From db1d99a3349515fe26ba60be0830e6d373d59395 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 15 Apr 2025 21:14:04 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-KOA-9679272 --- package.json | 2 +- yarn.lock | 39 ++++++++++++++++----------------------- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/package.json b/package.json index 4d61eb9..bafc882 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "dotenv": "^8.2.0", "elastic-apm-node": "^3.14.0", "got": "^9.6.0", - "koa": "^2.13.1", + "koa": "^2.16.1", "koa-bodyparser": "^4.3.0", "koa-router": "^7.4.0", "pino": "^6.11.3", diff --git a/yarn.lock b/yarn.lock index 8b4c5ba..aed97f7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1778,10 +1778,10 @@ cookiejar@^2.1.2: resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.2.tgz#dd8a235530752f988f9a0844f3fc589e3111125c" integrity sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA== -cookies@~0.8.0: - version "0.8.0" - resolved "https://registry.npmjs.org/cookies/-/cookies-0.8.0.tgz#1293ce4b391740a8406e3c9870e828c4b54f3f90" - integrity sha512-8aPsApQfebXnuI+537McwYsDtjVxGm8gTIzQI3FDW6t5t/DAhERxtnbEPN/8RX+uZthoz4eCOgloXaE5cYyNow== +cookies@~0.9.0: + version "0.9.1" + resolved "https://registry.yarnpkg.com/cookies/-/cookies-0.9.1.tgz#3ffed6f60bb4fb5f146feeedba50acc418af67e3" + integrity sha512-TG2hpqe4ELx54QER/S3HQ9SRVnQnGBtKUz5bLQWtYAQ+o6GpgMs6sYUvaiJjVxb+UXwhRhAEP3m7LbsIZ77Hmw== dependencies: depd "~2.0.0" keygrip "~1.1.0" @@ -1920,13 +1920,6 @@ debug@^4.3.2: dependencies: ms "2.1.2" -debug@~3.1.0: - version "3.1.0" - resolved "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" - integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== - dependencies: - ms "2.0.0" - decamelize@^1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" @@ -4214,13 +4207,13 @@ koa-compose@^4.1.0: resolved "https://registry.npmjs.org/koa-compose/-/koa-compose-4.1.0.tgz#507306b9371901db41121c812e923d0d67d3e877" integrity sha512-8ODW8TrDuMYvXRwra/Kh7/rJo9BtOfPc6qO8eAfC80CnCvSjSl0bkRM24X6/XBBEyj0v1nRUQ1LyOy3dbqOWXw== -koa-convert@^1.2.0: - version "1.2.0" - resolved "https://registry.npmjs.org/koa-convert/-/koa-convert-1.2.0.tgz#da40875df49de0539098d1700b50820cebcd21d0" - integrity sha1-2kCHXfSd4FOQmNFwC1CCDOvNIdA= +koa-convert@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/koa-convert/-/koa-convert-2.0.0.tgz#86a0c44d81d40551bae22fee6709904573eea4f5" + integrity sha512-asOvN6bFlSnxewce2e/DK3p4tltyfC4VM7ZwuTuepI7dEQVcvpyFuBcEARu1+Hxg8DIwytce2n7jrZtRlPrARA== dependencies: co "^4.6.0" - koa-compose "^3.0.0" + koa-compose "^4.1.0" koa-router@^7.4.0: version "7.4.0" @@ -4234,17 +4227,17 @@ koa-router@^7.4.0: path-to-regexp "^1.1.1" urijs "^1.19.0" -koa@^2.13.1: - version "2.13.1" - resolved "https://registry.yarnpkg.com/koa/-/koa-2.13.1.tgz#6275172875b27bcfe1d454356a5b6b9f5a9b1051" - integrity sha512-Lb2Dloc72auj5vK4X4qqL7B5jyDPQaZucc9sR/71byg7ryoD1NCaCm63CShk9ID9quQvDEi1bGR/iGjCG7As3w== +koa@^2.16.1: + version "2.16.1" + resolved "https://registry.yarnpkg.com/koa/-/koa-2.16.1.tgz#ba1aae04d8319d7dac4a17a0d289d7482501e194" + integrity sha512-umfX9d3iuSxTQP4pnzLOz0HKnPg0FaUUIKcye2lOiz3KPu1Y3M3xlz76dISdFPQs37P9eJz1wUpcTS6KDPn9fA== dependencies: accepts "^1.3.5" cache-content-type "^1.0.0" content-disposition "~0.5.2" content-type "^1.0.4" - cookies "~0.8.0" - debug "~3.1.0" + cookies "~0.9.0" + debug "^4.3.2" delegates "^1.0.0" depd "^2.0.0" destroy "^1.0.4" @@ -4255,7 +4248,7 @@ koa@^2.13.1: http-errors "^1.6.3" is-generator-function "^1.0.7" koa-compose "^4.1.0" - koa-convert "^1.2.0" + koa-convert "^2.0.0" on-finished "^2.3.0" only "~0.0.2" parseurl "^1.3.2"