From b8f14ce6ded9676963f40d443be2ff398da938ba Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 18 Jul 2025 10:06:34 +0000 Subject: [PATCH] fix: user-service/package.json & user-service/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729 --- user-service/package-lock.json | 120 +++++++++++++++++++-------------- user-service/package.json | 2 +- 2 files changed, 72 insertions(+), 50 deletions(-) diff --git a/user-service/package-lock.json b/user-service/package-lock.json index 59d0bebb..cf08d2b4 100644 --- a/user-service/package-lock.json +++ b/user-service/package-lock.json @@ -4,14 +4,6 @@ "lockfileVersion": 1, "requires": true, "dependencies": { - "2checkout-node": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/2checkout-node/-/2checkout-node-0.0.1.tgz", - "integrity": "sha1-7a5MHUAIh6Y+hUXjf7mrBVeaaIU=", - "requires": { - "request": "2.x.x" - } - }, "@babel/code-frame": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.0.0.tgz", @@ -60,6 +52,14 @@ "@types/node": "*" } }, + "2checkout-node": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/2checkout-node/-/2checkout-node-0.0.1.tgz", + "integrity": "sha1-7a5MHUAIh6Y+hUXjf7mrBVeaaIU=", + "requires": { + "request": "2.x.x" + } + }, "abab": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/abab/-/abab-1.0.4.tgz", @@ -2353,30 +2353,44 @@ } }, "express-session": { - "version": "1.15.6", - "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.15.6.tgz", - "integrity": "sha512-r0nrHTCYtAMrFwZ0kBzZEXa1vtPVrw0dKvGSrKP4dahwBQ1BJpF2/y1Pp4sCD/0kvxV4zZeclyvfmw0B4RMJQA==", + "version": "1.18.2", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz", + "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==", "requires": { - "cookie": "0.3.1", - "cookie-signature": "1.0.6", - "crc": "3.4.4", + "cookie": "0.7.2", + "cookie-signature": "1.0.7", "debug": "2.6.9", - "depd": "~1.1.1", - "on-headers": "~1.0.1", - "parseurl": "~1.3.2", - "uid-safe": "~2.1.5", - "utils-merge": "1.0.1" + "depd": "~2.0.0", + "on-headers": "~1.1.0", + "parseurl": "~1.3.3", + "safe-buffer": "5.2.1", + "uid-safe": "~2.1.5" }, "dependencies": { "cookie": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", - "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=" + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==" }, - "crc": { - "version": "3.4.4", - "resolved": "https://registry.npmjs.org/crc/-/crc-3.4.4.tgz", - "integrity": "sha1-naHpgOO9RPxck79as9ozeNheRms=" + "cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==" + }, + "depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" + }, + "on-headers": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==" + }, + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" }, "uid-safe": { "version": "2.1.5", @@ -2385,11 +2399,6 @@ "requires": { "random-bytes": "~1.0.0" } - }, - "utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" } } }, @@ -2656,6 +2665,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.0.1.tgz", "integrity": "sha1-i1vL2ewyfFBBv5qwI/1nUPEXfmU=", + "devOptional": true, "requires": { "pend": "~1.2.0" } @@ -3077,7 +3087,8 @@ "graceful-fs": { "version": "4.1.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz", - "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=" + "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg=", + "devOptional": true }, "gridfs-stream": { "version": "1.1.1", @@ -3421,6 +3432,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/hasha/-/hasha-2.2.0.tgz", "integrity": "sha1-eNfL/B5tZjA/55g3NlmEUXsvbuE=", + "devOptional": true, "requires": { "is-stream": "^1.0.1", "pinkie-promise": "^2.0.0" @@ -4377,13 +4389,14 @@ "resolved": "https://registry.npmjs.org/json2xlsx/-/json2xlsx-0.1.6.tgz", "integrity": "sha1-yC3cSNN9xVUVRTHGumwiLvSpLYU=", "requires": { - "xlsx": "^0.11.10" + "xlsx": "" } }, "jsonfile": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", + "devOptional": true, "requires": { "graceful-fs": "^4.1.6" } @@ -4442,6 +4455,7 @@ "version": "1.3.1", "resolved": "https://registry.npmjs.org/klaw/-/klaw-1.3.1.tgz", "integrity": "sha1-QIhDO0azsbolnXh4XY6W9zugJDk=", + "devOptional": true, "requires": { "graceful-fs": "^4.1.9" } @@ -5069,7 +5083,8 @@ "minimist": { "version": "0.0.8", "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", - "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=" + "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=", + "devOptional": true }, "mixin-deep": { "version": "1.3.1", @@ -5195,6 +5210,7 @@ "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz", "integrity": "sha1-emNune1O/O+xnO9JR6PGffrukRs=", "dev": true, + "optional": true, "requires": { "hoek": "0.9.x" } @@ -5261,7 +5277,8 @@ "version": "0.9.1", "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz", "integrity": "sha1-PTIkYrrfB3Fup+uFuviAec3c5QU=", - "dev": true + "dev": true, + "optional": true }, "http-signature": { "version": "0.10.1", @@ -6238,9 +6255,9 @@ } }, "parseurl": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", - "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" }, "pascalcase": { "version": "0.1.1", @@ -6537,7 +6554,8 @@ "pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=" + "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", + "devOptional": true }, "performance-now": { "version": "2.1.0", @@ -6886,7 +6904,8 @@ "progress": { "version": "1.1.8", "resolved": "https://registry.npmjs.org/progress/-/progress-1.1.8.tgz", - "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74=" + "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74=", + "devOptional": true }, "promisify-call": { "version": "2.0.4", @@ -7689,7 +7708,8 @@ "source-map": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", - "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=" + "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "devOptional": true }, "source-map-resolve": { "version": "0.5.2", @@ -7831,6 +7851,11 @@ "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz", "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=" }, + "string_decoder": { + "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=" + }, "string-width": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz", @@ -7858,11 +7883,6 @@ } } }, - "string_decoder": { - "version": "0.10.31", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", - "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=" - }, "stringstream": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz", @@ -8315,7 +8335,8 @@ "typedarray": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", - "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=" + "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=", + "devOptional": true }, "uglify-js": { "version": "3.4.8", @@ -8859,8 +8880,8 @@ } }, "xmlBodyParser": { - "version": "git://github.com/ferlores/express-xmlBodyParser.git#a257c1587707bddb04f0c52848833b801b6414e0", - "from": "git://github.com/ferlores/express-xmlBodyParser.git", + "version": "git+ssh://git@github.com/ferlores/express-xmlBodyParser.git#a257c1587707bddb04f0c52848833b801b6414e0", + "from": "xmlBodyParser@git://github.com/ferlores/express-xmlBodyParser.git", "requires": { "xml2js": ">= 0.2.0" } @@ -8917,6 +8938,7 @@ "version": "2.4.1", "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.4.1.tgz", "integrity": "sha1-lSj0QtqxsihOWLQ3m7GU4i4MQAU=", + "devOptional": true, "requires": { "fd-slicer": "~1.0.1" } diff --git a/user-service/package.json b/user-service/package.json index 96ccb867..efe2f76e 100644 --- a/user-service/package.json +++ b/user-service/package.json @@ -32,7 +32,7 @@ "crypto": "0.0.3", "ejs": "^2.4.2", "express": "^4.13.3", - "express-session": "^1.11.3", + "express-session": "^1.18.2", "express-winston": "^3.0.0", "express-xml-bodyparser": "^0.3.0", "express-xml-parser": "^1.0.0",