From ec267300d2a1336a951beb3a97da5654798a0a0a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 1 Dec 2025 09:46:29 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-VALIDATOR-13653476 --- package.json | 4 ++-- yarn.lock | 32 ++++++++++++++++++++++---------- 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index 3fbbafd..12f896c 100644 --- a/package.json +++ b/package.json @@ -126,7 +126,7 @@ "express-session": "1.12.1", "express-sitemap": "1.6.3", "express-status-monitor": "1.0.1", - "express-validator": "5.0.3", + "express-validator": "6.5.0", "font-awesome": "4.7.0", "foundation-sites": "6.4.3", "fs-extra": "5.0.0", @@ -180,7 +180,7 @@ "toastr": "2.1.4", "uglify-js": "3.3.14", "uglifycss": "0.0.29", - "validator": "10.7.1", + "validator": "13.15.22", "winston": "2.4.4", "winston-daily-rotate-file": "3.3.2", "winston-mongodb": "4.0.3" diff --git a/yarn.lock b/yarn.lock index 233f87f..ef5fb54 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3430,12 +3430,13 @@ express-status-monitor@1.0.1: pidusage "^1.1.6" socket.io "^2.0.3" -express-validator@5.0.3: - version "5.0.3" - resolved "https://registry.yarnpkg.com/express-validator/-/express-validator-5.0.3.tgz#c31176740f216c5ce043d6e20c7afa1db1a2691e" +express-validator@6.5.0: + version "6.5.0" + resolved "https://registry.yarnpkg.com/express-validator/-/express-validator-6.5.0.tgz#0cfb3a94f902b75c597372ac91c7dfb267c5c221" + integrity sha512-kXi99TuVeLWkxO0RtDOSj56T7YR0H5KZZyhtzoPSZ5TffBvrJpZPSp/frYcT/zVoLhH8NXDk+T0LCSeI6TbOGA== dependencies: - lodash "^4.16.0" - validator "^9.4.0" + lodash "^4.17.15" + validator "^13.0.0" express@4.14.1: version "4.14.1" @@ -5875,10 +5876,15 @@ lodash@^3.10.0, lodash@^3.6.0: version "3.10.1" resolved "http://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz#5bf45e8e49ba4189e17d482789dfd15bd140b7b6" -lodash@^4.0.0, lodash@^4.11.2, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.16.0, lodash@^4.16.3, lodash@^4.17.10, lodash@^4.17.4, lodash@^4.3.0, lodash@^4.5.0, lodash@^4.5.1, lodash@^4.7.0, lodash@^4.9.0, lodash@~4.17.10: +lodash@^4.0.0, lodash@^4.11.2, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.16.3, lodash@^4.17.10, lodash@^4.17.4, lodash@^4.3.0, lodash@^4.5.0, lodash@^4.5.1, lodash@^4.7.0, lodash@^4.9.0, lodash@~4.17.10: version "4.17.10" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7" +lodash@^4.17.15: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + log-symbols@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-1.0.2.tgz#376ff7b58ea3086a0f09facc74617eca501e1a18" @@ -10144,11 +10150,17 @@ validate-npm-package-license@^3.0.1: spdx-correct "^3.0.0" spdx-expression-parse "^3.0.0" -validator@10.7.1: - version "10.7.1" - resolved "https://registry.yarnpkg.com/validator/-/validator-10.7.1.tgz#dd4cc750c2134ce4a15a2acfc7b233669d659c5b" +validator@13.15.22: + version "13.15.22" + resolved "https://registry.yarnpkg.com/validator/-/validator-13.15.22.tgz#5f847cf4a799107e5716fc87e5cf2a337a71eb14" + integrity sha512-uT/YQjiyLJP7HSrv/dPZqK9L28xf8hsNca01HSz1dfmI0DgMfjopp1rO/z13NeGF1tVystF0Ejx3y4rUKPw+bQ== + +validator@^13.0.0: + version "13.15.23" + resolved "https://registry.yarnpkg.com/validator/-/validator-13.15.23.tgz#59a874f84e4594588e3409ab1edbe64e96d0c62d" + integrity sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw== -validator@^9.4.0, validator@^9.4.1: +validator@^9.4.1: version "9.4.1" resolved "http://registry.npmjs.org/validator/-/validator-9.4.1.tgz#abf466d398b561cd243050112c6ff1de6cc12663"