From 0c27c815f5b7c1c32f118067678eb342b411cde5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 30 Nov 2024 06:57:38 +0000 Subject: [PATCH 1/4] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6671926 --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9702660..c9cb240 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@electron/remote": "^2.1.2", "@types/swagger-jsdoc": "^6.0.4", "@xhayper/discord-rpc": "^1.2.0", - "axios": "^1.7.7", + "axios": "^1.7.8", "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.1", @@ -2364,9 +2364,9 @@ "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==" }, "node_modules/axios": { - "version": "1.7.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", - "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", + "version": "1.7.8", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.8.tgz", + "integrity": "sha512-Uu0wb7KNqK2t5K+YQyVCLM76prD5sRFjKHbJYCP1J7JFGEQ6nN7HWn9+04LAeiJ3ji54lgS/gZCH1oxyrf1SPw==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", diff --git a/package.json b/package.json index 05a4597..48a71a7 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@electron/remote": "^2.1.2", "@types/swagger-jsdoc": "^6.0.4", "@xhayper/discord-rpc": "^1.2.0", - "axios": "^1.7.7", + "axios": "^1.7.8", "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.1", From 9d736b2bd9da76c39a88b4056d9b58d9764c7a17 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Dec 2024 20:33:54 +0000 Subject: [PATCH 2/4] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416 --- package-lock.json | 21 +++++++++++++-------- package.json | 2 +- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index c9cb240..9241f24 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "axios": "^1.7.8", "cors": "^2.8.5", "electron-store": "^8.2.0", - "express": "^4.21.1", + "express": "^4.21.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", @@ -4167,9 +4167,9 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", @@ -4191,7 +4191,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -4206,6 +4206,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/debug": { @@ -6685,9 +6689,10 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" }, "node_modules/path-type": { "version": "4.0.0", diff --git a/package.json b/package.json index 48a71a7..045f35d 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "axios": "^1.7.8", "cors": "^2.8.5", "electron-store": "^8.2.0", - "express": "^4.21.1", + "express": "^4.21.2", "hotkeys-js": "^3.13.7", "mpris-service": "^2.1.2", "request": "^2.88.2", From fe9f50aaf5c4620d53b8ef64b41bb4811a98d6d4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 27 Dec 2024 23:17:27 +0000 Subject: [PATCH 3/4] fix: upgrade axios from 1.7.8 to 1.7.9 Snyk has created this PR to upgrade axios from 1.7.8 to 1.7.9. See this package in npm: axios See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9241f24..645aa0e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@electron/remote": "^2.1.2", "@types/swagger-jsdoc": "^6.0.4", "@xhayper/discord-rpc": "^1.2.0", - "axios": "^1.7.8", + "axios": "^1.7.9", "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.2", @@ -2364,9 +2364,9 @@ "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==" }, "node_modules/axios": { - "version": "1.7.8", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.8.tgz", - "integrity": "sha512-Uu0wb7KNqK2t5K+YQyVCLM76prD5sRFjKHbJYCP1J7JFGEQ6nN7HWn9+04LAeiJ3ji54lgS/gZCH1oxyrf1SPw==", + "version": "1.7.9", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", + "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", diff --git a/package.json b/package.json index 045f35d..42a19c0 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@electron/remote": "^2.1.2", "@types/swagger-jsdoc": "^6.0.4", "@xhayper/discord-rpc": "^1.2.0", - "axios": "^1.7.8", + "axios": "^1.7.9", "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.2", From c4ee6b51b97eefed4b2712de7c673015cacc749e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 4 Jan 2025 01:22:24 +0000 Subject: [PATCH 4/4] fix: upgrade hotkeys-js from 3.13.7 to 3.13.9 Snyk has created this PR to upgrade hotkeys-js from 3.13.7 to 3.13.9. See this package in npm: hotkeys-js See this project in Snyk: https://app.snyk.io/org/mastermindzh/project/dade8f03-2064-49a3-8957-edbacec3887c?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 9 +++++---- package.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 645aa0e..e890bdf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.2", - "hotkeys-js": "^3.13.7", + "hotkeys-js": "^3.13.9", "mpris-service": "^2.1.2", "request": "^2.88.2", "sass": "^1.79.4", @@ -5095,9 +5095,10 @@ } }, "node_modules/hotkeys-js": { - "version": "3.13.7", - "resolved": "https://registry.npmjs.org/hotkeys-js/-/hotkeys-js-3.13.7.tgz", - "integrity": "sha512-ygFIdTqqwG4fFP7kkiYlvayZppeIQX2aPpirsngkv1xM1lP0piDY5QEh68nQnIKvz64hfocxhBaD/uK3sSK1yQ==", + "version": "3.13.9", + "resolved": "https://registry.npmjs.org/hotkeys-js/-/hotkeys-js-3.13.9.tgz", + "integrity": "sha512-3TRCj9u9KUH6cKo25w4KIdBfdBfNRjfUwrljCLDC2XhmPDG0SjAZFcFZekpUZFmXzfYoGhFDcdx2gX/vUVtztQ==", + "license": "MIT", "funding": { "url": "https://jaywcjlove.github.io/#/sponsor" } diff --git a/package.json b/package.json index 42a19c0..25c465a 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "cors": "^2.8.5", "electron-store": "^8.2.0", "express": "^4.21.2", - "hotkeys-js": "^3.13.7", + "hotkeys-js": "^3.13.9", "mpris-service": "^2.1.2", "request": "^2.88.2", "sass": "^1.79.4",