From e9fe3828a66e9965b4607bff22d24b1709ba0c6e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 14 Dec 2020 00:35:10 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 --- package-lock.json | 34 ++++++++++++++++++++++++++++++---- package.json | 2 +- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index bad6d31ef7f2..7d2273369255 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "Rocket.Chat", - "version": "2.4.0-develop", + "version": "2.5.0-develop", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -19039,6 +19039,18 @@ "hoek": "2.x.x", "joi": "6.x.x", "wreck": "5.x.x" + }, + "dependencies": { + "wreck": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/wreck/-/wreck-5.6.1.tgz", + "integrity": "sha1-r/ADBAATiJ11YZtccYcN0qjdBpo=", + "dev": true, + "requires": { + "boom": "2.x.x", + "hoek": "2.x.x" + } + } } }, "heavy": { @@ -19050,6 +19062,20 @@ "boom": "2.x.x", "hoek": "2.x.x", "joi": "5.x.x" + }, + "dependencies": { + "joi": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/joi/-/joi-5.1.0.tgz", + "integrity": "sha1-FSrQfbjunGQBmX/1/SwSiWBwv1g=", + "dev": true, + "requires": { + "hoek": "^2.2.x", + "isemail": "1.x.x", + "moment": "2.x.x", + "topo": "1.x.x" + } + } } }, "hoek": { @@ -30809,9 +30835,9 @@ "dev": true }, "ua-parser-js": { - "version": "0.7.19", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.19.tgz", - "integrity": "sha512-T3PVJ6uz8i0HzPxOF9SWzWAlfN/DavlpQqepn22xgve/5QecC+XMCAtmUNnY7C9StehaV6exjUCI801lOI7QlQ==" + "version": "0.7.23", + "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.23.tgz", + "integrity": "sha512-m4hvMLxgGHXG3O3fQVAyyAQpZzDOvwnhOTjYz5Xmr7r/+LpkNy3vJXdVRWgd1TkAb7NGROZuSy96CrlNVjA7KA==" }, "uc.micro": { "version": "1.0.5", diff --git a/package.json b/package.json index 82625d5d864d..b3d30b62af7a 100644 --- a/package.json +++ b/package.json @@ -209,7 +209,7 @@ "turndown": "^5.0.1", "twilio": "^3.35.0", "twit": "^2.2.11", - "ua-parser-js": "^0.7.19", + "ua-parser-js": "^0.7.23", "underscore": "^1.9.1", "underscore.string": "^3.3.5", "url-polyfill": "^1.1.5",