From 6fde02e52cfdfe2c42337ccf61b5ca581aad5b95 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 7 Oct 2024 04:26:50 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 --- package-lock.json | 49 ++++++++++++++++++++++++++--------------------- package.json | 4 ++-- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9588a52..af725ca 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,8 +8,8 @@ "name": "finance-manager", "version": "0.1.0", "dependencies": { - "@auth/core": "^0.34.1", - "@auth/drizzle-adapter": "^1.4.1", + "@auth/core": "^0.36.0", + "@auth/drizzle-adapter": "^1.6.0", "@hono/zod-validator": "^0.2.2", "@hookform/resolvers": "^3.9.0", "@neondatabase/serverless": "^0.9.4", @@ -91,15 +91,16 @@ } }, "node_modules/@auth/core": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.34.1.tgz", - "integrity": "sha512-tuYU2VIbI8rFbkSwP710LmybB2FXJsPN7j3sjRVfN9SXVQBK2ej6LdewQaofpBGp4Mk+cC2UeiGNH0or4tgaeA==", + "version": "0.36.0", + "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.36.0.tgz", + "integrity": "sha512-tK+TEYHdM0nkW2uUxAZylpKk2nIf3jsAWzi920E5irxJlymihWzI8nQcz9McfmKux7lmtdpC6TiysayFP7sLYg==", + "license": "ISC", "dependencies": { - "@panva/hkdf": "^1.1.1", + "@panva/hkdf": "^1.2.1", "@types/cookie": "0.6.0", - "cookie": "0.6.0", - "jose": "^5.1.3", - "oauth4webapi": "^2.10.4", + "cookie": "0.7.1", + "jose": "^5.9.3", + "oauth4webapi": "^2.17.0", "preact": "10.11.3", "preact-render-to-string": "5.2.3" }, @@ -121,17 +122,19 @@ } }, "node_modules/@auth/core/node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/@auth/core/node_modules/jose": { - "version": "5.6.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.6.3.tgz", - "integrity": "sha512-1Jh//hEEwMhNYPDDLwXHa2ePWgWiFNNUadVmguAAw2IJ6sj9mNxV5tGXJNqlMkJAybF6Lgw1mISDxTePP/187g==", + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.3.tgz", + "integrity": "sha512-egLIoYSpcd+QUF+UHgobt5YzI2Pkw/H39ou9suW687MY6PmCwPmkNV/4TNjn1p2tX5xO3j0d0sq5hiYE24bSlg==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" } @@ -157,11 +160,12 @@ } }, "node_modules/@auth/drizzle-adapter": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/@auth/drizzle-adapter/-/drizzle-adapter-1.4.1.tgz", - "integrity": "sha512-pUC8D0jfANDvThH1CrcUXmjZyF98ccVMY3iEZUQzUTr0U1csuppvRoz5JccOLzjv3tu+Nb9Qd6SvrmmsnuYgSw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@auth/drizzle-adapter/-/drizzle-adapter-1.6.0.tgz", + "integrity": "sha512-9fxXDeWItF0qqukUN90yCo2p8mZ+BKWi9yAOK1+gVVrkseAwF5wearQABWi22RCvJ3JcUxK2i76UnXDstwF0lA==", + "license": "ISC", "dependencies": { - "@auth/core": "0.34.1" + "@auth/core": "0.36.0" } }, "node_modules/@babel/code-frame": { @@ -6944,9 +6948,10 @@ "integrity": "sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA==" }, "node_modules/oauth4webapi": { - "version": "2.11.1", - "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-2.11.1.tgz", - "integrity": "sha512-aNzOnL98bL6izG97zgnZs1PFEyO4WDVRhz2Pd066NPak44w5ESLRCYmJIyey8avSBPOMtBjhF3ZDDm7bIb7UOg==", + "version": "2.17.0", + "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-2.17.0.tgz", + "integrity": "sha512-lbC0Z7uzAFNFyzEYRIC+pkSVvDHJTbEW+dYlSBAlCYDe6RxUkJ26bClhk8ocBZip1wfI9uKTe0fm4Ib4RHn6uQ==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" } diff --git a/package.json b/package.json index 21319e1..8d0d8ec 100644 --- a/package.json +++ b/package.json @@ -12,8 +12,8 @@ "db:studio": "drizzle-kit studio" }, "dependencies": { - "@auth/core": "^0.34.1", - "@auth/drizzle-adapter": "^1.4.1", + "@auth/core": "^0.36.0", + "@auth/drizzle-adapter": "^1.6.0", "@hono/zod-validator": "^0.2.2", "@hookform/resolvers": "^3.9.0", "@neondatabase/serverless": "^0.9.4",