From a69f23ad6432409a2eb6f5f2535a6c7806ce88a1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 8 Feb 2025 02:00:47 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 --- package-lock.json | 41 ++++++++++++++--------------------------- package.json | 4 ++-- 2 files changed, 16 insertions(+), 29 deletions(-) diff --git a/package-lock.json b/package-lock.json index 358814c..b535605 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "river-babel", "dependencies": { "@listr2/manager": "^2.0.10", - "@replit/river": "^0.24.1", + "@replit/river": "^0.204.0", "@sinclair/typebox": "^0.32.20", "chalk": "^5.3.0", "diff": "^5.2.0", @@ -21,7 +21,7 @@ "split2": "^4.2.0", "strip-ansi": "^7.1.0", "tsx": "^4.7.2", - "ws": "^8.16.0", + "ws": "^8.17.1", "yargs": "^17.7.2" }, "devDependencies": { @@ -659,13 +659,13 @@ } }, "node_modules/@replit/river": { - "version": "0.24.1", - "resolved": "https://registry.npmjs.org/@replit/river/-/river-0.24.1.tgz", - "integrity": "sha512-brsXY/JEzpN9RrzKWAym2Sz5ru27PuPZdRswpIO4bvx6Fmc34h4vJYuWccN8r+2kNyNMNCYmY+KyYi+Cy3Ojbg==", + "version": "0.204.0", + "resolved": "https://registry.npmjs.org/@replit/river/-/river-0.204.0.tgz", + "integrity": "sha512-ivwCooJJMUiAseqSki7/hBomanNfH5tmgXmwcwuqHg+s1jvT2e7YCu9jVvizSZ9PMU0jriiJn/Z+TBvblacs1g==", + "license": "MIT", "dependencies": { "@msgpack/msgpack": "^3.0.0-beta2", - "it-pushable": "^3.2.3", - "nanoid": "^4.0.2", + "nanoid": "^5.0.9", "ws": "^8.17.0" }, "engines": { @@ -676,22 +676,6 @@ "@sinclair/typebox": "~0.32.8" } }, - "node_modules/@replit/river/node_modules/nanoid": { - "version": "4.0.2", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "license": "MIT", - "bin": { - "nanoid": "bin/nanoid.js" - }, - "engines": { - "node": "^14 || ^16 || >=18" - } - }, "node_modules/@sinclair/typebox": { "version": "0.32.20", "license": "MIT" @@ -2277,7 +2261,9 @@ "optional": true }, "node_modules/nanoid": { - "version": "5.0.6", + "version": "5.0.9", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.0.9.tgz", + "integrity": "sha512-Aooyr6MXU6HpvvWXKoVoXwKMs/KyVakWwg7xQfv5/S/RIgJMy0Ifa45H9qqYy7pTCszrHzP21Uk4PZq2HpEM8Q==", "funding": [ { "type": "github", @@ -2979,9 +2965,10 @@ "license": "ISC" }, "node_modules/ws": { - "version": "8.17.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.0.tgz", - "integrity": "sha512-uJq6108EgZMAl20KagGkzCKfMEjxmKvZHG7Tlq0Z6nOky7YF7aq4mOx6xK8TJ/i1LeK4Qus7INktacctDgY8Ow==", + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz", + "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==", + "license": "MIT", "engines": { "node": ">=10.0.0" }, diff --git a/package.json b/package.json index cea44e4..ae9e439 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ }, "dependencies": { "@listr2/manager": "^2.0.10", - "@replit/river": "^0.24.1", + "@replit/river": "^0.204.0", "@sinclair/typebox": "^0.32.20", "chalk": "^5.3.0", "diff": "^5.2.0", @@ -25,7 +25,7 @@ "split2": "^4.2.0", "strip-ansi": "^7.1.0", "tsx": "^4.7.2", - "ws": "^8.16.0", + "ws": "^8.17.1", "yargs": "^17.7.2" }, "devDependencies": {