Skip to content

Commit

Permalink
fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks
Browse files Browse the repository at this point in the history 
Dependabot is not able to resolve this (seemingly) simple vulnerability
issue so we have to get in there and manually bump `body-parser`.

https://github.com/hyperledger-cacti/cacti/security/dependabot/1218

CVE ID
CVE-2024-45590

GHSA ID
GHSA-qwcr-r2fm-qrc7

Fixes #3657

Signed-off-by: Peter Somogyvari <[email protected]>
  • Loading branch information
@petermetz
petermetz committed Dec 3, 2024
1 parent 09f0fcf commit 6edec86
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 100 deletions.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@
"@babel/traverse": ">=7.23.2",
"ansi-html": ">=0.0.8",
"axios": ">=0.27.2",
"body-parser": ">=1.20.3",
"braces": ">=3.0.3",
"x-dicer": ">0.3.1",
"elliptic": ">=6.5.7",
Expand Down
126 changes: 26 additions & 100 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21521,83 +21521,21 @@ __metadata:
languageName: node
linkType: hard

"body-parser@npm:1.20.1":
version: 1.20.1
resolution: "body-parser@npm:1.20.1"
dependencies:
bytes: "npm:3.1.2"
content-type: "npm:~1.0.4"
debug: "npm:2.6.9"
depd: "npm:2.0.0"
destroy: "npm:1.2.0"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
on-finished: "npm:2.4.1"
qs: "npm:6.11.0"
raw-body: "npm:2.5.1"
type-is: "npm:~1.6.18"
unpipe: "npm:1.0.0"
checksum: 10/5f8d128022a2fb8b6e7990d30878a0182f300b70e46b3f9d358a9433ad6275f0de46add6d63206da3637c01c3b38b6111a7480f7e7ac2e9f7b989f6133fe5510
languageName: node
linkType: hard

"body-parser@npm:1.20.3":
version: 1.20.3
resolution: "body-parser@npm:1.20.3"
"body-parser@npm:>=1.20.3":
version: 2.0.2
resolution: "body-parser@npm:2.0.2"
dependencies:
bytes: "npm:3.1.2"
content-type: "npm:~1.0.5"
debug: "npm:2.6.9"
depd: "npm:2.0.0"
debug: "npm:3.1.0"
destroy: "npm:1.2.0"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
iconv-lite: "npm:0.5.2"
on-finished: "npm:2.4.1"
qs: "npm:6.13.0"
raw-body: "npm:2.5.2"
type-is: "npm:~1.6.18"
unpipe: "npm:1.0.0"
checksum: 10/8723e3d7a672eb50854327453bed85ac48d045f4958e81e7d470c56bf111f835b97e5b73ae9f6393d0011cc9e252771f46fd281bbabc57d33d3986edf1e6aeca
languageName: node
linkType: hard

"body-parser@npm:^1.10.0, body-parser@npm:^1.18.2":
version: 1.20.2
resolution: "body-parser@npm:1.20.2"
dependencies:
bytes: "npm:3.1.2"
content-type: "npm:~1.0.5"
debug: "npm:2.6.9"
depd: "npm:2.0.0"
destroy: "npm:1.2.0"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
on-finished: "npm:2.4.1"
qs: "npm:6.11.0"
raw-body: "npm:2.5.2"
raw-body: "npm:^3.0.0"
type-is: "npm:~1.6.18"
unpipe: "npm:1.0.0"
checksum: 10/3cf171b82190cf91495c262b073e425fc0d9e25cc2bf4540d43f7e7bbca27d6a9eae65ca367b6ef3993eea261159d9d2ab37ce444e8979323952e12eb3df319a
languageName: node
linkType: hard

"body-parser@npm:^1.16.0, body-parser@npm:^1.19.0":
version: 1.20.0
resolution: "body-parser@npm:1.20.0"
dependencies:
bytes: "npm:3.1.2"
content-type: "npm:~1.0.4"
debug: "npm:2.6.9"
depd: "npm:2.0.0"
destroy: "npm:1.2.0"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
on-finished: "npm:2.4.1"
qs: "npm:6.10.3"
raw-body: "npm:2.5.1"
type-is: "npm:~1.6.18"
unpipe: "npm:1.0.0"
checksum: 10/63fe82c27fdacac51d26665c3d13d4c6e48d1c3e9efe1fbc0fd18801aa9a598ab1023b09298ae4b3d0a7598d55902d793f7fa1b5551da99c16eabfed9b022a51
checksum: 10/3b381210daa9bbe90b6dc21fa9d4580b6842f7620437ec89c2522461150ceea11701ed6d7b23876d61056e9d64ee66a29ce00c0ef252a810edf4d7d45aa94455
languageName: node
linkType: hard

Expand Down Expand Up @@ -32993,7 +32931,16 @@ __metadata:
languageName: node
linkType: hard

"iconv-lite@npm:^0.6.2, iconv-lite@npm:^0.6.3":
"iconv-lite@npm:0.5.2":
version: 0.5.2
resolution: "iconv-lite@npm:0.5.2"
dependencies:
safer-buffer: "npm:>= 2.1.2 < 3"
checksum: 10/b48a1c8a173b638cb3d9a21674acbfed1c1fd8e81f6dc52e63cf44d3b56f37fd48f8ff81d93a71c8b60b4dfb464d3e87f606df5f8a0f0247c21737665059565c
languageName: node
linkType: hard

"iconv-lite@npm:0.6.3, iconv-lite@npm:^0.6.2, iconv-lite@npm:^0.6.3":
version: 0.6.3
resolution: "iconv-lite@npm:0.6.3"
dependencies:
Expand Down Expand Up @@ -45367,15 +45314,6 @@ __metadata:
languageName: node
linkType: hard

"qs@npm:6.10.3":
version: 6.10.3
resolution: "qs@npm:6.10.3"
dependencies:
side-channel: "npm:^1.0.4"
checksum: 10/73d07bfd77f07bec3750dca5e6d165cba0c87ce3e4688bb26e5e462e725ab1289ecdb69164b0b4a4d1b913e2a3ae6b22acbb8b2feb5c8f31bd76f2380f3dc23d
languageName: node
linkType: hard

"qs@npm:6.11.0":
version: 6.11.0
resolution: "qs@npm:6.11.0"
Expand Down Expand Up @@ -45543,39 +45481,27 @@ __metadata:
languageName: node
linkType: hard

"raw-body@npm:2.5.1":
version: 2.5.1
resolution: "raw-body@npm:2.5.1"
dependencies:
bytes: "npm:3.1.2"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
unpipe: "npm:1.0.0"
checksum: 10/280bedc12db3490ecd06f740bdcf66093a07535374b51331242382c0e130bb273ebb611b7bc4cba1b4b4e016cc7b1f4b05a6df885a6af39c2bc3b94c02291c84
languageName: node
linkType: hard

"raw-body@npm:2.5.2":
version: 2.5.2
resolution: "raw-body@npm:2.5.2"
"raw-body@npm:^2.3.0, raw-body@npm:^2.4.1":
version: 2.5.0
resolution: "raw-body@npm:2.5.0"
dependencies:
bytes: "npm:3.1.2"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
unpipe: "npm:1.0.0"
checksum: 10/863b5171e140546a4d99f349b720abac4410338e23df5e409cfcc3752538c9caf947ce382c89129ba976f71894bd38b5806c774edac35ebf168d02aa1ac11a95
checksum: 10/69be6cc3a29241aa70c1e00a9e82388054abe6686d3d4e0d82759c9402ee818095d37be478c0d5034a2d12f7d91342062767d7169da7a7f4b24a954b99ff493d
languageName: node
linkType: hard

"raw-body@npm:^2.3.0, raw-body@npm:^2.4.1":
version: 2.5.0
resolution: "raw-body@npm:2.5.0"
"raw-body@npm:^3.0.0":
version: 3.0.0
resolution: "raw-body@npm:3.0.0"
dependencies:
bytes: "npm:3.1.2"
http-errors: "npm:2.0.0"
iconv-lite: "npm:0.4.24"
iconv-lite: "npm:0.6.3"
unpipe: "npm:1.0.0"
checksum: 10/69be6cc3a29241aa70c1e00a9e82388054abe6686d3d4e0d82759c9402ee818095d37be478c0d5034a2d12f7d91342062767d7169da7a7f4b24a954b99ff493d
checksum: 10/2443429bbb2f9ae5c50d3d2a6c342533dfbde6b3173740b70fa0302b30914ff400c6d31a46b3ceacbe7d0925dc07d4413928278b494b04a65736fc17ca33e30c
languageName: node
linkType: hard

Expand Down

0 comments on commit 6edec86

Please sign in to comment.