From 5dfa1baad32a07ca2f8887b285829ac49af13202 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 15 Mar 2023 15:54:54 +0000 Subject: [PATCH 1/2] fix: api/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-3153490 --- api/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/package.json b/api/package.json index 930b1c6..92ac2a5 100644 --- a/api/package.json +++ b/api/package.json @@ -18,7 +18,7 @@ "@types/ws": "^8.2.2", "automod": "^0.1.0", "dotenv": "^14.2.0", - "express": "^4.17.2", + "express": "^4.17.3", "log75": "^2.2.0", "monk": "^7.3.4", "redis": "^4.2.0", From e179f10c46f7935db505d32557f24080f04673fc Mon Sep 17 00:00:00 2001 From: Lea Date: Wed, 15 Mar 2023 16:57:07 +0100 Subject: [PATCH 2/2] Update yarn.lock --- api/yarn.lock | 273 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 178 insertions(+), 95 deletions(-) diff --git a/api/yarn.lock b/api/yarn.lock index 635f7d1..6ab625e 100644 --- a/api/yarn.lock +++ b/api/yarn.lock @@ -178,13 +178,13 @@ __metadata: languageName: node linkType: hard -"accepts@npm:~1.3.7": - version: 1.3.7 - resolution: "accepts@npm:1.3.7" +"accepts@npm:~1.3.8": + version: 1.3.8 + resolution: "accepts@npm:1.3.8" dependencies: - mime-types: ~2.1.24 - negotiator: 0.6.2 - checksum: 27fc8060ffc69481ff6719cd3ee06387d2b88381cb0ce626f087781bbd02201a645a9febc8e7e7333558354b33b1d2f922ad13560be4ec1b7ba9e76fc1c1241d + mime-types: ~2.1.34 + negotiator: 0.6.3 + checksum: 50c43d32e7b50285ebe84b613ee4a3aa426715a7d131b65b786e2ead0fd76b6b60091b9916d3478a75f11f162628a2139991b6c03ab3f1d9ab7c86075dc8eab4 languageName: node linkType: hard @@ -204,7 +204,7 @@ __metadata: "@types/ws": ^8.2.2 automod: ^0.1.0 dotenv: ^14.2.0 - express: ^4.17.2 + express: ^4.17.3 log75: ^2.2.0 monk: ^7.3.4 redis: ^4.2.0 @@ -244,21 +244,23 @@ __metadata: languageName: node linkType: hard -"body-parser@npm:1.19.1": - version: 1.19.1 - resolution: "body-parser@npm:1.19.1" +"body-parser@npm:1.20.1": + version: 1.20.1 + resolution: "body-parser@npm:1.20.1" dependencies: - bytes: 3.1.1 + bytes: 3.1.2 content-type: ~1.0.4 debug: 2.6.9 - depd: ~1.1.2 - http-errors: 1.8.1 + depd: 2.0.0 + destroy: 1.2.0 + http-errors: 2.0.0 iconv-lite: 0.4.24 - on-finished: ~2.3.0 - qs: 6.9.6 - raw-body: 2.4.2 + on-finished: 2.4.1 + qs: 6.11.0 + raw-body: 2.5.1 type-is: ~1.6.18 - checksum: 9197a300a6580b8723c7b6b1e22cebd5ba47cd4a6fd45c153350efcde79293869ddee8d17d95fb52724812d649d89d62775faab072608d3243a0cbb00582234e + unpipe: 1.0.0 + checksum: f1050dbac3bede6a78f0b87947a8d548ce43f91ccc718a50dd774f3c81f2d8b04693e52acf62659fad23101827dd318da1fb1363444ff9a8482b886a3e4a5266 languageName: node linkType: hard @@ -288,10 +290,20 @@ __metadata: languageName: node linkType: hard -"bytes@npm:3.1.1": - version: 3.1.1 - resolution: "bytes@npm:3.1.1" - checksum: 949ab99a385d6acf4d2c69f1afc618615dc905936e0b0b9aa94a9e94d722baaba44d6a0851536585a0892ae4d462b5a270ccb1b04c774640742cbde5538ca328 +"bytes@npm:3.1.2": + version: 3.1.2 + resolution: "bytes@npm:3.1.2" + checksum: e4bcd3948d289c5127591fbedf10c0b639ccbf00243504e4e127374a15c3bc8eed0d28d4aaab08ff6f1cf2abc0cce6ba3085ed32f4f90e82a5683ce0014e1b6e + languageName: node + linkType: hard + +"call-bind@npm:^1.0.0": + version: 1.0.2 + resolution: "call-bind@npm:1.0.2" + dependencies: + function-bind: ^1.1.1 + get-intrinsic: ^1.0.2 + checksum: f8e31de9d19988a4b80f3e704788c4a2d6b6f3d17cfec4f57dc29ced450c53a49270dc66bf0fbd693329ee948dd33e6c90a329519aef17474a4d961e8d6426b0 languageName: node linkType: hard @@ -325,10 +337,10 @@ __metadata: languageName: node linkType: hard -"cookie@npm:0.4.1": - version: 0.4.1 - resolution: "cookie@npm:0.4.1" - checksum: bd7c47f5d94ab70ccdfe8210cde7d725880d2fcda06d8e375afbdd82de0c8d3b73541996e9ce57d35f67f672c4ee6d60208adec06b3c5fc94cebb85196084cf8 +"cookie@npm:0.5.0": + version: 0.5.0 + resolution: "cookie@npm:0.5.0" + checksum: 1f4bd2ca5765f8c9689a7e8954183f5332139eb72b6ff783d8947032ec1fdf43109852c178e21a953a30c0dd42257828185be01b49d1eb1a67fd054ca588a180 languageName: node linkType: hard @@ -367,17 +379,17 @@ __metadata: languageName: node linkType: hard -"depd@npm:~1.1.2": - version: 1.1.2 - resolution: "depd@npm:1.1.2" - checksum: 6b406620d269619852885ce15965272b829df6f409724415e0002c8632ab6a8c0a08ec1f0bd2add05dc7bd7507606f7e2cc034fa24224ab829580040b835ecd9 +"depd@npm:2.0.0": + version: 2.0.0 + resolution: "depd@npm:2.0.0" + checksum: abbe19c768c97ee2eed6282d8ce3031126662252c58d711f646921c9623f9052e3e1906443066beec1095832f534e57c523b7333f8e7e0d93051ab6baef5ab3a languageName: node linkType: hard -"destroy@npm:~1.0.4": - version: 1.0.4 - resolution: "destroy@npm:1.0.4" - checksum: da9ab4961dc61677c709da0c25ef01733042614453924d65636a7db37308fef8a24cd1e07172e61173d471ca175371295fbc984b0af5b2b4ff47cd57bd784c03 +"destroy@npm:1.2.0": + version: 1.2.0 + resolution: "destroy@npm:1.2.0" + checksum: 0acb300b7478a08b92d810ab229d5afe0d2f4399272045ab22affa0d99dbaf12637659411530a6fcd597a9bdac718fc94373a61a95b4651bbc7b83684a565e38 languageName: node linkType: hard @@ -416,56 +428,57 @@ __metadata: languageName: node linkType: hard -"express@npm:^4.17.2": - version: 4.17.2 - resolution: "express@npm:4.17.2" +"express@npm:^4.17.3": + version: 4.18.2 + resolution: "express@npm:4.18.2" dependencies: - accepts: ~1.3.7 + accepts: ~1.3.8 array-flatten: 1.1.1 - body-parser: 1.19.1 + body-parser: 1.20.1 content-disposition: 0.5.4 content-type: ~1.0.4 - cookie: 0.4.1 + cookie: 0.5.0 cookie-signature: 1.0.6 debug: 2.6.9 - depd: ~1.1.2 + depd: 2.0.0 encodeurl: ~1.0.2 escape-html: ~1.0.3 etag: ~1.8.1 - finalhandler: ~1.1.2 + finalhandler: 1.2.0 fresh: 0.5.2 + http-errors: 2.0.0 merge-descriptors: 1.0.1 methods: ~1.1.2 - on-finished: ~2.3.0 + on-finished: 2.4.1 parseurl: ~1.3.3 path-to-regexp: 0.1.7 proxy-addr: ~2.0.7 - qs: 6.9.6 + qs: 6.11.0 range-parser: ~1.2.1 safe-buffer: 5.2.1 - send: 0.17.2 - serve-static: 1.14.2 + send: 0.18.0 + serve-static: 1.15.0 setprototypeof: 1.2.0 - statuses: ~1.5.0 + statuses: 2.0.1 type-is: ~1.6.18 utils-merge: 1.0.1 vary: ~1.1.2 - checksum: 1535d56d20e65a1a39b5f056c025dd635290a744478ac69cc47633aeb4b2ce51458f8eb4080cfb7ba47c853ba5cfd794d404cff822a25127f1556b726ec3914a + checksum: 3c4b9b076879442f6b968fe53d85d9f1eeacbb4f4c41e5f16cc36d77ce39a2b0d81b3f250514982110d815b2f7173f5561367f9110fcc541f9371948e8c8b037 languageName: node linkType: hard -"finalhandler@npm:~1.1.2": - version: 1.1.2 - resolution: "finalhandler@npm:1.1.2" +"finalhandler@npm:1.2.0": + version: 1.2.0 + resolution: "finalhandler@npm:1.2.0" dependencies: debug: 2.6.9 encodeurl: ~1.0.2 escape-html: ~1.0.3 - on-finished: ~2.3.0 + on-finished: 2.4.1 parseurl: ~1.3.3 - statuses: ~1.5.0 + statuses: 2.0.1 unpipe: ~1.0.0 - checksum: 617880460c5138dd7ccfd555cb5dde4d8f170f4b31b8bd51e4b646bb2946c30f7db716428a1f2882d730d2b72afb47d1f67cc487b874cb15426f95753a88965e + checksum: 92effbfd32e22a7dff2994acedbd9bcc3aa646a3e919ea6a53238090e87097f8ef07cced90aa2cc421abdf993aefbdd5b00104d55c7c5479a8d00ed105b45716 languageName: node linkType: hard @@ -483,6 +496,13 @@ __metadata: languageName: node linkType: hard +"function-bind@npm:^1.1.1": + version: 1.1.1 + resolution: "function-bind@npm:1.1.1" + checksum: b32fbaebb3f8ec4969f033073b43f5c8befbb58f1a79e12f1d7490358150359ebd92f49e72ff0144f65f2c48ea2a605bff2d07965f548f6474fd8efd95bf361a + languageName: node + linkType: hard + "generic-pool@npm:3.8.2": version: 3.8.2 resolution: "generic-pool@npm:3.8.2" @@ -490,16 +510,43 @@ __metadata: languageName: node linkType: hard -"http-errors@npm:1.8.1": - version: 1.8.1 - resolution: "http-errors@npm:1.8.1" +"get-intrinsic@npm:^1.0.2": + version: 1.2.0 + resolution: "get-intrinsic@npm:1.2.0" dependencies: - depd: ~1.1.2 + function-bind: ^1.1.1 + has: ^1.0.3 + has-symbols: ^1.0.3 + checksum: 78fc0487b783f5c58cf2dccafc3ae656ee8d2d8062a8831ce4a95e7057af4587a1d4882246c033aca0a7b4965276f4802b45cc300338d1b77a73d3e3e3f4877d + languageName: node + linkType: hard + +"has-symbols@npm:^1.0.3": + version: 1.0.3 + resolution: "has-symbols@npm:1.0.3" + checksum: a054c40c631c0d5741a8285010a0777ea0c068f99ed43e5d6eb12972da223f8af553a455132fdb0801bdcfa0e0f443c0c03a68d8555aa529b3144b446c3f2410 + languageName: node + linkType: hard + +"has@npm:^1.0.3": + version: 1.0.3 + resolution: "has@npm:1.0.3" + dependencies: + function-bind: ^1.1.1 + checksum: b9ad53d53be4af90ce5d1c38331e712522417d017d5ef1ebd0507e07c2fbad8686fffb8e12ddecd4c39ca9b9b47431afbb975b8abf7f3c3b82c98e9aad052792 + languageName: node + linkType: hard + +"http-errors@npm:2.0.0": + version: 2.0.0 + resolution: "http-errors@npm:2.0.0" + dependencies: + depd: 2.0.0 inherits: 2.0.4 setprototypeof: 1.2.0 - statuses: ">= 1.5.0 < 2" + statuses: 2.0.1 toidentifier: 1.0.1 - checksum: d3c7e7e776fd51c0a812baff570bdf06fe49a5dc448b700ab6171b1250e4cf7db8b8f4c0b133e4bfe2451022a5790c1ca6c2cae4094dedd6ac8304a1267f91d2 + checksum: 9b0a3782665c52ce9dc658a0d1560bcb0214ba5699e4ea15aefb2a496e2ca83db03ebc42e1cce4ac1f413e4e0d2d736a3fd755772c556a9a06853ba2a0b7d920 languageName: node linkType: hard @@ -584,6 +631,13 @@ __metadata: languageName: node linkType: hard +"mime-db@npm:1.52.0": + version: 1.52.0 + resolution: "mime-db@npm:1.52.0" + checksum: 0d99a03585f8b39d68182803b12ac601d9c01abfa28ec56204fa330bc9f3d1c5e14beb049bafadb3dbdf646dfb94b87e24d4ec7b31b7279ef906a8ea9b6a513f + languageName: node + linkType: hard + "mime-types@npm:~2.1.24": version: 2.1.34 resolution: "mime-types@npm:2.1.34" @@ -593,6 +647,15 @@ __metadata: languageName: node linkType: hard +"mime-types@npm:~2.1.34": + version: 2.1.35 + resolution: "mime-types@npm:2.1.35" + dependencies: + mime-db: 1.52.0 + checksum: 89a5b7f1def9f3af5dad6496c5ed50191ae4331cc5389d7c521c8ad28d5fdad2d06fd81baf38fed813dc4e46bb55c8145bb0ff406330818c9cf712fb2e9b3836 + languageName: node + linkType: hard + "mime@npm:1.6.0": version: 1.6.0 resolution: "mime@npm:1.6.0" @@ -713,10 +776,10 @@ __metadata: languageName: node linkType: hard -"negotiator@npm:0.6.2": - version: 0.6.2 - resolution: "negotiator@npm:0.6.2" - checksum: dfddaff6c06792f1c4c3809e29a427b8daef8cd437c83b08dd51d7ee11bbd1c29d9512d66b801144d6c98e910ffd8723f2432e0cbf8b18d41d2a09599c975ab3 +"negotiator@npm:0.6.3": + version: 0.6.3 + resolution: "negotiator@npm:0.6.3" + checksum: b8ffeb1e262eff7968fc90a2b6767b04cfd9842582a9d0ece0af7049537266e7b2506dfb1d107a32f06dd849ab2aea834d5830f7f4d0e5cb7d36e1ae55d021d9 languageName: node linkType: hard @@ -727,12 +790,19 @@ __metadata: languageName: node linkType: hard -"on-finished@npm:~2.3.0": - version: 2.3.0 - resolution: "on-finished@npm:2.3.0" +"object-inspect@npm:^1.9.0": + version: 1.12.3 + resolution: "object-inspect@npm:1.12.3" + checksum: dabfd824d97a5f407e6d5d24810d888859f6be394d8b733a77442b277e0808860555176719c5905e765e3743a7cada6b8b0a3b85e5331c530fd418cc8ae991db + languageName: node + linkType: hard + +"on-finished@npm:2.4.1": + version: 2.4.1 + resolution: "on-finished@npm:2.4.1" dependencies: ee-first: 1.1.1 - checksum: 1db595bd963b0124d6fa261d18320422407b8f01dc65863840f3ddaaf7bcad5b28ff6847286703ca53f4ec19595bd67a2f1253db79fc4094911ec6aa8df1671b + checksum: d20929a25e7f0bb62f937a425b5edeb4e4cde0540d77ba146ec9357f00b0d497cdb3b9b05b9c8e46222407d1548d08166bff69cc56dfa55ba0e4469228920ff0 languageName: node linkType: hard @@ -776,10 +846,12 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.9.6": - version: 6.9.6 - resolution: "qs@npm:6.9.6" - checksum: cb6df402bb8a3dbefa4bd46eba0dfca427079baca923e6b8d28a03e6bfb16a5c1dcdb96e69388f9c5813ac8ff17bb8bbca22f2ecd31fe1e344a55cb531b5fabf +"qs@npm:6.11.0": + version: 6.11.0 + resolution: "qs@npm:6.11.0" + dependencies: + side-channel: ^1.0.4 + checksum: 6e1f29dd5385f7488ec74ac7b6c92f4d09a90408882d0c208414a34dd33badc1a621019d4c799a3df15ab9b1d0292f97c1dd71dc7c045e69f81a8064e5af7297 languageName: node linkType: hard @@ -790,15 +862,15 @@ __metadata: languageName: node linkType: hard -"raw-body@npm:2.4.2": - version: 2.4.2 - resolution: "raw-body@npm:2.4.2" +"raw-body@npm:2.5.1": + version: 2.5.1 + resolution: "raw-body@npm:2.5.1" dependencies: - bytes: 3.1.1 - http-errors: 1.8.1 + bytes: 3.1.2 + http-errors: 2.0.0 iconv-lite: 0.4.24 unpipe: 1.0.0 - checksum: c6f8d6a75c65c0a047f888cb29efc97f60fb36e950ba2cb31fefce694f98186e844a03367920faa7dc5bffaf33df08aee0b9dd935280e366439fa6492a5b163e + checksum: 5362adff1575d691bb3f75998803a0ffed8c64eabeaa06e54b4ada25a0cd1b2ae7f4f5ec46565d1bec337e08b5ac90c76eaa0758de6f72a633f025d754dec29e languageName: node linkType: hard @@ -868,36 +940,36 @@ __metadata: languageName: node linkType: hard -"send@npm:0.17.2": - version: 0.17.2 - resolution: "send@npm:0.17.2" +"send@npm:0.18.0": + version: 0.18.0 + resolution: "send@npm:0.18.0" dependencies: debug: 2.6.9 - depd: ~1.1.2 - destroy: ~1.0.4 + depd: 2.0.0 + destroy: 1.2.0 encodeurl: ~1.0.2 escape-html: ~1.0.3 etag: ~1.8.1 fresh: 0.5.2 - http-errors: 1.8.1 + http-errors: 2.0.0 mime: 1.6.0 ms: 2.1.3 - on-finished: ~2.3.0 + on-finished: 2.4.1 range-parser: ~1.2.1 - statuses: ~1.5.0 - checksum: c28f36deb4ccba9b8d6e6a1e472b8e7c40a1f51575bdf8f67303568cc9e71131faa3adc36fdb72611616ccad1584358bbe4c3ebf419e663ecc5de868ad3d3f03 + statuses: 2.0.1 + checksum: 74fc07ebb58566b87b078ec63e5a3e41ecd987e4272ba67b7467e86c6ad51bc6b0b0154133b6d8b08a2ddda360464f71382f7ef864700f34844a76c8027817a8 languageName: node linkType: hard -"serve-static@npm:1.14.2": - version: 1.14.2 - resolution: "serve-static@npm:1.14.2" +"serve-static@npm:1.15.0": + version: 1.15.0 + resolution: "serve-static@npm:1.15.0" dependencies: encodeurl: ~1.0.2 escape-html: ~1.0.3 parseurl: ~1.3.3 - send: 0.17.2 - checksum: d97f3183b1dfcd8ce9c0e37e18e87fd31147ed6c8ee0b2c3a089d795e44ee851ca5061db01574f806d54f4e4b70bc694d9ca64578653514e04a28cbc97a1de05 + send: 0.18.0 + checksum: af57fc13be40d90a12562e98c0b7855cf6e8bd4c107fe9a45c212bf023058d54a1871b1c89511c3958f70626fff47faeb795f5d83f8cf88514dbaeb2b724464d languageName: node linkType: hard @@ -908,6 +980,17 @@ __metadata: languageName: node linkType: hard +"side-channel@npm:^1.0.4": + version: 1.0.4 + resolution: "side-channel@npm:1.0.4" + dependencies: + call-bind: ^1.0.0 + get-intrinsic: ^1.0.2 + object-inspect: ^1.9.0 + checksum: 351e41b947079c10bd0858364f32bb3a7379514c399edb64ab3dce683933483fc63fb5e4efe0a15a2e8a7e3c436b6a91736ddb8d8c6591b0460a24bb4a1ee245 + languageName: node + linkType: hard + "sparse-bitfield@npm:^3.0.3": version: 3.0.3 resolution: "sparse-bitfield@npm:3.0.3" @@ -917,10 +1000,10 @@ __metadata: languageName: node linkType: hard -"statuses@npm:>= 1.5.0 < 2, statuses@npm:~1.5.0": - version: 1.5.0 - resolution: "statuses@npm:1.5.0" - checksum: c469b9519de16a4bb19600205cffb39ee471a5f17b82589757ca7bd40a8d92ebb6ed9f98b5a540c5d302ccbc78f15dc03cc0280dd6e00df1335568a5d5758a5c +"statuses@npm:2.0.1": + version: 2.0.1 + resolution: "statuses@npm:2.0.1" + checksum: 18c7623fdb8f646fb213ca4051be4df7efb3484d4ab662937ca6fbef7ced9b9e12842709872eb3020cc3504b93bde88935c9f6417489627a7786f24f8031cbcb languageName: node linkType: hard