From 887ef57489e428108c631e48e70870f84583f24a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 2 Feb 2024 19:59:56 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 --- package-lock.json | 302 ++++++++++++++++++++++++++++++++++++++++------ package.json | 2 +- 2 files changed, 267 insertions(+), 37 deletions(-) diff --git a/package-lock.json b/package-lock.json index 01e3dee..9ebf290 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,8 +9,8 @@ "version": "1.3.4", "license": "Apache-2.0", "dependencies": { - "@openintegrationhub/ferryman": "^1.1.5", "@elastic.io/component-commons-library": "1.1.5", + "@openintegrationhub/ferryman": "^1.1.5", "await-lock": "1.1.3", "bluebird": "3.5.3", "co": "4.6.0", @@ -22,7 +22,7 @@ "object-sizeof": "1.3.0", "promised-exec": "1.0.1", "request": "2.88.2", - "request-promise": "4.2.2", + "request-promise": "^4.2.6", "xml2js": "0.4.23" }, "devDependencies": { @@ -216,10 +216,7 @@ "node >=0.10.0" ], "dependencies": { - "dtrace-provider": "~0.8", - "moment": "^2.19.3", - "mv": "~2", - "safe-json-stringify": "~1" + "moment": "^2.19.3" }, "bin": { "bunyan": "bin/bunyan" @@ -289,6 +286,100 @@ "uuid": "bin/uuid" } }, + "node_modules/@openintegrationhub/ferryman": { + "version": "1.7.1", + "resolved": "https://registry.npmjs.org/@openintegrationhub/ferryman/-/ferryman-1.7.1.tgz", + "integrity": "sha512-Jadi+X7TXE2/1uoKRwEx2zeCi6ZjJnX1Dws5dXWvKJwcxGwUpcbofCbj1Iw5MgRpcoNuBYY4WxCB71QO2JwtIA==", + "dependencies": { + "amqplib": "0.8.0", + "bunyan": "1.8.10", + "co": "4.6.0", + "debug": "3.1.0", + "jsonata": "^1.8.3", + "jsonwebtoken": "^8.5.1", + "lodash": "4.17.21", + "p-throttle": "2.1.0", + "promise-toolbox": "0.16.0", + "q": "1.4.1", + "request": "^2.88.0", + "request-promise": "^4.2.5", + "request-promise-native": "1.0.5", + "requestretry": "3.1.0", + "uuid": "3.0.1" + }, + "engines": { + "node": ">=12.13.0" + } + }, + "node_modules/@openintegrationhub/ferryman/node_modules/amqplib": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/amqplib/-/amqplib-0.8.0.tgz", + "integrity": "sha512-icU+a4kkq4Y1PS4NNi+YPDMwdlbFcZ1EZTQT2nigW3fvOb6AOgUQ9+Mk4ue0Zu5cBg/XpDzB40oH10ysrk2dmA==", + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.7.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.2.1", + "url-parse": "~1.5.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@openintegrationhub/ferryman/node_modules/bluebird": { + "version": "3.7.2", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", + "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==" + }, + "node_modules/@openintegrationhub/ferryman/node_modules/bunyan": { + "version": "1.8.10", + "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.10.tgz", + "integrity": "sha512-iV2nK6cceaXowUiLoy3Tywj+xJohIPW8hjqkjvzF7AvZqRv9D/7hICW5Ubgkhv8UYnDxNiZ5L1vFrl/dqgStKw==", + "engines": [ + "node >=0.10.0" + ], + "bin": { + "bunyan": "bin/bunyan" + }, + "optionalDependencies": { + "dtrace-provider": "~0.8", + "moment": "^2.10.6", + "mv": "~2", + "safe-json-stringify": "~1" + } + }, + "node_modules/@openintegrationhub/ferryman/node_modules/jsonata": { + "version": "1.8.6", + "resolved": "https://registry.npmjs.org/jsonata/-/jsonata-1.8.6.tgz", + "integrity": "sha512-ZH2TPYdNP2JecOl/HvrH47Xc+9imibEMQ4YqKy/F/FrM+2a6vfbGxeCX23dB9Fr6uvGwv+ghf1KxWB3iZk09wA==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@openintegrationhub/ferryman/node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, + "node_modules/@openintegrationhub/ferryman/node_modules/url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "dependencies": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" + } + }, + "node_modules/@openintegrationhub/ferryman/node_modules/uuid": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.0.1.tgz", + "integrity": "sha512-tyhM7iisckwwmyHVFcjTzISz/R1ss/bRudNgHFYsgeu7j4JbhRvjE+Hbcpr9y5xh+b+HxeFjuToDT4i9kQNrtA==", + "deprecated": "Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.", + "bin": { + "uuid": "bin/uuid" + } + }, "node_modules/@sinonjs/commons": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.7.2.tgz", @@ -697,10 +788,7 @@ "node >=0.10.0" ], "dependencies": { - "dtrace-provider": "~0.8", - "moment": "^2.10.6", - "mv": "~2", - "safe-json-stringify": "~1" + "moment": "^2.10.6" }, "bin": { "bunyan": "bin/bunyan" @@ -812,7 +900,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.1.1", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -1208,10 +1295,7 @@ "node >=0.10.0" ], "dependencies": { - "dtrace-provider": "~0.8", - "moment": "^2.10.6", - "mv": "~2", - "safe-json-stringify": "~1" + "moment": "^2.10.6" }, "bin": { "bunyan": "bin/bunyan" @@ -2698,6 +2782,11 @@ "node": ">=8" } }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "node_modules/mime-db": { "version": "1.43.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.43.0.tgz", @@ -3678,8 +3767,7 @@ "dependencies": { "async": "^1.4.0", "optimist": "^0.6.1", - "source-map": "^0.4.4", - "uglify-js": "^2.6" + "source-map": "^0.4.4" }, "bin": { "handlebars": "bin/handlebars" @@ -4745,7 +4833,6 @@ "optional": true, "dependencies": { "source-map": "~0.5.1", - "uglify-to-browserify": "~1.0.0", "yargs": "~3.10.0" }, "bin": { @@ -5402,6 +5489,17 @@ "node": ">=0.4.0" } }, + "node_modules/promise-toolbox": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.16.0.tgz", + "integrity": "sha512-Yk+XcOsw/UoqWW5vvKUyw/fWPxnYYxZAxtzGuQb1Eyp6LWWj0aXgMv/apn/lkbcVcFNHytUH7dhGeFXQQUT+bg==", + "dependencies": { + "make-error": "^1.3.2" + }, + "engines": { + "node": ">=4" + } + }, "node_modules/promised-exec": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/promised-exec/-/promised-exec-1.0.1.tgz", @@ -5569,17 +5667,21 @@ } }, "node_modules/request-promise": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/request-promise/-/request-promise-4.2.2.tgz", - "integrity": "sha1-0epG1lSm7k+O5qT+oQGMIpEZBLQ=", + "version": "4.2.6", + "resolved": "https://registry.npmjs.org/request-promise/-/request-promise-4.2.6.tgz", + "integrity": "sha512-HCHI3DJJUakkOr8fNoCc73E5nU5bqITjOYFMDrKHYOXWXrgD/SBaC7LjwuPymUprRyuF06UK7hd/lMHkmUXglQ==", + "deprecated": "request-promise has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142", "dependencies": { "bluebird": "^3.5.0", - "request-promise-core": "1.1.1", - "stealthy-require": "^1.1.0", - "tough-cookie": ">=2.3.3" + "request-promise-core": "1.1.4", + "stealthy-require": "^1.1.1", + "tough-cookie": "^2.3.3" }, "engines": { "node": ">=0.10.0" + }, + "peerDependencies": { + "request": "^2.34" } }, "node_modules/request-promise-core": { @@ -5606,6 +5708,20 @@ "node": ">=0.12.0" } }, + "node_modules/request-promise/node_modules/request-promise-core": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.4.tgz", + "integrity": "sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==", + "dependencies": { + "lodash": "^4.17.19" + }, + "engines": { + "node": ">=0.10.0" + }, + "peerDependencies": { + "request": "^2.34" + } + }, "node_modules/requestretry": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/requestretry/-/requestretry-3.1.0.tgz", @@ -5701,9 +5817,23 @@ } }, "node_modules/safe-buffer": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", - "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==" + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] }, "node_modules/safe-json-stringify": { "version": "1.2.0", @@ -6866,6 +6996,83 @@ } } }, + "@openintegrationhub/ferryman": { + "version": "1.7.1", + "resolved": "https://registry.npmjs.org/@openintegrationhub/ferryman/-/ferryman-1.7.1.tgz", + "integrity": "sha512-Jadi+X7TXE2/1uoKRwEx2zeCi6ZjJnX1Dws5dXWvKJwcxGwUpcbofCbj1Iw5MgRpcoNuBYY4WxCB71QO2JwtIA==", + "requires": { + "amqplib": "0.8.0", + "bunyan": "1.8.10", + "co": "4.6.0", + "debug": "3.1.0", + "jsonata": "^1.8.3", + "jsonwebtoken": "^8.5.1", + "lodash": "4.17.21", + "p-throttle": "2.1.0", + "promise-toolbox": "0.16.0", + "q": "1.4.1", + "request": "^2.88.0", + "request-promise": "^4.2.5", + "request-promise-native": "1.0.5", + "requestretry": "3.1.0", + "uuid": "3.0.1" + }, + "dependencies": { + "amqplib": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/amqplib/-/amqplib-0.8.0.tgz", + "integrity": "sha512-icU+a4kkq4Y1PS4NNi+YPDMwdlbFcZ1EZTQT2nigW3fvOb6AOgUQ9+Mk4ue0Zu5cBg/XpDzB40oH10ysrk2dmA==", + "requires": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.7.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.2.1", + "url-parse": "~1.5.1" + } + }, + "bluebird": { + "version": "3.7.2", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz", + "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==" + }, + "bunyan": { + "version": "1.8.10", + "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.10.tgz", + "integrity": "sha512-iV2nK6cceaXowUiLoy3Tywj+xJohIPW8hjqkjvzF7AvZqRv9D/7hICW5Ubgkhv8UYnDxNiZ5L1vFrl/dqgStKw==", + "requires": { + "dtrace-provider": "~0.8", + "moment": "^2.10.6", + "mv": "~2", + "safe-json-stringify": "~1" + } + }, + "jsonata": { + "version": "1.8.6", + "resolved": "https://registry.npmjs.org/jsonata/-/jsonata-1.8.6.tgz", + "integrity": "sha512-ZH2TPYdNP2JecOl/HvrH47Xc+9imibEMQ4YqKy/F/FrM+2a6vfbGxeCX23dB9Fr6uvGwv+ghf1KxWB3iZk09wA==" + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, + "url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "requires": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" + } + }, + "uuid": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.0.1.tgz", + "integrity": "sha512-tyhM7iisckwwmyHVFcjTzISz/R1ss/bRudNgHFYsgeu7j4JbhRvjE+Hbcpr9y5xh+b+HxeFjuToDT4i9kQNrtA==" + } + } + }, "@sinonjs/commons": { "version": "1.7.2", "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.7.2.tgz", @@ -8836,6 +9043,11 @@ "chalk": "^2.4.2" } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "mime-db": { "version": "1.43.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.43.0.tgz", @@ -10834,6 +11046,14 @@ "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", "dev": true }, + "promise-toolbox": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.16.0.tgz", + "integrity": "sha512-Yk+XcOsw/UoqWW5vvKUyw/fWPxnYYxZAxtzGuQb1Eyp6LWWj0aXgMv/apn/lkbcVcFNHytUH7dhGeFXQQUT+bg==", + "requires": { + "make-error": "^1.3.2" + } + }, "promised-exec": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/promised-exec/-/promised-exec-1.0.1.tgz", @@ -10973,14 +11193,24 @@ } }, "request-promise": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/request-promise/-/request-promise-4.2.2.tgz", - "integrity": "sha1-0epG1lSm7k+O5qT+oQGMIpEZBLQ=", + "version": "4.2.6", + "resolved": "https://registry.npmjs.org/request-promise/-/request-promise-4.2.6.tgz", + "integrity": "sha512-HCHI3DJJUakkOr8fNoCc73E5nU5bqITjOYFMDrKHYOXWXrgD/SBaC7LjwuPymUprRyuF06UK7hd/lMHkmUXglQ==", "requires": { "bluebird": "^3.5.0", - "request-promise-core": "1.1.1", - "stealthy-require": "^1.1.0", - "tough-cookie": ">=2.3.3" + "request-promise-core": "1.1.4", + "stealthy-require": "^1.1.1", + "tough-cookie": "^2.3.3" + }, + "dependencies": { + "request-promise-core": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.4.tgz", + "integrity": "sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==", + "requires": { + "lodash": "^4.17.19" + } + } } }, "request-promise-core": { @@ -11078,9 +11308,9 @@ } }, "safe-buffer": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz", - "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==" + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" }, "safe-json-stringify": { "version": "1.2.0", diff --git a/package.json b/package.json index 01256fb..39991a8 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "object-sizeof": "1.3.0", "promised-exec": "1.0.1", "request": "2.88.2", - "request-promise": "4.2.2", + "request-promise": "4.2.6", "xml2js": "0.4.23" }, "devDependencies": {