From 4c05ae586476315453e3837ae8a8b296ebab9cd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Nov 2022 20:31:24 +0000 Subject: [PATCH] Bump ejs and xml-encryption Removes [ejs](https://github.com/mde/ejs). It's no longer used after updating ancestor dependency [xml-encryption](https://github.com/auth0/node-xml-encryption). These dependencies need to be updated together. Removes `ejs` Updates `xml-encryption` from 0.10.0 to 3.0.2 - [Release notes](https://github.com/auth0/node-xml-encryption/releases) - [Commits](https://github.com/auth0/node-xml-encryption/commits) --- updated-dependencies: - dependency-name: ejs dependency-type: indirect - dependency-name: xml-encryption dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 111 +++++++++++++++------------------------------- package.json | 2 +- 2 files changed, 37 insertions(+), 76 deletions(-) diff --git a/package-lock.json b/package-lock.json index 75d5f02..5969a0f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,16 +1,16 @@ { "name": "saml-extension", - "version": "0.0.13", + "version": "0.0.15", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "saml-extension", - "version": "0.0.13", + "version": "0.0.15", "dependencies": { "thumbprint": "0.0.1", "xml-crypto": "^1.5.3", - "xml-encryption": "^0.10.0", + "xml-encryption": "^3.0.2", "xmldom": "^0.6.0", "xpath": "0.0.32" }, @@ -119,11 +119,6 @@ "node": ">= 0.4" } }, - "node_modules/async": { - "version": "0.2.10", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/async/-/async-0.2.10.tgz", - "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" - }, "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/balanced-match/-/balanced-match-1.0.2.tgz", @@ -341,12 +336,6 @@ "node": ">=0.3.1" } }, - "node_modules/ejs": { - "version": "0.8.8", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/ejs/-/ejs-0.8.8.tgz", - "integrity": "sha512-2E5HBH8LoaSQ2OLW2LmEE1/9dL3YZCKqrQXBEeCv9P/dQlZOfdAYvJFHhNZ35uY6AXba+RllQTRtmJmXXm7i7g==", - "deprecated": "Critical security bugs fixed in 2.5.5" - }, "node_modules/emoji-regex": { "version": "7.0.3", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/emoji-regex/-/emoji-regex-7.0.3.tgz", @@ -423,6 +412,11 @@ "node": ">= 0.4" } }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" + }, "node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1007,14 +1001,6 @@ "semver": "^5.7.0" } }, - "node_modules/node-forge": { - "version": "0.6.38", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/node-forge/-/node-forge-0.6.38.tgz", - "integrity": "sha512-CfDWOcD7UbKtOohByAB+vWkJCDKh+YZE09iYs2hzGHjX0e3vfAYoRKJRhwP45t+8Wu69PxaGHj8MV0T4WImaAA==", - "engines": { - "node": "*" - } - }, "node_modules/normalize-path": { "version": "3.0.0", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/normalize-path/-/normalize-path-3.0.0.tgz", @@ -1440,32 +1426,24 @@ } }, "node_modules/xml-encryption": { - "version": "0.10.0", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xml-encryption/-/xml-encryption-0.10.0.tgz", - "integrity": "sha512-UMCkCFCn4nsYSsztRGaNwDl4Meatwb+ljkwEGo4ezvtg2Nv5mlieBlI3EocoVYSZARzvlfbGEy+r1Rqp7hcq6g==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-3.0.2.tgz", + "integrity": "sha512-VxYXPvsWB01/aqVLd6ZMPWZ+qaj0aIdF+cStrVJMcFj3iymwZeI0ABzB3VqMYv48DkSpRhnrXqTUkR34j+UDyg==", "dependencies": { - "async": "~0.2.7", - "ejs": "~0.8.3", - "node-forge": "0.6.38", - "xmldom": "~0.1.15", - "xpath": "0.0.5" - } - }, - "node_modules/xml-encryption/node_modules/xmldom": { - "version": "0.1.31", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xmldom/-/xmldom-0.1.31.tgz", - "integrity": "sha512-yS2uJflVQs6n+CyjHoaBmVSqIDevTAWrzMmjG1Gc7h1qQ7uVozNhEPJAwZXWyGQ/Gafo3fCwrcaokezLPupVyQ==", - "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0", + "@xmldom/xmldom": "^0.8.5", + "escape-html": "^1.0.3", + "xpath": "0.0.32" + }, "engines": { - "node": ">=0.1" + "node": ">=12" } }, - "node_modules/xml-encryption/node_modules/xpath": { - "version": "0.0.5", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xpath/-/xpath-0.0.5.tgz", - "integrity": "sha512-Y1Oyy8lyIDwWpmKIWBF0RZrQOP1fzE12G0ekSB1yzKPtbAdCI5sBCqBU/CAZUkKk81OXuq9tul/5lyNS+22iKg==", + "node_modules/xml-encryption/node_modules/@xmldom/xmldom": { + "version": "0.8.6", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.6.tgz", + "integrity": "sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg==", "engines": { - "node": ">=0.6.0" + "node": ">=10.0.0" } }, "node_modules/xmldom": { @@ -1645,11 +1623,6 @@ "is-string": "^1.0.7" } }, - "async": { - "version": "0.2.10", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/async/-/async-0.2.10.tgz", - "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" - }, "balanced-match": { "version": "1.0.2", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/balanced-match/-/balanced-match-1.0.2.tgz", @@ -1832,11 +1805,6 @@ "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==", "dev": true }, - "ejs": { - "version": "0.8.8", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/ejs/-/ejs-0.8.8.tgz", - "integrity": "sha512-2E5HBH8LoaSQ2OLW2LmEE1/9dL3YZCKqrQXBEeCv9P/dQlZOfdAYvJFHhNZ35uY6AXba+RllQTRtmJmXXm7i7g==" - }, "emoji-regex": { "version": "7.0.3", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/emoji-regex/-/emoji-regex-7.0.3.tgz", @@ -1906,6 +1874,11 @@ "is-symbol": "^1.0.2" } }, + "escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" + }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -2366,11 +2339,6 @@ "semver": "^5.7.0" } }, - "node-forge": { - "version": "0.6.38", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/node-forge/-/node-forge-0.6.38.tgz", - "integrity": "sha512-CfDWOcD7UbKtOohByAB+vWkJCDKh+YZE09iYs2hzGHjX0e3vfAYoRKJRhwP45t+8Wu69PxaGHj8MV0T4WImaAA==" - }, "normalize-path": { "version": "3.0.0", "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/normalize-path/-/normalize-path-3.0.0.tgz", @@ -2716,26 +2684,19 @@ } }, "xml-encryption": { - "version": "0.10.0", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xml-encryption/-/xml-encryption-0.10.0.tgz", - "integrity": "sha512-UMCkCFCn4nsYSsztRGaNwDl4Meatwb+ljkwEGo4ezvtg2Nv5mlieBlI3EocoVYSZARzvlfbGEy+r1Rqp7hcq6g==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-3.0.2.tgz", + "integrity": "sha512-VxYXPvsWB01/aqVLd6ZMPWZ+qaj0aIdF+cStrVJMcFj3iymwZeI0ABzB3VqMYv48DkSpRhnrXqTUkR34j+UDyg==", "requires": { - "async": "~0.2.7", - "ejs": "~0.8.3", - "node-forge": "0.6.38", - "xmldom": "~0.1.15", - "xpath": "0.0.5" + "@xmldom/xmldom": "^0.8.5", + "escape-html": "^1.0.3", + "xpath": "0.0.32" }, "dependencies": { - "xmldom": { - "version": "0.1.31", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xmldom/-/xmldom-0.1.31.tgz", - "integrity": "sha512-yS2uJflVQs6n+CyjHoaBmVSqIDevTAWrzMmjG1Gc7h1qQ7uVozNhEPJAwZXWyGQ/Gafo3fCwrcaokezLPupVyQ==" - }, - "xpath": { - "version": "0.0.5", - "resolved": "https://a0us.jfrog.io/a0us/api/npm/npm/xpath/-/xpath-0.0.5.tgz", - "integrity": "sha512-Y1Oyy8lyIDwWpmKIWBF0RZrQOP1fzE12G0ekSB1yzKPtbAdCI5sBCqBU/CAZUkKk81OXuq9tul/5lyNS+22iKg==" + "@xmldom/xmldom": { + "version": "0.8.6", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.6.tgz", + "integrity": "sha512-uRjjusqpoqfmRkTaNuLJ2VohVr67Q5YwDATW3VU7PfzTj6IRaihGrYI7zckGZjxQPBIp63nfvJbM+Yu5ICh0Bg==" } } }, diff --git a/package.json b/package.json index 10a04c1..f7ef07d 100644 --- a/package.json +++ b/package.json @@ -140,7 +140,7 @@ "dependencies": { "thumbprint": "0.0.1", "xml-crypto": "^1.5.3", - "xml-encryption": "^0.10.0", + "xml-encryption": "^3.0.2", "xmldom": "^0.6.0", "xpath": "0.0.32" }