From fb41215ac22dd502ceb32fff95dc6e86a6c4e3de Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 30 Oct 2024 06:41:09 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 --- package.json | 2 +- yarn.lock | 33 ++++++++++++++++++++------------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/package.json b/package.json index 6d9ee58..92bb862 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "graphql-tools-types": "^1.3.1", "graphql-yoga": "^3.3.0", "next": "13.1.0", - "next-auth": "^4.18.7", + "next-auth": "^4.24.9", "node-fetch": "^3.3.0", "pg": "^8.4.0", "prop-types": "^15.8.1", diff --git a/yarn.lock b/yarn.lock index 88cfef5..bcbb74b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -338,10 +338,10 @@ version "1.2.0" resolved "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz" -"@snyk/protect@^1.1184.0": - version "1.1184.0" - resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1184.0.tgz#02130d3b3c03c22858c080fd4b53505f22d2c2ec" - integrity sha512-Te6GWlyvuLC9VgXicPyMCpFoNflg7thA5lthkMCRDWADUNxHAyd0kE2gPI5gdiKoeY/r1wj387ujCkw4C8sHvQ== +"@snyk/protect@latest": + version "1.1294.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1294.0.tgz#a08155b4042c02bf7b42ed29d41c5a9e3a6b8fb2" + integrity sha512-uOhMDQCw9Y8VdMUPjVuaRWk1WgqeoEq53eawOtUV0VgzUZDl9TH0SFNGOmo5HlsKKHOWLFPkAV8Ib9V2XpD4EA== "@swc/helpers@0.4.14", "@swc/helpers@^0.4.14": version "0.4.14" @@ -717,9 +717,10 @@ confusing-browser-globals@^1.0.10: version "1.0.11" resolved "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.11.tgz" -cookie@^0.5.0: - version "0.5.0" - resolved "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz" +cookie@^0.7.0: + version "0.7.2" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7" + integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== core-js-pure@^3.0.0, core-js-pure@^3.25.1: version "3.27.1" @@ -1693,10 +1694,15 @@ isexe@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz" -jose@^4.10.0, jose@^4.11.4: +jose@^4.10.0: version "4.13.1" resolved "https://registry.npmjs.org/jose/-/jose-4.13.1.tgz" +jose@^4.15.5: + version "4.15.9" + resolved "https://registry.yarnpkg.com/jose/-/jose-4.15.9.tgz#9b68eda29e9a0614c042fa29387196c7dd800100" + integrity sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA== + js-beautify@^1.14.5: version "1.14.7" resolved "https://registry.npmjs.org/js-beautify/-/js-beautify-1.14.7.tgz" @@ -1885,14 +1891,15 @@ natural-compare@^1.4.0: version "1.4.0" resolved "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz" -next-auth@^4.18.7: - version "4.21.1" - resolved "https://registry.npmjs.org/next-auth/-/next-auth-4.21.1.tgz" +next-auth@^4.24.9: + version "4.24.10" + resolved "https://registry.yarnpkg.com/next-auth/-/next-auth-4.24.10.tgz#343d5de8067fde5dae1111ca6b7bef1fbe4d78fe" + integrity sha512-8NGqiRO1GXBcVfV8tbbGcUgQkAGsX4GRzzXXea4lDikAsJtD5KiEY34bfhUOjHLvr6rT6afpcxw2H8EZqOV6aQ== dependencies: "@babel/runtime" "^7.20.13" "@panva/hkdf" "^1.0.2" - cookie "^0.5.0" - jose "^4.11.4" + cookie "^0.7.0" + jose "^4.15.5" oauth "^0.9.15" openid-client "^5.4.0" preact "^10.6.3"