From b65dd373c14f15fde798fddea16bf3e9a422ce74 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 15 Feb 2025 07:50:28 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-8722251 --- package-lock.json | 19 ++++++++++++++----- package.json | 2 +- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8e147b4..8423064 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4,6 +4,12 @@ "lockfileVersion": 1, "requires": true, "dependencies": { + "@types/trusted-types": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "optional": true + }, "abab": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.3.tgz", @@ -322,9 +328,12 @@ } }, "dompurify": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.0.17.tgz", - "integrity": "sha512-nNwwJfW55r8akD8MSFz6k75bzyT2y6JEa1O3JrZFBf+Y5R9JXXU4OsRl0B9hKoPgHTw2b7ER5yJ5Md97MMUJPg==" + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz", + "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==", + "requires": { + "@types/trusted-types": "^2.0.7" + } }, "ecc-jsbn": { "version": "0.1.2", @@ -909,8 +918,8 @@ } }, "readability": { - "version": "git+https://github.com/mozilla/readability.git#60f470c4bb618a7987d5701b1228ec5ff49f2773", - "from": "git+https://github.com/mozilla/readability.git#60f470c4" + "version": "git+ssh://git@github.com/mozilla/readability.git#60f470c4bb618a7987d5701b1228ec5ff49f2773", + "from": "readability@https://github.com/mozilla/readability#52ab9b5" }, "readable-stream": { "version": "3.6.0", diff --git a/package.json b/package.json index f558975..2d964d6 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "axios": "^0.21.1", "readability": "https://github.com/mozilla/readability#52ab9b5", "body-parser": "^1.19.0", - "dompurify": "^2.0.17", + "dompurify": "^3.2.4", "jsdom": "^15.1.1", "log-timestamp": "^0.3.0", "winston": "^3.2.1"