fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
2025-10-29 07:15:01 -04:00 · 2025-07-18 07:45:37 +00:00 · 2025-07-18 07:45:37 +00:00 · a4bfecfb67
commit a4bfecfb67
parent baddb42664
2 changed files with 17 additions and 84 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -1,20 +1,20 @@
 {
  "name": "meshcentral",
-  "version": "1.1.45",
+  "version": "1.1.47",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "meshcentral",
-      "version": "1.1.45",
+      "version": "1.1.47",
      "license": "Apache-2.0",
      "dependencies": {
        "@seald-io/nedb": "4.0.4",
        "archiver": "7.0.1",
        "body-parser": "1.20.3",
        "cbor": "5.2.0",
-        "compression": "1.7.5",
-        "cookie-session": "2.1.0",
+        "compression": "^1.8.1",
+        "cookie-session": "^2.1.1",
        "express": "4.21.2",
        "express-handlebars": "7.1.3",
        "express-ws": "5.0.2",
@ -22,7 +22,6 @@
        "minimist": "1.2.8",
        "multiparty": "4.2.3",
        "node-forge": "1.3.1",
-        "otplib": "12.0.1",
        "ua-client-hints-js": "0.1.2",
        "ua-parser-js": "1.0.40",
        "ws": "8.18.0",
@ -52,53 +51,6 @@
        "node": ">=12"
      }
    },
-    "node_modules/@otplib/core": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz",
-      "integrity": "sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==",
-      "license": "MIT"
-    },
-    "node_modules/@otplib/plugin-crypto": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz",
-      "integrity": "sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==",
-      "license": "MIT",
-      "dependencies": {
-        "@otplib/core": "^12.0.1"
-      }
-    },
-    "node_modules/@otplib/plugin-thirty-two": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz",
-      "integrity": "sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==",
-      "license": "MIT",
-      "dependencies": {
-        "@otplib/core": "^12.0.1",
-        "thirty-two": "^1.0.2"
-      }
-    },
-    "node_modules/@otplib/preset-default": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz",
-      "integrity": "sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==",
-      "license": "MIT",
-      "dependencies": {
-        "@otplib/core": "^12.0.1",
-        "@otplib/plugin-crypto": "^12.0.1",
-        "@otplib/plugin-thirty-two": "^12.0.1"
-      }
-    },
-    "node_modules/@otplib/preset-v11": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz",
-      "integrity": "sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==",
-      "license": "MIT",
-      "dependencies": {
-        "@otplib/core": "^12.0.1",
-        "@otplib/plugin-crypto": "^12.0.1",
-        "@otplib/plugin-thirty-two": "^12.0.1"
-      }
-    },
    "node_modules/@pkgjs/parseargs": {
      "version": "0.11.0",
      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
@ -476,16 +428,16 @@
      }
    },
    "node_modules/compression": {
-      "version": "1.7.5",
-      "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.5.tgz",
-      "integrity": "sha512-bQJ0YRck5ak3LgtnpKkiabX5pNF7tMUh1BSy2ZBOTh0Dim0BUu6aPPwByIns6/A5Prh8PufSPerMDUklpzes2Q==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/compression/-/compression-1.8.1.tgz",
+      "integrity": "sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==",
      "license": "MIT",
      "dependencies": {
        "bytes": "3.1.2",
        "compressible": "~2.0.18",
        "debug": "2.6.9",
        "negotiator": "~0.6.4",
-        "on-headers": "~1.0.2",
+        "on-headers": "~1.1.0",
        "safe-buffer": "5.2.1",
        "vary": "~1.1.2"
      },
@ -524,14 +476,14 @@
      }
    },
    "node_modules/cookie-session": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/cookie-session/-/cookie-session-2.1.0.tgz",
-      "integrity": "sha512-u73BDmR8QLGcs+Lprs0cfbcAPKl2HnPcjpwRXT41sEV4DRJ2+W0vJEEZkG31ofkx+HZflA70siRIjiTdIodmOQ==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/cookie-session/-/cookie-session-2.1.1.tgz",
+      "integrity": "sha512-ji3kym/XZaFVew1+tIZk5ZLp9Z/fLv9rK1aZmpug0FsgE7Cu3ZDrUdRo7FT9vFjMYfNimrrUHJzywDwT7XEFlg==",
      "license": "MIT",
      "dependencies": {
        "cookies": "0.9.1",
        "debug": "3.2.7",
-        "on-headers": "~1.0.2",
+        "on-headers": "~1.1.0",
        "safe-buffer": "5.2.1"
      },
      "engines": {
@ -1618,25 +1570,14 @@
      }
    },
    "node_modules/on-headers": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
-      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+      "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==",
      "license": "MIT",
      "engines": {
        "node": ">= 0.8"
      }
    },
-    "node_modules/otplib": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz",
-      "integrity": "sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==",
-      "license": "MIT",
-      "dependencies": {
-        "@otplib/core": "^12.0.1",
-        "@otplib/preset-default": "^12.0.1",
-        "@otplib/preset-v11": "^12.0.1"
-      }
-    },
    "node_modules/package-json-from-dist": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
@ -2192,14 +2133,6 @@
        "b4a": "^1.6.4"
      }
    },
-    "node_modules/thirty-two": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
-      "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==",
-      "engines": {
-        "node": ">=0.2.6"
-      }
-    },
    "node_modules/toidentifier": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
--- a/package.json
+++ b/package.json
@ -41,8 +41,8 @@
    "archiver": "7.0.1",
    "body-parser": "1.20.3",
    "cbor": "5.2.0",
-    "compression": "1.7.5",
-    "cookie-session": "2.1.0",
+    "compression": "1.8.1",
+    "cookie-session": "2.1.1",
    "express": "4.21.2",
    "express-handlebars": "7.1.3",
    "express-ws": "5.0.2",