From 3cb6639a6ce43d344eef949bd5d6ecde1d3ccdaa Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 7 Apr 2022 16:18:05 +0000 Subject: [PATCH] fix: goof-yarn/package.json & goof-yarn/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 --- goof-yarn/package.json | 2 +- goof-yarn/yarn.lock | 212 ++++++++++++++++++----------------------- 2 files changed, 93 insertions(+), 121 deletions(-) diff --git a/goof-yarn/package.json b/goof-yarn/package.json index 2300e7e8..064a6b98 100644 --- a/goof-yarn/package.json +++ b/goof-yarn/package.json @@ -32,7 +32,7 @@ "marked": "0.3.5", "method-override": "latest", "moment": "2.15.1", - "mongoose": "4.2.4", + "mongoose": "5.7.3", "morgan": "latest", "ms": "^0.7.1", "npmconf": "0.0.24", diff --git a/goof-yarn/yarn.lock b/goof-yarn/yarn.lock index 0d71fe80..35d40442 100644 --- a/goof-yarn/yarn.lock +++ b/goof-yarn/yarn.lock @@ -187,11 +187,6 @@ async-cache@~0.1.2: dependencies: lru-cache "~2.3" -async@0.9.0: - version "0.9.0" - resolved "https://registry.yarnpkg.com/async/-/async-0.9.0.tgz#ac3613b1da9bed1b47510bb4651b8931e47146c7" - integrity sha1-rDYTsdqb7RtHUQu0ZRuJMeRxRsc= - async@1.x: version "1.5.2" resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" @@ -260,10 +255,10 @@ bl@~0.9.0: dependencies: readable-stream "~1.0.26" -bluebird@2.9.26: - version "2.9.26" - resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-2.9.26.tgz#362772ea4d09f556a4b9f3b64c2fd136e87e3a55" - integrity sha1-Nidy6k0J9VakufO2TC/RNuh+OlU= +bluebird@3.5.1: + version "3.5.1" + resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.5.1.tgz#d9551f9de98f1fcda1e683d17ee91a0602ee2eb9" + integrity sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA== bluebird@^3.1.1, bluebird@^3.3.1: version "3.5.3" @@ -456,10 +451,10 @@ browserify@^13.1.1: vm-browserify "~0.0.1" xtend "^4.0.0" -bson@~0.4.18, bson@~0.4.19: - version "0.4.23" - resolved "https://registry.yarnpkg.com/bson/-/bson-0.4.23.tgz#e65a2e3c7507ffade4109bc7575a76e50f8da915" - integrity sha1-5louPHUH/63kEJvHV1p25Q+NqRU= +bson@^1.1.1, bson@~1.1.1: + version "1.1.6" + resolved "https://registry.yarnpkg.com/bson/-/bson-1.1.6.tgz#fb819be9a60cd677e0853aee4ca712a785d6618a" + integrity sha512-EvVNVeGo4tHxwi8L6bPj3y3itEvStdwvvlojVxxbyYfoaxJ6keLgrTuKdyfEAszFK+H3olzBuafE0yoh0D1gdg== buffer-from@^1.0.0: version "1.1.1" @@ -842,13 +837,6 @@ date-now@^0.1.4: resolved "https://registry.yarnpkg.com/date-now/-/date-now-0.1.4.tgz#eaf439fd4d4848ad74e5cc7dbef200672b9e345b" integrity sha1-6vQ5/U1ISK105cx9vvIAZyueNFs= -debug@2.2.0, debug@~2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da" - integrity sha1-+HBX6ZWxofauaklgZkE3vFbwOdo= - dependencies: - ms "0.7.1" - debug@2.6.9, debug@^2.1.3: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -863,6 +851,13 @@ debug@3.1.0: dependencies: ms "2.0.0" +debug@~2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da" + integrity sha1-+HBX6ZWxofauaklgZkE3vFbwOdo= + dependencies: + ms "0.7.1" + decamelize@^1.1.1: version "1.2.0" resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" @@ -1068,11 +1063,6 @@ errorhandler@1.2.0: accepts "~1.1.0" escape-html "1.0.1" -es6-promise@2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-2.1.1.tgz#03e8f3c7297928e5478d6ab1d0643251507bdedd" - integrity sha1-A+jzxyl5KOVHjWqx0GQyUVB73t0= - escape-html@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.1.tgz#181a286ead397a39a92857cfb1d43052e356bff0" @@ -1523,11 +1513,6 @@ hoek@2.x.x: resolved "https://registry.yarnpkg.com/hoek/-/hoek-2.16.3.tgz#20bb7403d3cea398e91dc4710a8ff1b8274a25ed" integrity sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0= -hooks-fixed@1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/hooks-fixed/-/hooks-fixed-1.1.0.tgz#0e8c15336708e6611185fe390b44687dd5230dbb" - integrity sha1-DowVM2cI5mERhf45C0RofdUjDbs= - hosted-git-info@^2.1.4: version "2.7.1" resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.7.1.tgz#97f236977bd6e125408930ff6de3eec6281ec047" @@ -1900,17 +1885,10 @@ jsprim@^1.2.2: json-schema "0.2.3" verror "1.10.0" -kareem@1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/kareem/-/kareem-1.0.1.tgz#7805d215bb53214ec3af969a1d0b1f17e3e7b95c" - integrity sha1-eAXSFbtTIU7Dr5aaHQsfF+PnuVw= - -kerberos@~0.0: - version "0.0.24" - resolved "https://registry.yarnpkg.com/kerberos/-/kerberos-0.0.24.tgz#67e5fe0f0dbe240a505eb45de411d6031e7b381b" - integrity sha512-QO6bFq9eETHB5zcA0OJiQtw137TH45OuUcGtI+QGg2ZJQIPCvwXL2kjCqZZMColcIdbPhj4X40EY5f3oOiBfiw== - dependencies: - nan "~2.10.0" +kareem@2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/kareem/-/kareem-2.3.1.tgz#def12d9c941017fabfb00f873af95e9c99e1be87" + integrity sha512-l3hLhffs9zqoDe8zjmb/mAN4B8VT3L56EUvKNqLFVs9YlFA+zx7ke1DO8STAdDyYNkeSo1nKmjuvQeI12So8Xw== kind-of@^3.0.2: version "3.2.2" @@ -2189,41 +2167,36 @@ moment@2.15.1: resolved "https://registry.yarnpkg.com/moment/-/moment-2.15.1.tgz#e979c2a29e22888e60f396f2220a6118f85cd94c" integrity sha1-6XnCop4iiI5g85byIgphGPhc2Uw= -mongodb-core@1.2.19: - version "1.2.19" - resolved "https://registry.yarnpkg.com/mongodb-core/-/mongodb-core-1.2.19.tgz#fcb35f6b6abc5c3de1f1a4a5db526b9e306f3eb7" - integrity sha1-/LNfa2q8XD3h8aSl21JrnjBvPrc= +mongodb@3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-3.3.2.tgz#ff086b5f552cf07e24ce098694210f3d42d668b2" + integrity sha512-fqJt3iywelk4yKu/lfwQg163Bjpo5zDKhXiohycvon4iQHbrfflSAz9AIlRE6496Pm/dQKQK5bMigdVo2s6gBg== dependencies: - bson "~0.4.19" - optionalDependencies: - kerberos "~0.0" - -mongodb@2.0.46: - version "2.0.46" - resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-2.0.46.tgz#b1b857465e45e259b1e0e033698341a64cb93559" - integrity sha1-sbhXRl5F4lmx4OAzaYNBpky5NVk= - dependencies: - es6-promise "2.1.1" - mongodb-core "1.2.19" - readable-stream "1.0.31" - -mongoose@4.2.4: - version "4.2.4" - resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-4.2.4.tgz#e2f8c007dd838f6633b4f6c965ba92a232ac9317" - integrity sha1-4vjAB92Dj2YztPbJZbqSojKskxc= - dependencies: - async "0.9.0" - bson "~0.4.18" - hooks-fixed "1.1.0" - kareem "1.0.1" - mongodb "2.0.46" - mpath "0.1.1" - mpromise "0.5.4" - mquery "1.6.3" - ms "0.7.1" - muri "1.0.0" - regexp-clone "0.0.1" - sliced "0.0.5" + bson "^1.1.1" + require_optional "^1.0.1" + safe-buffer "^5.1.2" + +mongoose-legacy-pluralize@1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/mongoose-legacy-pluralize/-/mongoose-legacy-pluralize-1.0.2.tgz#3ba9f91fa507b5186d399fb40854bff18fb563e4" + integrity sha512-Yo/7qQU4/EyIS8YDFSeenIvXxZN+ld7YdV9LqFVQJzTLye8unujAWPZ4NWKfFA+RNjh+wvTWKY9Z3E5XM6ZZiQ== + +mongoose@5.7.3: + version "5.7.3" + resolved "https://registry.yarnpkg.com/mongoose/-/mongoose-5.7.3.tgz#8bd46b561eaed1a4d4a6cdd81d5b23c2e30da846" + integrity sha512-CKCCCAhFnJRtmdmver8Ud9/NZ9m7D2H/xLgmrcL6cb9D4nril/idL8lsWWpBsJI81AOCVsktiZJ4X4vfo2S0fw== + dependencies: + bson "~1.1.1" + kareem "2.3.1" + mongodb "3.3.2" + mongoose-legacy-pluralize "1.0.2" + mpath "0.6.0" + mquery "3.2.2" + ms "2.1.2" + regexp-clone "1.0.0" + safe-buffer "5.1.2" + sift "7.0.1" + sliced "1.0.1" morgan@latest: version "1.9.1" @@ -2236,25 +2209,21 @@ morgan@latest: on-finished "~2.3.0" on-headers "~1.0.1" -mpath@0.1.1: - version "0.1.1" - resolved "https://registry.yarnpkg.com/mpath/-/mpath-0.1.1.tgz#23da852b7c232ee097f4759d29c0ee9cd22d5e46" - integrity sha1-I9qFK3wjLuCX9HWdKcDunNItXkY= - -mpromise@0.5.4: - version "0.5.4" - resolved "https://registry.yarnpkg.com/mpromise/-/mpromise-0.5.4.tgz#b610613ec6de37419f944b35f0783b4de9f5dc75" - integrity sha1-thBhPsbeN0GflEs18Hg7Ten13HU= +mpath@0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/mpath/-/mpath-0.6.0.tgz#aa922029fca4f0f641f360e74c5c1b6a4c47078e" + integrity sha512-i75qh79MJ5Xo/sbhxrDrPSEG0H/mr1kcZXJ8dH6URU5jD/knFxCVqVC/gVSW7GIXL/9hHWlT9haLbCXWOll3qw== -mquery@1.6.3: - version "1.6.3" - resolved "https://registry.yarnpkg.com/mquery/-/mquery-1.6.3.tgz#7c02bfb7e49c8012cece1556c5e65fef61f3c8e5" - integrity sha1-fAK/t+ScgBLOzhVWxeZf72HzyOU= +mquery@3.2.2: + version "3.2.2" + resolved "https://registry.yarnpkg.com/mquery/-/mquery-3.2.2.tgz#e1383a3951852ce23e37f619a9b350f1fb3664e7" + integrity sha512-XB52992COp0KP230I3qloVUbkLUxJIu328HBP2t2EsxSFtf4W1HPSOBWOXf1bqxK4Xbb66lfMJ+Bpfd9/yZE1Q== dependencies: - bluebird "2.9.26" - debug "2.2.0" - regexp-clone "0.0.1" - sliced "0.0.5" + bluebird "3.5.1" + debug "3.1.0" + regexp-clone "^1.0.0" + safe-buffer "5.1.2" + sliced "1.0.1" ms@0.7.1: version "0.7.1" @@ -2266,6 +2235,11 @@ ms@2.0.0: resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g= +ms@2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" + integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== + ms@^0.7.1: version "0.7.3" resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.3.tgz#708155a5e44e33f5fd0fc53e81d0d40a91be1fff" @@ -2276,16 +2250,6 @@ ms@~0.6.2: resolved "https://registry.yarnpkg.com/ms/-/ms-0.6.2.tgz#d89c2124c6fdc1353d65a8b77bf1aac4b193708c" integrity sha1-2JwhJMb9wTU9Zai3e/GqxLGTcIw= -muri@1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/muri/-/muri-1.0.0.tgz#de3bf6bd71d67eae71d76689b950d2de118695c6" - integrity sha1-3jv2vXHWfq5x12aJuVDS3hGGlcY= - -nan@~2.10.0: - version "2.10.0" - resolved "https://registry.yarnpkg.com/nan/-/nan-2.10.0.tgz#96d0cd610ebd58d4b4de9cc0c6828cda99c7548f" - integrity sha512-bAdJv7fBLhWC+/Bls0Oza+mvTaNQtP+1RyhhhvD95pgUJz6XM5IzgmxOkItJ9tkoCiplvAnXI1tNmmUD/eScyA== - negotiator@0.4.9: version "0.4.9" resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.4.9.tgz#92e46b6db53c7e421ed64a2bc94f08be7630df3f" @@ -2790,16 +2754,6 @@ read-pkg@^1.0.0: normalize-package-data "^2.3.2" path-type "^1.0.0" -readable-stream@1.0.31: - version "1.0.31" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.0.31.tgz#8f2502e0bc9e3b0da1b94520aabb4e2603ecafae" - integrity sha1-jyUC4LyeOw2huUUgqrtOJgPsr64= - dependencies: - core-util-is "~1.0.0" - inherits "~2.0.1" - isarray "0.0.1" - string_decoder "~0.10.x" - readable-stream@1.1.x, readable-stream@^1.1.13: version "1.1.14" resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.14.tgz#7cf4c54ef648e3813084c636dd2079e166c081d9" @@ -2852,10 +2806,10 @@ regex-cache@^0.4.2: dependencies: is-equal-shallow "^0.1.3" -regexp-clone@0.0.1: - version "0.0.1" - resolved "https://registry.yarnpkg.com/regexp-clone/-/regexp-clone-0.0.1.tgz#a7c2e09891fdbf38fbb10d376fb73003e68ac589" - integrity sha1-p8LgmJH9vzj7sQ03b7cwA+aKxYk= +regexp-clone@1.0.0, regexp-clone@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/regexp-clone/-/regexp-clone-1.0.0.tgz#222db967623277056260b992626354a04ce9bf63" + integrity sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw== remove-trailing-separator@^1.0.1: version "1.1.0" @@ -2930,6 +2884,14 @@ require-main-filename@^1.0.1: resolved "https://registry.yarnpkg.com/require-main-filename/-/require-main-filename-1.0.1.tgz#97f717b69d48784f5f526a6c5aa8ffdda055a4d1" integrity sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE= +require_optional@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/require_optional/-/require_optional-1.0.1.tgz#4cf35a4247f64ca3df8c2ef208cc494b1ca8fc2e" + integrity sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g== + dependencies: + resolve-from "^2.0.0" + semver "^5.1.0" + resolve-from@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-2.0.0.tgz#9480ab20e94ffa1d9e80a804c7ea147611966b57" @@ -2984,6 +2946,11 @@ safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0: resolved "https://registry.yarnpkg.com/semver/-/semver-5.6.0.tgz#7e74256fbaa49c75aa7c7a205cc22799cac80004" integrity sha512-RS9R6R35NYgQn++fkDWaOmqGoj4Ek9gGs+DPxNUZKuwE183xjJroKvyo1IzVFeXvUrvmALy6FWD5xrdJT25gMg== +semver@^5.1.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" + integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== + semver@~1.1.0: version "1.1.4" resolved "https://registry.yarnpkg.com/semver/-/semver-1.1.4.tgz#2e5a4e72bab03472cc97f72753b4508912ef5540" @@ -3046,6 +3013,11 @@ shell-quote@^1.6.1: array-reduce "~0.0.0" jsonify "~0.0.0" +sift@7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/sift/-/sift-7.0.1.tgz#47d62c50b159d316f1372f8b53f9c10cd21a4b08" + integrity sha512-oqD7PMJ+uO6jV9EQCl0LrRw1OwsiPsiFQR5AR30heR+4Dl7jBBbDLnNvWiak20tzZlSE1H7RB30SX/1j/YYT7g== + signal-exit@^2.0.0: version "2.1.2" resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-2.1.2.tgz#375879b1f92ebc3b334480d038dc546a6d558564" @@ -3061,10 +3033,10 @@ simple-concat@^1.0.0: resolved "https://registry.yarnpkg.com/simple-concat/-/simple-concat-1.0.0.tgz#7344cbb8b6e26fb27d66b2fc86f9f6d5997521c6" integrity sha1-c0TLuLbib7J9ZrL8hvn21Zl1IcY= -sliced@0.0.5: - version "0.0.5" - resolved "https://registry.yarnpkg.com/sliced/-/sliced-0.0.5.tgz#5edc044ca4eb6f7816d50ba2fc63e25d8fe4707f" - integrity sha1-XtwETKTrb3gW1Qui/GPiXY/kcH8= +sliced@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/sliced/-/sliced-1.0.1.tgz#0b3a662b5d04c3177b1926bea82b03f837a2ef41" + integrity sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E= slide@^1.1.5: version "1.1.6"