From 68dee31b1ce6027de1999d2c6d106534f8da5def Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 29 Apr 2024 18:58:32 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-6689533 --- package-lock.json | 37 ++++++++++++++++++------------------- package.json | 2 +- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f47a4d..dd538b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,14 +1,14 @@ { "name": "EID4U", - "requires": true, "lockfileVersion": 1, + "requires": true, "dependencies": { "async": { "version": "2.6.1", "resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz", "integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==", "requires": { - "lodash": "4.17.11" + "lodash": "^4.17.10" } }, "debug": { @@ -16,13 +16,13 @@ "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.0.tgz", "integrity": "sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg==", "requires": { - "ms": "2.1.1" + "ms": "^2.1.1" } }, - "ejs": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.6.1.tgz", - "integrity": "sha512-0xy4A/twfrRCnkhfk8ErDi5DqdAsAqeGxht4xkCUrsvhhbQNs7E+4jV0CN7+NKIY0aHE72+XvqtBIXzD31ZbXQ==" + "escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" }, "fs": { "version": "0.0.1-security", @@ -83,8 +83,8 @@ "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-0.10.1.tgz", "integrity": "sha1-+DL3TM9W8kr8rhFjofyrRNlndKg=", "requires": { - "xmldom": "0.1.19", - "xpath.js": "1.1.0" + "xmldom": "=0.1.19", + "xpath.js": ">=0.0.3" }, "dependencies": { "xmldom": { @@ -95,14 +95,13 @@ } }, "xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.0.0.tgz", + "integrity": "sha512-xTqcgKPN3XOswvDPXrhtyvWZ96IFcO9Azv3vS060kOpBsK5T7OxbQDxb59bPLl4b4c2IgmSZC3kJB0n5WPr2Mw==", "requires": { - "async": "2.6.1", - "ejs": "2.6.1", - "node-forge": "0.7.6", - "xmldom": "0.1.27", + "escape-html": "^1.0.3", + "node-forge": "^0.7.0", + "xmldom": "~0.1.15", "xpath": "0.0.27" } }, @@ -111,8 +110,8 @@ "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz", "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==", "requires": { - "sax": "1.2.4", - "xmlbuilder": "9.0.7" + "sax": ">=0.6.0", + "xmlbuilder": "~9.0.1" }, "dependencies": { "xmlbuilder": { @@ -127,7 +126,7 @@ "resolved": "http://registry.npmjs.org/xmlbuilder/-/xmlbuilder-2.2.1.tgz", "integrity": "sha1-kyZDDxMNh0NdTECGZDqikm4QWjI=", "requires": { - "lodash-node": "2.4.1" + "lodash-node": "~2.4.1" } }, "xmldom": { diff --git a/package.json b/package.json index 519e928..f553682 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ "underscore": "^1.8.3", "url": "^0.11.0", "xml-crypto": "^0.10.0", - "xml-encryption": "^0.11.0", + "xml-encryption": "^1.0.0", "xml2js": "^0.4.0", "xmlbuilder": "~2.2.0", "xmldom": "^0.1.0"