From 2649dc31d67f57ca775d67d34be8f589295ebd58 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Aug 2025 10:39:10 +0000 Subject: [PATCH] fix: user-service/package.json & user-service/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- user-service/package-lock.json | 83 +++++++++++++++++++++++----------- user-service/package.json | 2 +- 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/user-service/package-lock.json b/user-service/package-lock.json index 59d0bebb..900a1e90 100644 --- a/user-service/package-lock.json +++ b/user-service/package-lock.json @@ -4,14 +4,6 @@ "lockfileVersion": 1, "requires": true, "dependencies": { - "2checkout-node": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/2checkout-node/-/2checkout-node-0.0.1.tgz", - "integrity": "sha1-7a5MHUAIh6Y+hUXjf7mrBVeaaIU=", - "requires": { - "request": "2.x.x" - } - }, "@babel/code-frame": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.0.0.tgz", @@ -60,6 +52,14 @@ "@types/node": "*" } }, + "2checkout-node": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/2checkout-node/-/2checkout-node-0.0.1.tgz", + "integrity": "sha1-7a5MHUAIh6Y+hUXjf7mrBVeaaIU=", + "requires": { + "request": "2.x.x" + } + }, "abab": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/abab/-/abab-1.0.4.tgz", @@ -2403,11 +2403,27 @@ } }, "express-xml-bodyparser": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/express-xml-bodyparser/-/express-xml-bodyparser-0.3.0.tgz", - "integrity": "sha1-sfWpit9sbkEsTMumNCNLgpRcYr4=", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/express-xml-bodyparser/-/express-xml-bodyparser-0.4.1.tgz", + "integrity": "sha512-PlojEEQXdwc68ofPiAanknPf4QBTrFWXPZ+5jDhfrXP/CdLaqEQxQuuzrCqnvy1kETciTxz6OFnDZW/rIxtmlQ==", "requires": { - "xml2js": "^0.4.11" + "xml2js": "^0.6.2" + }, + "dependencies": { + "xml2js": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "integrity": "sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA==", + "requires": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + } + }, + "xmlbuilder": { + "version": "11.0.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==" + } } }, "express-xml-parser": { @@ -2656,6 +2672,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.0.1.tgz", "integrity": "sha1-i1vL2ewyfFBBv5qwI/1nUPEXfmU=", + "devOptional": true, "requires": { "pend": "~1.2.0" } @@ -3077,7 +3094,8 @@ "graceful-fs": { "version": "4.1.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz", - "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=" + "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=", + "devOptional": true }, "gridfs-stream": { "version": "1.1.1", @@ -3421,6 +3439,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/hasha/-/hasha-2.2.0.tgz", "integrity": "sha1-eNfL/B5tZjA/55g3NlmEUXsvbuE=", + "devOptional": true, "requires": { "is-stream": "^1.0.1", "pinkie-promise": "^2.0.0" @@ -4377,13 +4396,14 @@ "resolved": "https://registry.npmjs.org/json2xlsx/-/json2xlsx-0.1.6.tgz", "integrity": "sha1-yC3cSNN9xVUVRTHGumwiLvSpLYU=", "requires": { - "xlsx": "^0.11.10" + "xlsx": "" } }, "jsonfile": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", + "devOptional": true, "requires": { "graceful-fs": "^4.1.6" } @@ -4442,6 +4462,7 @@ "version": "1.3.1", "resolved": "https://registry.npmjs.org/klaw/-/klaw-1.3.1.tgz", "integrity": "sha1-QIhDO0azsbolnXh4XY6W9zugJDk=", + "devOptional": true, "requires": { "graceful-fs": "^4.1.9" } @@ -5069,7 +5090,8 @@ "minimist": { "version": "0.0.8", "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", - "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=" + "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=", + "devOptional": true }, "mixin-deep": { "version": "1.3.1", @@ -5195,6 +5217,7 @@ "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz", "integrity": "sha1-emNune1O/O+xnO9JR6PGffrukRs=", "dev": true, + "optional": true, "requires": { "hoek": "0.9.x" } @@ -5261,7 +5284,8 @@ "version": "0.9.1", "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz", "integrity": "sha1-PTIkYrrfB3Fup+uFuviAec3c5QU=", - "dev": true + "dev": true, + "optional": true }, "http-signature": { "version": "0.10.1", @@ -6537,7 +6561,8 @@ "pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=" + "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", + "devOptional": true }, "performance-now": { "version": "2.1.0", @@ -6886,7 +6911,8 @@ "progress": { "version": "1.1.8", "resolved": "https://registry.npmjs.org/progress/-/progress-1.1.8.tgz", - "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74=" + "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74=", + "devOptional": true }, "promisify-call": { "version": "2.0.4", @@ -7689,7 +7715,8 @@ "source-map": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", - "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=" + "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "devOptional": true }, "source-map-resolve": { "version": "0.5.2", @@ -7831,6 +7858,11 @@ "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz", "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=" }, + "string_decoder": { + "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=" + }, "string-width": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", @@ -7858,11 +7890,6 @@ } } }, - "string_decoder": { - "version": "0.10.31", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", - "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=" - }, "stringstream": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz", @@ -8315,7 +8342,8 @@ "typedarray": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", - "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=" + "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=", + "devOptional": true }, "uglify-js": { "version": "3.4.8", @@ -8859,8 +8887,8 @@ } }, "xmlBodyParser": { - "version": "git://github.com/ferlores/express-xmlBodyParser.git#a257c1587707bddb04f0c52848833b801b6414e0", - "from": "git://github.com/ferlores/express-xmlBodyParser.git", + "version": "git+ssh://git@github.com/ferlores/express-xmlBodyParser.git#a257c1587707bddb04f0c52848833b801b6414e0", + "from": "xmlBodyParser@git://github.com/ferlores/express-xmlBodyParser.git", "requires": { "xml2js": ">= 0.2.0" } @@ -8917,6 +8945,7 @@ "version": "2.4.1", "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.4.1.tgz", "integrity": "sha1-lSj0QtqxsihOWLQ3m7GU4i4MQAU=", + "devOptional": true, "requires": { "fd-slicer": "~1.0.1" } diff --git a/user-service/package.json b/user-service/package.json index 96ccb867..57120d71 100644 --- a/user-service/package.json +++ b/user-service/package.json @@ -34,7 +34,7 @@ "express": "^4.13.3", "express-session": "^1.11.3", "express-winston": "^3.0.0", - "express-xml-bodyparser": "^0.3.0", + "express-xml-bodyparser": "^0.4.1", "express-xml-parser": "^1.0.0", "gridfs-stream": "^1.1.1", "html-pdf": "^2.2.0",