From c26f6864aa0766da569741dabf8b7bdd7db8b494 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Sep 2024 08:34:57 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 --- package-lock.json | 41 ++++++++++++++++------------------------- package.json | 4 ++-- 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f47a4d..7634cdf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,22 +1,19 @@ { "name": "EID4U", - "requires": true, "lockfileVersion": 1, + "requires": true, "dependencies": { "async": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz", - "integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==", - "requires": { - "lodash": "4.17.11" - } + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/async/-/async-3.0.0.tgz", + "integrity": "sha512-LNZ6JSpKraIia6VZKKbKxmX6nWIdfsG7WqrOvKpCuDjH7BnGyQRFMTSXEe8to2WF/rqoAKgZvj+L5nnxe0suAg==" }, "debug": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz", "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==", "requires": { - "ms": "2.1.1" + "ms": "^2.1.1" } }, "ejs": { @@ -29,11 +26,6 @@ "resolved": "https://registry.npmjs.org/fs/-/fs-0.0.1-security.tgz", "integrity": "sha1-invTcYa23d84E/I4WLV+yq9eQdQ=" }, - "lodash": { - "version": "4.17.11", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", - "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" - }, "lodash-node": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/lodash-node/-/lodash-node-2.4.1.tgz", @@ -83,8 +75,8 @@ "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-0.10.1.tgz", "integrity": "sha1-+DL3TM9W8kr8rhFjofyrRNlndKg=", "requires": { - "xmldom": "0.1.19", - "xpath.js": "1.1.0" + "xmldom": "=0.1.19", + "xpath.js": ">=0.0.3" }, "dependencies": { "xmldom": { @@ -95,14 +87,13 @@ } }, "xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.12.0.tgz", + "integrity": "sha512-9BEOc/k9UjCRd4rwPTSJq888ddAQCCH0uu4kt/BV2Dwox5RO/hBIlh0n0ipIUf6E3Pnfonr9oiyGkEEi+trhEQ==", "requires": { - "async": "2.6.1", - "ejs": "2.6.1", - "node-forge": "0.7.6", - "xmldom": "0.1.27", + "ejs": "^2.5.6", + "node-forge": "^0.7.0", + "xmldom": "~0.1.15", "xpath": "0.0.27" } }, @@ -111,8 +102,8 @@ "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==", "requires": { - "sax": "1.2.4", - "xmlbuilder": "9.0.7" + "sax": ">=0.6.0", + "xmlbuilder": "~9.0.1" }, "dependencies": { "xmlbuilder": { @@ -127,7 +118,7 @@ "resolved": "http://registry.npmjs.org/xmlbuilder/-/xmlbuilder-2.2.1.tgz", "integrity": "sha1-kyZDDxMNh0NdTECGZDqikm4QWjI=", "requires": { - "lodash-node": "2.4.1" + "lodash-node": "~2.4.1" } }, "xmldom": { diff --git a/package.json b/package.json index 519e928..a0d3c7e 100644 --- a/package.json +++ b/package.json @@ -2,13 +2,13 @@ "name": "EID4U", "private": true, "dependencies": { - "async": "^2.6.0", + "async": "^3.0.0", "debug": "^4.1.0", "fs": "0.0.1-security", "underscore": "^1.8.3", "url": "^0.11.0", "xml-crypto": "^0.10.0", - "xml-encryption": "^0.11.0", + "xml-encryption": "^0.12.0", "xml2js": "^0.4.0", "xmlbuilder": "~2.2.0", "xmldom": "^0.1.0"