From 5b52e1ccb15dcdeadab17fa5968568a5880b627a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 28 May 2021 21:49:05 +0000 Subject: [PATCH 01/14] fix: upgrade @sentry/node from 5.7.1 to 5.30.0 Snyk has created this PR to upgrade @sentry/node from 5.7.1 to 5.30.0. See this package in npm: https://www.npmjs.com/package/@sentry/node See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 119 ++++++++++++++++++++++++++++------------------ package.json | 2 +- 2 files changed, 75 insertions(+), 46 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..522bcf1e7ab4c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2211,67 +2211,81 @@ } }, "@sentry/core": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-5.7.1.tgz", - "integrity": "sha512-AOn3k3uVWh2VyajcHbV9Ta4ieDIeLckfo7UMLM+CTk2kt7C89SayDGayJMSsIrsZlL4qxBoLB9QY4W2FgAGJrg==", - "requires": { - "@sentry/hub": "5.7.1", - "@sentry/minimal": "5.7.1", - "@sentry/types": "5.7.1", - "@sentry/utils": "5.7.1", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-5.30.0.tgz", + "integrity": "sha512-TmfrII8w1PQZSZgPpUESqjB+jC6MvZJZdLtE/0hZ+SrnKhW3x5WlYLvTXZpcWePYBku7rl2wn1RZu6uT0qCTeg==", + "requires": { + "@sentry/hub": "5.30.0", + "@sentry/minimal": "5.30.0", + "@sentry/types": "5.30.0", + "@sentry/utils": "5.30.0", "tslib": "^1.9.3" } }, "@sentry/hub": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-5.7.1.tgz", - "integrity": "sha512-evGh323WR073WSBCg/RkhlUmCQyzU0xzBzCZPscvcoy5hd4SsLE6t9Zin+WACHB9JFsRQIDwNDn+D+pj3yKsig==", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/hub/-/hub-5.30.0.tgz", + "integrity": "sha512-2tYrGnzb1gKz2EkMDQcfLrDTvmGcQPuWxLnJKXJvYTQDGLlEvi2tWz1VIHjunmOvJrB5aIQLhm+dcMRwFZDCqQ==", "requires": { - "@sentry/types": "5.7.1", - "@sentry/utils": "5.7.1", + "@sentry/types": "5.30.0", + "@sentry/utils": "5.30.0", "tslib": "^1.9.3" } }, "@sentry/minimal": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-5.7.1.tgz", - "integrity": "sha512-nS/Dg+jWAZtcxQW8wKbkkw4dYvF6uyY/vDiz/jFCaux0LX0uhgXAC9gMOJmgJ/tYBLJ64l0ca5LzpZa7BMJQ0g==", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/minimal/-/minimal-5.30.0.tgz", + "integrity": "sha512-BwWb/owZKtkDX+Sc4zCSTNcvZUq7YcH3uAVlmh/gtR9rmUvbzAA3ewLuB3myi4wWRAMEtny6+J/FN/x+2wn9Xw==", "requires": { - "@sentry/hub": "5.7.1", - "@sentry/types": "5.7.1", + "@sentry/hub": "5.30.0", + "@sentry/types": "5.30.0", "tslib": "^1.9.3" } }, "@sentry/node": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/node/-/node-5.7.1.tgz", - "integrity": "sha512-hVM10asFStrOhYZzMqFM7V1lrHkr1ydc2n/SFG0ZmIQxfTjCVElyXV/BJASIdqadM1fFIvvtD/EfgkTcZmub1g==", - "requires": { - "@sentry/core": "5.7.1", - "@sentry/hub": "5.7.1", - "@sentry/types": "5.7.1", - "@sentry/utils": "5.7.1", - "cookie": "^0.3.1", - "https-proxy-agent": "^3.0.0", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/node/-/node-5.30.0.tgz", + "integrity": "sha512-Br5oyVBF0fZo6ZS9bxbJZG4ApAjRqAnqFFurMVJJdunNb80brh7a5Qva2kjhm+U6r9NJAB5OmDyPkA1Qnt+QVg==", + "requires": { + "@sentry/core": "5.30.0", + "@sentry/hub": "5.30.0", + "@sentry/tracing": "5.30.0", + "@sentry/types": "5.30.0", + "@sentry/utils": "5.30.0", + "cookie": "^0.4.1", + "https-proxy-agent": "^5.0.0", "lru_map": "^0.3.3", "tslib": "^1.9.3" }, "dependencies": { + "agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "requires": { + "debug": "4" + } + }, + "cookie": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" + }, "debug": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", - "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", + "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "https-proxy-agent": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-3.0.0.tgz", - "integrity": "sha512-y4jAxNEihqvBI5F3SaO2rtsjIOnnNA8sEbuiP+UhJZJHeM2NRm6c09ax2tgqme+SgUUvjao2fJXF4h3D6Cb2HQ==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz", + "integrity": "sha512-EkYm5BcKUGiduxzSt3Eppko+PiNWNEpa4ySk9vTC6wDsQJW9rHSa+UhGNJoRYp7bz6Ht1eaRIa6QaJqO5rCFbA==", "requires": { - "agent-base": "^4.3.0", - "debug": "^3.1.0" + "agent-base": "6", + "debug": "4" } }, "ms": { @@ -2281,17 +2295,29 @@ } } }, + "@sentry/tracing": { + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-5.30.0.tgz", + "integrity": "sha512-dUFowCr0AIMwiLD7Fs314Mdzcug+gBVo/+NCMyDw8tFxJkwWAKl7Qa2OZxLQ0ZHjakcj1hNKfCQJ9rhyfOl4Aw==", + "requires": { + "@sentry/hub": "5.30.0", + "@sentry/minimal": "5.30.0", + "@sentry/types": "5.30.0", + "@sentry/utils": "5.30.0", + "tslib": "^1.9.3" + } + }, "@sentry/types": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-5.7.1.tgz", - "integrity": "sha512-tbUnTYlSliXvnou5D4C8Zr+7/wJrHLbpYX1YkLXuIJRU0NSi81bHMroAuHWILcQKWhVjaV/HZzr7Y/hhWtbXVQ==" + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-5.30.0.tgz", + "integrity": "sha512-R8xOqlSTZ+htqrfteCWU5Nk0CDN5ApUTvrlvBuiH1DyP6czDZ4ktbZB0hAgBlVcK0U+qpD3ag3Tqqpa5Q67rPw==" }, "@sentry/utils": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-5.7.1.tgz", - "integrity": "sha512-nhirUKj/qFLsR1i9kJ5BRvNyzdx/E2vorIsukuDrbo8e3iZ11JMgCOVrmC8Eq9YkHBqgwX4UnrPumjFyvGMZ2Q==", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-5.30.0.tgz", + "integrity": "sha512-zaYmoH0NWWtvnJjC9/CBseXMtKHm/tm40sz3YfJRxeQjyzRqNQPgivpd9R/oDJCYj999mzdW382p/qi2ypjLww==", "requires": { - "@sentry/types": "5.7.1", + "@sentry/types": "5.30.0", "tslib": "^1.9.3" } }, @@ -2981,6 +3007,7 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.3.0.tgz", "integrity": "sha512-salcGninV0nPrwpGNn4VTXBb1SOuXQBiqbrNXoeizJsHrsL6ERFM2Ne3JUSBWRE6aeNJI2ROP/WEEIDUiDe3cg==", + "dev": true, "requires": { "es6-promisify": "^5.0.0" } @@ -8848,6 +8875,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=", + "dev": true, "requires": { "es6-promise": "^4.0.3" }, @@ -8855,7 +8883,8 @@ "es6-promise": { "version": "4.2.8", "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" + "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==", + "dev": true } } }, diff --git a/package.json b/package.json index 52496071653e1..aa4a497920a83 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ }, "dependencies": { "@hapi/joi": "^16.1.7", - "@sentry/node": "^5.7.1", + "@sentry/node": "^5.30.0", "bytes": "^3.1.0", "camelcase": "^5.3.1", "camp": "~17.2.4", From eba27bf7215b71132b314fa7bcd231dff40e4a04 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 28 May 2021 21:49:09 +0000 Subject: [PATCH 02/14] fix: upgrade ioredis from 4.14.1 to 4.27.2 Snyk has created this PR to upgrade ioredis from 4.14.1 to 4.27.2. See this package in npm: https://www.npmjs.com/package/ioredis See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 44 +++++++++++++++++++++++++------------------- package.json | 2 +- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..173822c32b2d2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7743,9 +7743,9 @@ "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" }, "denque": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz", - "integrity": "sha512-OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ==" + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/denque/-/denque-1.5.0.tgz", + "integrity": "sha512-CYiCSgIF1p6EUByQPlGkKnP1M9g0ZV3qMIrqMqZqdwazygIA/YP2vrbcyl1h/WppKJTdl1F85cXIle+394iDAQ==" }, "depd": { "version": "1.1.2", @@ -14845,33 +14845,39 @@ "dev": true }, "ioredis": { - "version": "4.14.1", - "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.14.1.tgz", - "integrity": "sha512-94W+X//GHM+1GJvDk6JPc+8qlM7Dul+9K+lg3/aHixPN7ZGkW6qlvX0DG6At9hWtH2v3B32myfZqWoANUJYGJA==", + "version": "4.27.2", + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.27.2.tgz", + "integrity": "sha512-7OpYymIthonkC2Jne5uGWXswdhlua1S1rWGAERaotn0hGJWTSURvxdHA9G6wNbT/qKCloCja/FHsfKXW8lpTmg==", "requires": { "cluster-key-slot": "^1.1.0", - "debug": "^4.1.1", + "debug": "^4.3.1", "denque": "^1.1.0", "lodash.defaults": "^4.2.0", "lodash.flatten": "^4.4.0", - "redis-commands": "1.5.0", + "p-map": "^2.1.0", + "redis-commands": "1.7.0", "redis-errors": "^1.2.0", "redis-parser": "^3.0.0", - "standard-as-callback": "^2.0.1" + "standard-as-callback": "^2.1.0" }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", + "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + }, + "p-map": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-2.1.0.tgz", + "integrity": "sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==" } } }, @@ -22108,9 +22114,9 @@ } }, "redis-commands": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz", - "integrity": "sha512-6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg==" + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/redis-commands/-/redis-commands-1.7.0.tgz", + "integrity": "sha512-nJWqw3bTFy21hX/CPKHth6sfhZbdiHP6bTawSgQBlKOVRG7EZkfHbbHwQJnrE4vsQf0CMNE+3gJ4Fmm16vdVlQ==" }, "redis-errors": { "version": "1.2.0", @@ -23797,9 +23803,9 @@ "dev": true }, "standard-as-callback": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.0.1.tgz", - "integrity": "sha512-NQOxSeB8gOI5WjSaxjBgog2QFw55FV8TkS6Y07BiB3VJ8xNTvUYm0wl0s8ObgQ5NhdpnNfigMIKjgPESzgr4tg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", + "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==" }, "start-server-and-test": { "version": "1.10.6", diff --git a/package.json b/package.json index 52496071653e1..7c4770ca51251 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "glob": "^7.1.5", "graphql": "^14.5.8", "graphql-tag": "^2.10.1", - "ioredis": "4.14.1", + "ioredis": "4.27.2", "joi-extension-semver": "4.0.0", "js-yaml": "^3.13.1", "jsonpath": "~1.0.2", From ea1ec89d6877bbd1d1521d72f16ec52f1935abea Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 28 May 2021 21:49:13 +0000 Subject: [PATCH 03/14] fix: upgrade query-string from 6.8.3 to 6.14.1 Snyk has created this PR to upgrade query-string from 6.8.3 to 6.14.1. See this package in npm: https://www.npmjs.com/package/query-string See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 12 +++++++++--- package.json | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..328cb45cffd0b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10368,6 +10368,11 @@ "to-regex-range": "^2.1.0" } }, + "filter-obj": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/filter-obj/-/filter-obj-1.1.0.tgz", + "integrity": "sha1-mzERErxsYSehbgFsbF1/GeCAXFs=" + }, "finalhandler": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", @@ -21416,11 +21421,12 @@ "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, "query-string": { - "version": "6.8.3", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-6.8.3.tgz", - "integrity": "sha512-llcxWccnyaWlODe7A9hRjkvdCKamEKTh+wH8ITdTc3OhchaqUZteiSCX/2ablWHVrkVIe04dntnaZJ7BdyW0lQ==", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/query-string/-/query-string-6.14.1.tgz", + "integrity": "sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw==", "requires": { "decode-uri-component": "^0.2.0", + "filter-obj": "^1.1.0", "split-on-first": "^1.0.0", "strict-uri-encode": "^2.0.0" } diff --git a/package.json b/package.json index 52496071653e1..e7c8da2cfd31c 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "pretty-bytes": "^5.3.0", "priorityqueuejs": "^1.0.0", "prom-client": "^11.5.3", - "query-string": "^6.8.3", + "query-string": "^6.14.1", "request": "~2.88.0", "semver": "~6.3.0", "simple-icons": "1.19.0", From 93d2e44a77e8f4c201ce32098e6c3278524ba64a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 28 May 2021 21:49:19 +0000 Subject: [PATCH 04/14] fix: upgrade fast-xml-parser from 3.14.0 to 3.19.0 Snyk has created this PR to upgrade fast-xml-parser from 3.14.0 to 3.19.0. See this package in npm: https://www.npmjs.com/package/fast-xml-parser See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..5b7eb10cd332b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10206,9 +10206,9 @@ "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=" }, "fast-xml-parser": { - "version": "3.14.0", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.14.0.tgz", - "integrity": "sha512-3SzQnPNtMVqaBVDzYqYt0BTaaLwkd45wTbsUsH1eiE9dnyc4b8mYcm1Q0Rcx9AWkeTj5UZFTTm55Io5yVWS1tg==" + "version": "3.19.0", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.19.0.tgz", + "integrity": "sha512-4pXwmBplsCPv8FOY1WRakF970TjNGnGnfbOnLqjlYvMiF1SR3yOHyxMR/YCXpPTOspNF5gwudqktIP4VsWkvBg==" }, "fastparse": { "version": "1.1.2", diff --git a/package.json b/package.json index 52496071653e1..4bef78260e818 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "dotenv": "^8.2.0", "emojic": "^1.1.15", "escape-string-regexp": "^2.0.0", - "fast-xml-parser": "^3.14.0", + "fast-xml-parser": "^3.19.0", "fsos": "^1.1.6", "gh-badges": "file:gh-badges", "glob": "^7.1.5", From 841d5085a8031fcb0a210c36fa07e3cb7aecffbe Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 28 May 2021 21:49:23 +0000 Subject: [PATCH 05/14] fix: upgrade graphql-tag from 2.10.1 to 2.12.4 Snyk has created this PR to upgrade graphql-tag from 2.10.1 to 2.12.4. See this package in npm: https://www.npmjs.com/package/graphql-tag See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 16 +++++++++++++--- package.json | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..1dc4486d9f97f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13582,9 +13582,19 @@ } }, "graphql-tag": { - "version": "2.10.1", - "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.10.1.tgz", - "integrity": "sha512-jApXqWBzNXQ8jYa/HLkZJaVw9jgwNqZkywa2zfFn16Iv1Zb7ELNHkJaXHR7Quvd5SIGsy6Ny7SUKATgnu05uEg==" + "version": "2.12.4", + "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.4.tgz", + "integrity": "sha512-VV1U4O+9x99EkNpNmCUV5RZwq6MnK4+pGbRYWG+lA/m3uo7TSqJF81OkcOP148gFP6fzdl7JWYBrwWVTS9jXww==", + "requires": { + "tslib": "^2.1.0" + }, + "dependencies": { + "tslib": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.2.0.tgz", + "integrity": "sha512-gS9GVHRU+RGn5KQM2rllAlR3dU6m7AcpJKdtH8gFvQiC4Otgk98XnmMU+nZenHt/+VhnBPWwgrJsyrdcw6i23w==" + } + } }, "graphql-type-json": { "version": "0.2.4", diff --git a/package.json b/package.json index 52496071653e1..6c7a49c8290ec 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "gh-badges": "file:gh-badges", "glob": "^7.1.5", "graphql": "^14.5.8", - "graphql-tag": "^2.10.1", + "graphql-tag": "^2.12.4", "ioredis": "4.14.1", "joi-extension-semver": "4.0.0", "js-yaml": "^3.13.1", From b0a43f04baf72337067168bdaed9de81e782126a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 27 Jun 2021 02:11:22 +0000 Subject: [PATCH 06/14] fix: gh-badges/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 --- gh-badges/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gh-badges/package.json b/gh-badges/package.json index 7ee0566661760..399c82417e5de 100644 --- a/gh-badges/package.json +++ b/gh-badges/package.json @@ -38,7 +38,7 @@ "dot": "^1.1.2", "gm": "^1.23.0", "is-css-color": "^1.0.0", - "svgo": "^1.1.1" + "svgo": "^2.3.1" }, "scripts": { "test": "echo 'Run tests from parent dir'; false" From b9e962591984589a8fbb13c4cbde17bac1abc816 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 6 Jul 2021 15:01:34 +0000 Subject: [PATCH 07/14] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 - https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960 --- package-lock.json | 20 ++++++++++---------- package.json | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 73f58b4360d01..5d12e1dd3ee5d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15966,13 +15966,13 @@ "dev": true }, "jsonpath": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.0.2.tgz", - "integrity": "sha512-rmzlgFZiQPc6q4HDyK8s9Qb4oxBnI5sF61y/Co5PV0lc3q2bIuRsNdueVbhoSHdKM4fxeimphOAtfz47yjCfeA==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", + "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", "requires": { "esprima": "1.2.2", "static-eval": "2.0.2", - "underscore": "1.7.0" + "underscore": "1.12.1" }, "dependencies": { "esprima": { @@ -25437,9 +25437,9 @@ } }, "underscore": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.7.0.tgz", - "integrity": "sha1-a7rwh3UA02vjTsqlhODbn+8DUgk=" + "version": "1.12.1", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", + "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" }, "unicode-canonical-property-names-ecmascript": { "version": "1.0.4", @@ -26826,9 +26826,9 @@ "dev": true }, "xmldom": { - "version": "0.1.27", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.27.tgz", - "integrity": "sha1-1QH5ezvbQDr4757MIFcxh6rawOk=" + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.5.0.tgz", + "integrity": "sha512-Foaj5FXVzgn7xFzsKeNIde9g6aFBxTPi37iwsno8QvApmtg7KYrr+OPyRHcJF7dud2a5nGRBXK3n0dL62Gf7PA==" }, "xmlhttprequest-ssl": { "version": "1.5.5", diff --git a/package.json b/package.json index 52496071653e1..f6dd68d481fd2 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "ioredis": "4.14.1", "joi-extension-semver": "4.0.0", "js-yaml": "^3.13.1", - "jsonpath": "~1.0.2", + "jsonpath": "~1.1.1", "lodash.countby": "^4.6.0", "lodash.throttle": "^4.1.1", "lodash.times": "^4.3.2", @@ -60,7 +60,7 @@ "request": "~2.88.0", "semver": "~6.3.0", "simple-icons": "1.19.0", - "xmldom": "~0.1.27", + "xmldom": "~0.5.0", "xpath": "~0.0.27" }, "scripts": { From 1c6897e88e117aef6531a49fd1eb59ef50180bb9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 02:33:56 +0000 Subject: [PATCH 08/14] fix: upgrade config from 3.2.3 to 3.3.6 Snyk has created this PR to upgrade config from 3.2.3 to 3.3.6. See this package in npm: https://www.npmjs.com/package/config See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 24 ++++++++++++++++++++---- package.json | 2 +- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 32cfafb7ad85e..e949b5e2181ba 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6336,11 +6336,26 @@ } }, "config": { - "version": "3.2.3", - "resolved": "https://registry.npmjs.org/config/-/config-3.2.3.tgz", - "integrity": "sha512-pditxQzO+SkKX/2gs99YnUGEjmBVkTj2o/hGOgC0oYEU7QgLnVVDYmcSL6HiGels/8QtFJpFzi5iKYv4D0dalg==", + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/config/-/config-3.3.6.tgz", + "integrity": "sha512-Hj5916C5HFawjYJat1epbyY2PlAgLpBtDUlr0MxGLgo3p5+7kylyvnRY18PqJHgnNWXcdd0eWDemT7eYWuFgwg==", "requires": { - "json5": "^1.0.1" + "json5": "^2.1.1" + }, + "dependencies": { + "json5": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz", + "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==", + "requires": { + "minimist": "^1.2.5" + } + }, + "minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + } } }, "configstore": { @@ -15996,6 +16011,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz", "integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==", + "dev": true, "requires": { "minimist": "^1.2.0" } diff --git a/package.json b/package.json index 1bcff6230a760..b99c48529db07 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "chalk": "^2.4.2", "check-node-version": "^4.0.1", "chrome-web-store-item-property": "~1.1.2", - "config": "^3.2.3", + "config": "^3.3.6", "cross-env": "^6.0.3", "decamelize": "^3.2.0", "dotenv": "^8.2.0", From 7ce47f283e88a1a5907be7baee122fa5344adfed Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 02:33:59 +0000 Subject: [PATCH 09/14] fix: upgrade moment from 2.24.0 to 2.29.1 Snyk has created this PR to upgrade moment from 2.24.0 to 2.29.1. See this package in npm: https://www.npmjs.com/package/moment See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 12 +++++++++--- package.json | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 32cfafb7ad85e..677c01a385ce8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7349,6 +7349,12 @@ "cli-cursor": "^1.0.2" } }, + "moment": { + "version": "2.24.0", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz", + "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==", + "dev": true + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", @@ -18100,9 +18106,9 @@ } }, "moment": { - "version": "2.24.0", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz", - "integrity": "sha512-bV7f+6l2QigeBBZSM/6yTNq4P2fNpSWj/0e7jQcy87A8e7o2nAfP/34/2ky5Vw4B9S446EtIhodAzkFCcR4dQg==" + "version": "2.29.1", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz", + "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" }, "moo": { "version": "0.4.3", diff --git a/package.json b/package.json index 1bcff6230a760..77c92d0521124 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "lodash.countby": "^4.6.0", "lodash.throttle": "^4.1.1", "lodash.times": "^4.3.2", - "moment": "^2.24.0", + "moment": "^2.29.1", "node-env-flag": "^0.1.0", "parse-link-header": "^1.0.1", "path-to-regexp": "^3.1.0", From 623e3d000702f7679abc3433bf7cb0713d436163 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 02:34:03 +0000 Subject: [PATCH 10/14] fix: upgrade dotenv from 8.2.0 to 8.6.0 Snyk has created this PR to upgrade dotenv from 8.2.0 to 8.6.0. See this package in npm: https://www.npmjs.com/package/dotenv See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 32cfafb7ad85e..024c320785e4c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8069,9 +8069,9 @@ } }, "dotenv": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz", - "integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw==" + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.6.0.tgz", + "integrity": "sha512-IrPdXQsk2BbzvCBGBOTmmSH5SodmqZNt4ERAZDmW4CT+tL8VtvinqywuANaFu4bOMWki16nqf0e4oC0QIaDr/g==" }, "duplexer": { "version": "0.1.1", diff --git a/package.json b/package.json index 1bcff6230a760..737de6e3fe56e 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "config": "^3.2.3", "cross-env": "^6.0.3", "decamelize": "^3.2.0", - "dotenv": "^8.2.0", + "dotenv": "^8.6.0", "emojic": "^1.1.15", "escape-string-regexp": "^2.0.0", "fast-xml-parser": "^3.19.0", From 79110702d384b911f2e060ca5a460831d7e55a11 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 02:34:07 +0000 Subject: [PATCH 11/14] fix: upgrade xpath from 0.0.27 to 0.0.32 Snyk has created this PR to upgrade xpath from 0.0.27 to 0.0.32. See this package in npm: https://www.npmjs.com/package/xpath See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 32cfafb7ad85e..95e7f69cc6b35 100644 --- a/package-lock.json +++ b/package-lock.json @@ -26887,9 +26887,9 @@ "integrity": "sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4=" }, "xpath": { - "version": "0.0.27", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.27.tgz", - "integrity": "sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==" + "version": "0.0.32", + "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", + "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==" }, "xregexp": { "version": "4.2.4", diff --git a/package.json b/package.json index 1bcff6230a760..a4792124d72cd 100644 --- a/package.json +++ b/package.json @@ -61,7 +61,7 @@ "semver": "~6.3.0", "simple-icons": "1.19.0", "xmldom": "~0.5.0", - "xpath": "~0.0.27" + "xpath": "~0.0.32" }, "scripts": { "coverage:test:server": "echo \"Deprecated; run `npm run coverage:test:core` instead.\" && npm run coverage:test:core", From 29e99bba096791736658a80db49c586fcd8ac727 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 02:34:11 +0000 Subject: [PATCH 12/14] fix: upgrade ioredis from 4.27.2 to 4.27.6 Snyk has created this PR to upgrade ioredis from 4.27.2 to 4.27.6. See this package in npm: https://www.npmjs.com/package/ioredis See this project in Snyk: https://app.snyk.io/org/andruszd/project/ac12b093-bb9e-4263-96d0-fc072a46ea8c?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 12 ++++++------ package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 32cfafb7ad85e..333a462d8c16d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14889,9 +14889,9 @@ "dev": true }, "ioredis": { - "version": "4.27.2", - "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.27.2.tgz", - "integrity": "sha512-7OpYymIthonkC2Jne5uGWXswdhlua1S1rWGAERaotn0hGJWTSURvxdHA9G6wNbT/qKCloCja/FHsfKXW8lpTmg==", + "version": "4.27.6", + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.27.6.tgz", + "integrity": "sha512-6W3ZHMbpCa8ByMyC1LJGOi7P2WiOKP9B3resoZOVLDhi+6dDBOW+KNsRq3yI36Hmnb2sifCxHX+YSarTeXh48A==", "requires": { "cluster-key-slot": "^1.1.0", "debug": "^4.3.1", @@ -14906,9 +14906,9 @@ }, "dependencies": { "debug": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", - "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz", + "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==", "requires": { "ms": "2.1.2" } diff --git a/package.json b/package.json index 1bcff6230a760..9aa06ff70b01d 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "glob": "^7.1.5", "graphql": "^14.5.8", "graphql-tag": "^2.12.4", - "ioredis": "4.27.2", + "ioredis": "4.27.6", "joi-extension-semver": "4.0.0", "js-yaml": "^3.13.1", "jsonpath": "~1.1.1", From 1430359a90eba0c5356784a8f767711b9169201a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 7 Jul 2021 18:07:41 +0000 Subject: [PATCH 13/14] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-587980 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-1055465 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-1243765 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-1315789 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-1315790 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 30d3ef6a09143..42507c1455269 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:8-alpine +FROM node:14.17.0-alpine RUN mkdir -p /usr/src/app RUN mkdir /usr/src/app/private From b8de5b4cc09eccdb1b03d5fd72f3253127a20eb2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 16 Dec 2022 09:22:11 +0000 Subject: [PATCH 14/14] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE311-APKTOOLS-1534687 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569447 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451 - https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-1569451 - https://snyk.io/vuln/SNYK-ALPINE311-ZLIB-2977081 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 42507c1455269..17a909bb0018c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14.17.0-alpine +FROM node:14.21-alpine RUN mkdir -p /usr/src/app RUN mkdir /usr/src/app/private