From 9645a379375ac3f33f33ff34166e6461465aad78 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 30 Oct 2024 04:29:06 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 --- package-lock.json | 54 +++++++++++++++++++++++++++++++++-------------- package.json | 2 +- 2 files changed, 39 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8a6ad19..da5dff8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1305,9 +1305,9 @@ "dev": true }, "cookie": { - "version": "0.4.2", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz", - "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==" + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.1.tgz", + "integrity": "sha512-Xd8lFX4LM9QEEwxQpF9J9NTUh8pmdJO0cyRJhFiDoLTk2eH8FXlRv2IFGYVadZpqI3j8fhNrSdKCeYPxiAhLXw==" }, "core-util-is": { "version": "1.0.2", @@ -1957,27 +1957,49 @@ } }, "hapi-auth-jwt2": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/hapi-auth-jwt2/-/hapi-auth-jwt2-9.0.0.tgz", - "integrity": "sha512-6mlLqyl/7lTktEo++X4edDibJ0O3JvYEXPQST4xtXrDyDC2egfBfg3VBqVdEBZLZLOUK+GyjXsQJ4d/RmMXuvw==", + "version": "10.7.0", + "resolved": "https://registry.npmjs.org/hapi-auth-jwt2/-/hapi-auth-jwt2-10.7.0.tgz", + "integrity": "sha512-jYSsgm191IpRfBPw9MvwJ2sbw/rKeo6V1w2shM+DLytHAt/EvGLwhqFkA3v3Db7sMpsBHRfSuiF4eJWMZcG0Jw==", "requires": { - "@hapi/boom": "^9.0.0", - "cookie": "^0.4.0", - "jsonwebtoken": "^8.5.1" + "@hapi/boom": "^10.0.0", + "cookie": "^1.0.1", + "jsonwebtoken": "^9.0.0" }, "dependencies": { "@hapi/boom": { - "version": "9.1.4", - "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-9.1.4.tgz", - "integrity": "sha512-Ls1oH8jaN1vNsqcaHVYJrKmgMcKsC1wcp8bujvXrHaAqD2iDYq3HoOwsxwo09Cuda5R5nC0o0IxlrlTuvPuzSw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-10.0.1.tgz", + "integrity": "sha512-ERcCZaEjdH3OgSJlyjVk8pHIFeus91CjKP3v+MpgBNp5IvGzP2l/bRiD78nqYcKPaZdbKkK5vDBVPd2ohHBlsA==", "requires": { - "@hapi/hoek": "9.x.x" + "@hapi/hoek": "^11.0.2" } }, "@hapi/hoek": { - "version": "9.3.0", - "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", - "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==" + "version": "11.0.6", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-11.0.6.tgz", + "integrity": "sha512-mu8He+jghTDJ+la/uGBT4b1rqQdqFADZiXhzd98b3XW5nb/c+5woXx3FiNco2nm4wPJFHQVRGxYeWeSDPIYpYw==" + }, + "jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "requires": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + } + }, + "semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==" } } }, diff --git a/package.json b/package.json index 9ba90f0..1fb3787 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "awilix": "^6.1.0", "bcrypt": "^5.0.1", "dotenv": "^8.1.0", - "hapi-auth-jwt2": "^9.0.0", + "hapi-auth-jwt2": "^10.7.0", "hapi-swagger": "^14.5.4", "jsonwebtoken": "^8.5.1", "moment": "^2.24.0",