From b1f0a491b48f8bd7e876cacb0e9c1bac6b514368 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Jun 2022 04:07:37 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 --- package.json | 2 +- yarn.lock | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 3e02e5a..b33f71c 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "koa-static-server": "^1.0.0", "koa-views": "^5.2.1", "lru-cache": "^4.0.2", - "passport": "^0.3.2", + "passport": "^0.6.0", "passport-local": "^1.0.0", "prop-types": "^15.5.10", "react": "^16.1.1", diff --git a/yarn.lock b/yarn.lock index 37dd6f2..d1c46df 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2906,6 +2906,15 @@ passport@^0.3.2: passport-strategy "1.x.x" pause "0.0.1" +passport@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/passport/-/passport-0.6.0.tgz#e869579fab465b5c0b291e841e6cc95c005fac9d" + integrity sha512-0fe+p3ZnrWRW74fe8+SvCyf4a3Pb2/h7gFkQ8yTJpAO50gDzlfjZUZTO1k5Eg9kUct22OxHLqDZoKUWRHOh9ug== + dependencies: + passport-strategy "1.x.x" + pause "0.0.1" + utils-merge "^1.0.1" + passthrough-counter@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/passthrough-counter/-/passthrough-counter-1.0.0.tgz#1967d9e66da572b5c023c787db112a387ab166fa" @@ -3669,6 +3678,11 @@ util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" +utils-merge@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" + integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== + uuid@^2.0.1: version "2.0.3" resolved "https://registry.yarnpkg.com/uuid/-/uuid-2.0.3.tgz#67e2e863797215530dff318e5bf9dcebfd47b21a"