From 149964ae1d0cad00d1b3baaf348be8b5e88a9ca0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 25 Oct 2023 14:53:20 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119
---
 package-lock.json | 59 ++++++++++++++++++++++++++++++++++-------------
 package.json      |  2 +-
 2 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 01530d7ab..7354063e6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,6 +9,7 @@
       "version": "1.8.2343",
       "license": "ISC",
       "dependencies": {
+        "@hapi/hoek": "9.0.3",
         "@slack/rtm-api": "^6.0.0",
         "@slack/web-api": "^6.8.0",
         "@snyk/protect": "^1.657.0",
@@ -25,7 +26,7 @@
         "connect-redis": "^6.1.3",
         "connect-timeout": "^1.9.0",
         "cookie-parser": "^1.4.5",
-        "crypto-js": "^4.0.0",
+        "crypto-js": "^4.2.0",
         "dateformat": "^3.0.3",
         "express": "^4.17.1",
         "express-rate-limit": "^5.2.3",
@@ -42,7 +43,7 @@
         "md5": "^2.3.0",
         "mime": "^1.6.0",
         "mkdirp": "^1.0.3",
-        "moment-timezone": "^0.5.37",
+        "moment-timezone": "0.5.40",
         "morgan": "^1.10.0",
         "mqtt": "^4.2.6",
         "nano": "^10.1.1",
@@ -685,9 +686,9 @@
       "deprecated": "This version has been deprecated and is no longer supported or maintained"
     },
     "node_modules/@hapi/hoek": {
-      "version": "8.5.1",
-      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
-      "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow==",
+      "version": "9.0.3",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.0.3.tgz",
+      "integrity": "sha512-jKtjLLDiH95b002sJVc5c74PE6KKYftuyVdVmsuYId5stTaWcRFqE+5ukZI4gDUKjGn8wv2C3zPn3/nyjEI7gg==",
       "deprecated": "This version has been deprecated and is no longer supported or maintained"
     },
     "node_modules/@hapi/joi": {
@@ -702,6 +703,12 @@
         "@hapi/topo": "3.x.x"
       }
     },
+    "node_modules/@hapi/joi/node_modules/@hapi/hoek": {
+      "version": "8.5.1",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+      "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow==",
+      "deprecated": "This version has been deprecated and is no longer supported or maintained"
+    },
     "node_modules/@hapi/topo": {
       "version": "3.1.6",
       "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-3.1.6.tgz",
@@ -711,6 +718,12 @@
         "@hapi/hoek": "^8.3.0"
       }
     },
+    "node_modules/@hapi/topo/node_modules/@hapi/hoek": {
+      "version": "8.5.1",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+      "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow==",
+      "deprecated": "This version has been deprecated and is no longer supported or maintained"
+    },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.8",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.8.tgz",
@@ -2556,9 +2569,9 @@
       }
     },
     "node_modules/crypto-js": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.1.1.tgz",
-      "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw=="
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz",
+      "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q=="
     },
     "node_modules/css": {
       "version": "2.2.4",
@@ -9607,9 +9620,9 @@
       "integrity": "sha512-1dVNHT76Uu5N3eJNTYcvxee+jzX4Z9lfciqRRHCU27ihbUcYi+iSc2iml5Ke1LXe1SyJCLA0+14Jh4tXJgOppA=="
     },
     "@hapi/hoek": {
-      "version": "8.5.1",
-      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
-      "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow=="
+      "version": "9.0.3",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.0.3.tgz",
+      "integrity": "sha512-jKtjLLDiH95b002sJVc5c74PE6KKYftuyVdVmsuYId5stTaWcRFqE+5ukZI4gDUKjGn8wv2C3zPn3/nyjEI7gg=="
     },
     "@hapi/joi": {
       "version": "15.1.1",
@@ -9620,6 +9633,13 @@
         "@hapi/bourne": "1.x.x",
         "@hapi/hoek": "8.x.x",
         "@hapi/topo": "3.x.x"
+      },
+      "dependencies": {
+        "@hapi/hoek": {
+          "version": "8.5.1",
+          "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+          "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow=="
+        }
       }
     },
     "@hapi/topo": {
@@ -9628,6 +9648,13 @@
       "integrity": "sha512-tAag0jEcjwH+P2quUfipd7liWCNX2F8NvYjQp2wtInsZxnMlypdw0FtAOLxtvvkO+GSRRbmNi8m/5y42PQJYCQ==",
       "requires": {
         "@hapi/hoek": "^8.3.0"
+      },
+      "dependencies": {
+        "@hapi/hoek": {
+          "version": "8.5.1",
+          "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-8.5.1.tgz",
+          "integrity": "sha512-yN7kbciD87WzLGc5539Tn0sApjyiGHAJgKvG9W8C7O+6c7qmoQMfVs0W4bX17eqz6C78QJqqFrtgdK5EWf6Qow=="
+        }
       }
     },
     "@humanwhocodes/config-array": {
@@ -10509,7 +10536,7 @@
       "resolved": "https://registry.npmjs.org/boom/-/boom-7.3.0.tgz",
       "integrity": "sha512-Swpoyi2t5+GhOEGw8rEsKvTxFLIDiiKoUc2gsoV6Lyr43LHBIzch3k2MvYUs8RTROrIkVJ3Al0TkaOGjnb+B6A==",
       "requires": {
-        "hoek": "6.1.3"
+        "hoek": "6.x.x"
       }
     },
     "bourne": {
@@ -11069,9 +11096,9 @@
       "integrity": "sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow=="
     },
     "crypto-js": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.1.1.tgz",
-      "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw=="
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz",
+      "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q=="
     },
     "css": {
       "version": "2.2.4",
@@ -16013,7 +16040,7 @@
       "requires": {
         "boom": "7.x.x",
         "bourne": "1.x.x",
-        "hoek": "6.1.3"
+        "hoek": "6.x.x"
       }
     },
     "write-file-atomic": {
diff --git a/package.json b/package.json
index d6945115c..9474b0b7f 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
     "connect-redis": "^6.1.3",
     "connect-timeout": "^1.9.0",
     "cookie-parser": "^1.4.5",
-    "crypto-js": "^4.0.0",
+    "crypto-js": "^4.2.0",
     "dateformat": "^3.0.3",
     "express": "^4.17.1",
     "express-rate-limit": "^5.2.3",