From 3076523f82ce130443c5cbf4590424d1f8fae22a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Oct 2024 05:19:23 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 --- package-lock.json | 22 ++++++++++++---------- package.json | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2549d7a2..9f2b770b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "meshcentral", - "version": "1.1.31", + "version": "1.1.32", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "meshcentral", - "version": "1.1.31", + "version": "1.1.32", "license": "Apache-2.0", "dependencies": { "@yetzt/nedb": "1.8.0", @@ -15,7 +15,7 @@ "cbor": "5.2.0", "compression": "1.7.4", "cookie-session": "2.0.0", - "express": "4.21.0", + "express": "^4.21.1", "express-handlebars": "7.1.3", "express-ws": "5.0.2", "ipcheck": "0.1.0", @@ -413,9 +413,10 @@ } }, "node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -637,16 +638,17 @@ } }, "node_modules/express": { - "version": "4.21.0", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz", - "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==", + "version": "4.21.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", + "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.6.0", + "cookie": "0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", diff --git a/package.json b/package.json index 40d28d3d..e885a503 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "cbor": "5.2.0", "compression": "1.7.4", "cookie-session": "2.0.0", - "express": "4.21.0", + "express": "4.21.1", "express-handlebars": "7.1.3", "express-ws": "5.0.2", "ipcheck": "0.1.0",