From edbb305969cdd6405a59aaefaef03bde86cff5fc Mon Sep 17 00:00:00 2001
From: Stefan Seide <account-github@seide.st>
Date: Sun, 18 Aug 2024 17:55:16 +0200
Subject: [PATCH] update elliptic@6.5.7 and @cyclonedx/cyclonedx-npm"@1.19.3

Signed-off-by: Stefan Seide <account-github@seide.st>
---
 CHANGELOG.md      |  5 ++++-
 package-lock.json | 51 +++++++++++++++++++++---------------------
 package.json      |  2 +-
 sbom.json         | 56 +++++++++++++++++++++++------------------------
 4 files changed, 59 insertions(+), 55 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a65f7469..8990712b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@
 * partial update of semver to 7.5.3 (fix CVE-2022-2588)
 * update @babel/traverse from 7.22.5 to 7.23.3 (fix CVE-2023-45133) 
 * update browserify-sign from 4.2.1 to 4.2.2 (fix CVE-2023-46234)
+* update elliptic from 6.5.4 to 6.5.7 (fix CVE-2024-42459, CVE-2024-42460, CVE-2024-42461)
+
 #### Enhancements
 * allow using IPv6 addresses for Redis connection definitions. (except REDIS_HOSTS env var, here no IPv6 allowed, use host names instead) 
 * allow setting a custom HTTP header name used for the JWT session authentication token
@@ -19,8 +21,9 @@
 * update helm chart autoscaling apis for newer K8s versions, #520
 * update helm chart to allow setting ingressClassName for newer K8s versions, #494
 * update UI for better visibility on how to close redis commands modal, #456
-* update ioredis from 4.28.5 to 5.3.2
+* update ioredis from 4.28.5 to 5.4.1
 * update dependencies yargs@17.7.2, ejs@3.1.9, jstree@3.3.15, config@3.3.9, body-parser@1.20.2
+* update @cyclonedx/cyclonedx-npm"@1.19.3
 
 ## Version 0.8.1
 #### Bugfixes
diff --git a/package-lock.json b/package-lock.json
index 843d848b..cb4e7aa6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "redis-commander",
-  "version": "0.9.0-rc4",
+  "version": "0.9.0-rc5",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "redis-commander",
-      "version": "0.9.0-rc4",
+      "version": "0.9.0-rc5",
       "hasInstallScript": true,
       "license": "MIT",
       "dependencies": {
@@ -21,7 +21,7 @@
         "express": "4.19.2",
         "express-partials": "0.3.0",
         "inflection": "1.13.4",
-        "ioredis": "^5.4.1",
+        "ioredis": "5.4.1",
         "jquery.json-viewer": "1.5.0",
         "jsonwebtoken": "9.0.2",
         "jstree": "3.3.16",
@@ -543,9 +543,9 @@
       }
     },
     "node_modules/@cyclonedx/cyclonedx-library": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-library/-/cyclonedx-library-6.10.0.tgz",
-      "integrity": "sha512-GTFDMbmQP6P2MyoGU32LdZBdtXC6EMzcfzDbbjMoWoi7OBJzPM3L/ZkR7FMuAYyz7jOR/7cc9NVyWN90fa0NLQ==",
+      "version": "6.11.0",
+      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-library/-/cyclonedx-library-6.11.0.tgz",
+      "integrity": "sha512-T2R49+ia3NmluV+56Ev1NSIjG7DKUFM3EzzhHwJqWRUMuFK3Z8AIKIbNezAxoyl+4kJ6MzT8lke7t8mkZom+/A==",
       "dev": true,
       "funding": [
         {
@@ -553,6 +553,7 @@
           "url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
         }
       ],
+      "license": "Apache-2.0",
       "optional": true,
       "dependencies": {
         "packageurl-js": ">=0.0.6 <0.0.8 || ^1",
@@ -570,9 +571,9 @@
       }
     },
     "node_modules/@cyclonedx/cyclonedx-npm": {
-      "version": "1.19.0",
-      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-npm/-/cyclonedx-npm-1.19.0.tgz",
-      "integrity": "sha512-N7MQKOX0SluwCHfmlbsWXYWB7BuJ9yD9feIbWWabBKTe87mrNNqPlRQsb1tTR9QTLEf5AsycFVbg1luAofSE/g==",
+      "version": "1.19.3",
+      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-npm/-/cyclonedx-npm-1.19.3.tgz",
+      "integrity": "sha512-fFElJGIjym2jX6d3bR5aXXkY0RaIcysuxh7qMCEzFKabV2JDpMcvTNJFKD9aTu6sJpD2m1o2VsrUG2Sx9mJM1A==",
       "dev": true,
       "funding": [
         {
@@ -580,11 +581,11 @@
           "url": "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
         }
       ],
+      "license": "Apache-2.0",
       "optional": true,
       "dependencies": {
-        "@cyclonedx/cyclonedx-library": "^6.6.0",
+        "@cyclonedx/cyclonedx-library": "^6.11.0",
         "commander": "^10.0.0",
-        "hosted-git-info": "^4||^5||^6||^7",
         "normalize-package-data": "^3||^4||^5||^6",
         "packageurl-js": "^1.2.1",
         "xmlbuilder2": "^3.0.2"
@@ -2314,10 +2315,11 @@
       "dev": true
     },
     "node_modules/elliptic": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
-      "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==",
+      "version": "6.5.7",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.7.tgz",
+      "integrity": "sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "bn.js": "^4.11.9",
         "brorand": "^1.1.0",
@@ -6860,9 +6862,9 @@
       }
     },
     "@cyclonedx/cyclonedx-library": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-library/-/cyclonedx-library-6.10.0.tgz",
-      "integrity": "sha512-GTFDMbmQP6P2MyoGU32LdZBdtXC6EMzcfzDbbjMoWoi7OBJzPM3L/ZkR7FMuAYyz7jOR/7cc9NVyWN90fa0NLQ==",
+      "version": "6.11.0",
+      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-library/-/cyclonedx-library-6.11.0.tgz",
+      "integrity": "sha512-T2R49+ia3NmluV+56Ev1NSIjG7DKUFM3EzzhHwJqWRUMuFK3Z8AIKIbNezAxoyl+4kJ6MzT8lke7t8mkZom+/A==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -6876,15 +6878,14 @@
       }
     },
     "@cyclonedx/cyclonedx-npm": {
-      "version": "1.19.0",
-      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-npm/-/cyclonedx-npm-1.19.0.tgz",
-      "integrity": "sha512-N7MQKOX0SluwCHfmlbsWXYWB7BuJ9yD9feIbWWabBKTe87mrNNqPlRQsb1tTR9QTLEf5AsycFVbg1luAofSE/g==",
+      "version": "1.19.3",
+      "resolved": "https://registry.npmjs.org/@cyclonedx/cyclonedx-npm/-/cyclonedx-npm-1.19.3.tgz",
+      "integrity": "sha512-fFElJGIjym2jX6d3bR5aXXkY0RaIcysuxh7qMCEzFKabV2JDpMcvTNJFKD9aTu6sJpD2m1o2VsrUG2Sx9mJM1A==",
       "dev": true,
       "optional": true,
       "requires": {
-        "@cyclonedx/cyclonedx-library": "^6.6.0",
+        "@cyclonedx/cyclonedx-library": "^6.11.0",
         "commander": "^10.0.0",
-        "hosted-git-info": "^4||^5||^6||^7",
         "normalize-package-data": "^3||^4||^5||^6",
         "packageurl-js": "^1.2.1",
         "xmlbuilder2": "^3.0.2"
@@ -8236,9 +8237,9 @@
       "dev": true
     },
     "elliptic": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
-      "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==",
+      "version": "6.5.7",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.7.tgz",
+      "integrity": "sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==",
       "dev": true,
       "requires": {
         "bn.js": "^4.11.9",
diff --git a/package.json b/package.json
index 605a6561..c87e68fb 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
     "Stefan Seide <account-github@seide.st"
   ],
   "name": "redis-commander",
-  "version": "0.9.0-rc4",
+  "version": "0.9.0-rc5",
   "description": "Redis web-based management tool written in node.js",
   "license": "MIT",
   "repository": {
diff --git a/sbom.json b/sbom.json
index b52b44c6..bbe96e33 100644
--- a/sbom.json
+++ b/sbom.json
@@ -3,18 +3,18 @@
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
   "version": 1,
-  "serialNumber": "urn:uuid:a004c1b9-0959-4365-adf2-8554fde620aa",
+  "serialNumber": "urn:uuid:c4dfb866-f6dc-488c-a46e-7afc94c71557",
   "metadata": {
-    "timestamp": "2024-07-02T09:19:04.914Z",
+    "timestamp": "2024-08-18T15:54:43.056Z",
     "tools": [
       {
         "name": "npm",
-        "version": "10.7.0"
+        "version": "10.8.1"
       },
       {
         "vendor": "@cyclonedx",
         "name": "cyclonedx-npm",
-        "version": "1.19.0",
+        "version": "1.19.3",
         "externalReferences": [
           {
             "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
@@ -36,7 +36,7 @@
       {
         "vendor": "@cyclonedx",
         "name": "cyclonedx-library",
-        "version": "6.10.0",
+        "version": "6.11.0",
         "externalReferences": [
           {
             "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
@@ -59,8 +59,8 @@
     "component": {
       "type": "application",
       "name": "redis-commander",
-      "version": "0.9.0-rc4",
-      "bom-ref": "redis-commander@0.9.0-rc4",
+      "version": "0.9.0-rc5",
+      "bom-ref": "redis-commander@0.9.0-rc5",
       "author": "Joe Ferner",
       "description": "Redis web-based management tool written in node.js",
       "licenses": [
@@ -70,7 +70,7 @@
           }
         }
       ],
-      "purl": "pkg:npm/redis-commander@0.9.0-rc4?vcs_url=git%3A//github.com/joeferner/redis-commander.git",
+      "purl": "pkg:npm/redis-commander@0.9.0-rc5?vcs_url=git%3A//github.com/joeferner/redis-commander.git",
       "externalReferences": [
         {
           "url": "git://github.com/joeferner/redis-commander.git",
@@ -4329,8 +4329,8 @@
     {
       "type": "library",
       "name": "elliptic",
-      "version": "6.5.4",
-      "bom-ref": "elliptic@6.5.4",
+      "version": "6.5.7",
+      "bom-ref": "elliptic@6.5.7",
       "author": "Fedor Indutny",
       "description": "EC cryptography",
       "licenses": [
@@ -4340,7 +4340,7 @@
           }
         }
       ],
-      "purl": "pkg:npm/elliptic@6.5.4",
+      "purl": "pkg:npm/elliptic@6.5.7",
       "externalReferences": [
         {
           "url": "git+ssh://git@github.com/indutny/elliptic.git",
@@ -4358,12 +4358,12 @@
           "comment": "as detected from PackageJson property \"bugs.url\""
         },
         {
-          "url": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
+          "url": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.7.tgz",
           "type": "distribution",
           "hashes": [
             {
               "alg": "SHA-512",
-              "content": "88b842e942de9ab9633d96fe42eb51e5340607ea5d5ba2860f94527a04bef2ca2b3994feadd4056ec405260bcddde46a3402ea25eaf8a10d7a62f247954f21cd"
+              "content": "112542b53c2203e5e1637c32876e10a91181a0fdeb11d0d4977103514a3db5fb74ef87e2d7d22b7691fb84b08c30fdc2223ee36f75bdeab9fc96dfc1a8896de5"
             }
           ],
           "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\""
@@ -4384,7 +4384,7 @@
           "type": "library",
           "name": "bn.js",
           "version": "4.12.0",
-          "bom-ref": "elliptic@6.5.4|bn.js@4.12.0",
+          "bom-ref": "elliptic@6.5.7|bn.js@4.12.0",
           "author": "Fedor Indutny",
           "description": "Big number implementation in pure javascript",
           "licenses": [
@@ -13871,8 +13871,8 @@
     {
       "type": "library",
       "name": "ioredis",
-      "version": "5.4.0",
-      "bom-ref": "ioredis@5.4.0",
+      "version": "5.4.1",
+      "bom-ref": "ioredis@5.4.1",
       "author": "Zihua Li",
       "description": "A robust, performance-focused and full-featured Redis client for Node.js.",
       "licenses": [
@@ -13882,7 +13882,7 @@
           }
         }
       ],
-      "purl": "pkg:npm/ioredis@5.4.0",
+      "purl": "pkg:npm/ioredis@5.4.1",
       "externalReferences": [
         {
           "url": "git://github.com/luin/ioredis.git",
@@ -13900,12 +13900,12 @@
           "comment": "as detected from PackageJson property \"bugs.url\""
         },
         {
-          "url": "https://registry.npmjs.org/ioredis/-/ioredis-5.4.0.tgz",
+          "url": "https://registry.npmjs.org/ioredis/-/ioredis-5.4.1.tgz",
           "type": "distribution",
           "hashes": [
             {
               "alg": "SHA-512",
-              "content": "9468a26725853ac90fbb7a47e0ff3eba27073991e9cd8a607ca645adeebcc0b2bad39f73068f8a0d3429c3101589b05a8caaa972b449e64fa397fb8d1dc0a8dc"
+              "content": "d9866cbe5ee3a2921ad6069e3e478cb5df6b01c4a338e8cfb6970b94e7aeb323be5c7d922b965c4fe502ac494f3fe5952089e1d93cde2385d6f4435a48b5551c"
             }
           ],
           "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\""
@@ -26946,7 +26946,7 @@
   ],
   "dependencies": [
     {
-      "ref": "redis-commander@0.9.0-rc4",
+      "ref": "redis-commander@0.9.0-rc5",
       "dependsOn": [
         "@cyclonedx/bom@4.1.0",
         "async@3.2.5",
@@ -26962,7 +26962,7 @@
         "express-partials@0.3.0",
         "express@4.19.2",
         "inflection@1.13.4",
-        "ioredis@5.4.0",
+        "ioredis@5.4.1",
         "jquery.json-viewer@1.5.0",
         "jsonwebtoken@9.0.2",
         "jstree@3.3.16",
@@ -27437,7 +27437,7 @@
         "browserify-rsa@4.1.0",
         "create-hash@1.2.0",
         "create-hmac@1.1.7",
-        "elliptic@6.5.4",
+        "elliptic@6.5.7",
         "inherits@2.0.4",
         "parse-asn1@5.1.6",
         "browserify-sign@4.2.2|readable-stream@3.6.2",
@@ -27483,9 +27483,9 @@
       ]
     },
     {
-      "ref": "elliptic@6.5.4",
+      "ref": "elliptic@6.5.7",
       "dependsOn": [
-        "elliptic@6.5.4|bn.js@4.12.0",
+        "elliptic@6.5.7|bn.js@4.12.0",
         "brorand@1.1.0",
         "hash.js@1.1.7",
         "hmac-drbg@1.0.1",
@@ -27495,7 +27495,7 @@
       ]
     },
     {
-      "ref": "elliptic@6.5.4|bn.js@4.12.0"
+      "ref": "elliptic@6.5.7|bn.js@4.12.0"
     },
     {
       "ref": "brorand@1.1.0"
@@ -27563,7 +27563,7 @@
       "ref": "create-ecdh@4.0.4",
       "dependsOn": [
         "create-ecdh@4.0.4|bn.js@4.12.0",
-        "elliptic@6.5.4"
+        "elliptic@6.5.7"
       ]
     },
     {
@@ -28490,7 +28490,7 @@
       "ref": "inflection@1.13.4"
     },
     {
-      "ref": "ioredis@5.4.0",
+      "ref": "ioredis@5.4.1",
       "dependsOn": [
         "@ioredis/commands@1.2.0",
         "cluster-key-slot@1.1.0",
@@ -28960,7 +28960,7 @@
       "ref": "node-redis-dump2@0.6.0",
       "dependsOn": [
         "async@3.2.5",
-        "ioredis@5.4.0",
+        "ioredis@5.4.1",
         "underscore@1.13.1"
       ]
     },