From 9824b8971e4fed8ad2776fc633badd3b752256d8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 30 Nov 2024 06:57:43 +0000 Subject: [PATCH] fix: greeting-service/package.json & greeting-service/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6671926 --- greeting-service/package-lock.json | 36 ++++++++++++++++-------------- greeting-service/package.json | 2 +- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/greeting-service/package-lock.json b/greeting-service/package-lock.json index c3da2eb..4c60f0e 100644 --- a/greeting-service/package-lock.json +++ b/greeting-service/package-lock.json @@ -18,9 +18,9 @@ "@opentelemetry/sdk-trace-base": "^1.7.0", "@opentelemetry/sdk-trace-node": "^1.7.0", "@opentelemetry/semantic-conventions": "^1.7.0", - "axios": "^1.0.0", + "axios": "^1.7.8", "body-parser": "~1.20.0", - "express": "^4.18.2", + "express": "~4.18.2", "infinispan": "~0.9.0" }, "devDependencies": { @@ -34,7 +34,7 @@ "nodeshift": "~8.7.0", "nyc": "~15.1.0", "proxyquire": "~2.1.3", - "supertest": "^6.3.0" + "supertest": "~6.3.0" } }, "node_modules/@babel/compat-data": { @@ -1493,11 +1493,12 @@ "dev": true }, "node_modules/axios": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.0.0.tgz", - "integrity": "sha512-SsHsGFN1qNPFT5QhSoSD37SHDfGyLSW5AESmyLk2JeCMHv5g0I9g0Hz/zQHx2KNe0jGXh2q2hAm7OdkXm360CA==", + "version": "1.7.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.8.tgz", + "integrity": "sha512-Uu0wb7KNqK2t5K+YQyVCLM76prD5sRFjKHbJYCP1J7JFGEQ6nN7HWn9+04LAeiJ3ji54lgS/gZCH1oxyrf1SPw==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -3213,15 +3214,16 @@ "dev": true }, "node_modules/follow-redirects": { - "version": "1.15.1", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz", - "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==", + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -8384,11 +8386,11 @@ "dev": true }, "axios": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.0.0.tgz", - "integrity": "sha512-SsHsGFN1qNPFT5QhSoSD37SHDfGyLSW5AESmyLk2JeCMHv5g0I9g0Hz/zQHx2KNe0jGXh2q2hAm7OdkXm360CA==", + "version": "1.7.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.8.tgz", + "integrity": "sha512-Uu0wb7KNqK2t5K+YQyVCLM76prD5sRFjKHbJYCP1J7JFGEQ6nN7HWn9+04LAeiJ3ji54lgS/gZCH1oxyrf1SPw==", "requires": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -9680,9 +9682,9 @@ "dev": true }, "follow-redirects": { - "version": "1.15.1", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz", - "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==" + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==" }, "foreground-child": { "version": "2.0.0", diff --git a/greeting-service/package.json b/greeting-service/package.json index d1cd36e..ec3b1ad 100644 --- a/greeting-service/package.json +++ b/greeting-service/package.json @@ -52,7 +52,7 @@ "@opentelemetry/sdk-trace-base": "^1.7.0", "@opentelemetry/sdk-trace-node": "^1.7.0", "@opentelemetry/semantic-conventions": "^1.7.0", - "axios": "^1.0.0", + "axios": "^1.7.8", "body-parser": "~1.20.0", "express": "~4.18.2", "infinispan": "~0.9.0"