From c09a4bc4a80e2dc399bdeccf9e8c3ded68764aad Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 26 Mar 2024 21:37:31 +0000 Subject: [PATCH 1/5] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 --- package-lock.json | 16 ++++++++-------- package.json | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9ab5558..13eec71 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "axios": "^1.6.5", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", - "express": "^4.18.3", + "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", @@ -2620,9 +2620,9 @@ } }, "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "engines": { "node": ">= 0.6" } @@ -3756,16 +3756,16 @@ } }, "node_modules/express": { - "version": "4.18.3", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", - "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", diff --git a/package.json b/package.json index a2c5d61..158f816 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "axios": "^1.6.5", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", - "express": "^4.18.3", + "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", From d3330472691533bfd852811dd423e44603c227cf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:24:56 +0000 Subject: [PATCH 2/5] fix: upgrade axios from 1.6.5 to 1.6.8 Snyk has created this PR to upgrade axios from 1.6.5 to 1.6.8. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec71..e3dcb81 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@electron/remote": "^2.1.2", - "axios": "^1.6.5", + "axios": "^1.6.8", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", "express": "^4.19.2", @@ -1890,11 +1890,11 @@ "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==" }, "node_modules/axios": { - "version": "1.6.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.5.tgz", - "integrity": "sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg==", + "version": "1.6.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", + "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/package.json b/package.json index 158f816..2e365b4 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "license": "MIT", "dependencies": { "@electron/remote": "^2.1.2", - "axios": "^1.6.5", + "axios": "^1.6.8", "discord-rpc": "^4.0.1", "electron-store": "^8.1.0", "express": "^4.19.2", From 29465ce13a3731da2d19168a8022b6af63ff6d8c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:25:00 +0000 Subject: [PATCH 3/5] fix: upgrade electron-store from 8.1.0 to 8.2.0 Snyk has created this PR to upgrade electron-store from 8.1.0 to 8.2.0. See this package in npm: https://www.npmjs.com/package/electron-store See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec71..0e080d5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@electron/remote": "^2.1.2", "axios": "^1.6.5", "discord-rpc": "^4.0.1", - "electron-store": "^8.1.0", + "electron-store": "^8.2.0", "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", @@ -3429,9 +3429,9 @@ } }, "node_modules/electron-store": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/electron-store/-/electron-store-8.1.0.tgz", - "integrity": "sha512-2clHg/juMjOH0GT9cQ6qtmIvK183B39ZXR0bUoPwKwYHJsEF3quqyDzMFUAu+0OP8ijmN2CbPRAelhNbWUbzwA==", + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/electron-store/-/electron-store-8.2.0.tgz", + "integrity": "sha512-ukLL5Bevdil6oieAOXz3CMy+OgaItMiVBg701MNlG6W5RaC0AHN7rvlqTCmeb6O7jP0Qa1KKYTE0xV0xbhF4Hw==", "dependencies": { "conf": "^10.2.0", "type-fest": "^2.17.0" diff --git a/package.json b/package.json index 158f816..3810106 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "@electron/remote": "^2.1.2", "axios": "^1.6.5", "discord-rpc": "^4.0.1", - "electron-store": "^8.1.0", + "electron-store": "^8.2.0", "express": "^4.19.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", From a75b0336dbddf8af9de6c318e966851e8d7ebeaf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 20:25:03 +0000 Subject: [PATCH 4/5] fix: upgrade sass from 1.71.1 to 1.72.0 Snyk has created this PR to upgrade sass from 1.71.1 to 1.72.0. See this package in npm: https://www.npmjs.com/package/sass See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 13eec71..d902fc3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.71.1" + "sass": "^1.72.0" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", @@ -7053,9 +7053,9 @@ } }, "node_modules/sass": { - "version": "1.71.1", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.71.1.tgz", - "integrity": "sha512-wovtnV2PxzteLlfNzbgm1tFXPLoZILYAMJtvoXXkD7/+1uP41eKkIt1ypWq5/q2uT94qHjXehEYfmjKOvjL9sg==", + "version": "1.72.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.72.0.tgz", + "integrity": "sha512-Gpczt3WA56Ly0Mn8Sl21Vj94s1axi9hDIzDFn9Ph9x3C3p4nNyvsqJoQyVXKou6cBlfFWEgRW4rT8Tb4i3XnVA==", "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", diff --git a/package.json b/package.json index 158f816..e26abc5 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.71.1" + "sass": "^1.72.0" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", From 755816c2b8f540dd9c4f1c4fc7544016bb516019 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 25 Apr 2024 04:29:39 +0000 Subject: [PATCH 5/5] fix: upgrade sass from 1.72.0 to 1.74.1 Snyk has created this PR to upgrade sass from 1.72.0 to 1.74.1. See this package in npm: https://www.npmjs.com/package/sass See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index c3335fe..c89e8e3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.72.0" + "sass": "^1.74.1" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0", @@ -7053,9 +7053,9 @@ } }, "node_modules/sass": { - "version": "1.72.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.72.0.tgz", - "integrity": "sha512-Gpczt3WA56Ly0Mn8Sl21Vj94s1axi9hDIzDFn9Ph9x3C3p4nNyvsqJoQyVXKou6cBlfFWEgRW4rT8Tb4i3XnVA==", + "version": "1.74.1", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.74.1.tgz", + "integrity": "sha512-w0Z9p/rWZWelb88ISOLyvqTWGmtmu2QJICqDBGyNnfG4OUnPX9BBjjYIXUpXCMOOg5MQWNpqzt876la1fsTvUA==", "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", diff --git a/package.json b/package.json index 3550a7d..b038cb8 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", - "sass": "^1.72.0" + "sass": "^1.74.1" }, "devDependencies": { "@mastermindzh/prettier-config": "^1.0.0",