From 6841e5e4f25afe3ea7d66bef1aec3c9e5e5906f9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 12 Dec 2023 14:08:44 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-KOACORS-6117545
---
 package-lock.json | 54 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4cdd9b2a..7b40ab82 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -140,9 +140,9 @@
 			}
 		},
 		"@koa/cors": {
-			"version": "3.1.0",
-			"resolved": "https://registry.npmjs.org/@koa/cors/-/cors-3.1.0.tgz",
-			"integrity": "sha512-7ulRC1da/rBa6kj6P4g2aJfnET3z8Uf3SWu60cjbtxTA5g8lxRdX/Bd2P92EagGwwAhANeNw8T8if99rJliR6Q==",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/@koa/cors/-/cors-5.0.0.tgz",
+			"integrity": "sha512-x/iUDjcS90W69PryLDIMgFyV21YLTnG9zOpPXS7Bkt2b8AsY3zZsIpOLBkYr9fBcF3HbkKaER5hOBZLfpLgYNw==",
 			"requires": {
 				"vary": "^1.1.2"
 			}
@@ -5227,8 +5227,8 @@
 			"integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA=="
 		},
 		"gltf-pipeline": {
-			"version": "github:freezy/gltf-pipeline#8e7c1450d08374755b3abaf0eb0e3ae9a118c8f2",
-			"from": "github:freezy/gltf-pipeline#hotfix/dedupe",
+			"version": "git+ssh://git@github.com/freezy/gltf-pipeline.git#8e7c1450d08374755b3abaf0eb0e3ae9a118c8f2",
+			"from": "gltf-pipeline@github:freezy/gltf-pipeline#hotfix/dedupe",
 			"requires": {
 				"bluebird": "^3.5.3",
 				"cesium": "^1.54.0",
@@ -6072,6 +6072,11 @@
 			"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
 			"integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="
 		},
+		"is_js": {
+			"version": "0.9.0",
+			"resolved": "https://registry.npmjs.org/is_js/-/is_js-0.9.0.tgz",
+			"integrity": "sha1-CrlFQFArp6+iTIVqqYVWFmnpxS0="
+		},
 		"is-accessor-descriptor": {
 			"version": "0.1.6",
 			"resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
@@ -6403,11 +6408,6 @@
 			"resolved": "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.3.0.tgz",
 			"integrity": "sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw=="
 		},
-		"is_js": {
-			"version": "0.9.0",
-			"resolved": "https://registry.npmjs.org/is_js/-/is_js-0.9.0.tgz",
-			"integrity": "sha1-CrlFQFArp6+iTIVqqYVWFmnpxS0="
-		},
 		"isarray": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
@@ -11094,6 +11094,15 @@
 				"tough-cookie": "^2.3.3"
 			}
 		},
+		"require_optional": {
+			"version": "1.0.1",
+			"resolved": "https://registry.npmjs.org/require_optional/-/require_optional-1.0.1.tgz",
+			"integrity": "sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g==",
+			"requires": {
+				"resolve-from": "^2.0.0",
+				"semver": "^5.1.0"
+			}
+		},
 		"require-ancestors": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/require-ancestors/-/require-ancestors-1.0.0.tgz",
@@ -11150,15 +11159,6 @@
 				}
 			}
 		},
-		"require_optional": {
-			"version": "1.0.1",
-			"resolved": "https://registry.npmjs.org/require_optional/-/require_optional-1.0.1.tgz",
-			"integrity": "sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g==",
-			"requires": {
-				"resolve-from": "^2.0.0",
-				"semver": "^5.1.0"
-			}
-		},
 		"resolve": {
 			"version": "1.19.0",
 			"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.19.0.tgz",
@@ -13352,6 +13352,14 @@
 			"resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz",
 			"integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM="
 		},
+		"string_decoder": {
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
+			"integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==",
+			"requires": {
+				"safe-buffer": "~5.1.0"
+			}
+		},
 		"string-width": {
 			"version": "3.1.0",
 			"resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
@@ -13432,14 +13440,6 @@
 				}
 			}
 		},
-		"string_decoder": {
-			"version": "1.0.3",
-			"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
-			"integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==",
-			"requires": {
-				"safe-buffer": "~5.1.0"
-			}
-		},
 		"strip-ansi": {
 			"version": "5.2.0",
 			"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
diff --git a/package.json b/package.json
index 743b1c1b..0d85b414 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
 	},
 	"mod-project-name": "vpdb",
 	"dependencies": {
-		"@koa/cors": "3.1.0",
+		"@koa/cors": "5.0.0",
 		"@slack/client": "5.0.2",
 		"acl": "0.4.11",
 		"adm-zip": "0.4.16",