From 9a11c1e247d35fcc457124705fd132e3735efeda Mon Sep 17 00:00:00 2001 From: Ludek Novy <13610612+ludeknovy@users.noreply.github.com> Date: Wed, 4 Sep 2024 20:48:04 +0200 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities (#337) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PGPROMISE-6501690 Co-authored-by: snyk-bot --- package-lock.json | 64 +++++++++++++++++++++++++++-------------------- package.json | 2 +- 2 files changed, 38 insertions(+), 28 deletions(-) diff --git a/package-lock.json b/package-lock.json index cff90ac..8506b47 100644 --- a/package-lock.json +++ b/package-lock.json @@ -29,7 +29,7 @@ "multer": "^1.4.5-lts.1", "node-pg-migrate": "^6.2.2", "pg": "^8.12.0", - "pg-promise": "^10.15.4", + "pg-promise": "^11.5.5", "uuid": "^9.0.1", "winston": "^3.14.1", "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz" @@ -3293,9 +3293,10 @@ } }, "node_modules/assert-options": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.0.tgz", - "integrity": "sha512-qSELrEaEz4sGwTs4Qh+swQkjiHAysC4rot21+jzXU86dJzNG+FDqBzyS3ohSoTRf4ZLA3FSwxQdiuNl5NXUtvA==", + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.1.tgz", + "integrity": "sha512-5lNGRB5g5i2bGIzb+J1QQE1iKU/WEMVBReFIc5pPDWjcPj23otPL0eI6PB2v7QPi0qU6Mhym5D3y0ZiSIOf3GA==", + "license": "MIT", "engines": { "node": ">=10.0.0" } @@ -3679,6 +3680,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/buffer-writer/-/buffer-writer-2.0.0.tgz", "integrity": "sha512-a7ZpuTZU1TRtnwyCNW3I5dc0wWNC3VR9S++Ewyk2HHZdrO3CQJqSpd+95Us590V6AL7JqUAH2IwZ/398PmNFgw==", + "license": "MIT", "engines": { "node": ">=4" } @@ -9366,7 +9368,8 @@ "node_modules/packet-reader": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/packet-reader/-/packet-reader-1.0.0.tgz", - "integrity": "sha512-HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ==" + "integrity": "sha512-HAKu/fG3HpHFO0AA8WE8q2g+gBJaZ9MG7fcKk+IJPLTGAD6Psw4443l+9DGRbOIh3/aXr7Phy0TjilYivJo5XQ==", + "license": "MIT" }, "node_modules/parent-module": { "version": "1.0.1", @@ -9490,11 +9493,12 @@ } }, "node_modules/pg-minify": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.2.tgz", - "integrity": "sha512-1KdmFGGTP6jplJoI8MfvRlfvMiyBivMRP7/ffh4a11RUFJ7kC2J0ZHlipoKiH/1hz+DVgceon9U2qbaHpPeyPg==", + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.3.tgz", + "integrity": "sha512-NoSsPqXxbkD8RIe+peQCqiea4QzXgosdTKY8p7PsbbGsh2F8TifDj/vJxfuR8qJwNYrijdSs7uf0tAe6WOyCsQ==", + "license": "MIT", "engines": { - "node": ">=8.0" + "node": ">=12.0.0" } }, "node_modules/pg-pool": { @@ -9506,35 +9510,40 @@ } }, "node_modules/pg-promise": { - "version": "10.15.4", - "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-10.15.4.tgz", - "integrity": "sha512-BKlHCMCdNUmF6gagVbehRWSEiVcZzPVltEx14OJExR9Iz9/1R6KETDWLLGv2l6yRqYFnEZZy1VDjRhArzeIGrw==", + "version": "11.5.5", + "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-11.5.5.tgz", + "integrity": "sha512-DpJkDDH7rG0wUwFRRHimdV6DtG/UTK2SBEKC7KGFR6a5Zuqf9eGThR7dqIaHXnEBDZuWxUfWC5zMRqyk4EP7Lw==", + "license": "MIT", "dependencies": { - "assert-options": "0.8.0", - "pg": "8.8.0", - "pg-minify": "1.6.2", - "spex": "3.2.0" + "assert-options": "0.8.1", + "pg": "8.11.3", + "pg-minify": "1.6.3", + "spex": "3.3.0" }, "engines": { - "node": ">=12.0" + "node": ">=14.0" } }, "node_modules/pg-promise/node_modules/pg": { - "version": "8.8.0", - "resolved": "https://registry.npmjs.org/pg/-/pg-8.8.0.tgz", - "integrity": "sha512-UXYN0ziKj+AeNNP7VDMwrehpACThH7LUl/p8TDFpEUuSejCUIwGSfxpHsPvtM6/WXFy6SU4E5RG4IJV/TZAGjw==", + "version": "8.11.3", + "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.3.tgz", + "integrity": "sha512-+9iuvG8QfaaUrrph+kpF24cXkH1YOOUeArRNYIxq1viYHZagBxrTno7cecY1Fa44tJeZvaoG+Djpkc3JwehN5g==", + "license": "MIT", "dependencies": { "buffer-writer": "2.0.0", "packet-reader": "1.0.0", - "pg-connection-string": "^2.5.0", - "pg-pool": "^3.5.2", - "pg-protocol": "^1.5.0", + "pg-connection-string": "^2.6.2", + "pg-pool": "^3.6.1", + "pg-protocol": "^1.6.0", "pg-types": "^2.1.0", "pgpass": "1.x" }, "engines": { "node": ">= 8.0.0" }, + "optionalDependencies": { + "pg-cloudflare": "^1.1.1" + }, "peerDependencies": { "pg-native": ">=3.0.1" }, @@ -10173,11 +10182,12 @@ } }, "node_modules/spex": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/spex/-/spex-3.2.0.tgz", - "integrity": "sha512-9srjJM7NaymrpwMHvSmpDeIK5GoRMX/Tq0E8aOlDPS54dDnDUIp30DrP9SphMPEETDLzEM9+4qo+KipmbtPecg==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/spex/-/spex-3.3.0.tgz", + "integrity": "sha512-VNiXjFp6R4ldPbVRYbpxlD35yRHceecVXlct1J4/X80KuuPnW2AXMq3sGwhnJOhKkUsOxAT6nRGfGE5pocVw5w==", + "license": "MIT", "engines": { - "node": ">=4.5" + "node": ">=10.0.0" } }, "node_modules/split2": { diff --git a/package.json b/package.json index 06ed633..c2cd9ae 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "multer": "^1.4.5-lts.1", "node-pg-migrate": "^6.2.2", "pg": "^8.12.0", - "pg-promise": "^10.15.4", + "pg-promise": "^11.5.5", "uuid": "^9.0.1", "winston": "^3.14.1", "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz"