From 8f5a2e6669393a92aebb8b68178a1c2b0d1d25df Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 23 Jul 2025 09:08:05 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729 --- package-lock.json | 18 ++++++++++-------- package.json | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 35bc816..1f6d8b0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "cors": "^2.8.5", "dotenv": "^16.4.5", "express": "^4.21.1", - "express-session": "^1.18.1", + "express-session": "^1.18.2", "helmet": "^7.2.0", "http-status-codes": "^2.3.0", "jsonwebtoken": "^9.0.2", @@ -3571,15 +3571,16 @@ } }, "node_modules/express-session": { - "version": "1.18.1", - "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.1.tgz", - "integrity": "sha512-a5mtTqEaZvBCL9A9aqkrtfz+3SMDhOVUnjafjo+s7A9Txkq+SVX2DLvSp1Zrv4uCXa3lMSK3viWnh9Gg07PBUA==", + "version": "1.18.2", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz", + "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==", + "license": "MIT", "dependencies": { "cookie": "0.7.2", "cookie-signature": "1.0.7", "debug": "2.6.9", "depd": "~2.0.0", - "on-headers": "~1.0.2", + "on-headers": "~1.1.0", "parseurl": "~1.3.3", "safe-buffer": "5.2.1", "uid-safe": "~2.1.5" @@ -5573,9 +5574,10 @@ } }, "node_modules/on-headers": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", - "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", "engines": { "node": ">= 0.8" } diff --git a/package.json b/package.json index 659625a..ec8e65c 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "cors": "^2.8.5", "dotenv": "^16.4.5", "express": "^4.21.1", - "express-session": "^1.18.1", + "express-session": "^1.18.2", "helmet": "^7.2.0", "http-status-codes": "^2.3.0", "jsonwebtoken": "^9.0.2",