Skip to content

Commit

Permalink
[Snyk] Security upgrade express from 4.18.2 to 4.19.2 (#1000)
Browse files Browse the repository at this point in the history
* fix: libraries/hermes/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509

* chore: yarn.lock

---------

Co-authored-by: snyk-bot <[email protected]>
  • Loading branch information
kkopanidis and snyk-bot authored Mar 27, 2024
1 parent 535cb9e commit 8410024
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 2 deletions.
2 changes: 1 addition & 1 deletion libraries/hermes/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
"debug": "~4.3.4",
"deep-object-diff": "^1.1.9",
"deepdash-es": "^5.3.9",
"express": "~4.18.2",
"express": "~4.19.2",
"express-winston": "^4.2.0",
"graphql": "^16.8.1",
"graphql-parse-resolve-info": "^4.13.0",
Expand Down
44 changes: 43 additions & 1 deletion yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -5208,7 +5208,7 @@ [email protected]:
type-is "~1.6.18"
unpipe "1.0.0"

body-parser@^1.20.0, body-parser@^1.20.2:
body-parser@1.20.2, body-parser@^1.20.0, body-parser@^1.20.2:
version "1.20.2"
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.2.tgz#6feb0e21c4724d06de7ff38da36dad4f57a747fd"
integrity sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==
Expand Down Expand Up @@ -6180,6 +6180,11 @@ [email protected]:
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==

[email protected]:
version "0.6.0"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==

cookie@~0.4.1:
version "0.4.2"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
Expand Down Expand Up @@ -7095,6 +7100,43 @@ express@^4.17.1, express@^4.18.2, express@~4.18.2:
utils-merge "1.0.1"
vary "~1.1.2"

express@~4.19.2:
version "4.19.2"
resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465"
integrity sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==
dependencies:
accepts "~1.3.8"
array-flatten "1.1.1"
body-parser "1.20.2"
content-disposition "0.5.4"
content-type "~1.0.4"
cookie "0.6.0"
cookie-signature "1.0.6"
debug "2.6.9"
depd "2.0.0"
encodeurl "~1.0.2"
escape-html "~1.0.3"
etag "~1.8.1"
finalhandler "1.2.0"
fresh "0.5.2"
http-errors "2.0.0"
merge-descriptors "1.0.1"
methods "~1.1.2"
on-finished "2.4.1"
parseurl "~1.3.3"
path-to-regexp "0.1.7"
proxy-addr "~2.0.7"
qs "6.11.0"
range-parser "~1.2.1"
safe-buffer "5.2.1"
send "0.18.0"
serve-static "1.15.0"
setprototypeof "1.2.0"
statuses "2.0.1"
type-is "~1.6.18"
utils-merge "1.0.1"
vary "~1.1.2"

extend-shallow@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
Expand Down

0 comments on commit 8410024

Please sign in to comment.