update express to fix xss

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-10-12 00:12:51 +01:00 · 2024-10-12 00:12:51 +01:00 · 6dbc6d2d07
parent ea8e1b1076
commit 6dbc6d2d07
4 changed files with 13 additions and 13 deletions
--- a/dependencies.txt
+++ b/dependencies.txt
@ -4,7 +4,7 @@
    "cbor": "5.2.0",
    "compression": "1.7.4",
    "cookie-session": "2.0.0",
-    "express": "4.21.0",
+    "express": "4.21.1",
    "express-handlebars": "7.1.3",
    "express-ws": "5.0.2",
    "ipcheck": "0.1.0",
--- a/meshcentral.js
+++ b/meshcentral.js
@ -4207,7 +4207,7 @@ function mainStart() {

        // Build the list of required modules
        // NOTE: ALL MODULES MUST HAVE A VERSION NUMBER AND THE VERSION MUST MATCH THAT USED IN Dockerfile
-        var modules = ['archiver@7.0.1', 'body-parser@1.20.3', 'cbor@5.2.0', 'compression@1.7.4', 'cookie-session@2.0.0', 'express@4.21.0', 'express-handlebars@7.1.3', 'express-ws@5.0.2', 'ipcheck@0.1.0', 'minimist@1.2.8', 'multiparty@4.2.3', '@yetzt/nedb', 'node-forge@1.3.1', 'ua-parser-js@1.0.37', 'ws@8.17.1', 'yauzl@2.10.0'];
+        var modules = ['archiver@7.0.1', 'body-parser@1.20.3', 'cbor@5.2.0', 'compression@1.7.4', 'cookie-session@2.0.0', 'express@4.21.1', 'express-handlebars@7.1.3', 'express-ws@5.0.2', 'ipcheck@0.1.0', 'minimist@1.2.8', 'multiparty@4.2.3', '@yetzt/nedb', 'node-forge@1.3.1', 'ua-parser-js@1.0.37', 'ws@8.17.1', 'yauzl@2.10.0'];
        if (require('os').platform() == 'win32') { modules.push('node-windows@0.1.14'); modules.push('loadavg-windows@1.1.1'); if (sspi == true) { modules.push('node-sspi@0.2.10'); } } // Add Windows modules
        if (ldap == true) { modules.push('ldapauth-fork@5.0.5'); }
        if (ssh == true) { modules.push('ssh2@1.15.0'); }
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "meshcentral",
-  "version": "1.1.31",
+  "version": "1.1.32",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "meshcentral",
-      "version": "1.1.31",
+      "version": "1.1.32",
      "license": "Apache-2.0",
      "dependencies": {
        "@yetzt/nedb": "1.8.0",
@ -15,7 +15,7 @@
        "cbor": "5.2.0",
        "compression": "1.7.4",
        "cookie-session": "2.0.0",
-        "express": "4.21.0",
+        "express": "4.21.1",
        "express-handlebars": "7.1.3",
        "express-ws": "5.0.2",
        "ipcheck": "0.1.0",
@ -413,9 +413,9 @@
      }
    },
    "node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
      "engines": {
        "node": ">= 0.6"
      }
@ -637,16 +637,16 @@
      }
    },
    "node_modules/express": {
-      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
-      "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
+      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
      "dependencies": {
        "accepts": "~1.3.8",
        "array-flatten": "1.1.1",
        "body-parser": "1.20.3",
        "content-disposition": "0.5.4",
        "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.7.1",
        "cookie-signature": "1.0.6",
        "debug": "2.6.9",
        "depd": "2.0.0",
--- a/package.json
+++ b/package.json
@ -43,7 +43,7 @@
    "cbor": "5.2.0",
    "compression": "1.7.4",
    "cookie-session": "2.0.0",
-    "express": "4.21.0",
+    "express": "4.21.1",
    "express-handlebars": "7.1.3",
    "express-ws": "5.0.2",
    "ipcheck": "0.1.0",