From 508ff736708e84a5d0840e12a6337a14daf6de09 Mon Sep 17 00:00:00 2001 From: spirrello Date: Thu, 23 Jan 2025 12:29:13 -0500 Subject: [PATCH] Bumped express to version 4.21.2. This was required to resolve CVE-2024-52798 on path-to-regexp package. (#205) Co-authored-by: stefano --- package.json | 2 +- yarn.lock | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 6b1d471..6b0c510 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "@wesleytodd/openapi": "^1.1.0", "compression": "^1.7.4", "cors": "^2.8.5", - "express": "^4.21.0", + "express": "^4.21.2", "json-schema-to-ts": "^3.1.0", "openapi-types": "^12.1.3", "prom-client": "^15.1.3", diff --git a/yarn.lock b/yarn.lock index a11b1eb..015af5c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1769,7 +1769,7 @@ __metadata: babel-jest: "npm:^29.7.0" compression: "npm:^1.7.4" cors: "npm:^2.8.5" - express: "npm:^4.21.0" + express: "npm:^4.21.2" jest: "npm:^29.7.0" json-schema-to-ts: "npm:^3.1.0" openapi-types: "npm:^12.1.3" @@ -2961,16 +2961,16 @@ __metadata: languageName: node linkType: hard -"express@npm:^4.21.0": - version: 4.21.0 - resolution: "express@npm:4.21.0" +"express@npm:^4.21.2": + version: 4.21.2 + resolution: "express@npm:4.21.2" dependencies: accepts: "npm:~1.3.8" array-flatten: "npm:1.1.1" body-parser: "npm:1.20.3" content-disposition: "npm:0.5.4" content-type: "npm:~1.0.4" - cookie: "npm:0.6.0" + cookie: "npm:0.7.1" cookie-signature: "npm:1.0.6" debug: "npm:2.6.9" depd: "npm:2.0.0" @@ -2984,7 +2984,7 @@ __metadata: methods: "npm:~1.1.2" on-finished: "npm:2.4.1" parseurl: "npm:~1.3.3" - path-to-regexp: "npm:0.1.10" + path-to-regexp: "npm:0.1.12" proxy-addr: "npm:~2.0.7" qs: "npm:6.13.0" range-parser: "npm:~1.2.1" @@ -2996,7 +2996,7 @@ __metadata: type-is: "npm:~1.6.18" utils-merge: "npm:1.0.1" vary: "npm:~1.1.2" - checksum: 10c0/4cf7ca328f3fdeb720f30ccb2ea7708bfa7d345f9cc460b64a82bf1b2c91e5b5852ba15a9a11b2a165d6089acf83457fc477dc904d59cd71ed34c7a91762c6cc + checksum: 10c0/38168fd0a32756600b56e6214afecf4fc79ec28eca7f7a91c2ab8d50df4f47562ca3f9dee412da7f5cea6b1a1544b33b40f9f8586dbacfbdada0fe90dbb10a1f languageName: node linkType: hard @@ -4925,6 +4925,13 @@ __metadata: languageName: node linkType: hard +"path-to-regexp@npm:0.1.12": + version: 0.1.12 + resolution: "path-to-regexp@npm:0.1.12" + checksum: 10c0/1c6ff10ca169b773f3bba943bbc6a07182e332464704572962d277b900aeee81ac6aa5d060ff9e01149636c30b1f63af6e69dd7786ba6e0ddb39d4dee1f0645b + languageName: node + linkType: hard + "path-to-regexp@npm:^6.2.1": version: 6.3.0 resolution: "path-to-regexp@npm:6.3.0"