From 36e361a6954c7e24a65fd3db38a54b6690508749 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 15 Apr 2024 22:58:10 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 --- package.json | 2 +- yarn.lock | 66 +++++++++++++++++++++++++--------------------------- 2 files changed, 33 insertions(+), 35 deletions(-) diff --git a/package.json b/package.json index ecf63b7..00fd3a0 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "gstore-node": "^4.2.5", "morgan": "^1.9.1", "nodemon": "^2.0.3", - "react-native-link-preview": "^1.3.4", + "react-native-link-preview": "^1.4.2", "snyk": "^1.685.0" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index 36806d5..e1e55ad 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1237,9 +1237,10 @@ chardet@^0.4.0: version "0.4.2" resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.4.2.tgz#b5473b33dc97c424e5d98dc87d55d4d8a29c8bf2" -cheerio-without-node-native@^0.20.1: +cheerio-without-node-native@0.20.2: version "0.20.2" resolved "https://registry.yarnpkg.com/cheerio-without-node-native/-/cheerio-without-node-native-0.20.2.tgz#6d97f9c8995156196b3425fa1139295b17b74c73" + integrity sha512-TiXlwWtMZIYU9ujMWtvMiKIVw/aZcQ8G6kxvn53zr0fU12kXIXSs0ICH05LGzjAsmQxdoC/WBuN882MyTbLNrw== dependencies: css-select "~1.2.0" dom-serializer "~0.1.0" @@ -1479,12 +1480,13 @@ create-error-class@^3.0.2: dependencies: capture-stack-trace "^1.0.0" -cross-fetch@0.0.8: - version "0.0.8" - resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-0.0.8.tgz#01ed94dc407df2c00f1807fde700a7cfa48a205c" +cross-fetch@3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.0.1.tgz#3f207bbd829a76e9aa2a953348bd1f2a3cf388a7" + integrity sha512-qWtpgBAF8ioqBOddRD+pHhrdzm/UWOArkrlIU7c08DlNbOxo5GfUbSY2vr90ZypWf0raW+HNN1F38pi5CEOjiQ== dependencies: - node-fetch "1.7.3" - whatwg-fetch "2.0.3" + node-fetch "2.3.0" + whatwg-fetch "3.0.0" cross-spawn@^5.0.1: version "5.1.0" @@ -1817,12 +1819,6 @@ encodeurl@~1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" -encoding@^0.1.11: - version "0.1.12" - resolved "https://registry.yarnpkg.com/encoding/-/encoding-0.1.12.tgz#538b66f3ee62cd1ab51ec323829d1f9480c74beb" - dependencies: - iconv-lite "~0.4.13" - end-of-stream@^1.0.0, end-of-stream@^1.1.0: version "1.4.1" resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.1.tgz#ed29634d19baba463b6ce6b80a37213eab71ec43" @@ -1867,9 +1863,10 @@ es-to-primitive@^1.1.1: is-date-object "^1.0.1" is-symbol "^1.0.1" -es6-promise@^4.2.4: - version "4.2.4" - resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.4.tgz#dc4221c2b16518760bd8c39a52d8f356fc00ed29" +es6-promise@4.2.5: + version "4.2.5" + resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-4.2.5.tgz#da6d0d5692efb461e082c14817fe2427d8f5d054" + integrity sha512-n6wvpdE43VFtJq+lUDYDBFUwV8TZbuGXLV4D6wKafg13ldznKsyEvatubnmUe31zcvelSzOHF+XbaT+Bl9ObDg== escape-goat@^2.0.0: version "2.1.1" @@ -2798,7 +2795,7 @@ iconv-lite@0.4.19: version "0.4.19" resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.19.tgz#f7468f60135f5e5dad3399c0a81be9a1603a082b" -iconv-lite@0.4.23, iconv-lite@^0.4.17, iconv-lite@^0.4.4, iconv-lite@~0.4.13: +iconv-lite@0.4.23, iconv-lite@^0.4.17, iconv-lite@^0.4.4: version "0.4.23" resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.23.tgz#297871f63be507adcfbfca715d0cd0eed84e9a63" dependencies: @@ -3152,7 +3149,7 @@ is-stream-ended@^0.1.0, is-stream-ended@^0.1.4: version "0.1.4" resolved "https://registry.yarnpkg.com/is-stream-ended/-/is-stream-ended-0.1.4.tgz#f50224e95e06bce0e356d440a4827cd35b267eda" -is-stream@^1.0.1, is-stream@^1.1.0: +is-stream@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44" @@ -4074,12 +4071,10 @@ nice-try@^1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.4.tgz#d93962f6c52f2c1558c0fbda6d512819f1efe1c4" -node-fetch@1.7.3: - version "1.7.3" - resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-1.7.3.tgz#980f6f72d85211a5347c6b2bc18c5b84c3eb47ef" - dependencies: - encoding "^0.1.11" - is-stream "^1.0.1" +node-fetch@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.3.0.tgz#1a1d940bbfb916a1d3e0219f037e89e71f8c5fa5" + integrity sha512-MOd8pV3fxENbryESLgVIeaGKrdl+uaYhCSSVkjeOb/31/njTpcis5aWfdqgNlHIrKOLRbMnfPINPOML2CIFeXA== node-forge@^0.7.4: version "0.7.6" @@ -4803,14 +4798,15 @@ rc@^1.2.7, rc@^1.2.8: minimist "^1.2.0" strip-json-comments "~2.0.1" -react-native-link-preview@^1.3.4: - version "1.3.4" - resolved "https://registry.yarnpkg.com/react-native-link-preview/-/react-native-link-preview-1.3.4.tgz#29d979531839f2f46b5ba9c1cc49ec1f84eafae8" +react-native-link-preview@^1.4.2: + version "1.4.2" + resolved "https://registry.yarnpkg.com/react-native-link-preview/-/react-native-link-preview-1.4.2.tgz#de6839095f3c6df0e7902b330d28579713672da7" + integrity sha512-S3qtF+u5t2QLRUWYlAlci43sUVfTLBXBu5PnborbbL9AXfyy/ierBdBgPGYwH1vEd5okGz1AWir39OUPtC0Mog== dependencies: - cheerio-without-node-native "^0.20.1" - cross-fetch "0.0.8" - es6-promise "^4.2.4" - url "^0.11.0" + cheerio-without-node-native "0.20.2" + cross-fetch "3.0.1" + es6-promise "4.2.5" + url "0.11.0" read-pkg-up@^1.0.1: version "1.0.1" @@ -5818,9 +5814,10 @@ url-parse-lax@^3.0.0: dependencies: prepend-http "^2.0.0" -url@^0.11.0: +url@0.11.0: version "0.11.0" resolved "https://registry.yarnpkg.com/url/-/url-0.11.0.tgz#3838e97cfc60521eb73c525a8e55bfdd9e2e28f1" + integrity sha512-kbailJa29QrtXnxgq+DdCEGlbTeYM2eJUxsz6vjZavrCYPMIFHMKQmSKYAIuUK2i7hgPm28a8piX5NTUtM/LKQ== dependencies: punycode "1.3.2" querystring "0.2.0" @@ -5914,9 +5911,10 @@ whatwg-encoding@^1.0.1, whatwg-encoding@^1.0.3: dependencies: iconv-lite "0.4.23" -whatwg-fetch@2.0.3: - version "2.0.3" - resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-2.0.3.tgz#9c84ec2dcf68187ff00bc64e1274b442176e1c84" +whatwg-fetch@3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/whatwg-fetch/-/whatwg-fetch-3.0.0.tgz#fc804e458cc460009b1a2b966bc8817d2578aefb" + integrity sha512-9GSJUgz1D4MfyKU7KRqwOjXCXTqWdFNvEr7eUBYchQiVc744mqK/MzXPNR2WsPkmkOa4ywfg8C2n8h+13Bey1Q== whatwg-mimetype@^2.1.0: version "2.1.0"