feat(core): Upgrade express and some related packages to address some vulnerabilities (no-changelog) (#11178)

2024-11-12 15:44:06 -08:00 · 2024-10-09 11:55:51 +02:00 · 2024-10-09 11:55:51 +02:00 · 121e4c741b
parent fce1233b58
commit 121e4c741b
2 changed files with 52 additions and 65 deletions
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -56,7 +56,7 @@
    "@types/bcryptjs": "^2.4.2",
    "@types/compression": "1.0.1",
    "@types/convict": "^6.1.1",
-    "@types/cookie-parser": "^1.4.2",
+    "@types/cookie-parser": "^1.4.7",
    "@types/express": "catalog:",
    "@types/flat": "^5.0.5",
    "@types/formidable": "^3.4.5",
@ -111,11 +111,11 @@
    "class-validator": "0.14.0",
    "compression": "1.7.4",
    "convict": "6.2.4",
-    "cookie-parser": "1.4.6",
+    "cookie-parser": "1.4.7",
    "csrf": "3.1.0",
    "curlconverter": "3.21.0",
    "dotenv": "8.6.0",
-    "express": "4.21.0",
+    "express": "4.21.1",
    "express-async-errors": "3.1.1",
    "express-handlebars": "7.1.2",
    "express-openapi-validator": "5.3.3",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -777,8 +777,8 @@ importers:
        specifier: 6.2.4
        version: 6.2.4
      cookie-parser:
-        specifier: 1.4.6
-        version: 1.4.6
+        specifier: 1.4.7
+        version: 1.4.7
      csrf:
        specifier: 3.1.0
        version: 3.1.0
@ -789,23 +789,23 @@ importers:
        specifier: 8.6.0
        version: 8.6.0
      express:
-        specifier: 4.21.0
-        version: 4.21.0
+        specifier: 4.21.1
+        version: 4.21.1
      express-async-errors:
        specifier: 3.1.1
-        version: 3.1.1(express@4.21.0)
+        version: 3.1.1(express@4.21.1)
      express-handlebars:
        specifier: 7.1.2
        version: 7.1.2
      express-openapi-validator:
        specifier: 5.3.3
-        version: 5.3.3(express@4.21.0)
+        version: 5.3.3(express@4.21.1)
      express-prom-bundle:
        specifier: 6.6.0
        version: 6.6.0(prom-client@13.2.0)
      express-rate-limit:
        specifier: 7.2.0
-        version: 7.2.0(express@4.21.0)
+        version: 7.2.0(express@4.21.1)
      fast-glob:
        specifier: 'catalog:'
        version: 3.2.12
@ -943,7 +943,7 @@ importers:
        version: 1.17.0
      swagger-ui-express:
        specifier: 5.0.0
-        version: 5.0.0(express@4.21.0)
+        version: 5.0.0(express@4.21.1)
      syslog-client:
        specifier: 1.1.1
        version: 1.1.1
@ -994,8 +994,8 @@ importers:
        specifier: ^6.1.1
        version: 6.1.1
      '@types/cookie-parser':
-        specifier: ^1.4.2
-        version: 1.4.3
+        specifier: ^1.4.7
+        version: 1.4.7
      '@types/express':
        specifier: 'catalog:'
        version: 4.17.21
@ -4773,8 +4773,8 @@ packages:
  '@types/convict@6.1.1':
    resolution: {integrity: sha512-R+JLaTvhsD06p4jyjUDtbd5xMtZTRE3c0iI+lrFWZogSVEjgTWPYwvJPVf+t92E+yrlbXa4X4Eg9ro6gPdUt4w==}

-  '@types/cookie-parser@1.4.3':
-    resolution: {integrity: sha512-CqSKwFwefj4PzZ5n/iwad/bow2hTCh0FlNAeWLtQM3JA/NX/iYagIpWG2cf1bQKQ2c9gU2log5VUCrn7LDOs0w==}
+  '@types/cookie-parser@1.4.7':
+    resolution: {integrity: sha512-Fvuyi354Z+uayxzIGCwYTayFKocfV7TuDYZClCdIP9ckhvAu/ixDtCB6qx2TT0FKjPLf1f3P/J1rgf6lPs64mw==}

  '@types/cookiejar@2.1.5':
    resolution: {integrity: sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==}
@ -4950,8 +4950,8 @@ packages:
  '@types/mssql@9.1.5':
    resolution: {integrity: sha512-Q9EsgXwuRoX5wvUSu24YfbKMbFChv7pZ/jeCzPkj47ehcuXYsBcfogwrtVFosSjinD4Q/MY2YPGk9Yy1cM2Ywg==}

-  '@types/multer@1.4.11':
-    resolution: {integrity: sha512-svK240gr6LVWvv3YGyhLlA+6LRRWA4mnGIU7RcNmgjBYFl6665wcXrRfxGp5tEPVHUNm5FMcmq7too9bxCwX/w==}
+  '@types/multer@1.4.12':
+    resolution: {integrity: sha512-pQ2hoqvXiJt2FP9WQVLPRO+AmiIm/ZYkavPlIQnx282u4ZrVdztx0pkh3jjpQt0Kz+YI0YhSG264y08UJKoUQg==}

  '@types/node-fetch@2.6.4':
    resolution: {integrity: sha512-1ZX9fcN4Rvkvgv4E6PAY5WXUFWFcRWxZa3EW83UjycOB9ljJCedb2CupIP4RZMEwF/M3eTcCihbBRgwtGbg5Rg==}
@ -6338,23 +6338,23 @@ packages:
    resolution: {integrity: sha512-qN60BAwdMVdofckX7AlohVJ2x9UvjTNoKVXCL2LxFk1l7757EJqf1nySdMkPQer0bt8kQ5lQiyZ9/2NvrFBuwQ==}
    engines: {node: '>=6'}

-  cookie-parser@1.4.6:
-    resolution: {integrity: sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==}
+  cookie-parser@1.4.7:
+    resolution: {integrity: sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==}
    engines: {node: '>= 0.8.0'}

  cookie-signature@1.0.6:
    resolution: {integrity: sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==}

-  cookie@0.4.1:
-    resolution: {integrity: sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==}
-    engines: {node: '>= 0.6'}
-
  cookie@0.4.2:
    resolution: {integrity: sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==}
    engines: {node: '>= 0.6'}

-  cookie@0.6.0:
-    resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==}
+  cookie@0.7.1:
+    resolution: {integrity: sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==}
+    engines: {node: '>= 0.6'}
+
+  cookie@0.7.2:
+    resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==}
    engines: {node: '>= 0.6'}

  cookiejar@2.1.4:
@ -7273,8 +7273,8 @@ packages:
    peerDependencies:
      express: 4 || 5 || ^5.0.0-beta.1

-  express@4.21.0:
-    resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==}
+  express@4.21.1:
+    resolution: {integrity: sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==}
    engines: {node: '>= 0.10.0'}

  extend@3.0.2:
@ -7638,11 +7638,6 @@ packages:
    resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
    engines: {node: '>=10.13.0'}

-  glob@10.3.10:
-    resolution: {integrity: sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==}
-    engines: {node: '>=16 || 14 >=14.17'}
-    hasBin: true
-
  glob@10.3.3:
    resolution: {integrity: sha512-92vPiMb/iqpmEgsOoIDvTjc50wf9CCCvMzsi6W0JLPeUKE8TWP1a73PgqSrqy7iAZxaSD1YdzU7QZR5LF51MJw==}
    engines: {node: '>=16 || 14 >=14.17'}
@ -9906,8 +9901,8 @@ packages:
  path-to-regexp@0.1.10:
    resolution: {integrity: sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==}

-  path-to-regexp@6.2.2:
-    resolution: {integrity: sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==}
+  path-to-regexp@6.3.0:
+    resolution: {integrity: sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==}

  path-type@4.0.0:
    resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==}
@ -16042,7 +16037,7 @@ snapshots:
      '@types/find-cache-dir': 3.2.1
      browser-assert: 1.2.1
      es-module-lexer: 1.5.3
-      express: 4.21.0
+      express: 4.21.1
      find-cache-dir: 3.3.2
      fs-extra: 11.1.1
      magic-string: 0.30.11
@ -16066,7 +16061,7 @@ snapshots:
      browser-assert: 1.2.1
      esbuild: 0.21.5
      esbuild-register: 3.5.0(esbuild@0.21.5)
-      express: 4.21.0
+      express: 4.21.1
      jsdoc-type-pratt-parser: 4.1.0
      process: 0.11.10
      recast: 0.23.6
@ -16357,7 +16352,7 @@ snapshots:
    dependencies:
      '@types/node': 18.16.16

-  '@types/cookie-parser@1.4.3':
+  '@types/cookie-parser@1.4.7':
    dependencies:
      '@types/express': 4.17.21

@ -16548,7 +16543,7 @@ snapshots:
      '@types/tedious': 4.0.9
      tarn: 3.0.2

-  '@types/multer@1.4.11':
+  '@types/multer@1.4.12':
    dependencies:
      '@types/express': 4.17.21

@ -18244,18 +18239,18 @@ snapshots:
      lodash.clonedeep: 4.5.0
      yargs-parser: 20.2.9

-  cookie-parser@1.4.6:
+  cookie-parser@1.4.7:
    dependencies:
-      cookie: 0.4.1
+      cookie: 0.7.2
      cookie-signature: 1.0.6

  cookie-signature@1.0.6: {}

-  cookie@0.4.1: {}
-
  cookie@0.4.2: {}

-  cookie@0.6.0: {}
+  cookie@0.7.1: {}
+
+  cookie@0.7.2: {}

  cookiejar@2.1.4: {}

@ -19394,32 +19389,32 @@ snapshots:

  expr-eval@2.0.2: {}

-  express-async-errors@3.1.1(express@4.21.0):
+  express-async-errors@3.1.1(express@4.21.1):
    dependencies:
-      express: 4.21.0
+      express: 4.21.1

  express-handlebars@7.1.2:
    dependencies:
-      glob: 10.3.10
+      glob: 10.4.5
      graceful-fs: 4.2.11
      handlebars: 4.7.8

-  express-openapi-validator@5.3.3(express@4.21.0):
+  express-openapi-validator@5.3.3(express@4.21.1):
    dependencies:
      '@apidevtools/json-schema-ref-parser': 11.7.0
-      '@types/multer': 1.4.11
+      '@types/multer': 1.4.12
      ajv: 8.17.1
      ajv-draft-04: 1.0.0(ajv@8.17.1)
      ajv-formats: 2.1.1(ajv@8.17.1)
      content-type: 1.0.5
-      express: 4.21.0
+      express: 4.21.1
      json-schema-traverse: 1.0.0
      lodash.clonedeep: 4.5.0
      lodash.get: 4.4.2
      media-typer: 1.1.0
      multer: 1.4.5-lts.1
      ono: 7.1.3
-      path-to-regexp: 6.2.2
+      path-to-regexp: 6.3.0

  express-prom-bundle@6.6.0(prom-client@13.2.0):
    dependencies:
@ -19427,18 +19422,18 @@ snapshots:
      prom-client: 13.2.0
      url-value-parser: 2.2.0

-  express-rate-limit@7.2.0(express@4.21.0):
+  express-rate-limit@7.2.0(express@4.21.1):
    dependencies:
-      express: 4.21.0
+      express: 4.21.1

-  express@4.21.0:
+  express@4.21.1:
    dependencies:
      accepts: 1.3.8
      array-flatten: 1.1.1
      body-parser: 1.20.3
      content-disposition: 0.5.4
      content-type: 1.0.5
-      cookie: 0.6.0
+      cookie: 0.7.1
      cookie-signature: 1.0.6
      debug: 2.6.9
      depd: 2.0.0
@ -19866,14 +19861,6 @@ snapshots:
    dependencies:
      is-glob: 4.0.3

-  glob@10.3.10:
-    dependencies:
-      foreground-child: 3.1.1
-      jackspeak: 2.3.6
-      minimatch: 9.0.5
-      minipass: 7.1.2
-      path-scurry: 1.11.1
-
  glob@10.3.3:
    dependencies:
      foreground-child: 3.1.1
@ -22787,7 +22774,7 @@ snapshots:

  path-to-regexp@0.1.10: {}

-  path-to-regexp@6.2.2: {}
+  path-to-regexp@6.3.0: {}

  path-type@4.0.0: {}

@ -24360,9 +24347,9 @@ snapshots:

  swagger-ui-dist@5.11.0: {}

-  swagger-ui-express@5.0.0(express@4.21.0):
+  swagger-ui-express@5.0.0(express@4.21.1):
    dependencies:
-      express: 4.21.0
+      express: 4.21.1
      swagger-ui-dist: 5.11.0

  swagger2openapi@7.0.8(encoding@0.1.13):