From d4881e8404df684a8ae7a92a9d57fba0a5763599 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 27 Mar 2025 07:48:14 +0000 Subject: [PATCH] fix: greeting-service/package.json & greeting-service/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-9403194 --- greeting-service/package-lock.json | 36 ++++++++++++++++-------------- greeting-service/package.json | 2 +- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/greeting-service/package-lock.json b/greeting-service/package-lock.json index c3da2eb..6332371 100644 --- a/greeting-service/package-lock.json +++ b/greeting-service/package-lock.json @@ -18,9 +18,9 @@ "@opentelemetry/sdk-trace-base": "^1.7.0", "@opentelemetry/sdk-trace-node": "^1.7.0", "@opentelemetry/semantic-conventions": "^1.7.0", - "axios": "^1.0.0", + "axios": "^1.8.3", "body-parser": "~1.20.0", - "express": "^4.18.2", + "express": "~4.18.2", "infinispan": "~0.9.0" }, "devDependencies": { @@ -34,7 +34,7 @@ "nodeshift": "~8.7.0", "nyc": "~15.1.0", "proxyquire": "~2.1.3", - "supertest": "^6.3.0" + "supertest": "~6.3.0" } }, "node_modules/@babel/compat-data": { @@ -1493,11 +1493,12 @@ "dev": true }, "node_modules/axios": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.0.0.tgz", - "integrity": "sha512-SsHsGFN1qNPFT5QhSoSD37SHDfGyLSW5AESmyLk2JeCMHv5g0I9g0Hz/zQHx2KNe0jGXh2q2hAm7OdkXm360CA==", + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.3.tgz", + "integrity": "sha512-iP4DebzoNlP/YN2dpwCgb8zoCmhtkajzS48JvwmkSkXvPI3DHc7m+XYL5tGnSlJtR6nImXZmdCuN5aP8dh1d8A==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -3213,15 +3214,16 @@ "dev": true }, "node_modules/follow-redirects": { - "version": "1.15.1", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz", - "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==", + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -8384,11 +8386,11 @@ "dev": true }, "axios": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.0.0.tgz", - "integrity": "sha512-SsHsGFN1qNPFT5QhSoSD37SHDfGyLSW5AESmyLk2JeCMHv5g0I9g0Hz/zQHx2KNe0jGXh2q2hAm7OdkXm360CA==", + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.8.3.tgz", + "integrity": "sha512-iP4DebzoNlP/YN2dpwCgb8zoCmhtkajzS48JvwmkSkXvPI3DHc7m+XYL5tGnSlJtR6nImXZmdCuN5aP8dh1d8A==", "requires": { - "follow-redirects": "^1.15.0", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -9680,9 +9682,9 @@ "dev": true }, "follow-redirects": { - "version": "1.15.1", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz", - "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==" + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==" }, "foreground-child": { "version": "2.0.0", diff --git a/greeting-service/package.json b/greeting-service/package.json index d1cd36e..d5cd121 100644 --- a/greeting-service/package.json +++ b/greeting-service/package.json @@ -52,7 +52,7 @@ "@opentelemetry/sdk-trace-base": "^1.7.0", "@opentelemetry/sdk-trace-node": "^1.7.0", "@opentelemetry/semantic-conventions": "^1.7.0", - "axios": "^1.0.0", + "axios": "^1.8.3", "body-parser": "~1.20.0", "express": "~4.18.2", "infinispan": "~0.9.0"