From 9f689f0a7e5bff5754cf16136ea2d73cdfdfa8d7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 10 Dec 2024 02:54:31 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MONGOOSE-8446504 - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416 --- package-lock.json | 34 ++++++++++++++++++++-------------- package.json | 4 ++-- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/package-lock.json b/package-lock.json index 64d1882..9985f39 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,16 +13,16 @@ "config": "^3.3.12", "connect-flash": "^0.1.1", "cookie": "^1.0.1", - "cookie-parser": "^1.4.7", + "cookie-parser": "~1.4.7", "cors": "^2.8.5", "debug": "~2.6.9", - "express": "^4.21.1", + "express": "^4.21.2", "express-rate-limit": "^7.4.1", - "http-errors": "^1.8.1", "express-session": "^1.18.1", + "http-errors": "~1.8.1", "joi": "^17.13.3", "jsonwebtoken": "^9.0.2", - "mongoose": "^8.8.0", + "mongoose": "^8.8.3", "morgan": "~1.9.1", "nodemon": "^3.1.7", "passport": "^0.7.0", @@ -631,9 +631,10 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -654,7 +655,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -669,6 +670,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express-rate-limit": { @@ -793,9 +798,10 @@ } }, "node_modules/express/node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" }, "node_modules/express/node_modules/safe-buffer": { "version": "5.2.1", @@ -1546,9 +1552,9 @@ } }, "node_modules/mongoose": { - "version": "8.8.0", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.8.0.tgz", - "integrity": "sha512-KluvgwnQB1GPOYZZXUHJRjS1TW6xxwTlf/YgjWExuuNanIe3W7VcR7dDXQVCIRk8L7NYge8EnoTcu2grWtN+XQ==", + "version": "8.8.3", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.8.3.tgz", + "integrity": "sha512-/I4n/DcXqXyIiLRfAmUIiTjj3vXfeISke8dt4U4Y8Wfm074Wa6sXnQrXN49NFOFf2mM1kUdOXryoBvkuCnr+Qw==", "license": "MIT", "dependencies": { "bson": "^6.7.0", diff --git a/package.json b/package.json index cc89c5b..90d3430 100644 --- a/package.json +++ b/package.json @@ -14,13 +14,13 @@ "cookie-parser": "~1.4.7", "cors": "^2.8.5", "debug": "~2.6.9", - "express": "^4.21.1", + "express": "^4.21.2", "express-rate-limit": "^7.4.1", "http-errors": "~1.8.1", "express-session": "^1.18.1", "joi": "^17.13.3", "jsonwebtoken": "^9.0.2", - "mongoose": "^8.8.0", + "mongoose": "^8.8.3", "morgan": "~1.9.1", "nodemon": "^3.1.7", "passport": "^0.7.0",