From 443de6708e1f8e2505192e43341b364ffb975d53 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 30 Jul 2024 13:30:02 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027 - https://snyk.io/vuln/npm:base64url:20180511 --- package-lock.json | 463 ++++++++++++++++++++++++---------------------- package.json | 6 +- 2 files changed, 247 insertions(+), 222 deletions(-) diff --git a/package-lock.json b/package-lock.json index 69539a8398d..383e45a23c4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -36,7 +36,7 @@ "download": "^8.0.0", "errorhandler": "^1.5.1", "express": "^4.17.1", - "express-jwt": "0.1.3", + "express-jwt": "^3.0.0", "express-rate-limit": "^5.1.3", "express-robots-txt": "^0.4.1", "express-security.txt": "^2.0.0", @@ -58,7 +58,7 @@ "is-heroku": "^2.0.0", "is-windows": "^1.0.2", "js-yaml": "^3.14.0", - "jsonwebtoken": "0.4.0", + "jsonwebtoken": "^5.0.0", "jssha": "^3.1.1", "juicy-chat-bot": "~0.6.0", "libxmljs2": "^0.26.4", @@ -78,7 +78,7 @@ "sanitize-filename": "^1.6.3", "sanitize-html": "1.4.2", "semver": "^7.6.2", - "sequelize": "^5.22.3", + "sequelize": "^6.19.1", "sequelize-noupdate-attributes": "^1.0.0", "serve-index": "^1.9.1", "socket.io": "^2.3.0", @@ -2222,6 +2222,15 @@ "@babel/types": "^7.3.0" } }, + "node_modules/@types/debug": { + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", + "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", + "license": "MIT", + "dependencies": { + "@types/ms": "*" + } + }, "node_modules/@types/graceful-fs": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz", @@ -2255,6 +2264,12 @@ "@types/istanbul-lib-report": "*" } }, + "node_modules/@types/ms": { + "version": "0.7.34", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "integrity": "sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==", + "license": "MIT" + }, "node_modules/@types/node": { "version": "17.0.8", "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.8.tgz", @@ -2290,6 +2305,12 @@ "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==", "dev": true }, + "node_modules/@types/validator": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "integrity": "sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==", + "license": "MIT" + }, "node_modules/@types/yargs": { "version": "15.0.14", "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-15.0.14.tgz", @@ -2541,11 +2562,6 @@ "node": ">=4" } }, - "node_modules/any-promise": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", - "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8=" - }, "node_modules/anymatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", @@ -3239,11 +3255,6 @@ "node": "^4.5.0 || >= 5.9" } }, - "node_modules/base64url": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/base64url/-/base64url-0.0.6.tgz", - "integrity": "sha1-lZezazMNscQkdzIuqH6oAnSZuCs=" - }, "node_modules/basic-auth": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-1.1.0.tgz", @@ -3634,6 +3645,12 @@ "node": ">=0.4.0" } }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, "node_modules/buffer-fill": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz", @@ -4270,15 +4287,6 @@ "mimic-response": "^1.0.0" } }, - "node_modules/cls-bluebird": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/cls-bluebird/-/cls-bluebird-2.1.0.tgz", - "integrity": "sha1-N+8eCAqP+1XC9BZPU28ZGeeWiu4=", - "dependencies": { - "is-bluebird": "^1.0.2", - "shimmer": "^1.1.0" - } - }, "node_modules/co": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", @@ -5367,6 +5375,15 @@ "safer-buffer": "^2.1.0" } }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, "node_modules/ecstatic": { "version": "3.3.2", "resolved": "https://registry.npmjs.org/ecstatic/-/ecstatic-3.3.2.tgz", @@ -6881,33 +6898,23 @@ } }, "node_modules/express-jwt": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-0.1.3.tgz", - "integrity": "sha1-fHgiH4udchBq/1VqiluOhS1BsS8=", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-3.0.0.tgz", + "integrity": "sha512-fencYCBrlLlaYuKvE9WEcd4RFgVWcRd0Ef0aBEx8S0vAQa2nyWWmIOrwsclxIB5pPHjO+d3yCBYSo025+CtiRA==", "dependencies": { - "jsonwebtoken": "~0.1.0" + "async": "^0.9.0", + "express-unless": "0.0.0", + "jsonwebtoken": "^5.0.0" }, "engines": { "node": ">= 0.4.0" } }, - "node_modules/express-jwt/node_modules/jsonwebtoken": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-0.1.0.tgz", - "integrity": "sha1-UFYoSSCS/jXQi2APpnaM0GcRqqI=", - "deprecated": "Critical vulnerability fix in v5.0.0. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", - "dependencies": { - "jws": "~0.2.2", - "moment": "~2.0.0" - } - }, - "node_modules/express-jwt/node_modules/moment": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.0.0.tgz", - "integrity": "sha1-K7xbRMMhg3aTq278rb1G7ZRiEf4=", - "engines": { - "node": "*" - } + "node_modules/express-jwt/node_modules/async": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz", + "integrity": "sha512-l6ToIJIotphWahxxHyzK9bnLR6kM4jJIIgLShZeqLY7iboHoGkdgFl7W2/Ivi4SkMJYGKqW8vSuk0uKUj6qsSw==", + "license": "MIT" }, "node_modules/express-rate-limit": { "version": "5.5.1", @@ -6927,6 +6934,11 @@ "resolved": "https://registry.npmjs.org/express-security.txt/-/express-security.txt-2.0.0.tgz", "integrity": "sha512-DwjS7MssPbqTFddZfTqNqyfsq6AUP1A/BytamSeoL0Ai7/alHYsAgxE4zhvoPt6MjoroXkSqq1gStQqxsiaF7A==" }, + "node_modules/express-unless": { + "version": "0.0.0", + "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.0.0.tgz", + "integrity": "sha512-JDbC+epHXULwJ1GgCqL3qo/L5ElbhHGWBgEtbbJbF9ZqZLhXqDh70aPj8jmC+MT1ilhhM43AN3BCJKERlKTyTg==" + }, "node_modules/express/node_modules/safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", @@ -8959,12 +8971,13 @@ "integrity": "sha1-gtwzbSMrkGIXnQWrMpOmYFn9Q10=" }, "node_modules/inflection": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.13.1.tgz", - "integrity": "sha512-dldYtl2WlN0QDkIDtg8+xFwOS2Tbmp12t1cHa5/YClU6ZQjTFm7B66UcVbh9NQB+HvT5BAd2t5+yKsBkw5pcqA==", + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.13.4.tgz", + "integrity": "sha512-6I/HUDeYFfuNCVS3td055BaXBwKYuzw7K3ExVMStBowKo9oOAMJIXIHvdyR3iboTCp1b+1i5DSkIZTcwIktuDw==", "engines": [ "node >= 0.4.0" - ] + ], + "license": "MIT" }, "node_modules/inflight": { "version": "1.0.6", @@ -9216,14 +9229,6 @@ "node": ">=8" } }, - "node_modules/is-bluebird": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-bluebird/-/is-bluebird-1.0.2.tgz", - "integrity": "sha1-CWQ5Bg9KpBGr7hkUOoTWpVNG1uI=", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/is-boolean-object": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", @@ -12088,12 +12093,15 @@ } }, "node_modules/jsonwebtoken": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-0.4.0.tgz", - "integrity": "sha1-ffpErIpYjhbgRTyB8Rq2rd0HQv4=", - "deprecated": "Critical vulnerability fix in v5.0.0. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-5.0.0.tgz", + "integrity": "sha512-ADWSQxWTyk5cjcZgZ1G7mB6jzJxhUFXclsILeiC2jmCIBFDsaTFfL4Wg+VTnZLwEZ4lFINjTEx//fsYRE4A/dw==", + "license": "MIT", "dependencies": { - "jws": "~0.2.2" + "jws": "^3.0.0" + }, + "engines": { + "npm": ">=1.4.28" } }, "node_modules/jsprim": { @@ -12175,21 +12183,24 @@ "dev": true }, "node_modules/jwa": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-0.0.1.tgz", - "integrity": "sha1-LQX1TWjxcGSMMP5FlEcxo4jNB8w=", + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "license": "MIT", "dependencies": { - "base64url": "~0.0.3" + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" } }, "node_modules/jws": { - "version": "0.2.6", - "resolved": "https://registry.npmjs.org/jws/-/jws-0.2.6.tgz", - "integrity": "sha1-6bfprI0qwQZ0EyM7xsIPvYho6bo=", - "deprecated": "Security update: Versions below 3.0.0 are deprecated.", + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "license": "MIT", "dependencies": { - "base64url": "0.0.6", - "jwa": "0.0.1" + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" } }, "node_modules/keyv": { @@ -14772,6 +14783,12 @@ "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" }, + "node_modules/pg-connection-string": { + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.6.4.tgz", + "integrity": "sha512-v+Z7W/0EO707aNMaAEfiGnGL9sxxumwLl2fJvCQtMn9Fxsg+lPpPkdcyBSv/KFgpGdYkMfn+EI1Or2EHjpgLCA==", + "license": "MIT" + }, "node_modules/picocolors": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", @@ -16236,12 +16253,10 @@ } }, "node_modules/retry-as-promised": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-3.2.0.tgz", - "integrity": "sha512-CybGs60B7oYU/qSQ6kuaFmRd9sTZ6oXSc0toqePvV74Ac6/IFZSI1ReFQmtCN+uvW1Mtqdwpvt/LGOiCBAY2Mg==", - "dependencies": { - "any-promise": "^1.3.0" - } + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-5.0.0.tgz", + "integrity": "sha512-6S+5LvtTl2ggBumk04hBo/4Uf6fRJUwIgunGZ7CYEBCeufGFW1Pu6ucUf/UskHeWOIsUcLOGLFXPig5tR5V1nA==", + "license": "MIT" }, "node_modules/rimraf": { "version": "3.0.2", @@ -16667,28 +16682,62 @@ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" }, "node_modules/sequelize": { - "version": "5.22.5", - "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-5.22.5.tgz", - "integrity": "sha512-ySIHof18sJbeVG4zjEvsDL490cd9S14/IhkCrZR/g0C/FPlZq1AzEJVeSAo++9/sgJH2eERltAIGqYQNgVqX/A==", + "version": "6.19.1", + "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.19.1.tgz", + "integrity": "sha512-iTgi0y6q6XCFf2+Tzclhpe/EBVlCNOSl5fLNmquAmrgfOsDzEoPbceu0TXmrEe9osYHscX295awi0+dTDR1qzQ==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/sequelize" + } + ], + "license": "MIT", "dependencies": { - "bluebird": "^3.5.0", - "cls-bluebird": "^2.1.0", - "debug": "^4.1.1", - "dottie": "^2.0.0", - "inflection": "1.12.0", - "lodash": "^4.17.15", - "moment": "^2.24.0", - "moment-timezone": "^0.5.21", - "retry-as-promised": "^3.2.0", - "semver": "^6.3.0", - "sequelize-pool": "^2.3.0", + "@types/debug": "^4.1.7", + "@types/validator": "^13.7.1", + "debug": "^4.3.3", + "dottie": "^2.0.2", + "inflection": "^1.13.2", + "lodash": "^4.17.21", + "moment": "^2.29.1", + "moment-timezone": "^0.5.34", + "pg-connection-string": "^2.5.0", + "retry-as-promised": "^5.0.0", + "semver": "^7.3.5", + "sequelize-pool": "^7.1.0", "toposort-class": "^1.0.1", "uuid": "^8.3.2", "validator": "^13.7.0", - "wkx": "^0.4.8" + "wkx": "^0.5.0" }, "engines": { - "node": ">=6.0.0" + "node": ">=10.0.0" + }, + "peerDependenciesMeta": { + "ibm_db": { + "optional": true + }, + "mariadb": { + "optional": true + }, + "mysql2": { + "optional": true + }, + "pg": { + "optional": true + }, + "pg-hstore": { + "optional": true + }, + "snowflake-sdk": { + "optional": true + }, + "sqlite3": { + "optional": true + }, + "tedious": { + "optional": true + } } }, "node_modules/sequelize-noupdate-attributes": { @@ -16697,11 +16746,12 @@ "integrity": "sha1-cKtyRWN0KyxvutxQfJHAEEG1+zg=" }, "node_modules/sequelize-pool": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-2.3.0.tgz", - "integrity": "sha512-Ibz08vnXvkZ8LJTiUOxRcj1Ckdn7qafNZ2t59jYHMX1VIebTAOYefWdRYFt6z6+hy52WGthAHAoLc9hvk3onqA==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-7.1.0.tgz", + "integrity": "sha512-G9c0qlIWQSK29pR/5U2JF5dDQeqqHRragoyahj/Nx4KOOQ3CPPfzxnfqFPCSB7x5UgjOgnZ61nSxz+fjDpRlJg==", + "license": "MIT", "engines": { - "node": ">= 6.0.0" + "node": ">= 10.0.0" } }, "node_modules/sequelize/node_modules/debug": { @@ -16720,27 +16770,11 @@ } } }, - "node_modules/sequelize/node_modules/inflection": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.12.0.tgz", - "integrity": "sha1-ogCTVlbW9fa8TcdQLhrstwMihBY=", - "engines": [ - "node >= 0.4.0" - ] - }, "node_modules/sequelize/node_modules/ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, - "node_modules/sequelize/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", - "bin": { - "semver": "bin/semver.js" - } - }, "node_modules/serialize-javascript": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz", @@ -16924,11 +16958,6 @@ "dev": true, "optional": true }, - "node_modules/shimmer": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.1.tgz", - "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==" - }, "node_modules/side-channel": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", @@ -19514,9 +19543,10 @@ } }, "node_modules/wkx": { - "version": "0.4.8", - "resolved": "https://registry.npmjs.org/wkx/-/wkx-0.4.8.tgz", - "integrity": "sha512-ikPXMM9IR/gy/LwiOSqWlSL3X/J5uk9EO2hHNRXS41eTLXaUFEVw9fn/593jW/tE5tedNg8YjT5HkCa4FqQZyQ==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/wkx/-/wkx-0.5.0.tgz", + "integrity": "sha512-Xng/d4Ichh8uN4l0FToV/258EjMGU9MGcA0HV2d9B/ZpZB3lqQm7nkOdZdm5GhKtLLhAE7PiVQwN4eN+2YJJUg==", + "license": "MIT", "dependencies": { "@types/node": "*" } @@ -21711,6 +21741,14 @@ "@babel/types": "^7.3.0" } }, + "@types/debug": { + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", + "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", + "requires": { + "@types/ms": "*" + } + }, "@types/graceful-fs": { "version": "4.1.5", "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.5.tgz", @@ -21744,6 +21782,11 @@ "@types/istanbul-lib-report": "*" } }, + "@types/ms": { + "version": "0.7.34", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "integrity": "sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==" + }, "@types/node": { "version": "17.0.8", "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.8.tgz", @@ -21779,6 +21822,11 @@ "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==", "dev": true }, + "@types/validator": { + "version": "13.12.0", + "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "integrity": "sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==" + }, "@types/yargs": { "version": "15.0.14", "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-15.0.14.tgz", @@ -21968,11 +22016,6 @@ "color-convert": "^1.9.0" } }, - "any-promise": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", - "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8=" - }, "anymatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", @@ -22497,11 +22540,6 @@ "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz", "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==" }, - "base64url": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/base64url/-/base64url-0.0.6.tgz", - "integrity": "sha1-lZezazMNscQkdzIuqH6oAnSZuCs=" - }, "basic-auth": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-1.1.0.tgz", @@ -22825,6 +22863,11 @@ "resolved": "https://registry.npmjs.org/buffer-equal/-/buffer-equal-0.0.1.tgz", "integrity": "sha1-kbx0sR6kBbyRa8aqkI+q+ltKrEs=" }, + "buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, "buffer-fill": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz", @@ -23324,15 +23367,6 @@ "mimic-response": "^1.0.0" } }, - "cls-bluebird": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/cls-bluebird/-/cls-bluebird-2.1.0.tgz", - "integrity": "sha1-N+8eCAqP+1XC9BZPU28ZGeeWiu4=", - "requires": { - "is-bluebird": "^1.0.2", - "shimmer": "^1.1.0" - } - }, "co": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", @@ -24211,6 +24245,14 @@ "safer-buffer": "^2.1.0" } }, + "ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "requires": { + "safe-buffer": "^5.0.1" + } + }, "ecstatic": { "version": "3.3.2", "resolved": "https://registry.npmjs.org/ecstatic/-/ecstatic-3.3.2.tgz", @@ -25390,26 +25432,19 @@ } }, "express-jwt": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-0.1.3.tgz", - "integrity": "sha1-fHgiH4udchBq/1VqiluOhS1BsS8=", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-3.0.0.tgz", + "integrity": "sha512-fencYCBrlLlaYuKvE9WEcd4RFgVWcRd0Ef0aBEx8S0vAQa2nyWWmIOrwsclxIB5pPHjO+d3yCBYSo025+CtiRA==", "requires": { - "jsonwebtoken": "~0.1.0" + "async": "^0.9.0", + "express-unless": "0.0.0", + "jsonwebtoken": "^5.0.0" }, "dependencies": { - "jsonwebtoken": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-0.1.0.tgz", - "integrity": "sha1-UFYoSSCS/jXQi2APpnaM0GcRqqI=", - "requires": { - "jws": "~0.2.2", - "moment": "~2.0.0" - } - }, - "moment": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.0.0.tgz", - "integrity": "sha1-K7xbRMMhg3aTq278rb1G7ZRiEf4=" + "async": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz", + "integrity": "sha512-l6ToIJIotphWahxxHyzK9bnLR6kM4jJIIgLShZeqLY7iboHoGkdgFl7W2/Ivi4SkMJYGKqW8vSuk0uKUj6qsSw==" } } }, @@ -25429,6 +25464,11 @@ "resolved": "https://registry.npmjs.org/express-security.txt/-/express-security.txt-2.0.0.tgz", "integrity": "sha512-DwjS7MssPbqTFddZfTqNqyfsq6AUP1A/BytamSeoL0Ai7/alHYsAgxE4zhvoPt6MjoroXkSqq1gStQqxsiaF7A==" }, + "express-unless": { + "version": "0.0.0", + "resolved": "https://registry.npmjs.org/express-unless/-/express-unless-0.0.0.tgz", + "integrity": "sha512-JDbC+epHXULwJ1GgCqL3qo/L5ElbhHGWBgEtbbJbF9ZqZLhXqDh70aPj8jmC+MT1ilhhM43AN3BCJKERlKTyTg==" + }, "ext": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/ext/-/ext-1.6.0.tgz", @@ -26976,9 +27016,9 @@ "integrity": "sha1-gtwzbSMrkGIXnQWrMpOmYFn9Q10=" }, "inflection": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.13.1.tgz", - "integrity": "sha512-dldYtl2WlN0QDkIDtg8+xFwOS2Tbmp12t1cHa5/YClU6ZQjTFm7B66UcVbh9NQB+HvT5BAd2t5+yKsBkw5pcqA==" + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.13.4.tgz", + "integrity": "sha512-6I/HUDeYFfuNCVS3td055BaXBwKYuzw7K3ExVMStBowKo9oOAMJIXIHvdyR3iboTCp1b+1i5DSkIZTcwIktuDw==" }, "inflight": { "version": "1.0.6", @@ -27175,11 +27215,6 @@ "binary-extensions": "^2.0.0" } }, - "is-bluebird": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-bluebird/-/is-bluebird-1.0.2.tgz", - "integrity": "sha1-CWQ5Bg9KpBGr7hkUOoTWpVNG1uI=" - }, "is-boolean-object": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", @@ -29333,11 +29368,11 @@ } }, "jsonwebtoken": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-0.4.0.tgz", - "integrity": "sha1-ffpErIpYjhbgRTyB8Rq2rd0HQv4=", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-5.0.0.tgz", + "integrity": "sha512-ADWSQxWTyk5cjcZgZ1G7mB6jzJxhUFXclsILeiC2jmCIBFDsaTFfL4Wg+VTnZLwEZ4lFINjTEx//fsYRE4A/dw==", "requires": { - "jws": "~0.2.2" + "jws": "^3.0.0" } }, "jsprim": { @@ -29410,20 +29445,22 @@ "dev": true }, "jwa": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-0.0.1.tgz", - "integrity": "sha1-LQX1TWjxcGSMMP5FlEcxo4jNB8w=", + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", "requires": { - "base64url": "~0.0.3" + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" } }, "jws": { - "version": "0.2.6", - "resolved": "https://registry.npmjs.org/jws/-/jws-0.2.6.tgz", - "integrity": "sha1-6bfprI0qwQZ0EyM7xsIPvYho6bo=", + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", "requires": { - "base64url": "0.0.6", - "jwa": "0.0.1" + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" } }, "keyv": { @@ -31456,6 +31493,11 @@ "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" }, + "pg-connection-string": { + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.6.4.tgz", + "integrity": "sha512-v+Z7W/0EO707aNMaAEfiGnGL9sxxumwLl2fJvCQtMn9Fxsg+lPpPkdcyBSv/KFgpGdYkMfn+EI1Or2EHjpgLCA==" + }, "picocolors": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", @@ -32612,12 +32654,9 @@ "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==" }, "retry-as-promised": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-3.2.0.tgz", - "integrity": "sha512-CybGs60B7oYU/qSQ6kuaFmRd9sTZ6oXSc0toqePvV74Ac6/IFZSI1ReFQmtCN+uvW1Mtqdwpvt/LGOiCBAY2Mg==", - "requires": { - "any-promise": "^1.3.0" - } + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/retry-as-promised/-/retry-as-promised-5.0.0.tgz", + "integrity": "sha512-6S+5LvtTl2ggBumk04hBo/4Uf6fRJUwIgunGZ7CYEBCeufGFW1Pu6ucUf/UskHeWOIsUcLOGLFXPig5tR5V1nA==" }, "rimraf": { "version": "3.0.2", @@ -32954,25 +32993,26 @@ } }, "sequelize": { - "version": "5.22.5", - "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-5.22.5.tgz", - "integrity": "sha512-ySIHof18sJbeVG4zjEvsDL490cd9S14/IhkCrZR/g0C/FPlZq1AzEJVeSAo++9/sgJH2eERltAIGqYQNgVqX/A==", + "version": "6.19.1", + "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.19.1.tgz", + "integrity": "sha512-iTgi0y6q6XCFf2+Tzclhpe/EBVlCNOSl5fLNmquAmrgfOsDzEoPbceu0TXmrEe9osYHscX295awi0+dTDR1qzQ==", "requires": { - "bluebird": "^3.5.0", - "cls-bluebird": "^2.1.0", - "debug": "^4.1.1", - "dottie": "^2.0.0", - "inflection": "1.12.0", - "lodash": "^4.17.15", - "moment": "^2.24.0", - "moment-timezone": "^0.5.21", - "retry-as-promised": "^3.2.0", - "semver": "^6.3.0", - "sequelize-pool": "^2.3.0", + "@types/debug": "^4.1.7", + "@types/validator": "^13.7.1", + "debug": "^4.3.3", + "dottie": "^2.0.2", + "inflection": "^1.13.2", + "lodash": "^4.17.21", + "moment": "^2.29.1", + "moment-timezone": "^0.5.34", + "pg-connection-string": "^2.5.0", + "retry-as-promised": "^5.0.0", + "semver": "^7.3.5", + "sequelize-pool": "^7.1.0", "toposort-class": "^1.0.1", "uuid": "^8.3.2", "validator": "^13.7.0", - "wkx": "^0.4.8" + "wkx": "^0.5.0" }, "dependencies": { "debug": { @@ -32983,20 +33023,10 @@ "ms": "2.1.2" } }, - "inflection": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/inflection/-/inflection-1.12.0.tgz", - "integrity": "sha1-ogCTVlbW9fa8TcdQLhrstwMihBY=" - }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" - }, - "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" } } }, @@ -33006,9 +33036,9 @@ "integrity": "sha1-cKtyRWN0KyxvutxQfJHAEEG1+zg=" }, "sequelize-pool": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-2.3.0.tgz", - "integrity": "sha512-Ibz08vnXvkZ8LJTiUOxRcj1Ckdn7qafNZ2t59jYHMX1VIebTAOYefWdRYFt6z6+hy52WGthAHAoLc9hvk3onqA==" + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/sequelize-pool/-/sequelize-pool-7.1.0.tgz", + "integrity": "sha512-G9c0qlIWQSK29pR/5U2JF5dDQeqqHRragoyahj/Nx4KOOQ3CPPfzxnfqFPCSB7x5UgjOgnZ61nSxz+fjDpRlJg==" }, "serialize-javascript": { "version": "5.0.1", @@ -33163,11 +33193,6 @@ "dev": true, "optional": true }, - "shimmer": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/shimmer/-/shimmer-1.2.1.tgz", - "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==" - }, "side-channel": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", @@ -35250,9 +35275,9 @@ } }, "wkx": { - "version": "0.4.8", - "resolved": "https://registry.npmjs.org/wkx/-/wkx-0.4.8.tgz", - "integrity": "sha512-ikPXMM9IR/gy/LwiOSqWlSL3X/J5uk9EO2hHNRXS41eTLXaUFEVw9fn/593jW/tE5tedNg8YjT5HkCa4FqQZyQ==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/wkx/-/wkx-0.5.0.tgz", + "integrity": "sha512-Xng/d4Ichh8uN4l0FToV/258EjMGU9MGcA0HV2d9B/ZpZB3lqQm7nkOdZdm5GhKtLLhAE7PiVQwN4eN+2YJJUg==", "requires": { "@types/node": "*" } diff --git a/package.json b/package.json index 8d477159bb7..05f759857de 100644 --- a/package.json +++ b/package.json @@ -110,7 +110,7 @@ "download": "^8.0.0", "errorhandler": "^1.5.1", "express": "^4.17.1", - "express-jwt": "0.1.3", + "express-jwt": "3.0.0", "express-rate-limit": "^5.1.3", "express-robots-txt": "^0.4.1", "express-security.txt": "^2.0.0", @@ -132,7 +132,7 @@ "is-heroku": "^2.0.0", "is-windows": "^1.0.2", "js-yaml": "^3.14.0", - "jsonwebtoken": "0.4.0", + "jsonwebtoken": "5.0.0", "jssha": "^3.1.1", "juicy-chat-bot": "~0.6.0", "libxmljs2": "^0.26.4", @@ -152,7 +152,7 @@ "sanitize-filename": "^1.6.3", "sanitize-html": "1.4.2", "semver": "^7.6.2", - "sequelize": "^5.22.3", + "sequelize": "^6.19.1", "sequelize-noupdate-attributes": "^1.0.0", "serve-index": "^1.9.1", "socket.io": "^2.3.0",