From e9c293859b5341b0a52bb87ed0dfc745d23ebb2a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Sep 2024 18:46:28 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 --- package-lock.json | 27 ++++++++++++++++++--------- package.json | 2 +- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8b7eef7..e65272a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@stoplight/spectral-core": "^1.12.3", "@stoplight/spectral-ruleset-bundler": "^1.3.0", "@stoplight/spectral-runtime": "^1.1.2", - "axios": "^0.27.2", + "axios": "^1.6.8", "chalk": "^4.1.2", "tmp": "^0.2.2", "yargs": "^17.5.1" @@ -1752,12 +1752,14 @@ } }, "node_modules/axios": { - "version": "0.27.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", - "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", + "version": "1.6.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", + "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.14.9", - "form-data": "^4.0.0" + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" } }, "node_modules/babel-jest": { @@ -2469,15 +2471,16 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", - "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==", + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -4379,6 +4382,12 @@ "node": ">= 6" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "license": "MIT" + }, "node_modules/punycode": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.2.0.tgz", diff --git a/package.json b/package.json index 9e47819..0eee879 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "@stoplight/spectral-core": "^1.12.3", "@stoplight/spectral-ruleset-bundler": "^1.3.0", "@stoplight/spectral-runtime": "^1.1.2", - "axios": "^0.27.2", + "axios": "^1.6.8", "chalk": "^4.1.2", "tmp": "^0.2.2", "yargs": "^17.5.1"