From 7857d840c2ba43670563e4e4fb5755ed961f77b8 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Tue, 4 Jun 2019 06:07:12 +0000 Subject: [PATCH] fix: server/package.json & server/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-174505 --- server/package-lock.json | 138 ++++++++++++++++++++++++--------------- server/package.json | 2 +- 2 files changed, 87 insertions(+), 53 deletions(-) diff --git a/server/package-lock.json b/server/package-lock.json index f26472a..e922aae 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -43,12 +43,19 @@ "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" }, "axios": { - "version": "0.16.2", - "resolved": "http://registry.npm.taobao.org/axios/download/axios-0.16.2.tgz", - "integrity": "sha1-uk+S8XFn37q0CYN4VFS5rBScPG0=", + "version": "0.18.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.18.1.tgz", + "integrity": "sha512-0BfJq4NSfQXd+SkFdrvFbG7addhYSBA2mQwISr46pD6E5iqkWg02RAs8vyTT/j0RTnoYmeXauBuSv1qKwR179g==", "requires": { - "follow-redirects": "^1.2.3", - "is-buffer": "^1.1.5" + "follow-redirects": "1.5.10", + "is-buffer": "^2.0.2" + }, + "dependencies": { + "is-buffer": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.3.tgz", + "integrity": "sha512-U15Q7MXTuZlrbymiz95PJpZxu8IlipAp4dtS3wOdgPXx3mqBnslrWU14kxfHB+Py/+2PVKSr37dMAgM2A4uArw==" + } } }, "babel-runtime": { @@ -277,11 +284,6 @@ "resolved": "http://registry.npm.taobao.org/decamelize/download/decamelize-1.2.0.tgz", "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=" }, - "decimal.js": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-4.0.4.tgz", - "integrity": "sha1-rzJJRl4TOYjDB1D3fqr0RQXKpeM=" - }, "delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", @@ -403,11 +405,21 @@ } }, "follow-redirects": { - "version": "1.2.5", - "resolved": "http://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.2.5.tgz", - "integrity": "sha1-/9PhTL3V6qcvYbY2jB9oUWwqJsw=", + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", + "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", "requires": { - "debug": "^2.6.9" + "debug": "=3.1.0" + }, + "dependencies": { + "debug": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", + "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", + "requires": { + "ms": "2.0.0" + } + } } }, "form-data": { @@ -430,11 +442,6 @@ "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=" }, - "fraction.js": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-3.3.1.tgz", - "integrity": "sha1-XWox/wdwcpTyBMy7a1N5Fgd3EIM=" - }, "fresh": { "version": "0.5.2", "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", @@ -545,19 +552,40 @@ "integrity": "sha1-papLNyWnmlVd/GeybDUP4zyAzzw=" }, "leancloud-realtime": { - "version": "3.5.7", - "resolved": "http://registry.npm.taobao.org/leancloud-realtime/download/leancloud-realtime-3.5.7.tgz", - "integrity": "sha1-bA160xxfSW6A7vbkuVmLrIPu8QU=", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/leancloud-realtime/-/leancloud-realtime-4.0.0.tgz", + "integrity": "sha512-XwzNUr0nj9O/Xzdi2OfWijduQogAfTCkHDEapbvjtRdTSG0HlXTYZBqvldL0B47OQUL85KqX8HUflM7iVYnNsA==", "requires": { - "axios": "^0.16.1", + "axios": "^0.18.0", "babel-runtime": "^6.6.1", - "debug": "^2.4.4", - "eventemitter3": "^2.0.0", + "base64-arraybuffer": "^0.1.5", + "debug": "^3.0.0", + "eventemitter3": "^3.0.0", "javascript-state-machine": "^2.3.5", "lodash": "^4.6.0", "protobufjs": "^5.0.1", "uuid": "^3.0.0", - "ws": "^3.0.0" + "ws": "^4.0.0" + }, + "dependencies": { + "debug": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", + "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "requires": { + "ms": "^2.1.1" + } + }, + "eventemitter3": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-3.1.2.tgz", + "integrity": "sha512-tvtQIeLVHjDkJYnzf2dgVMxfuSGJeM/7UCG17TT4EumTfNtF+0nebF/4zWOIkCreAbtNqhGEboB6BWrwqNaw4Q==" + }, + "ms": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", + "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" + } } }, "leancloud-realtime-plugin-live-query": { @@ -677,9 +705,9 @@ "integrity": "sha512-t9P8WB6DcVttbw/W4PIE8HOqum8Qlvx5SjR6oInwR9Uia0EEmyUeBh7S+weKByW+l/f45Bj4L/dgZikGFDM6ng==" }, "lodash": { - "version": "4.17.4", - "resolved": "http://registry.npm.taobao.org/lodash/download/lodash-4.17.4.tgz", - "integrity": "sha1-eCA6TRwyiuHYbcpkYONptX9AVa4=" + "version": "4.17.11", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", + "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" }, "long": { "version": "3.2.0", @@ -698,6 +726,28 @@ "seed-random": "2.2.0", "tiny-emitter": "2.0.2", "typed-function": "0.10.6" + }, + "dependencies": { + "decimal.js": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-9.0.1.tgz", + "integrity": "sha512-2h0iKbJwnImBk4TGk7CG1xadoA0g3LDPlQhQzbZ221zvG0p2YVUedbKIPsOZXKZGx6YmZMJKYOalpCMxSdDqTQ==" + }, + "fraction.js": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.0.4.tgz", + "integrity": "sha512-aK/oGatyYLTtXRHjfEsytX5fieeR5H4s8sLorzcT12taFS+dbMZejnvm9gRa8mZAPwci24ucjq9epDyaq5u8Iw==" + }, + "tiny-emitter": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/tiny-emitter/-/tiny-emitter-2.0.2.tgz", + "integrity": "sha512-2NM0auVBGft5tee/OxP4PI3d8WItkDM+fPnaRAVo6xTDI2knbz9eC5ArWGqtGlYqiH3RU5yMpdyTTO7MguC4ow==" + }, + "typed-function": { + "version": "0.10.6", + "resolved": "https://registry.npmjs.org/typed-function/-/typed-function-0.10.6.tgz", + "integrity": "sha512-PYtsDjxyW3vq7Itn2RMz0cn6CrbybIY6XC2i9c1q1o/H94QW8B1Pf3wSsbBDOCMpN1i5jDRrlDsLXFaqXBpfHQ==" + } } }, "md5": { @@ -1009,11 +1059,6 @@ } } }, - "tiny-emitter": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/tiny-emitter/-/tiny-emitter-1.2.0.tgz", - "integrity": "sha1-bchFBSywjr78GHRyO1jySmSMO28=" - }, "type-is": { "version": "1.6.15", "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz", @@ -1023,16 +1068,6 @@ "mime-types": "~2.1.15" } }, - "typed-function": { - "version": "0.10.5", - "resolved": "https://registry.npmjs.org/typed-function/-/typed-function-0.10.5.tgz", - "integrity": "sha1-Lg8Yq9BlIZ+raUpEamXG0ZgYMsA=" - }, - "ultron": { - "version": "1.1.0", - "resolved": "http://registry.npm.taobao.org/ultron/download/ultron-1.1.0.tgz", - "integrity": "sha1-sHoualQagV/Go0zNRTO67DB8qGQ=" - }, "underscore": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.9.1.tgz", @@ -1054,9 +1089,9 @@ "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" }, "uuid": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.1.0.tgz", - "integrity": "sha512-DIWtzUkw04M4k3bf1IcpS2tngXEL26YUD2M0tMDUpnUrz2hgzUBlD55a4FjdLGPvfHxS6uluGWvaVEqgBcVa+g==" + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", + "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" }, "vary": { "version": "1.1.2", @@ -1091,13 +1126,12 @@ "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" }, "ws": { - "version": "3.2.0", - "resolved": "http://registry.npm.taobao.org/ws/download/ws-3.2.0.tgz", - "integrity": "sha1-1dPWsRr/cec/gI9AzGnVK7bUoYU=", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-4.1.0.tgz", + "integrity": "sha512-ZGh/8kF9rrRNffkLFV4AzhvooEclrOH0xaugmqGsIfFgOE/pIz4fMc4Ef+5HSQqTEug2S9JZIWDR47duDSLfaA==", "requires": { "async-limiter": "~1.0.0", - "safe-buffer": "~5.1.0", - "ultron": "~1.1.0" + "safe-buffer": "~5.1.0" } }, "y18n": { diff --git a/server/package.json b/server/package.json index 3797ba2..a76e74f 100644 --- a/server/package.json +++ b/server/package.json @@ -11,7 +11,7 @@ "dependencies": { "body-parser": "^1.14.1", "express": "^4.13.3", - "leancloud-realtime": "^3.5.7", + "leancloud-realtime": "^4.0.0", "leancloud-storage": "^3.3.0", "leanengine": "^3.0.2", "mathjs": "^3.18.0",