From 17da2e78117e01edefed1526554f50b3f163f642 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 15 Aug 2024 07:50:02 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-7361793 --- package-lock.json | 88 +++++++++++++++++++++++++++++------------------ package.json | 2 +- 2 files changed, 55 insertions(+), 35 deletions(-) diff --git a/package-lock.json b/package-lock.json index 82b5002..8e371f9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "dependencies": { "@govtechsg/dnsprove": "^2.7.1", "@govtechsg/oa-encryption": "^1.3.5", - "@govtechsg/oa-verify": "^9.3.0-beta.2", + "@govtechsg/oa-verify": "^9.3.0", "@govtechsg/open-attestation": "^6.10.0-beta.4", "react": "^18.2.0", "react-dom": "^18.2.0", @@ -3263,11 +3263,12 @@ } }, "node_modules/@govtechsg/dnsprove": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/@govtechsg/dnsprove/-/dnsprove-2.7.1.tgz", - "integrity": "sha512-OtDPQWfWzoLN09B8NM0Noya82AJ1M+kValqbKbMABN0GeRHgoNoGaeMvsh7oVT7pfGFMe7mwAskEQ4o1QF7H6w==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@govtechsg/dnsprove/-/dnsprove-2.8.0.tgz", + "integrity": "sha512-QfusJBiKnw1kdOEAW1TgdwpU29Fq1sEwtWWz8UkgkZJbqZJE9cm6mraah3VoDCTe2ljzJd/Tjx0sC2zl421cJQ==", + "license": "Apache-2.0", "dependencies": { - "axios": "^0.21.1", + "axios": "^1.6.3", "debug": "^4.3.1", "runtypes": "^6.7.0" } @@ -3296,12 +3297,13 @@ } }, "node_modules/@govtechsg/oa-verify": { - "version": "9.3.0-beta.2", - "resolved": "https://registry.npmjs.org/@govtechsg/oa-verify/-/oa-verify-9.3.0-beta.2.tgz", - "integrity": "sha512-otsAVhD2RTo9JXZtXcfcddiTz64Ce5ehr1zcIbvRrh29WQi6CxPvUa6DX7oiMuI7+frrL0hu4LFRrxqScewP2Q==", + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/@govtechsg/oa-verify/-/oa-verify-9.3.0.tgz", + "integrity": "sha512-FBlwjbZ2z39cy1Chuzc9GUbAzFgVW0pxEGM8A+Z4pNf01KQJ5ml1U7a8o6b+UMHwLG5/xOCl5N12o0/WUyABUQ==", + "license": "Apache-2.0", "dependencies": { - "@govtechsg/dnsprove": "^2.6.2", - "@govtechsg/open-attestation": "^6.10.0-beta.3", + "@govtechsg/dnsprove": "^2.8.0", + "@govtechsg/open-attestation": "^6.9.0", "axios": "^1.6.2", "debug": "^4.3.1", "did-resolver": "^4.1.0", @@ -3312,27 +3314,28 @@ "web-did-resolver": "^2.0.27" } }, - "node_modules/@govtechsg/oa-verify/node_modules/axios": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", - "integrity": "sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==", - "dependencies": { - "follow-redirects": "^1.15.6", - "form-data": "^4.0.0", - "proxy-from-env": "^1.1.0" - } - }, - "node_modules/@govtechsg/oa-verify/node_modules/form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "node_modules/@govtechsg/oa-verify/node_modules/@govtechsg/open-attestation": { + "version": "6.9.5", + "resolved": "https://registry.npmjs.org/@govtechsg/open-attestation/-/open-attestation-6.9.5.tgz", + "integrity": "sha512-idORp5t8RcV/Fz3BCl67zAX7DcuJWlwn7Wt4NsIIWWdD1K8qSsUmeLfqfTcGHqbplwQPZ2eUFIqX9mTAd9m3NA==", + "hasInstallScript": true, + "license": "Apache-2.0", "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" + "@ethersproject/abstract-signer": "^5.7.0", + "@ethersproject/bytes": "^5.7.0", + "@ethersproject/logger": "^5.7.0", + "@ethersproject/wallet": "^5.7.0", + "@govtechsg/jsonld": "^0.1.0", + "ajv-formats": "^2.1.1", + "cross-fetch": "^3.1.5", + "debug": "^4.3.2", + "flatley": "^5.2.0", + "js-base64": "^3.6.1", + "js-sha3": "^0.8.0", + "lodash": "^4.17.21", + "runtypes": "^6.3.2", + "uuid": "^8.3.2", + "validator": "^13.7.0" } }, "node_modules/@govtechsg/open-attestation": { @@ -6389,11 +6392,28 @@ } }, "node_modules/axios": { - "version": "0.21.4", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", - "integrity": "sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.14.0" + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/axios/node_modules/form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" } }, "node_modules/axobject-query": { diff --git a/package.json b/package.json index d2ba9c7..027ed4d 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "dependencies": { "@govtechsg/dnsprove": "^2.7.1", "@govtechsg/oa-encryption": "^1.3.5", - "@govtechsg/oa-verify": "^9.3.0-beta.2", + "@govtechsg/oa-verify": "^9.3.0", "@govtechsg/open-attestation": "^6.10.0-beta.4", "react": "^18.2.0", "react-dom": "^18.2.0",