From 5a3add87c3d9ce13ebeff40ebff225097b141e0b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Sep 2020 00:34:22 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 --- package-lock.json | 49 +++++++++++++++++++++++++++++++++++++++-------- package.json | 2 +- 2 files changed, 42 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index bad6d31ef7f2..7c3e969ab026 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "Rocket.Chat", - "version": "2.4.0-develop", + "version": "2.5.0-develop", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -14909,7 +14909,8 @@ "ejs": { "version": "2.5.9", "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.9.tgz", - "integrity": "sha512-GJCAeDBKfREgkBtgrYSf9hQy9kTb3helv0zGdzqhM7iAkW8FA/ZF97VQDbwFiwIT8MQLLOe5VlPZOEvZAqtUAQ==" + "integrity": "sha512-GJCAeDBKfREgkBtgrYSf9hQy9kTb3helv0zGdzqhM7iAkW8FA/ZF97VQDbwFiwIT8MQLLOe5VlPZOEvZAqtUAQ==", + "dev": true }, "electron-to-chromium": { "version": "1.3.241", @@ -19039,6 +19040,18 @@ "hoek": "2.x.x", "joi": "6.x.x", "wreck": "5.x.x" + }, + "dependencies": { + "wreck": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/wreck/-/wreck-5.6.1.tgz", + "integrity": "sha1-r/ADBAATiJ11YZtccYcN0qjdBpo=", + "dev": true, + "requires": { + "boom": "2.x.x", + "hoek": "2.x.x" + } + } } }, "heavy": { @@ -19050,6 +19063,20 @@ "boom": "2.x.x", "hoek": "2.x.x", "joi": "5.x.x" + }, + "dependencies": { + "joi": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/joi/-/joi-5.1.0.tgz", + "integrity": "sha1-FSrQfbjunGQBmX/1/SwSiWBwv1g=", + "dev": true, + "requires": { + "hoek": "^2.2.x", + "isemail": "1.x.x", + "moment": "2.x.x", + "topo": "1.x.x" + } + } } }, "hoek": { @@ -32178,15 +32205,21 @@ } }, "xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.2.1.tgz", + "integrity": "sha512-hn5w3l5p2+nGjlmM0CAhMChDzVGhW+M37jH35Z+GJIipXbn9PUlAIRZ6I5Wm7ynlqZjFrMAr83d/CIp9VZJMTA==", "requires": { - "async": "^2.1.5", - "ejs": "^2.5.6", - "node-forge": "^0.7.0", + "escape-html": "^1.0.3", + "node-forge": "^0.10.0", "xmldom": "~0.1.15", "xpath": "0.0.27" + }, + "dependencies": { + "node-forge": { + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", + "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==" + } } }, "xml-name-validator": { diff --git a/package.json b/package.json index 82625d5d864d..8fb29baf6d4e 100644 --- a/package.json +++ b/package.json @@ -217,7 +217,7 @@ "webdav": "^2.10.0", "wolfy87-eventemitter": "^5.2.5", "xml-crypto": "^1.0.2", - "xml-encryption": "0.11.2", + "xml-encryption": "1.2.1", "xml2js": "0.4.19", "xmlbuilder": "^10.1.1", "xmldom": "^0.1.27",