From 9d429375e8c609ace97566386bf42ed3f97a3572 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 16 Oct 2019 08:38:17 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486 --- package-lock.json | 187 +++++++++++++++++++++------------------------- package.json | 2 +- 2 files changed, 85 insertions(+), 104 deletions(-) diff --git a/package-lock.json b/package-lock.json index fd41ebd43e..667991ddbe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -170,7 +170,8 @@ "async": { "version": "0.9.0", "resolved": "https://registry.npmjs.org/async/-/async-0.9.0.tgz", - "integrity": "sha1-rDYTsdqb7RtHUQu0ZRuJMeRxRsc=" + "integrity": "sha1-rDYTsdqb7RtHUQu0ZRuJMeRxRsc=", + "optional": true }, "async-cache": { "version": "0.1.5", @@ -492,9 +493,9 @@ } }, "bson": { - "version": "0.4.23", - "resolved": "https://registry.npmjs.org/bson/-/bson-0.4.23.tgz", - "integrity": "sha1-5louPHUH/63kEJvHV1p25Q+NqRU=" + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/bson/-/bson-1.1.1.tgz", + "integrity": "sha512-jCGVYLoYMHDkOsbwJZBCqwMHyH4c+wzgI9hG7Z6SZJRXWr+x58pdIbm2i9a/jFGCkRJqRUr8eoI7lDWa0hTkxg==" }, "buffer": { "version": "4.9.1", @@ -1309,11 +1310,6 @@ "escape-html": "1.0.1" } }, - "es6-promise": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-2.1.1.tgz", - "integrity": "sha1-A+jzxyl5KOVHjWqx0GQyUVB73t0=" - }, "escape-html": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.1.tgz", @@ -1734,11 +1730,6 @@ "integrity": "sha1-PTIkYrrfB3Fup+uFuviAec3c5QU=", "optional": true }, - "hooks-fixed": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hooks-fixed/-/hooks-fixed-1.1.0.tgz", - "integrity": "sha1-DowVM2cI5mERhf45C0RofdUjDbs=" - }, "htmlescape": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/htmlescape/-/htmlescape-1.1.1.tgz", @@ -2027,18 +2018,9 @@ } }, "kareem": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/kareem/-/kareem-1.0.1.tgz", - "integrity": "sha1-eAXSFbtTIU7Dr5aaHQsfF+PnuVw=" - }, - "kerberos": { - "version": "0.0.24", - "resolved": "https://registry.npmjs.org/kerberos/-/kerberos-0.0.24.tgz", - "integrity": "sha512-QO6bFq9eETHB5zcA0OJiQtw137TH45OuUcGtI+QGg2ZJQIPCvwXL2kjCqZZMColcIdbPhj4X40EY5f3oOiBfiw==", - "optional": true, - "requires": { - "nan": "~2.10.0" - } + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.1.tgz", + "integrity": "sha512-l3hLhffs9zqoDe8zjmb/mAN4B8VT3L56EUvKNqLFVs9YlFA+zx7ke1DO8STAdDyYNkeSo1nKmjuvQeI12So8Xw==" }, "labeled-stream-splicer": { "version": "2.0.1", @@ -2241,88 +2223,79 @@ "integrity": "sha1-6XnCop4iiI5g85byIgphGPhc2Uw=" }, "mongodb": { - "version": "2.0.46", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-2.0.46.tgz", - "integrity": "sha1-sbhXRl5F4lmx4OAzaYNBpky5NVk=", - "requires": { - "es6-promise": "2.1.1", - "mongodb-core": "1.2.19", - "readable-stream": "1.0.31" - } - }, - "mongodb-core": { - "version": "1.2.19", - "resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-1.2.19.tgz", - "integrity": "sha1-/LNfa2q8XD3h8aSl21JrnjBvPrc=", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.3.2.tgz", + "integrity": "sha512-fqJt3iywelk4yKu/lfwQg163Bjpo5zDKhXiohycvon4iQHbrfflSAz9AIlRE6496Pm/dQKQK5bMigdVo2s6gBg==", "requires": { - "bson": "~0.4.19", - "kerberos": "~0.0" + "bson": "^1.1.1", + "require_optional": "^1.0.1", + "safe-buffer": "^5.1.2" } }, "mongoose": { - "version": "4.2.4", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-4.2.4.tgz", - "integrity": "sha1-4vjAB92Dj2YztPbJZbqSojKskxc=", - "requires": { - "async": "0.9.0", - "bson": "~0.4.18", - "hooks-fixed": "1.1.0", - "kareem": "1.0.1", - "mongodb": "2.0.46", - "mpath": "0.1.1", - "mpromise": "0.5.4", - "mquery": "1.6.3", - "ms": "0.7.1", - "muri": "1.0.0", - "regexp-clone": "0.0.1", - "sliced": "0.0.5" + "version": "5.7.5", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.7.5.tgz", + "integrity": "sha512-BZ4FxtnbTurc/wcm/hLltLdI4IDxo4nsE0D9q58YymTdZwreNzwO62CcjVtaHhmr8HmJtOInp2W/T12FZaMf8g==", + "requires": { + "bson": "~1.1.1", + "kareem": "2.3.1", + "mongodb": "3.3.2", + "mongoose-legacy-pluralize": "1.0.2", + "mpath": "0.6.0", + "mquery": "3.2.2", + "ms": "2.1.2", + "regexp-clone": "1.0.0", + "safe-buffer": "5.1.2", + "sift": "7.0.1", + "sliced": "1.0.1" }, "dependencies": { "ms": { - "version": "0.7.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", - "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" } } }, - "mpath": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.1.1.tgz", - "integrity": "sha1-I9qFK3wjLuCX9HWdKcDunNItXkY=" + "mongoose-legacy-pluralize": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/mongoose-legacy-pluralize/-/mongoose-legacy-pluralize-1.0.2.tgz", + "integrity": "sha512-Yo/7qQU4/EyIS8YDFSeenIvXxZN+ld7YdV9LqFVQJzTLye8unujAWPZ4NWKfFA+RNjh+wvTWKY9Z3E5XM6ZZiQ==" }, - "mpromise": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/mpromise/-/mpromise-0.5.4.tgz", - "integrity": "sha1-thBhPsbeN0GflEs18Hg7Ten13HU=" + "mpath": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.6.0.tgz", + "integrity": "sha512-i75qh79MJ5Xo/sbhxrDrPSEG0H/mr1kcZXJ8dH6URU5jD/knFxCVqVC/gVSW7GIXL/9hHWlT9haLbCXWOll3qw==" }, "mquery": { - "version": "1.6.3", - "resolved": "https://registry.npmjs.org/mquery/-/mquery-1.6.3.tgz", - "integrity": "sha1-fAK/t+ScgBLOzhVWxeZf72HzyOU=", - "requires": { - "bluebird": "2.9.26", - "debug": "2.2.0", - "regexp-clone": "0.0.1", - "sliced": "0.0.5" + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/mquery/-/mquery-3.2.2.tgz", + "integrity": "sha512-XB52992COp0KP230I3qloVUbkLUxJIu328HBP2t2EsxSFtf4W1HPSOBWOXf1bqxK4Xbb66lfMJ+Bpfd9/yZE1Q==", + "requires": { + "bluebird": "3.5.1", + "debug": "3.1.0", + "regexp-clone": "^1.0.0", + "safe-buffer": "5.1.2", + "sliced": "1.0.1" }, "dependencies": { "bluebird": { - "version": "2.9.26", - "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.9.26.tgz", - "integrity": "sha1-Nidy6k0J9VakufO2TC/RNuh+OlU=" + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz", + "integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA==" }, "debug": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", - "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", "requires": { - "ms": "0.7.1" + "ms": "2.0.0" } }, "ms": { - "version": "0.7.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", - "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" } } }, @@ -2331,17 +2304,6 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.3.tgz", "integrity": "sha1-cIFVpeROM/X9D8U+gdDUCpG+H/8=" }, - "muri": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/muri/-/muri-1.0.0.tgz", - "integrity": "sha1-3jv2vXHWfq5x12aJuVDS3hGGlcY=" - }, - "nan": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz", - "integrity": "sha512-bAdJv7fBLhWC+/Bls0Oza+mvTaNQtP+1RyhhhvD95pgUJz6XM5IzgmxOkItJ9tkoCiplvAnXI1tNmmUD/eScyA==", - "optional": true - }, "needle": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/needle/-/needle-2.3.0.tgz", @@ -4491,9 +4453,9 @@ } }, "regexp-clone": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-0.0.1.tgz", - "integrity": "sha1-p8LgmJH9vzj7sQ03b7cwA+aKxYk=" + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-1.0.0.tgz", + "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw==" }, "request": { "version": "2.42.0", @@ -4534,6 +4496,15 @@ } } }, + "require_optional": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/require_optional/-/require_optional-1.0.1.tgz", + "integrity": "sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g==", + "requires": { + "resolve-from": "^2.0.0", + "semver": "^5.1.0" + } + }, "resolve": { "version": "1.10.0", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.10.0.tgz", @@ -4543,6 +4514,11 @@ "path-parse": "^1.0.6" } }, + "resolve-from": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-2.0.0.tgz", + "integrity": "sha1-lICrIOlP+h2egKgEx+oUdhGWa1c=" + }, "resumer": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/resumer/-/resumer-0.0.0.tgz", @@ -4677,6 +4653,11 @@ "jsonify": "~0.0.0" } }, + "sift": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/sift/-/sift-7.0.1.tgz", + "integrity": "sha512-oqD7PMJ+uO6jV9EQCl0LrRw1OwsiPsiFQR5AR30heR+4Dl7jBBbDLnNvWiak20tzZlSE1H7RB30SX/1j/YYT7g==" + }, "signal-exit": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-2.1.2.tgz", @@ -4689,9 +4670,9 @@ "dev": true }, "sliced": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/sliced/-/sliced-0.0.5.tgz", - "integrity": "sha1-XtwETKTrb3gW1Qui/GPiXY/kcH8=" + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz", + "integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E=" }, "sntp": { "version": "0.2.4", diff --git a/package.json b/package.json index 05a9288958..d69ec55a84 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "marked": "0.3.5", "method-override": "latest", "moment": "2.15.1", - "mongoose": "4.2.4", + "mongoose": "5.7.5", "morgan": "latest", "ms": "^0.7.1", "npmconf": "0.0.24",