From b4bc4aaf06e1f568337049da5b8033b99f9e3991 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 15 May 2025 02:02:49 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-MOMENT-2944238 - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/SNYK-JS-EJS-6689533 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908 - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341 --- package-lock.json | 82 ++++++++++++++++++++++------------------------- package.json | 2 +- 2 files changed, 40 insertions(+), 44 deletions(-) diff --git a/package-lock.json b/package-lock.json index e8014547..7cc2ec3b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -51,7 +51,7 @@ "win-ca": "^3.0.4", "winston": "~2.2.0", "ws": "^1.1.5", - "wsfed": "^7.0.0", + "wsfed": "^7.0.1", "xtend": "~2.1.1" }, "devDependencies": { @@ -375,9 +375,11 @@ "dev": true }, "node_modules/@xmldom/xmldom": { - "version": "0.7.11", - "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.11.tgz", - "integrity": "sha512-UDi3g6Jss/W5FnSzO9jCtQwEpfymt0M+sPPlmLhDH6h2TJ8j4ESE/LpmNPBij15J5NKkk4/cg/qoVMdWI3vnlQ==", + "version": "0.7.13", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.13.tgz", + "integrity": "sha512-lm2GW5PkosIzccsaZIz7tp8cPADSIlIHWDFTR1N0SzfinhhYgeIQjFMz4rYzanCScr3DqQLeomUDArp6MWKm+g==", + "deprecated": "this version is no longer supported, please update to at least 0.8.*", + "license": "MIT", "engines": { "node": ">=10.0.0" } @@ -4427,32 +4429,29 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/saml": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/saml/-/saml-1.0.1.tgz", - "integrity": "sha512-BzzlTdXNICrIGhJkq168n0WJpwXYr3xyMd7UHC7/s8F4M6zHSEItwEuKGmm6HjsttZk/hJcrw7fY0OZ9wE+v7Q==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/saml/-/saml-3.0.1.tgz", + "integrity": "sha512-bOjVqZcHY8PkdTBD7Y27KHykC7403BEM46SeCq5r0QPNEPE7M7RmWKy7hPjYsID9VNkCNSHYSVrrRS8Y9hNVWA==", + "license": "MIT", "dependencies": { "@xmldom/xmldom": "^0.7.4", - "async": "~0.2.9", - "moment": "2.19.3", + "async": "^3.2.4", + "moment": "^2.29.4", "valid-url": "~1.0.9", "xml-crypto": "^2.1.3", - "xml-encryption": "^1.2.1", + "xml-encryption": "^2.0.0", "xml-name-validator": "~2.0.1", "xpath": "0.0.5" + }, + "engines": { + "node": ">=12" } }, "node_modules/saml/node_modules/async": { - "version": "0.2.10", - "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", - "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" - }, - "node_modules/saml/node_modules/moment": { - "version": "2.19.3", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.3.tgz", - "integrity": "sha512-SiZ1HUDMfBpfCzL1Hm1vxUFkYDbHx8/RiWBLF+5qoVWTlBGtR15+wVQB7eSD/0w3ueDxzojlX9LQtiKVpLMsFQ==", - "engines": { - "node": "*" - } + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==", + "license": "MIT" }, "node_modules/secure-keys": { "version": "1.0.0", @@ -5288,25 +5287,18 @@ } }, "node_modules/wsfed": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wsfed/-/wsfed-7.0.0.tgz", - "integrity": "sha512-6MTBasGr/8+EydbMAY/0oIU65K7xt4uemxSRFVJRS1HvL4WCbWqP+wNPjfOChyDG9qVadDE8OKvVLjauzvpvig==", + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/wsfed/-/wsfed-7.0.1.tgz", + "integrity": "sha512-5coEr136L7LkY9nNr97+0isFL/1+3JZnwKrPc8F7VMFgncHcmrHOXoS2hSF1nGxfJvPeDWhuXWqZUL38Dhuspw==", + "license": "MIT", "dependencies": { "@auth0/thumbprint": "0.0.6", - "ejs": "2.5.5", + "ejs": "^3.1.10", "jsonwebtoken": "^9.0.0", - "saml": "^1.0.0", + "saml": "^3.0.1", "xtend": "~2.0.3" } }, - "node_modules/wsfed/node_modules/ejs": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.5.tgz", - "integrity": "sha512-SVMZ8TKYCxHL6gb7f9QVpvnMPxZpdrT65IH6awbFex+bVAWtEYW0LoRbiViOJn6t1v/J0tVrl9fx6XOuJ5fjTA==", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/wsfed/node_modules/is-object": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/is-object/-/is-object-0.1.2.tgz", @@ -5336,9 +5328,10 @@ } }, "node_modules/xml-crypto": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-2.1.5.tgz", - "integrity": "sha512-xOSJmGFm+BTXmaPYk8pPV3duKo6hJuZ5niN4uMzoNcTlwYs0jAu/N3qY+ud9MhE4N7eMRuC1ayC7Yhmb7MmAWg==", + "version": "2.1.6", + "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-2.1.6.tgz", + "integrity": "sha512-jjvpO8vHNV8QFhW5bMypP+k4BjBqHe/HrpIwpPcdUnUTIJakSIuN96o3Sdah4tKu2z64kM/JHEH8iEHGCc6Gyw==", + "license": "MIT", "dependencies": { "@xmldom/xmldom": "^0.7.9", "xpath": "0.0.32" @@ -5351,28 +5344,30 @@ "version": "0.0.32", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", + "license": "MIT", "engines": { "node": ">=0.6.0" } }, "node_modules/xml-encryption": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.3.0.tgz", - "integrity": "sha512-3P8C4egMMxSR1BmsRM+fG16a3WzOuUEQKS2U4c3AZ5v7OseIfdUeVkD8dwxIhuLryFZSRWUL5OP6oqkgU7hguA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-2.0.0.tgz", + "integrity": "sha512-4Av83DdvAgUQQMfi/w8G01aJshbEZP9ewjmZMpS9t3H+OCZBDvyK4GJPnHGfWiXlArnPbYvR58JB9qF2x9Ds+Q==", + "license": "MIT", "dependencies": { "@xmldom/xmldom": "^0.7.0", "escape-html": "^1.0.3", - "node-forge": "^0.10.0", "xpath": "0.0.32" }, "engines": { - "node": ">=8" + "node": ">=12" } }, "node_modules/xml-encryption/node_modules/xpath": { "version": "0.0.32", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", + "license": "MIT", "engines": { "node": ">=0.6.0" } @@ -5380,7 +5375,8 @@ "node_modules/xml-name-validator": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz", - "integrity": "sha512-jRKe/iQYMyVJpzPH+3HL97Lgu5HrCfii+qSo+TfjKHtOnvbnvdVfMYrn9Q34YV81M2e5sviJlI6Ko9y+nByzvA==" + "integrity": "sha512-jRKe/iQYMyVJpzPH+3HL97Lgu5HrCfii+qSo+TfjKHtOnvbnvdVfMYrn9Q34YV81M2e5sviJlI6Ko9y+nByzvA==", + "license": "WTFPL" }, "node_modules/xpath": { "version": "0.0.5", diff --git a/package.json b/package.json index d90cec04..7606370f 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "win-ca": "^3.0.4", "winston": "~2.2.0", "ws": "^1.1.5", - "wsfed": "^7.0.0", + "wsfed": "^7.0.1", "xtend": "~2.1.1" }, "devDependencies": {