From 84a503845ae21f9728f43b74157c4241a8d2c2fa Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 26 Feb 2021 03:09:40 +0000 Subject: [PATCH] fix: voting-authority/backend/package.json & voting-authority/backend/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 --- voting-authority/backend/package-lock.json | 117 +-------------------- voting-authority/backend/package.json | 2 +- 2 files changed, 4 insertions(+), 115 deletions(-) diff --git a/voting-authority/backend/package-lock.json b/voting-authority/backend/package-lock.json index 25cfcd39..40c1dfd4 100644 --- a/voting-authority/backend/package-lock.json +++ b/voting-authority/backend/package-lock.json @@ -139,72 +139,6 @@ "to-fast-properties": "^2.0.0" } }, - "@meck93/evote-crypto": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/@meck93/evote-crypto/-/evote-crypto-0.1.10.tgz", - "integrity": "sha512-auzkv05ggFGXRzHZbvmfGv7tVUUoyBKYSScKLXFaIeEpWjpTC/svQbZjFlKVCQxJdzPYcm45S4soO8zbhs5mKQ==", - "requires": { - "bn.js": "^5.1.1", - "elliptic": "6.5.2", - "hash.js": "^1.1.7", - "random": "^2.2.0", - "web3": "^1.2.6" - }, - "dependencies": { - "brorand": { - "version": "1.1.0", - "bundled": true - }, - "elliptic": { - "version": "6.5.2", - "bundled": true, - "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", - "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" - }, - "dependencies": { - "bn.js": { - "version": "4.11.8", - "bundled": true - } - } - }, - "hash.js": { - "version": "1.1.7", - "bundled": true, - "requires": { - "inherits": "^2.0.3", - "minimalistic-assert": "^1.0.1" - } - }, - "hmac-drbg": { - "version": "1.0.1", - "bundled": true, - "requires": { - "hash.js": "^1.0.3", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.1" - } - }, - "inherits": { - "version": "2.0.4", - "bundled": true - }, - "minimalistic-assert": { - "version": "1.0.1", - "bundled": true - }, - "minimalistic-crypto-utils": { - "version": "1.0.1", - "bundled": true - } - } - }, "@nodelib/fs.scandir": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.3.tgz", @@ -810,15 +744,6 @@ "follow-redirects": "1.5.10" } }, - "babel-runtime": { - "version": "6.26.0", - "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.26.0.tgz", - "integrity": "sha1-llxwWGaOgrVde/4E/yM3vItWR/4=", - "requires": { - "core-js": "^2.4.0", - "regenerator-runtime": "^0.11.0" - } - }, "balanced-match": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", @@ -1470,11 +1395,6 @@ "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.2.tgz", "integrity": "sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA==" }, - "core-js": { - "version": "2.6.11", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz", - "integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg==" - }, "core-util-is": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", @@ -4296,9 +4216,9 @@ } }, "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash.flattendeep": { "version": "4.4.0", @@ -5278,16 +5198,6 @@ "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=", "dev": true }, - "ow": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/ow/-/ow-0.4.0.tgz", - "integrity": "sha512-kJNzxUgVd6EF5LoGs+s2/etJPwjfRDLXPTCfEgV8At77sRrV+PSFA8lcoW2HF15Qd455mIR2Stee/2MzDiFBDA==" - }, - "ow-lite": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/ow-lite/-/ow-lite-0.0.2.tgz", - "integrity": "sha1-359QDmdAtlkKHpqWVzDUmo61l9E=" - }, "p-cancelable": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-1.1.0.tgz", @@ -5611,17 +5521,6 @@ "strict-uri-encode": "^1.0.0" } }, - "random": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/random/-/random-2.2.0.tgz", - "integrity": "sha512-4HBR4Xye4jJ41QBi6RfIaO1yKQpxVUZafQtdE6NvvjzirNlwWgsk3tkGLTbQtWUarF4ofZsUVEmWqB1TDQlkwA==", - "requires": { - "babel-runtime": "^6.26.0", - "ow": "^0.4.0", - "ow-lite": "^0.0.2", - "seedrandom": "^3.0.5" - } - }, "randombytes": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", @@ -5718,11 +5617,6 @@ } } }, - "regenerator-runtime": { - "version": "0.11.1", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", - "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg==" - }, "regexpp": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.1.0.tgz", @@ -5937,11 +5831,6 @@ } } }, - "seedrandom": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/seedrandom/-/seedrandom-3.0.5.tgz", - "integrity": "sha512-8OwmbklUNzwezjGInmZ+2clQmExQPvomqjL7LFqOYqtmuxRgQYqOD3mHaU+MvZn5FLUeVxVfQjwLZW/n/JFuqg==" - }, "seek-bzip": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/seek-bzip/-/seek-bzip-1.0.5.tgz", diff --git a/voting-authority/backend/package.json b/voting-authority/backend/package.json index ab844e25..a0a0f8e2 100644 --- a/voting-authority/backend/package.json +++ b/voting-authority/backend/package.json @@ -31,7 +31,7 @@ "cors": "^2.8.5", "dotenv": "^8.2.0", "express": "^4.17.1", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "lowdb": "^1.0.0", "web3": "^1.2.4" },