From 35115bd9efd54a9ef040951b04fe0dbde0f850a5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 3 Apr 2025 08:32:50 +0000 Subject: [PATCH] fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IMAGESIZE-9634164 --- backend/package-lock.json | 89 ++++++++++++++++++++++----------------- backend/package.json | 2 +- 2 files changed, 51 insertions(+), 40 deletions(-) diff --git a/backend/package-lock.json b/backend/package-lock.json index a814cfa3..b4f51f8d 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -8,41 +8,41 @@ "name": "auditforge-backend", "version": "0.0.1", "dependencies": { - "angular-expressions": "^1.2.1", - "bcrypt": "^5.1.1", - "body-parser": "^1.20.2", - "cookie-parser": "^1.4.6", - "docx": "^7.8.2", - "docx-templates": "^4.13.0", - "docxtemplater": "^3.50.0", + "angular-expressions": "1.2.1", + "bcrypt": "5.1.1", + "body-parser": "1.20.2", + "cookie-parser": "1.4.6", + "docx": "7.8.2", + "docx-templates": "4.13.0", + "docxtemplater": "3.50.0", "docxtemplater-image-module-pwndoc": "github:pwndoc/docxtemplater-image-module-pwndoc", - "express": "^4.19.2", - "full-icu": "^1.5.0", - "htmlparser2": "^9.1.0", - "http": "^0.0.1-security", - "image-size": "^1.1.1", - "js-yaml": "^4.1.0", - "json2csv": "^6.0.0-alpha.2", - "jsonwebtoken": "^9.0.2", - "libreoffice-convert": "^1.3.2", - "lodash": "^4.17.21", - "mongoose": "^8.6.1", - "muhammara": "^5.0.1", - "otpauth": "^9.3.2", - "pizzip": "^3.1.7", - "qrcode": "^1.5.4", - "socket.io": "^4.7.5", - "swagger-autogen": "^2.23.7", - "uuid": "^10.0.0", - "winston": "^3.14.2", - "xml": "^1.0.1" + "express": "4.19.2", + "full-icu": "1.5.0", + "htmlparser2": "9.1.0", + "http": "0.0.1-security", + "image-size": "^1.2.1", + "js-yaml": "4.1.0", + "json2csv": "6.0.0-alpha.2", + "jsonwebtoken": "9.0.2", + "libreoffice-convert": "1.3.2", + "lodash": "4.17.21", + "mongoose": "8.6.1", + "muhammara": "5.0.1", + "otpauth": "9.3.2", + "pizzip": "3.1.7", + "qrcode": "1.5.4", + "socket.io": "4.7.5", + "swagger-autogen": "2.23.7", + "uuid": "10.0.0", + "winston": "3.14.2", + "xml": "1.0.1" }, "devDependencies": { - "@babel/core": "^7.25.2", - "@babel/preset-env": "^7.25.4", - "jest": "^29.7.0", - "nodemon": "^3.1.4", - "supertest": "^7.0.0" + "@babel/core": "7.25.2", + "@babel/preset-env": "7.25.4", + "jest": "29.7.0", + "nodemon": "3.1.4", + "supertest": "7.0.0" } }, "node_modules/@ampproject/remapping": { @@ -4528,9 +4528,10 @@ "dev": true }, "node_modules/image-size": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.1.1.tgz", - "integrity": "sha512-541xKlUw6jr/6gGuk92F+mYM5zaFAc5ahphvkqvNe2bQ6gVBkd6bfrmVJ2t4KDAfikAYZyIqTnktX3i6/aQDrQ==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.2.1.tgz", + "integrity": "sha512-rH+46sQJ2dlwfjfhCyNx5thzrv+dtmBIhPHk0zgRUukHzZ/kRueTJXoYYsclBaKcSMBWuGbOFXtioLpzTb5euw==", + "license": "MIT", "dependencies": { "queue": "6.0.2" }, @@ -6187,17 +6188,27 @@ } }, "node_modules/libreoffice-convert": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/libreoffice-convert/-/libreoffice-convert-1.6.0.tgz", - "integrity": "sha512-hb8EaqIBYnwXAOYeqjVA1JysOGI1QwzUvf0qSgLtH7Rnc9mZxGNB5IBxVO81FvAA1Hj+/6ItdeEwAV/sGgid1Q==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/libreoffice-convert/-/libreoffice-convert-1.3.2.tgz", + "integrity": "sha512-NbBkcSKeUoXKtk2X7RElb9j3S//qJaON+urxX4A53iiKymStlEazxLNDLkvIzCXldqU9DxHDHHC9+TZAOEOqGA==", + "license": "MIT", "dependencies": { - "async": "^3.2.3", + "async": "^2.6.2", "tmp": "^0.2.1" }, "engines": { "node": ">=6" } }, + "node_modules/libreoffice-convert/node_modules/async": { + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz", + "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==", + "license": "MIT", + "dependencies": { + "lodash": "^4.17.14" + } + }, "node_modules/lie": { "version": "3.3.0", "resolved": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", diff --git a/backend/package.json b/backend/package.json index 00a5b737..83dad9ce 100644 --- a/backend/package.json +++ b/backend/package.json @@ -31,7 +31,7 @@ "full-icu": "1.5.0", "htmlparser2": "9.1.0", "http": "0.0.1-security", - "image-size": "1.1.1", + "image-size": "1.2.1", "js-yaml": "4.1.0", "json2csv": "6.0.0-alpha.2", "jsonwebtoken": "9.0.2",