From b8fb5a4cf64ebc5c2a259b4340990b4df794a9ed Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 25 Dec 2022 18:45:18 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 --- package-lock.json | 44 ++++++++++++++------------------------------ package.json | 2 +- 2 files changed, 15 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index cdf309ae5..1377ee5b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2630,11 +2630,6 @@ "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==", "dev": true }, - "@snyk/protect": { - "version": "1.666.0", - "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.666.0.tgz", - "integrity": "sha512-iKcDcfxkmfRPfk3WB/m/23Fol25UKlXhmqoA4756oj8bq/yLK0tgY69jpzXJj+QJcbbquP1XT1LOTAZ8AUZ1DQ==" - }, "@szmarczak/http-timer": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz", @@ -4981,29 +4976,22 @@ } }, "convict": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/convict/-/convict-5.2.1.tgz", - "integrity": "sha512-wbBlbBMHQyuRVVrZOfVJ2Dq1z3tTNP7UXC7ox0BUHxSc/AxQ8TuyRaHUYTSSjyPCkxQI64VTtWbA1vKbXrkJIw==", - "requires": { - "json5": "2.1.0", - "lodash.clonedeep": "4.5.0", - "moment": "2.24.0", - "validator": "11.1.0", - "yargs-parser": "13.1.2" + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/convict/-/convict-6.0.0.tgz", + "integrity": "sha512-osfPkv5yjVoZqrTWBXuh/ABGpFoaJplbt0WXr0CodR4CSWt8UnzY4PSUyRz/+5BX5YUtWcToG29Kr0B6xhdIMg==", + "requires": { + "lodash.clonedeep": "^4.5.0", + "yargs-parser": "^18.1.3" }, "dependencies": { - "json5": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.0.tgz", - "integrity": "sha512-8Mh9h6xViijj36g7Dxi+Y4S6hNGV96vcJZr/SrlHh1LR/pEn/8j/+qIBbs44YKl69Lrfctp4QD+AdWLTMqEZAQ==", + "yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", "requires": { - "minimist": "^1.2.0" + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" } - }, - "moment": { - "version": "2.24.0", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz", - "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==" } } }, @@ -11410,7 +11398,7 @@ "lodash.clonedeep": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", - "integrity": "sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8=" + "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==" }, "lodash.flattendeep": { "version": "4.4.0", @@ -19053,11 +19041,6 @@ "spdx-expression-parse": "^3.0.0" } }, - "validator": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/validator/-/validator-11.1.0.tgz", - "integrity": "sha512-qiQ5ktdO7CD6C/5/mYV4jku/7qnqzjrxb3C/Q5wR3vGGinHTgJZN/TdFT3ZX4vXhX2R1PXx42fB1cn5W+uJ4lg==" - }, "vary": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", @@ -20578,6 +20561,7 @@ "version": "13.1.2", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz", "integrity": "sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==", + "dev": true, "requires": { "camelcase": "^5.0.0", "decamelize": "^1.2.0" diff --git a/package.json b/package.json index a96e06878..54fe2ded7 100644 --- a/package.json +++ b/package.json @@ -153,7 +153,7 @@ "cldr-core": "^35.1.0", "configstore": "github:dannycoates/configstore#master", "connect-redis": "^4.0.4", - "convict": "^5.2.1", + "convict": "^6.0.0", "cookie-parser": "^1.4.5", "express": "^4.17.1", "express-session": "^1.17.1",