fix(vulnerability): patch a potential vulnerability updating forest-express to version 7.4.1 (#397)

amessinger · web-flow · commit f57005046eb5 · 2020-08-04T11:12:49.000+02:00
diff --git a/package.json b/package.json
@@ -26,7 +26,7 @@
   "dependencies": {
     "@babel/runtime": "7.10.1",
     "bluebird": "2.9.25",
-    "forest-express": "7.3.1",
+    "forest-express": "7.4.1",
     "http-errors": "1.7.2",
     "lodash": "4.17.19",
     "moment": "2.24.0",
diff --git a/yarn.lock b/yarn.lock
@@ -4155,10 +4155,10 @@ expect@^26.0.1:
     jest-message-util "^26.0.1"
     jest-regex-util "^26.0.0"
 
-express-jwt@5.3.3:
-  version "5.3.3"
-  resolved "https://registry.yarnpkg.com/express-jwt/-/express-jwt-5.3.3.tgz#e557b4a63dd34c5ddd6ad81452738386314cc243"
-  integrity sha512-UdB8p5O8vGYTKm3SfREnLgVGIGEHcL3lrVyi3ebEX2qhMuagN623ju7ywWis+qYL+CXE7G1qPc2bCPBAg2MxZQ==
+express-jwt@6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/express-jwt/-/express-jwt-6.0.0.tgz#20886c730983ffb1c706a4383235df86eff349b8"
+  integrity sha512-C26y9myRjx7CyhZ+BAT3p+gQyRCoDZ7qo8plCvLDaRT6je6ALIAQknT6XLVQGFKwIy/Ux7lvM2MNap5dt0T7gA==
   dependencies:
     async "^1.5.0"
     express-unless "^0.3.0"
@@ -4453,10 +4453,10 @@ for-in@^1.0.2:
   resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
   integrity sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=
 
-forest-express@7.3.1:
-  version "7.3.1"
-  resolved "https://registry.yarnpkg.com/forest-express/-/forest-express-7.3.1.tgz#f1e992b2b654cf2684f999cd09923aefcf3d71ad"
-  integrity sha512-AKmpf7FI15Y49T8ikI8EA26RaK4QIlX6dwN46PK6ynEesGoZRXAoIeV3ECp4kdhaDhXnhlVznqy2h4ge/5S93g==
+forest-express@7.4.1:
+  version "7.4.1"
+  resolved "https://registry.yarnpkg.com/forest-express/-/forest-express-7.4.1.tgz#63ecb078ee3649d712670d8bacdb477b1afeac33"
+  integrity sha512-WdXrkG1xfqq3yrBGzyT4pFgV31QJ2Owb/8CHnPoo+tR6Iv/cIdpUA4RWhYb+tZYfWqfK6w15VA4MyQlCH7s4GA==
   dependencies:
     "@babel/runtime" "7.10.1"
     base32-encode "1.1.1"
@@ -4467,13 +4467,13 @@ forest-express@7.3.1:
     cors "2.8.5"
     csv-stringify "1.0.4"
     express "4.17.1"
-    express-jwt "5.3.3"
+    express-jwt "6.0.0"
     forest-ip-utils "1.0.1"
     http-errors "1.7.3"
     inflected "2.0.4"
     jsonapi-serializer "3.6.5"
     jsonwebtoken "8.5.1"
-    lodash "4.17.15"
+    lodash "4.17.19"
     moment "2.24.0"
     moment-timezone "0.5.26"
     otplib "11.0.1"
