2168,15 +2169,16 @@ "dev": true }, "node_modules/follow-redirects": { - "version": "1.15.4", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.4.tgz", - "integrity": "sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==", + "version": "1.15.8", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.8.tgz", + "integrity": "sha512-xgrmBhBToVKay1q2Tao5LI26B83UhrB/vM1avwVSDzt8rx3rO6AizBAaF46EgksTVr+rFTQaqZZ9MVBfUe4nig==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -2813,9 +2815,10 @@ "dev": true }, "node_modules/jsonwebtoken": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz", - "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==", + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "license": "MIT", "dependencies": { "jws": "^3.2.2", "lodash.includes": "^4.3.0", @@ -2826,11 +2829,23 @@ "lodash.isstring": "^4.0.1", "lodash.once": "^4.0.0", "ms": "^2.1.1", - "semver": "^5.6.0" + "semver": "^7.5.4" }, "engines": { - "node": ">=4", - "npm": ">=1.4.28" + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" } }, "node_modules/just-extend": { @@ -4279,6 +4294,7 @@ "version": "5.7.1", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true, "bin": { "semver": "bin/semver" } diff --git a/package.json b/package.json index a6d2001..c7bc77f 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@auth0/thumbprint": "0.0.6", "archiver": "^3.0.0", "async": "~2.6.4", - "axios": "^1.6.4", + "axios": "^1.6.8", "binary": "^0.3.0", "body-parser": "^1.19.2", "cb": "~0.1.0", @@ -43,7 +43,7 @@ "express-passport-logout": "~0.1.0", "express-session": "^1.15.6", "freeport": "~1.0.2", - "jsonwebtoken": "^8.5.1", + "jsonwebtoken": "^9.0.2", "kerberos-server": "^1.0.0", "ldapjs": "^2.3.2", "lodash": "^4.17.21",