From db0d82f962964d56f5422c446c832d7f34a86f4a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 4 Nov 2023 07:29:40 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 --- package-lock.json | 106 ++++++++++++++++++++++++++++------------------ package.json | 2 +- 2 files changed, 66 insertions(+), 42 deletions(-) diff --git a/package-lock.json b/package-lock.json index 41357e1f..52e8724d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1922,15 +1922,15 @@ } }, "@govtechsg/oa-verify": { - "version": "7.11.0", - "resolved": "https://registry.npmjs.org/@govtechsg/oa-verify/-/oa-verify-7.11.0.tgz", - "integrity": "sha512-Yv2xzzseQGp63cHVe7fDpGqoayHm33CMS47rzc6hXQcn0F6uT0n+hQKl6o5I3EQAnIvRxLRNzC2aydvlAAYriQ==", + "version": "8.2.2", + "resolved": "https://registry.npmjs.org/@govtechsg/oa-verify/-/oa-verify-8.2.2.tgz", + "integrity": "sha512-046//QC/oTfIXFSOCgEXZiEPr8sBZzslxDkh3H2WWaPNbePXDUuI8ohdjdGB7ThcYmh2AGN7CPhrxo/5EWUCmA==", "requires": { - "@govtechsg/dnsprove": "^2.5.0", + "@govtechsg/dnsprove": "^2.6.1", "@govtechsg/document-store": "^2.2.3", "@govtechsg/open-attestation": "^6.2.0", - "@govtechsg/token-registry": "^2.5.3", - "axios": "^0.21.4", + "@govtechsg/token-registry": "^4.1.7", + "axios": "^1.6.0", "debug": "^4.3.1", "did-resolver": "^3.1.0", "ethers": "^5.1.4", @@ -1941,26 +1941,50 @@ }, "dependencies": { "@govtechsg/dnsprove": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@govtechsg/dnsprove/-/dnsprove-2.5.0.tgz", - "integrity": "sha512-aUrLPF1DeydxKRJsLW++vQoTGXkUoP8zbHwaUU63vFar7pBZ/1UIWr/QJlYGmyVgZ++eQlHeKaiC+Zp3ix2Qag==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/@govtechsg/dnsprove/-/dnsprove-2.6.1.tgz", + "integrity": "sha512-ALLe3EC9ix6ZsMIHgRRLdVYMC35yRShG8sRXb73D4bvw60Yz/pT/Y3e9w40KqG8HMMChvJaEMV6uQi6GR7Jwmw==", "requires": { "axios": "^0.21.1", "debug": "^4.3.1", "runtypes": "^6.3.0" + }, + "dependencies": { + "axios": { + "version": "0.21.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==", + "requires": { + "follow-redirects": "^1.14.0" + } + } } }, - "@govtechsg/token-registry": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/@govtechsg/token-registry/-/token-registry-2.6.1.tgz", - "integrity": "sha512-QnAIlYeGD4zHtYPiZ46SIe6hFc3HyMKvyBJIdlsFxHscMR4f8AENIyUS2AKhqJibCcN2beNJy/bPWlCAtHoT7w==" - }, "axios": { - "version": "0.21.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", - "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "requires": { - "follow-redirects": "^1.14.0" + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + }, + "dependencies": { + "follow-redirects": { + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==" + } + } + }, + "form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" } } } @@ -3832,8 +3856,7 @@ "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=", - "dev": true + "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" }, "at-least-node": { "version": "1.0.0", @@ -4656,7 +4679,7 @@ "clone": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz", - "integrity": "sha1-G39Ln1kfHo+DZwQBYANFoCiHQ18=" + "integrity": "sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==" }, "cmd-shim": { "version": "4.1.0", @@ -4751,7 +4774,6 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dev": true, "requires": { "delayed-stream": "~1.0.0" } @@ -5511,8 +5533,7 @@ "delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=", - "dev": true + "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" }, "delegates": { "version": "1.0.0", @@ -9763,14 +9784,12 @@ "mime-db": { "version": "1.48.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz", - "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==", - "dev": true + "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==" }, "mime-types": { "version": "2.1.31", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz", "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==", - "dev": true, "requires": { "mime-db": "1.48.0" } @@ -11387,6 +11406,11 @@ "read": "1" } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "proxyquire": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/proxyquire/-/proxyquire-2.1.3.tgz", @@ -14095,31 +14119,31 @@ } }, "web-did-resolver": { - "version": "2.0.20", - "resolved": "https://registry.npmjs.org/web-did-resolver/-/web-did-resolver-2.0.20.tgz", - "integrity": "sha512-qGcrm01B+ytCZUYhxH0mGOk0Ldf67kXUXLsNth6F3sx3fhUKNSIE8D+MnMFRugQm7j87mDHqUTDLmW9c90g3nw==", + "version": "2.0.27", + "resolved": "https://registry.npmjs.org/web-did-resolver/-/web-did-resolver-2.0.27.tgz", + "integrity": "sha512-YxQlNdeYBXLhVpMW62+TPlc6sSOiWyBYq7DNvY6FXmXOD9g0zLeShpq2uCKFFQV/WlSrBi/yebK/W5lMTDxMUQ==", "requires": { - "cross-fetch": "^3.1.5", + "cross-fetch": "^4.0.0", "did-resolver": "^4.0.0" }, "dependencies": { "cross-fetch": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz", - "integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.0.0.tgz", + "integrity": "sha512-e4a5N8lVvuLgAWgnCrLr2PP0YyDOTHa9H/Rj54dirp61qXnNq46m82bRhNqIA5VccJtWBvPTFRV3TtvHUKPB1g==", "requires": { - "node-fetch": "2.6.7" + "node-fetch": "^2.6.12" } }, "did-resolver": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/did-resolver/-/did-resolver-4.0.0.tgz", - "integrity": "sha512-/roxrDr9EnAmLs+s9T+8+gcpilMo+IkeytcsGO7dcxvTmVJ+0Rt60HtV8o0UXHhGBo0Q+paMH/0ffXz1rqGFYg==" + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/did-resolver/-/did-resolver-4.1.0.tgz", + "integrity": "sha512-S6fWHvCXkZg2IhS4RcVHxwuyVejPR7c+a4Go0xbQ9ps5kILa8viiYQgrM4gfTyeTjJ0ekgJH9gk/BawTpmkbZA==" }, "node-fetch": { - "version": "2.6.7", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", - "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", "requires": { "whatwg-url": "^5.0.0" } diff --git a/package.json b/package.json index 341ed573..2692eb97 100644 --- a/package.json +++ b/package.json @@ -72,7 +72,7 @@ "@govtechsg/dnsprove": "^2.3.0", "@govtechsg/document-store": "^2.6.1", "@govtechsg/oa-encryption": "^1.3.3", - "@govtechsg/oa-verify": "^7.11.0", + "@govtechsg/oa-verify": "^8.2.2", "@govtechsg/open-attestation": "^6.4.1", "@govtechsg/token-registry": "^4.1.7", "@govtechsg/tradetrust-config": "^1.5.1",