From 4e6dee8dccacfc1241c2baa647f2ba72f825c57c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 18 Apr 2022 16:04:43 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 --- package-lock.json | 72 ++++++++++++++++++++++++++++++++--------------- package.json | 2 +- 2 files changed, 51 insertions(+), 23 deletions(-) diff --git a/package-lock.json b/package-lock.json index 45f4b35..2362f78 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "polyonic", - "version": "3.0.1", + "version": "3.0.6", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -3692,7 +3692,8 @@ "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", - "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==" + "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "dev": true }, "buffer-indexof": { "version": "1.1.1", @@ -7428,9 +7429,9 @@ } }, "fetch-cookie": { - "version": "0.10.1", - "resolved": "https://registry.npmjs.org/fetch-cookie/-/fetch-cookie-0.10.1.tgz", - "integrity": "sha512-beB+VEd4cNeVG1PY+ee74+PkuCQnik78pgLi5Ah/7qdUfov8IctU0vLUbBT8/10Ma5GMBeI4wtxhGrEfKNYs2g==", + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/fetch-cookie/-/fetch-cookie-0.11.0.tgz", + "integrity": "sha512-BQm7iZLFhMWFy5CZ/162sAGjBfdNWb7a8LEqqnzsHFhxT/X/SVj/z2t2nu3aJvjlbQkrAlTUApplPRjWyH4mhA==", "requires": { "tough-cookie": "^2.3.3 || ^3.0.1 || ^4.0.0" } @@ -11011,9 +11012,12 @@ "optional": true }, "node-fetch": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz", - "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==" + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "requires": { + "whatwg-url": "^5.0.0" + } }, "node-forge": { "version": "0.10.0", @@ -13530,16 +13534,16 @@ "dev": true }, "pouchdb": { - "version": "7.2.2", - "resolved": "https://registry.npmjs.org/pouchdb/-/pouchdb-7.2.2.tgz", - "integrity": "sha512-5gf5nw5XH/2H/DJj8b0YkvG9fhA/4Jt6kL0Y8QjtztVjb1y4J19Rg4rG+fUbXu96gsUrlyIvZ3XfM0b4mogGmw==", + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/pouchdb/-/pouchdb-7.3.0.tgz", + "integrity": "sha512-OwsIQGXsfx3TrU1pLruj6PGSwFH+h5k4hGNxFkZ76Um7/ZI8F5TzUHFrpldVVIhfXYi2vP31q0q7ot1FSLFYOw==", "requires": { "abort-controller": "3.0.0", "argsarray": "0.0.1", - "buffer-from": "1.1.1", + "buffer-from": "1.1.2", "clone-buffer": "1.0.0", "double-ended-queue": "2.1.0-0", - "fetch-cookie": "0.10.1", + "fetch-cookie": "0.11.0", "immediate": "3.3.0", "inherits": "2.0.4", "level": "6.0.1", @@ -13548,14 +13552,19 @@ "leveldown": "5.6.0", "levelup": "4.4.0", "ltgt": "2.2.1", - "node-fetch": "2.6.0", + "node-fetch": "2.6.7", "readable-stream": "1.1.14", - "spark-md5": "3.0.1", + "spark-md5": "3.0.2", "through2": "3.0.2", - "uuid": "8.1.0", + "uuid": "8.3.2", "vuvuzela": "1.0.3" }, "dependencies": { + "buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==" + }, "immediate": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.3.0.tgz", @@ -13602,9 +13611,9 @@ } }, "uuid": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.1.0.tgz", - "integrity": "sha512-CI18flHDznR0lq54xBycOVmphdCYnQLKn8abKn7PXUiKUGdEd+/l9LWNJmugXel4hXq7S+RMNl34ecyC9TntWg==" + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" } } }, @@ -15888,9 +15897,9 @@ "dev": true }, "spark-md5": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/spark-md5/-/spark-md5-3.0.1.tgz", - "integrity": "sha512-0tF3AGSD1ppQeuffsLDIOWlKUd3lS92tFxcsrh5Pe3ZphhnoK+oXIBTzOAThZCiuINZLvpiLH/1VS1/ANEJVig==" + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/spark-md5/-/spark-md5-3.0.2.tgz", + "integrity": "sha512-wcFzz9cDfbuqe0FZzfi2or1sgyIrsDwmPwfZC4hiNidPdPINjeUwNfv5kldczoEAcjl9Y1L3SM7Uz2PUEQzxQw==" }, "spdx-correct": { "version": "3.1.1", @@ -17009,6 +17018,11 @@ } } }, + "tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=" + }, "transform-pouch": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/transform-pouch/-/transform-pouch-1.1.5.tgz", @@ -18087,6 +18101,11 @@ "selenium-webdriver": "^3.0.1" } }, + "webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=" + }, "webpack": { "version": "4.44.2", "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.44.2.tgz", @@ -18961,6 +18980,15 @@ "integrity": "sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==", "dev": true }, + "whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", + "requires": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, "which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", diff --git a/package.json b/package.json index 2d3afbf..9deefb9 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "cordova-sqlcipher-adapter": "^0.5.3", "core-js": "3.9.1", "polyonic-secure-pouch": "1.0.7", - "pouchdb": "7.2.2", + "pouchdb": "7.3.0", "pouchdb-adapter-cordova-sqlite": "2.0.8", "run-electron": "1.0.0", "rxjs": "6.6.6",