From 0e53cae8908beb7d251b29aaa52f8b7ccbc1511e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 17 Sep 2025 09:35:50 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-IP-12704893
- https://snyk.io/vuln/SNYK-JS-IP-12761655
---
 package-lock.json | 23 ++++++++++-------------
 package.json      |  2 +-
 2 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 23a00f8..4c46cbc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "honeycomb-server",
-  "version": "4.0.13",
+  "version": "4.0.14",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "honeycomb-server",
-      "version": "4.0.13",
+      "version": "4.0.14",
       "license": "MIT",
       "dependencies": {
         "@sindresorhus/df": "2.1.0",
@@ -30,7 +30,7 @@
         "randomatic": "3.1.0",
         "stream-throttle": "^0.1.3",
         "tar-fs": "3.0.4",
-        "urllib": "2.41.0",
+        "urllib": "^2.42.0",
         "uuid": "8.3.2",
         "xfs": "0.2.6",
         "yamljs": "0.3.0",
@@ -5540,20 +5540,19 @@
       }
     },
     "node_modules/urllib": {
-      "version": "2.41.0",
-      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.41.0.tgz",
-      "integrity": "sha512-pNXdxEv52L67jahLT+/7QE+Fup1y2Gc6EdmrAhQ6OpQIC2rl14oWwv9hvk1GXOZqEnJNwRXHABuwgPOs1CtL7g==",
+      "version": "2.42.0",
+      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.42.0.tgz",
+      "integrity": "sha512-cuXJStXonP776Mm5Z0R0TcYbLvSo+5J+CPuFzN/Hwc1Hfd3AEvbowLKXNt3NG91FONfFLgNenBhMx/mHORbc4w==",
+      "license": "MIT",
       "dependencies": {
         "any-promise": "^1.3.0",
         "content-type": "^1.0.2",
-        "debug": "^2.6.9",
         "default-user-agent": "^1.0.0",
         "digest-header": "^1.0.0",
         "ee-first": "~1.1.1",
         "formstream": "^1.1.0",
         "humanize-ms": "^1.2.0",
         "iconv-lite": "^0.4.15",
-        "ip": "^1.1.5",
         "pump": "^3.0.0",
         "qs": "^6.4.0",
         "statuses": "^1.3.1",
@@ -10267,20 +10266,18 @@
       }
     },
     "urllib": {
-      "version": "2.41.0",
-      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.41.0.tgz",
-      "integrity": "sha512-pNXdxEv52L67jahLT+/7QE+Fup1y2Gc6EdmrAhQ6OpQIC2rl14oWwv9hvk1GXOZqEnJNwRXHABuwgPOs1CtL7g==",
+      "version": "2.42.0",
+      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.42.0.tgz",
+      "integrity": "sha512-cuXJStXonP776Mm5Z0R0TcYbLvSo+5J+CPuFzN/Hwc1Hfd3AEvbowLKXNt3NG91FONfFLgNenBhMx/mHORbc4w==",
       "requires": {
         "any-promise": "^1.3.0",
         "content-type": "^1.0.2",
-        "debug": "^2.6.9",
         "default-user-agent": "^1.0.0",
         "digest-header": "^1.0.0",
         "ee-first": "~1.1.1",
         "formstream": "^1.1.0",
         "humanize-ms": "^1.2.0",
         "iconv-lite": "^0.4.15",
-        "ip": "^1.1.5",
         "pump": "^3.0.0",
         "qs": "^6.4.0",
         "statuses": "^1.3.1",
diff --git a/package.json b/package.json
index b896da3..8d591ca 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "randomatic": "3.1.0",
     "stream-throttle": "^0.1.3",
     "tar-fs": "3.0.4",
-    "urllib": "2.41.0",
+    "urllib": "2.42.0",
     "uuid": "8.3.2",
     "xfs": "0.2.6",
     "yamljs": "0.3.0",