From 7553bf7c0db3097e7d96b88e99d61909add2aaa1 Mon Sep 17 00:00:00 2001 From: "konveyor-ci-bot[bot]" <159171263+konveyor-ci-bot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:11:52 -0400 Subject: [PATCH] :bug: [backport release-0.4] Upgrade `express` dependency (#2036) (#2041) Resolves: https://issues.redhat.com/browse/MTA-2934 Upgrade the `express` dependency in the server workspace to resolve security issues. Signed-off-by: Scott J Dickerson Signed-off-by: Cherry Picker --- common/package.json | 7 +++--- package-lock.json | 53 ++++++++++++++++++++++----------------------- package.json | 6 ++++- server/package.json | 7 +++--- 4 files changed, 37 insertions(+), 36 deletions(-) diff --git a/common/package.json b/common/package.json index 7292b10912..bcef4383b2 100644 --- a/common/package.json +++ b/common/package.json @@ -28,9 +28,8 @@ "*.{css,json,md,yaml,yml}": "prettier --write" }, "dependencies": { - "ejs": "^3.1.7", - "express": "^4.17.3", + "ejs": "^3.1.10", + "express": "^4.19.2", "http-proxy-middleware": "^2.0.6" - }, - "devDependencies": {} + } } diff --git a/package-lock.json b/package-lock.json index aa11c07a68..c1f52ad3ee 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,6 +34,7 @@ "eslint-plugin-react": "^7.33.1", "eslint-plugin-react-hooks": "^4.6.0", "eslint-plugin-unused-imports": "^3.0.0", + "express": "^4.19.2", "husky": "^8.0.3", "jest": "^29.7.0", "jest-environment-jsdom": "^29.7.0", @@ -155,11 +156,10 @@ "version": "0.1.0", "license": "Apache-2.0", "dependencies": { - "ejs": "^3.1.7", - "express": "^4.17.3", + "ejs": "^3.1.10", + "express": "^4.19.2", "http-proxy-middleware": "^2.0.6" - }, - "devDependencies": {} + } }, "node_modules/@aashutoshrathi/word-wrap": { "version": "1.2.6", @@ -4034,12 +4034,12 @@ } }, "node_modules/body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", "dependencies": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -4047,7 +4047,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" }, @@ -6402,9 +6402,9 @@ "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" }, "node_modules/ejs": { - "version": "3.1.9", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz", - "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==", + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", "dependencies": { "jake": "^10.8.5" }, @@ -7120,16 +7120,16 @@ } }, "node_modules/express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.1", + "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", @@ -7166,9 +7166,9 @@ "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" }, "node_modules/express/node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "engines": { "node": ">= 0.6" } @@ -13559,9 +13559,9 @@ } }, "node_modules/raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", "dependencies": { "bytes": "3.1.2", "http-errors": "2.0.0", @@ -17783,12 +17783,11 @@ "license": "Apache-2.0", "dependencies": { "cookie-parser": "^1.4.6", - "ejs": "^3.1.7", - "express": "^4.17.3", + "ejs": "^3.1.10", + "express": "^4.19.2", "http-proxy-middleware": "^2.0.6", "http-terminator": "^3.2.0" - }, - "devDependencies": {} + } } } } diff --git a/package.json b/package.json index 506881c0c0..fceba458b7 100644 --- a/package.json +++ b/package.json @@ -58,6 +58,7 @@ "eslint-plugin-react": "^7.33.1", "eslint-plugin-react-hooks": "^4.6.0", "eslint-plugin-unused-imports": "^3.0.0", + "express": "^4.19.2", "husky": "^8.0.3", "jest": "^29.7.0", "jest-environment-jsdom": "^29.7.0", @@ -74,6 +75,9 @@ "typescript": "^5.1.6" }, "overrides": { - "follow-redirects": "^1.15.6" + "follow-redirects": "^1.15.6", + "webpack-dev-server": { + "express": "$express" + } } } diff --git a/server/package.json b/server/package.json index b603f989f0..a2ea64a782 100644 --- a/server/package.json +++ b/server/package.json @@ -17,10 +17,9 @@ }, "dependencies": { "cookie-parser": "^1.4.6", - "ejs": "^3.1.7", - "express": "^4.17.3", + "ejs": "^3.1.10", + "express": "^4.19.2", "http-proxy-middleware": "^2.0.6", "http-terminator": "^3.2.0" - }, - "devDependencies": {} + } }