From d54eca96f44c75df59598028df4729bc6efc4d29 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 25 Jan 2025 03:20:31 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNDICI-8641354 --- package-lock.json | 152 ++++++++++++++++++++++++++++++++++------------ package.json | 4 +- 2 files changed, 116 insertions(+), 40 deletions(-) diff --git a/package-lock.json b/package-lock.json index 152213d..ead6c4f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@bugsnag/js": "^7.22.4", "@fastify/awilix": "^5.0.0", "@lokalise/fastify-extras": "^16.4.0", - "@lokalise/node-core": "^9.9.0", + "@lokalise/node-core": "^10.0.0", "awilix": "^10.0.1", "dotenv": "^16.4.4", "fastify": "^4.26.1", @@ -24,7 +24,7 @@ "mockhttp": "^0.0.1", "newrelic": "^11.10.4", "pino": "^8.18.0", - "undici": "^6.6.2", + "undici": "^6.21.1", "zod": "^3.22.4" }, "devDependencies": { @@ -377,14 +377,6 @@ "fastify": "^4.0.0" } }, - "node_modules/@fastify/busboy": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.0.tgz", - "integrity": "sha512-+KpH+QxZU7O4675t3mnkQKcZZg56u+K/Ct2K+N2AZYNVK8kyeo/bI18tI8aPm3tvNNRyTWfj6s5tnGNlcbQRsA==", - "engines": { - "node": ">=14" - } - }, "node_modules/@fastify/deepmerge": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/@fastify/deepmerge/-/deepmerge-1.3.0.tgz", @@ -697,14 +689,86 @@ } }, "node_modules/@lokalise/node-core": { - "version": "9.9.0", - "resolved": "https://registry.npmjs.org/@lokalise/node-core/-/node-core-9.9.0.tgz", - "integrity": "sha512-zVVOrIuwerWiV18MiNO8HUXIrn7VAla2OixOVl4FBNXUOUG8R9PGe/4sqCjFT221F5VZCJoF1JYCDAWkeiW2RQ==", + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/@lokalise/node-core/-/node-core-10.0.0.tgz", + "integrity": "sha512-yi0qCPJceL0BZCMjeTe6fygbN78UcFSC4DLmtRdS8lEwdlZ55fs2Oh6lwFNTPz+pG5sx0azND440lVPBZBPj5A==", + "license": "Apache-2.0", "dependencies": { - "pino": "^8.17.2", - "undici": "^6.3.0", - "undici-retry": "^5.0.2", - "zod": "^3.22.4" + "dot-prop": "6.0.1", + "pino": "^9.1.0", + "tslib": "^2.6.2", + "zod": "^3.23.8" + } + }, + "node_modules/@lokalise/node-core/node_modules/pino": { + "version": "9.6.0", + "resolved": "https://registry.npmjs.org/pino/-/pino-9.6.0.tgz", + "integrity": "sha512-i85pKRCt4qMjZ1+L7sy2Ag4t1atFcdbEt76+7iRJn1g2BvsnRMGu9p8pivl9fs63M2kF/A0OacFZhTub+m/qMg==", + "license": "MIT", + "dependencies": { + "atomic-sleep": "^1.0.0", + "fast-redact": "^3.1.1", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^2.0.0", + "pino-std-serializers": "^7.0.0", + "process-warning": "^4.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^4.0.1", + "thread-stream": "^3.0.0" + }, + "bin": { + "pino": "bin.js" + } + }, + "node_modules/@lokalise/node-core/node_modules/pino-abstract-transport": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-2.0.0.tgz", + "integrity": "sha512-F63x5tizV6WCh4R6RHyi2Ml+M70DNRXt/+HANowMflpgGFMAym/VKm6G7ZOQRjqN7XbGxK1Lg9t6ZrtzOaivMw==", + "license": "MIT", + "dependencies": { + "split2": "^4.0.0" + } + }, + "node_modules/@lokalise/node-core/node_modules/pino-std-serializers": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.0.0.tgz", + "integrity": "sha512-e906FRY0+tV27iq4juKzSYPbUj2do2X2JX4EzSca1631EB2QJQUqGbDuERal7LCtOpxl6x3+nvo9NPZcmjkiFA==", + "license": "MIT" + }, + "node_modules/@lokalise/node-core/node_modules/process-warning": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-4.0.1.tgz", + "integrity": "sha512-3c2LzQ3rY9d0hc1emcsHhfT9Jwz0cChib/QN89oME2R451w5fy3f0afAhERFZAwrbDU43wk12d0ORBpDVME50Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "MIT" + }, + "node_modules/@lokalise/node-core/node_modules/sonic-boom": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.0.tgz", + "integrity": "sha512-INb7TM37/mAcsGmc9hyyI6+QR3rR1zVRu36B0NeGXKnOOLiZOfER5SA+N7X7k3yUYRzLWafduTDvJAfDswwEww==", + "license": "MIT", + "dependencies": { + "atomic-sleep": "^1.0.0" + } + }, + "node_modules/@lokalise/node-core/node_modules/thread-stream": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-3.1.0.tgz", + "integrity": "sha512-OqyPZ9u96VohAyMfJykzmivOrY2wfMSf3C5TtFJVgN+Hm6aj+voFhlK+kZEIv2FBh1X6Xp3DlnCOfEQ3B2J86A==", + "license": "MIT", + "dependencies": { + "real-require": "^0.2.0" } }, "node_modules/@lukeed/ms": { @@ -3178,6 +3242,21 @@ "node": ">=6.0.0" } }, + "node_modules/dot-prop": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-6.0.1.tgz", + "integrity": "sha512-tE7ztYzXHIeyvc7N+hR3oi7FIbf/NIjVP9hmAt3yMXzrQ072/fpjGLx2GxNxGxUl5V73MEqYzioOMoVhGMJ5cA==", + "license": "MIT", + "dependencies": { + "is-obj": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/dotenv": { "version": "16.4.4", "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.4.tgz", @@ -5477,6 +5556,15 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-obj": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz", + "integrity": "sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/is-path-inside": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", @@ -9034,25 +9122,12 @@ "dev": true }, "node_modules/undici": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.6.2.tgz", - "integrity": "sha512-vSqvUE5skSxQJ5sztTZ/CdeJb1Wq0Hf44hlYMciqHghvz+K88U0l7D6u1VsndoFgskDcnU+nG3gYmMzJVzd9Qg==", - "dependencies": { - "@fastify/busboy": "^2.0.0" - }, + "version": "6.21.1", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.21.1.tgz", + "integrity": "sha512-q/1rj5D0/zayJB2FraXdaWxbhWiNKDvu8naDT2dl1yTlvJp4BLtOcp2a5BvgGNQpYYJzau7tf1WgKv3b+7mqpQ==", + "license": "MIT", "engines": { - "node": ">=18.0" - } - }, - "node_modules/undici-retry": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/undici-retry/-/undici-retry-5.0.2.tgz", - "integrity": "sha512-XaP2RKZ9QJQC/QWqCTuXYY/cK73OWtAnZ52dxUK8GN33vmtQpeptFuhKWA5h1y6rYX+XCRFY9nGfiET8Pmwt5A==", - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "undici": "^6.0.0" + "node": ">=18.17" } }, "node_modules/undici-types": { @@ -9601,9 +9676,10 @@ } }, "node_modules/zod": { - "version": "3.22.4", - "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.4.tgz", - "integrity": "sha512-iC+8Io04lddc+mVqQ9AZ7OQ2MrUKGN+oIQyq1vemgt46jwCwLfhq7/pwnBnNXXXZb8VTVLKwp9EDkx+ryxIWmg==", + "version": "3.24.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.1.tgz", + "integrity": "sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/colinhacks" } diff --git a/package.json b/package.json index 408d5bc..7c21594 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@bugsnag/js": "^7.22.4", "@fastify/awilix": "^5.0.0", "@lokalise/fastify-extras": "^16.4.0", - "@lokalise/node-core": "^9.9.0", + "@lokalise/node-core": "^10.0.0", "awilix": "^10.0.1", "dotenv": "^16.4.4", "fastify": "^4.26.1", @@ -37,7 +37,7 @@ "mockhttp": "^0.0.1", "newrelic": "^11.10.4", "pino": "^8.18.0", - "undici": "^6.6.2", + "undici": "^6.21.1", "zod": "^3.22.4" }, "devDependencies": {