From 33967d9af9e0f208fcfa5e9c7e098ff6f5697328 Mon Sep 17 00:00:00 2001 From: Robert Hebel Date: Wed, 10 Sep 2025 11:31:48 +0200 Subject: [PATCH 1/2] chore(dev-deps): update vulnerable dependencies --- package-lock.json | 89 ++++++++++++++----- package.json | 2 +- .../support/helpers/oauth2-server/index.js | 4 +- 3 files changed, 71 insertions(+), 24 deletions(-) diff --git a/package-lock.json b/package-lock.json index 46625ceb234..72eab563119 100644 --- a/package-lock.json +++ b/package-lock.json @@ -58,6 +58,7 @@ "@commitlint/cli": "^19.8.0", "@commitlint/config-conventional": "^19.8.0", "@jest/globals": "=29.7.0", + "@node-oauth/oauth2-server": "5.2.1", "@pmmmwh/react-refresh-webpack-plugin": "^0.6.0", "@release-it/conventional-changelog": "=10.0.1", "@svgr/webpack": "=8.1.0", @@ -105,7 +106,6 @@ "mini-css-extract-plugin": "^2.9.2", "npm-audit-ci-wrapper": "^3.0.2", "npm-run-all": "^4.1.5", - "oauth2-server": "^2.4.1", "open": "^10.1.0", "open-cli": "=8.0.0", "postcss": "^8.5.3", @@ -5121,6 +5121,66 @@ "eslint-scope": "5.1.1" } }, + "node_modules/@node-oauth/formats": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@node-oauth/formats/-/formats-1.0.0.tgz", + "integrity": "sha512-DwSbLtdC8zC5B5gTJkFzJj5s9vr9SGzOgQvV9nH7tUVuMSScg0EswAczhjIapOmH3Y8AyP7C4Jv7b8+QJObWZA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@node-oauth/oauth2-server": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/@node-oauth/oauth2-server/-/oauth2-server-5.2.1.tgz", + "integrity": "sha512-lTyLc7iSnSvoWu3Wzh5GkkAoqvmqZJLE1GC9o7hMiVBxvz5UCjTbbJ0OyeuNfOtQMVDoq9AEbIo6aHDrca0iRA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@node-oauth/formats": "1.0.0", + "basic-auth": "2.0.1", + "type-is": "2.0.1" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@node-oauth/oauth2-server/node_modules/media-typer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/@node-oauth/oauth2-server/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "dev": true, + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/@node-oauth/oauth2-server/node_modules/type-is": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", + "dev": true, + "license": "MIT", + "dependencies": { + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "dev": true, @@ -17317,9 +17377,9 @@ "license": "MIT" }, "node_modules/koa": { - "version": "2.16.1", - "resolved": "https://registry.npmjs.org/koa/-/koa-2.16.1.tgz", - "integrity": "sha512-umfX9d3iuSxTQP4pnzLOz0HKnPg0FaUUIKcye2lOiz3KPu1Y3M3xlz76dISdFPQs37P9eJz1wUpcTS6KDPn9fA==", + "version": "2.16.2", + "resolved": "https://registry.npmjs.org/koa/-/koa-2.16.2.tgz", + "integrity": "sha512-+CCssgnrWKx9aI3OeZwroa/ckG4JICxvIFnSiOUyl2Uv+UTI+xIw0FfFrWS7cQFpoePpr9o8csss7KzsTzNL8Q==", "dev": true, "license": "MIT", "dependencies": { @@ -19904,21 +19964,6 @@ "dev": true, "license": "MIT" }, - "node_modules/oauth2-server": { - "version": "2.4.1", - "dev": true, - "dependencies": { - "basic-auth": "~0.0.1" - }, - "engines": { - "node": ">=0.8" - } - }, - "node_modules/oauth2-server/node_modules/basic-auth": { - "version": "0.0.1", - "dev": true, - "license": "MIT" - }, "node_modules/object-assign": { "version": "4.1.1", "license": "MIT", @@ -22918,14 +22963,16 @@ } }, "node_modules/react-syntax-highlighter": { - "version": "15.6.1", + "version": "15.6.6", + "resolved": "https://registry.npmjs.org/react-syntax-highlighter/-/react-syntax-highlighter-15.6.6.tgz", + "integrity": "sha512-DgXrc+AZF47+HvAPEmn7Ua/1p10jNoVZVI/LoPiYdtY+OM+/nG5yefLHKJwdKqY1adMuHFbeyBaG9j64ML7vTw==", "license": "MIT", "dependencies": { "@babel/runtime": "^7.3.1", "highlight.js": "^10.4.1", "highlightjs-vue": "^1.0.0", "lowlight": "^1.17.0", - "prismjs": "^1.27.0", + "prismjs": "^1.30.0", "refractor": "^3.6.0" }, "peerDependencies": { diff --git a/package.json b/package.json index 10cc452bb93..2d0cd72ae1c 100644 --- a/package.json +++ b/package.json @@ -122,6 +122,7 @@ "@commitlint/cli": "^19.8.0", "@commitlint/config-conventional": "^19.8.0", "@jest/globals": "=29.7.0", + "@node-oauth/oauth2-server": "5.2.1", "@pmmmwh/react-refresh-webpack-plugin": "^0.6.0", "@release-it/conventional-changelog": "=10.0.1", "@svgr/webpack": "=8.1.0", @@ -169,7 +170,6 @@ "mini-css-extract-plugin": "^2.9.2", "npm-audit-ci-wrapper": "^3.0.2", "npm-run-all": "^4.1.5", - "oauth2-server": "^2.4.1", "open": "^10.1.0", "open-cli": "=8.0.0", "postcss": "^8.5.3", diff --git a/test/e2e-cypress/support/helpers/oauth2-server/index.js b/test/e2e-cypress/support/helpers/oauth2-server/index.js index 3e5534c939b..ef803b80d9a 100644 --- a/test/e2e-cypress/support/helpers/oauth2-server/index.js +++ b/test/e2e-cypress/support/helpers/oauth2-server/index.js @@ -4,7 +4,7 @@ let Http = require("http") let path = require("path") let express = require("express") let bodyParser = require("body-parser") -let oauthserver = require("oauth2-server") +let oauthserver = require("@node-oauth/oauth2-server") let cors = require("cors") let app = express() @@ -47,4 +47,4 @@ module.exports = startServer if (require.main === module) { // for debugging startServer() -} \ No newline at end of file +} From c274a82a2a8bbe1e16a061b4c5f875de0c3e80f4 Mon Sep 17 00:00:00 2001 From: Robert Hebel Date: Wed, 10 Sep 2025 11:43:29 +0200 Subject: [PATCH 2/2] chore(dev-deps): update vulnerable dependencies --- package-lock.json | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 72eab563119..65f8fb1f011 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23254,24 +23254,19 @@ }, "node_modules/refractor": { "version": "3.6.0", + "resolved": "https://registry.npmjs.org/refractor/-/refractor-3.6.0.tgz", + "integrity": "sha512-MY9W41IOWxxk31o+YvFCNyNzdkc9M20NoZK5vq6jkv4I/uh2zkWcfudj0Q1fovjUQJrNewS9NMzeTtqPf+n5EA==", "license": "MIT", "dependencies": { "hastscript": "^6.0.0", "parse-entities": "^2.0.0", - "prismjs": "~1.27.0" + "prismjs": "^1.27.0" }, "funding": { "type": "github", "url": "https://github.com/sponsors/wooorm" } }, - "node_modules/refractor/node_modules/prismjs": { - "version": "1.27.0", - "license": "MIT", - "engines": { - "node": ">=6" - } - }, "node_modules/regenerate": { "version": "1.4.2", "dev": true,