From 5dfdfa96c0a38a2885b6bd68b2e4263aa2e477c2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Dec 2024 21:54:00 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416 --- package-lock.json | 60 +++++++++++++++++++++++++---------------------- package.json | 2 +- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/package-lock.json b/package-lock.json index c2c75059c5..0bdf49b695 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,34 +9,34 @@ "version": "1.0.1", "license": "Apache-2.0", "dependencies": { - "adm-zip": "^0.5.2", - "body-parser": "^1.20.3", + "adm-zip": "0.5.2", + "body-parser": "1.20.3", "cfenv": "^1.0.4", "consolidate": "0.14.5", "dustjs-helpers": "1.5.0", - "dustjs-linkedin": "^3.0.0", - "ejs": "^3.1.10", + "dustjs-linkedin": "3.0.0", + "ejs": "3.1.10", "ejs-locals": "1.0.2", - "errorhandler": "^1.5.0", - "express": "^4.21.1", - "express-fileupload": "^1.1.10", + "errorhandler": "1.5.0", + "express": "^4.21.2", + "express-fileupload": "1.1.10", "express-session": "^1.18.1", "file-type": "^8.1.0", "hbs": "^4.1.2", - "humanize-ms": "^1.2.1", + "humanize-ms": "1.2.1", "jquery": "^3.5.0", - "lodash": "^4.17.21", - "marked": "^4.0.10", + "lodash": "4.17.21", + "marked": "4.0.10", "method-override": "latest", - "moment": "^2.29.2", + "moment": "2.29.2", "mongodb": "^3.6.6", - "mongoose": "^5.13.20", + "mongoose": "5.13.20", "morgan": "latest", "ms": "^2.0.0", "mysql": "^2.18.1", - "npmconf": "^2.1.3", + "npmconf": "2.1.3", "optional": "^0.1.3", - "st": "^1.2.2", + "st": "1.2.2", "stream-buffers": "^3.0.1", "tap": "^18.0.0", "typeorm": "^0.3.18", @@ -5287,9 +5287,9 @@ "license": "Apache-2.0" }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", @@ -5311,7 +5311,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -5326,6 +5326,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express-fileupload": { @@ -10572,9 +10576,9 @@ "license": "ISC" }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", "license": "MIT" }, "node_modules/pbkdf2": { @@ -19224,9 +19228,9 @@ "integrity": "sha512-dX7e/LHVJ6W3DE1MHWi9S1EYzDESENfLrYohG2G++ovZrYOkm4Knwa0mc1cn84xJOR4KEU0WSchhLbd0UklbHw==" }, "express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "requires": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -19247,7 +19251,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -23111,9 +23115,9 @@ } }, "path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" }, "pbkdf2": { "version": "3.0.17", diff --git a/package.json b/package.json index 013e265649..e59bef3c62 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "ejs": "3.1.10", "ejs-locals": "1.0.2", "errorhandler": "1.5.0", - "express": "4.21.1", + "express": "4.21.2", "express-fileupload": "1.1.10", "express-session": "^1.18.1", "file-type": "^8.1.0",