From dfceb7b959831f049e9d89dcb2c30d70a88115a7 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 24 Jul 2025 09:21:14 +0000
Subject: [PATCH] fix: apis/userprofile/package.json &
 apis/userprofile/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
---
 apis/userprofile/package-lock.json | 56 +++++++++++++++++++-----------
 apis/userprofile/package.json      |  2 +-
 2 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/apis/userprofile/package-lock.json b/apis/userprofile/package-lock.json
index 4e5e572..5a27018 100644
--- a/apis/userprofile/package-lock.json
+++ b/apis/userprofile/package-lock.json
@@ -294,11 +294,18 @@
             "dev": true
         },
         "basic-auth": {
-            "version": "2.0.0",
-            "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.0.tgz",
-            "integrity": "sha1-AV2z81PgLlY3d1X5YnQuiYHnu7o=",
+            "version": "2.0.1",
+            "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+            "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
             "requires": {
-                "safe-buffer": "5.1.1"
+                "safe-buffer": "5.1.2"
+            },
+            "dependencies": {
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                }
             }
         },
         "big-number": {
@@ -1588,15 +1595,22 @@
             "integrity": "sha512-shJkRTSebXvsVqk56I+lkb2latjBs8I+pc2TzWc545y2iFnSjm7Wg0QMh+ZWcdSLQyGEau5jI8ocnmkyTgr9YQ=="
         },
         "morgan": {
-            "version": "1.9.0",
-            "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",
-            "integrity": "sha1-0B+mxlhZt2/PMbPLU6OCGjEdgFE=",
+            "version": "1.10.1",
+            "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz",
+            "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==",
             "requires": {
-                "basic-auth": "~2.0.0",
+                "basic-auth": "~2.0.1",
                 "debug": "2.6.9",
-                "depd": "~1.1.1",
+                "depd": "~2.0.0",
                 "on-finished": "~2.3.0",
-                "on-headers": "~1.0.1"
+                "on-headers": "~1.1.0"
+            },
+            "dependencies": {
+                "depd": {
+                    "version": "2.0.0",
+                    "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+                    "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+                }
             }
         },
         "ms": {
@@ -2795,9 +2809,9 @@
             }
         },
         "on-headers": {
-            "version": "1.0.1",
-            "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.1.tgz",
-            "integrity": "sha1-ko9dD0cNSTQmUepnlLCFfBAGk/c="
+            "version": "1.1.0",
+            "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+            "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A=="
         },
         "once": {
             "version": "1.4.0",
@@ -3181,6 +3195,14 @@
             "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
             "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
         },
+        "string_decoder": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+            "requires": {
+                "safe-buffer": "~5.1.0"
+            }
+        },
         "string-width": {
             "version": "2.1.1",
             "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
@@ -3215,14 +3237,6 @@
                 "function-bind": "^1.0.2"
             }
         },
-        "string_decoder": {
-            "version": "1.1.1",
-            "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-            "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-            "requires": {
-                "safe-buffer": "~5.1.0"
-            }
-        },
         "strip-ansi": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
diff --git a/apis/userprofile/package.json b/apis/userprofile/package.json
index 6703e1f..31c3e8e 100644
--- a/apis/userprofile/package.json
+++ b/apis/userprofile/package.json
@@ -11,7 +11,7 @@
         "body-parser": "^1.18.3",
         "express": "^4.16.3",
         "express4-tedious": "^0.3.0",
-        "morgan": "^1.9.0",
+        "morgan": "^1.10.1",
         "swaggerize-express": "^4.0.5",
         "swagmock": "1.0.0",
         "swagger-ui-express": "^3.0.10",