From 04bacb3cf81d3a4c62ac581cc549e631d1894975 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 27 Apr 2022 07:24:25 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-2803307 --- package-lock.json | 137 +++++++++++++++++++++++++++++----------------- package.json | 2 +- 2 files changed, 88 insertions(+), 51 deletions(-) diff --git a/package-lock.json b/package-lock.json index 66df9cdd970d..921df32e42f5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "Rocket.Chat", - "version": "1.0.0-develop", + "version": "1.1.0-develop", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -4316,6 +4316,28 @@ "type-detect": "^4.0.0" } }, + "cucumber": { + "version": "github:xolvio/cucumber-js#cf953cb5b5de30dbcc279f59e4ebff3aa040071c", + "from": "github:xolvio/cucumber-js#cf953cb5b5de30dbcc279f59e4ebff3aa040071c", + "dev": true, + "requires": { + "camel-case": "^3.0.0", + "cli-table": "^0.3.1", + "co": "^4.6.0", + "colors": "^1.1.2", + "commander": "^2.9.0", + "duration": "^0.2.0", + "fibers": "^1.0.7", + "figures": "1.7.0", + "gherkin": "4.0.0", + "glob": "^7.0.0", + "is-generator": "^1.0.2", + "lodash": "^4.0.0", + "meteor-promise": "^0.8.0", + "stack-chain": "^1.3.5", + "stacktrace-js": "^1.3.0" + } + }, "debug": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", @@ -4338,8 +4360,8 @@ "dev": true }, "glob": { - "version": "github:lucetius/node-glob#51c7ca6e69bfbd17db5f1ea710e3f2a7a457d9ce", - "from": "github:lucetius/node-glob#chimp", + "version": "7.1.1", + "resolved": "github:lucetius/node-glob#51c7ca6e69bfbd17db5f1ea710e3f2a7a457d9ce", "dev": true, "requires": { "fs.realpath": "^1.0.0", @@ -5121,36 +5143,6 @@ "integrity": "sha1-gsGMJGH3QRTvFsE1IkrQuRRMoS8=", "dev": true }, - "cucumber": { - "version": "github:xolvio/cucumber-js#cf953cb5b5de30dbcc279f59e4ebff3aa040071c", - "from": "github:xolvio/cucumber-js#v1.3.0-chimp.6", - "dev": true, - "requires": { - "camel-case": "^3.0.0", - "cli-table": "^0.3.1", - "co": "^4.6.0", - "colors": "^1.1.2", - "commander": "^2.9.0", - "duration": "^0.2.0", - "fibers": "^1.0.7", - "figures": "1.7.0", - "gherkin": "4.0.0", - "glob": "^7.0.0", - "is-generator": "^1.0.2", - "lodash": "^4.0.0", - "meteor-promise": "^0.8.0", - "stack-chain": "^1.3.5", - "stacktrace-js": "^1.3.0" - }, - "dependencies": { - "fibers": { - "version": "1.0.15", - "resolved": "https://registry.npmjs.org/fibers/-/fibers-1.0.15.tgz", - "integrity": "sha1-IvA5yPGLhWGQ+75N7PBWFUwerpw=", - "dev": true - } - } - }, "cuid": { "version": "1.3.8", "resolved": "https://registry.npmjs.org/cuid/-/cuid-1.3.8.tgz", @@ -5683,7 +5675,8 @@ "ejs": { "version": "2.5.9", "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.9.tgz", - "integrity": "sha512-GJCAeDBKfREgkBtgrYSf9hQy9kTb3helv0zGdzqhM7iAkW8FA/ZF97VQDbwFiwIT8MQLLOe5VlPZOEvZAqtUAQ==" + "integrity": "sha512-GJCAeDBKfREgkBtgrYSf9hQy9kTb3helv0zGdzqhM7iAkW8FA/ZF97VQDbwFiwIT8MQLLOe5VlPZOEvZAqtUAQ==", + "dev": true }, "electron-to-chromium": { "version": "1.3.87", @@ -7174,7 +7167,8 @@ "ansi-regex": { "version": "2.1.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "aproba": { "version": "1.2.0", @@ -7195,12 +7189,14 @@ "balanced-match": { "version": "1.0.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "brace-expansion": { "version": "1.1.11", "bundled": true, "dev": true, + "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -7215,17 +7211,20 @@ "code-point-at": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "concat-map": { "version": "0.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "console-control-strings": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "core-util-is": { "version": "1.0.2", @@ -7342,7 +7341,8 @@ "inherits": { "version": "2.0.3", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "ini": { "version": "1.3.5", @@ -7354,6 +7354,7 @@ "version": "1.0.0", "bundled": true, "dev": true, + "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -7368,6 +7369,7 @@ "version": "3.0.4", "bundled": true, "dev": true, + "optional": true, "requires": { "brace-expansion": "^1.1.7" } @@ -7375,12 +7377,14 @@ "minimist": { "version": "0.0.8", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "minipass": { "version": "2.3.5", "bundled": true, "dev": true, + "optional": true, "requires": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" @@ -7399,6 +7403,7 @@ "version": "0.5.1", "bundled": true, "dev": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -7479,7 +7484,8 @@ "number-is-nan": { "version": "1.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "object-assign": { "version": "4.1.1", @@ -7491,6 +7497,7 @@ "version": "1.4.0", "bundled": true, "dev": true, + "optional": true, "requires": { "wrappy": "1" } @@ -7576,7 +7583,8 @@ "safe-buffer": { "version": "5.1.2", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "safer-buffer": { "version": "2.1.2", @@ -7612,6 +7620,7 @@ "version": "1.0.2", "bundled": true, "dev": true, + "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -7631,6 +7640,7 @@ "version": "3.0.1", "bundled": true, "dev": true, + "optional": true, "requires": { "ansi-regex": "^2.0.0" } @@ -7674,12 +7684,14 @@ "wrappy": { "version": "1.0.2", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "yallist": { "version": "3.0.3", "bundled": true, - "dev": true + "dev": true, + "optional": true } } }, @@ -8888,6 +8900,18 @@ "hoek": "2.x.x", "joi": "6.x.x", "wreck": "5.x.x" + }, + "dependencies": { + "wreck": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/wreck/-/wreck-5.6.1.tgz", + "integrity": "sha1-r/ADBAATiJ11YZtccYcN0qjdBpo=", + "dev": true, + "requires": { + "boom": "2.x.x", + "hoek": "2.x.x" + } + } } }, "heavy": { @@ -8899,6 +8923,20 @@ "boom": "2.x.x", "hoek": "2.x.x", "joi": "5.x.x" + }, + "dependencies": { + "joi": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/joi/-/joi-5.1.0.tgz", + "integrity": "sha1-FSrQfbjunGQBmX/1/SwSiWBwv1g=", + "dev": true, + "requires": { + "hoek": "^2.2.x", + "isemail": "1.x.x", + "moment": "2.x.x", + "topo": "1.x.x" + } + } } }, "hoek": { @@ -17446,12 +17484,11 @@ } }, "xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.0.0.tgz", + "integrity": "sha512-xTqcgKPN3XOswvDPXrhtyvWZ96IFcO9Azv3vS060kOpBsK5T7OxbQDxb59bPLl4b4c2IgmSZC3kJB0n5WPr2Mw==", "requires": { - "async": "^2.1.5", - "ejs": "^2.5.6", + "escape-html": "^1.0.3", "node-forge": "^0.7.0", "xmldom": "~0.1.15", "xpath": "0.0.27" diff --git a/package.json b/package.json index 623c60421b4c..967f18d1c8a3 100644 --- a/package.json +++ b/package.json @@ -225,7 +225,7 @@ "webdav": "^2.0.0", "wolfy87-eventemitter": "^5.2.5", "xml-crypto": "^1.0.2", - "xml-encryption": "0.11.2", + "xml-encryption": "1.0.0", "xml2js": "0.4.19", "xmlbuilder": "^10.1.1", "xmldom": "^0.1.27",