Skip to content

Commit

Permalink
chore: update scalar & cookie-parser to fix 1 vulnerabilities (#1188)
Browse files Browse the repository at this point in the history
* fix: libraries/hermes/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060

* chore: update yarn.lock

---------

Co-authored-by: snyk-bot <[email protected]>
  • Loading branch information
kkopanidis and snyk-bot authored Oct 21, 2024
1 parent 3e6834c commit 276e743
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 22 deletions.
6 changes: 3 additions & 3 deletions libraries/hermes/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@
"@grpc/grpc-js": "^1.10.9",
"@grpc/proto-loader": "^0.7.6",
"@scalar/api-reference": "^1.25.9",
"@scalar/express-api-reference": "^0.4.149",
"@scalar/express-api-reference": "^0.4.157",
"@socket.io/redis-adapter": "^8.3.0",
"@types/object-hash": "^3.0.6",
"@types/swagger-ui-express": "^4.1.6",
"body-parser": "^1.20.3",
"cookie-parser": "~1.4.6",
"cookie-parser": "~1.4.7",
"cors": "^2.8.5",
"debug": "~4.3.4",
"deep-object-diff": "^1.1.9",
"deepdash-es": "^5.3.9",
"express": "~4.20.0",
"express": "~4.21.1",
"express-winston": "^4.2.0",
"graphql": "^16.8.1",
"graphql-parse-resolve-info": "^4.13.0",
Expand Down
50 changes: 31 additions & 19 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -3744,7 +3744,7 @@
whatwg-mimetype "^4.0.0"
zod "^3.22.4"

"@scalar/api-reference@1.25.10", "@scalar/api-reference@^1.25.9":
"@scalar/api-reference@^1.25.9":
version "1.25.10"
resolved "https://registry.yarnpkg.com/@scalar/api-reference/-/api-reference-1.25.10.tgz#62f67cd16f021590f7bbb32c6729b0aab5d3f9cd"
integrity sha512-rt774ox6itGtAHRPqcoQzgwO+WBQ118q4LB7yffFsp1S3QO2LH1VsydD4Mkudqu3OdRStkkCZshdh3OP+wuQKw==
Expand Down Expand Up @@ -3820,13 +3820,12 @@
dependencies:
vue "^3.4.29"

"@scalar/express-api-reference@^0.4.149":
version "0.4.149"
resolved "https://registry.yarnpkg.com/@scalar/express-api-reference/-/express-api-reference-0.4.149.tgz#b40e9c1300d3004a305072a0cc9abeda064feb24"
integrity sha512-FtP2762K9SzByAuDOa8lh6BnTbc1KWGhwy1PCVNsfc6HOO7mhybRVu5pM65YzhZci8FQK1lSccC/FZ5A6dmg+Q==
"@scalar/express-api-reference@^0.4.157":
version "0.4.165"
resolved "https://registry.yarnpkg.com/@scalar/express-api-reference/-/express-api-reference-0.4.165.tgz#cf7fb69999ee73776817a7dc49515e84ba432b99"
integrity sha512-Bpam2htoq6Oq+vlW05qlEyw1libyoA2i44DwN+1gHH9s6toydEIkFdlAS00gor+3WwN+ogdBeAyfJDZlqUj7Bw==
dependencies:
"@scalar/api-reference" "1.25.10"
express "^4.19.2"
"@scalar/types" "0.0.17"

"@scalar/[email protected]":
version "0.2.42"
Expand Down Expand Up @@ -3867,6 +3866,11 @@
resolved "https://registry.yarnpkg.com/@scalar/openapi-types/-/openapi-types-0.1.0.tgz#d331ead80793587a753cc8754616b4c235eea3d7"
integrity sha512-UxyIkRqC2rbvQJhenA+KdgAbLNUPjqI5CHhZmTuxiv7De9ZJLRVTQCa0JxNqSJ/b51VKpqZ/pDLvjbQpxGFWcA==

"@scalar/[email protected]":
version "0.1.4"
resolved "https://registry.yarnpkg.com/@scalar/openapi-types/-/openapi-types-0.1.4.tgz#11b6bf90dc847f6925d3e437b834e42e84213025"
integrity sha512-+wRXgmqzgDnj8Dxqf4OOPMPo4or/LRd1Bsy4pnrIW0yBt8rKSdtBb+jH/aRnhgDDmKVjWxJ+KFk7WlSKvZwNTw==

"@scalar/[email protected]":
version "0.2.2"
resolved "https://registry.yarnpkg.com/@scalar/snippetz/-/snippetz-0.2.2.tgz#bd0fa581b4e8c0b83cf6935ca206b07724e97d31"
Expand All @@ -3877,6 +3881,14 @@
resolved "https://registry.yarnpkg.com/@scalar/themes/-/themes-0.9.28.tgz#a63de14eb9b3d463fbcd6783fe51367172ca7ae3"
integrity sha512-2pFGnjSBL2daPA5roRNRDy8xAHpeTI5QYpfyTj88iIaYT68EVnDUheUA2i3vRB705FCGEbDR0xKD7poTSfAYng==

"@scalar/[email protected]":
version "0.0.17"
resolved "https://registry.yarnpkg.com/@scalar/types/-/types-0.0.17.tgz#f44c34a14ec27ab1d704d989ada8568796e96a7a"
integrity sha512-wUrvNnYFMULsHENX/9TP3oyECRTtZsP06mOZU+RlWg9sRtzWVTjlBCahkgUETL93J+Bz2RLFSKVgPyNN4fpIpA==
dependencies:
"@scalar/openapi-types" "0.1.4"
"@unhead/schema" "^1.9.5"

"@scalar/[email protected]":
version "0.0.7"
resolved "https://registry.yarnpkg.com/@scalar/types/-/types-0.0.7.tgz#838879400085f963576de7bf45d9ec5dbde71825"
Expand Down Expand Up @@ -7047,24 +7059,19 @@ convict@^6.2.4:
lodash.clonedeep "^4.5.0"
yargs-parser "^20.2.7"

cookie-parser@~1.4.6:
version "1.4.6"
resolved "https://registry.yarnpkg.com/cookie-parser/-/cookie-parser-1.4.6.tgz#3ac3a7d35a7a03bbc7e365073a26074824214594"
integrity sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==
cookie-parser@~1.4.7:
version "1.4.7"
resolved "https://registry.yarnpkg.com/cookie-parser/-/cookie-parser-1.4.7.tgz#e2125635dfd766888ffe90d60c286404fa0e7b26"
integrity sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==
dependencies:
cookie "0.4.1"
cookie "0.7.2"
cookie-signature "1.0.6"

[email protected]:
version "1.0.6"
resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==

[email protected]:
version "0.4.1"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==

[email protected]:
version "0.6.0"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
Expand All @@ -7075,6 +7082,11 @@ [email protected]:
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9"
integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==

[email protected]:
version "0.7.2"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7"
integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==

cookie@~0.4.1:
version "0.4.2"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
Expand Down Expand Up @@ -8046,7 +8058,7 @@ express-winston@^4.2.0:
chalk "^2.4.2"
lodash "^4.17.21"

express@^4.17.1, express@^4.19.2:
express@^4.17.1:
version "4.21.0"
resolved "https://registry.yarnpkg.com/express/-/express-4.21.0.tgz#d57cb706d49623d4ac27833f1cbc466b668eb915"
integrity sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==
Expand Down Expand Up @@ -8120,7 +8132,7 @@ express@^4.20.0, express@~4.20.0:
utils-merge "1.0.1"
vary "~1.1.2"

express@^4.21.1:
express@^4.21.1, express@~4.21.1:
version "4.21.1"
resolved "https://registry.yarnpkg.com/express/-/express-4.21.1.tgz#9dae5dda832f16b4eec941a4e44aa89ec481b281"
integrity sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==
Expand Down

0 comments on commit 276e743

Please sign in to comment.