From 77fe422d35319a341954620e629a3c685c6f45da Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 8 Dec 2024 14:17:00 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MONGOOSE-8446504 - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416 --- package-lock.json | 45 +++++++++++++++++++++++++-------------------- package.json | 4 ++-- 2 files changed, 27 insertions(+), 22 deletions(-) diff --git a/package-lock.json b/package-lock.json index c22a22f..5688c0d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "bcrypt": "^5.1.1", "cors": "^2.8.5", "dotenv": "^16.4.5", - "express": "^4.21.0", + "express": "^4.21.2", "express-async-errors": "^3.1.1", "formidable": "^3.5.1", "helmet": "^7.1.0", @@ -21,7 +21,7 @@ "joi": "^17.13.3", "jsonwebtoken": "^9.0.2", "mongodb": "^6.8.1", - "mongoose": "^8.6.1", + "mongoose": "^8.8.3", "node-cron": "^3.0.3", "nodemailer": "^6.9.15", "nodemon": "^3.1.4", @@ -3110,9 +3110,10 @@ "dev": true }, "node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -3967,9 +3968,9 @@ } }, "node_modules/express": { - "version": "4.21.0", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz", - "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", @@ -3977,7 +3978,7 @@ "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.6.0", + "cookie": "0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", @@ -3991,7 +3992,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -4006,6 +4007,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express-async-errors": { @@ -6775,9 +6780,9 @@ } }, "node_modules/mongodb": { - "version": "6.8.1", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.8.1.tgz", - "integrity": "sha512-qsS+gl5EJb+VzJqUjXSZ5Y5rbuM/GZlZUEJ2OIVYP10L9rO9DQ0DGp+ceTzsmoADh6QYMWd9MSdG9IxRyYUkEA==", + "version": "6.10.0", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.10.0.tgz", + "integrity": "sha512-gP9vduuYWb9ZkDM546M+MP2qKVk5ZG2wPF63OvSRuUbqCR+11ZCAE1mOfllhlAG0wcoJY5yDL/rV3OmYEwXIzg==", "license": "Apache-2.0", "dependencies": { "@mongodb-js/saslprep": "^1.1.5", @@ -6830,14 +6835,14 @@ } }, "node_modules/mongoose": { - "version": "8.6.1", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.6.1.tgz", - "integrity": "sha512-dppGcYqvsdg+VcnqXR5b467V4a+iNhmvkfYNpEPi6AjaUxnz6ioEDmrMLOi+sOWjvoHapuwPOigV4f2l7HC6ag==", + "version": "8.8.3", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.8.3.tgz", + "integrity": "sha512-/I4n/DcXqXyIiLRfAmUIiTjj3vXfeISke8dt4U4Y8Wfm074Wa6sXnQrXN49NFOFf2mM1kUdOXryoBvkuCnr+Qw==", "license": "MIT", "dependencies": { "bson": "^6.7.0", "kareem": "2.6.3", - "mongodb": "6.8.0", + "mongodb": "~6.10.0", "mpath": "0.9.0", "mquery": "5.0.0", "ms": "2.1.3", @@ -7444,9 +7449,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", "license": "MIT" }, "node_modules/pend": { diff --git a/package.json b/package.json index 2a6fcdf..91fd5d3 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "bcrypt": "^5.1.1", "cors": "^2.8.5", "dotenv": "^16.4.5", - "express": "^4.21.0", + "express": "^4.21.2", "express-async-errors": "^3.1.1", "formidable": "^3.5.1", "helmet": "^7.1.0", @@ -29,7 +29,7 @@ "joi": "^17.13.3", "jsonwebtoken": "^9.0.2", "mongodb": "^6.8.1", - "mongoose": "^8.6.1", + "mongoose": "^8.8.3", "node-cron": "^3.0.3", "nodemailer": "^6.9.15", "nodemon": "^3.1.4",