From 010b61ee956a3daba980eb97b628b4c6fb344598 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Oct 2024 15:26:27 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DICER-2311764 --- package-lock.json | 98 +++++++---------------------------------------- package.json | 2 +- 2 files changed, 14 insertions(+), 86 deletions(-) diff --git a/package-lock.json b/package-lock.json index 76e991cc7b..f24ac83e49 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "ejs-locals": "1.0.2", "errorhandler": "1.2.0", "express": "4.12.4", - "express-fileupload": "0.0.5", + "express-fileupload": "^1.1.10", "express-session": "^1.17.2", "file-type": "^8.1.0", "hbs": "^4.0.4", @@ -1812,17 +1812,6 @@ "node": ">=4" } }, - "node_modules/connect-busboy": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/connect-busboy/-/connect-busboy-0.0.2.tgz", - "integrity": "sha1-rFyclmchcYheV2xmsr/ZXTuxEJc=", - "dependencies": { - "busboy": "*" - }, - "engines": { - "node": ">=0.8.0" - } - }, "node_modules/console-browserify": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/console-browserify/-/console-browserify-1.1.0.tgz", @@ -2730,17 +2719,15 @@ } }, "node_modules/express-fileupload": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-0.0.5.tgz", - "integrity": "sha1-QzpxJSWvqYtMkxYlIui/ecaNguc=", - "deprecated": "Please upgrade express-fileupload to version 1.1.8+ due to a security vulnerability with the parseNested option", + "version": "1.1.10", + "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.1.10.tgz", + "integrity": "sha512-VEbeJBMDl+N+I/vXjQ17Xg+R35El6l6n/EELcSSpnwQbjqFmtAfXY9p5NpBpto5FqnksIleYImJ1jNlIWlP2aw==", + "license": "MIT", "dependencies": { - "connect-busboy": "0.0.2", - "fs-extra": "^0.22.1", - "streamifier": "^0.1.1" + "busboy": "^0.3.1" }, "engines": { - "node": ">=0.8.0" + "node": ">=8.0.0" } }, "node_modules/express-session": { @@ -3137,16 +3124,6 @@ "resolved": "https://registry.npmjs.org/fs-exists-cached/-/fs-exists-cached-1.0.0.tgz", "integrity": "sha1-zyVVTKBQ3EmuZla0HeQiWJidy84=" }, - "node_modules/fs-extra": { - "version": "0.22.1", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.22.1.tgz", - "integrity": "sha1-X9b4BJ3JdsoZ6yNV1lgXPKvM4FY=", - "dependencies": { - "graceful-fs": "^4.1.2", - "jsonfile": "^2.1.0", - "rimraf": "^2.2.8" - } - }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -4358,14 +4335,6 @@ "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=" }, - "node_modules/jsonfile": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", - "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, "node_modules/jsonify": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz", @@ -8334,18 +8303,10 @@ "safe-buffer": "~5.1.0" } }, - "node_modules/streamifier": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/streamifier/-/streamifier-0.1.1.tgz", - "integrity": "sha1-l+mNj6TRBdYqJpHR3AfoINuN/E8=", - "engines": { - "node": ">=0.10" - } - }, "node_modules/streamsearch": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz", - "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=", + "integrity": "sha512-jos8u++JKm0ARcSUTAZXOVC0mSox7Bhn6sBgty73P1f3JGf7yG2clTbBNHUdde/kdvP2FESam+vM6l8jBrNxHA==", "engines": { "node": ">=0.8.0" } @@ -11280,14 +11241,6 @@ "xdg-basedir": "^3.0.0" } }, - "connect-busboy": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/connect-busboy/-/connect-busboy-0.0.2.tgz", - "integrity": "sha1-rFyclmchcYheV2xmsr/ZXTuxEJc=", - "requires": { - "busboy": "*" - } - }, "console-browserify": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/console-browserify/-/console-browserify-1.1.0.tgz", @@ -12095,13 +12048,11 @@ } }, "express-fileupload": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-0.0.5.tgz", - "integrity": "sha1-QzpxJSWvqYtMkxYlIui/ecaNguc=", + "version": "1.1.10", + "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.1.10.tgz", + "integrity": "sha512-VEbeJBMDl+N+I/vXjQ17Xg+R35El6l6n/EELcSSpnwQbjqFmtAfXY9p5NpBpto5FqnksIleYImJ1jNlIWlP2aw==", "requires": { - "connect-busboy": "0.0.2", - "fs-extra": "^0.22.1", - "streamifier": "^0.1.1" + "busboy": "^0.3.1" } }, "express-session": { @@ -12352,16 +12303,6 @@ "resolved": "https://registry.npmjs.org/fs-exists-cached/-/fs-exists-cached-1.0.0.tgz", "integrity": "sha1-zyVVTKBQ3EmuZla0HeQiWJidy84=" }, - "fs-extra": { - "version": "0.22.1", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.22.1.tgz", - "integrity": "sha1-X9b4BJ3JdsoZ6yNV1lgXPKvM4FY=", - "requires": { - "graceful-fs": "^4.1.2", - "jsonfile": "^2.1.0", - "rimraf": "^2.2.8" - } - }, "fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -13349,14 +13290,6 @@ "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=" }, - "jsonfile": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", - "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", - "requires": { - "graceful-fs": "^4.1.6" - } - }, "jsonify": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz", @@ -16703,15 +16636,10 @@ } } }, - "streamifier": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/streamifier/-/streamifier-0.1.1.tgz", - "integrity": "sha1-l+mNj6TRBdYqJpHR3AfoINuN/E8=" - }, "streamsearch": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz", - "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=" + "integrity": "sha512-jos8u++JKm0ARcSUTAZXOVC0mSox7Bhn6sBgty73P1f3JGf7yG2clTbBNHUdde/kdvP2FESam+vM6l8jBrNxHA==" }, "string_decoder": { "version": "0.10.31", diff --git a/package.json b/package.json index 47377c0755..f951ac4f45 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "ejs-locals": "1.0.2", "errorhandler": "1.2.0", "express": "4.12.4", - "express-fileupload": "0.0.5", + "express-fileupload": "1.1.10", "express-session": "^1.17.2", "file-type": "^8.1.0", "hbs": "^4.0.4",