From c72a9faecdbe95e9323353521a9cff761b02739e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 26 Jan 2024 17:06:56 +0000 Subject: [PATCH] fix: serverless/package.json & serverless/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857 - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024 - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026 --- serverless/package-lock.json | 121 ++++++++++++++++++++++++++--------- serverless/package.json | 2 +- 2 files changed, 93 insertions(+), 30 deletions(-) diff --git a/serverless/package-lock.json b/serverless/package-lock.json index 18fed6b..22a38b4 100644 --- a/serverless/package-lock.json +++ b/serverless/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "dependencies": { "@sendgrid/client": "^7.7.0", - "@twilio/runtime-handler": "1.3.0", + "@twilio/runtime-handler": "^1.3.1", "form-data": "^4.0.0", "jsonwebtoken": "^9.0.1", "twilio": "^3.56" @@ -249,19 +249,19 @@ } }, "node_modules/@twilio-labs/serverless-runtime-types": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/@twilio-labs/serverless-runtime-types/-/serverless-runtime-types-2.2.3.tgz", - "integrity": "sha512-56PbcrZxyNycFYACdErrEKvIq4ThmUkHs6IZYd7u6qt4sbb/qokjgkzvsSKFmnapPxYnTKJRLzNZEJ2BEaKShQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@twilio-labs/serverless-runtime-types/-/serverless-runtime-types-3.0.0.tgz", + "integrity": "sha512-A+760thaqfwLLdsoXBXRn1LGuD1cGG1OJ8e+Zo15VfKeVHzGBxiJ0EvW791b8b0EaTlYeuZePnKfFUXPvmyUhg==", "dependencies": { "@types/express": "^4.17.11", "@types/qs": "^6.9.4", - "twilio": "^3.60.0" + "twilio": "^4.20.1" } }, "node_modules/@twilio-labs/serverless-runtime-types/node_modules/@types/express": { - "version": "4.17.17", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz", - "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.33", @@ -269,12 +269,40 @@ "@types/serve-static": "*" } }, + "node_modules/@twilio-labs/serverless-runtime-types/node_modules/axios": { + "version": "1.6.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", + "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "dependencies": { + "follow-redirects": "^1.15.4", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/@twilio-labs/serverless-runtime-types/node_modules/twilio": { + "version": "4.21.0", + "resolved": "https://registry.npmjs.org/twilio/-/twilio-4.21.0.tgz", + "integrity": "sha512-+meDbJPOxs6vEysJ7xX7XMn6FLKmZFSeVzMKjzN9NWgDXssp713Kf1ukteZlXhnhd7/NtNiUv5OU17qVgBb/BQ==", + "dependencies": { + "axios": "^1.6.0", + "dayjs": "^1.11.9", + "https-proxy-agent": "^5.0.0", + "jsonwebtoken": "^9.0.0", + "qs": "^6.9.4", + "scmp": "^2.1.0", + "url-parse": "^1.5.9", + "xmlbuilder": "^13.0.2" + }, + "engines": { + "node": ">=14.0" + } + }, "node_modules/@twilio/runtime-handler": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@twilio/runtime-handler/-/runtime-handler-1.3.0.tgz", - "integrity": "sha512-xKiE7IGVspEcvP3T2kaB/QfDrE6LK9cu4DN2ds3oqcJIrNHpuPvCJjEn8DcPn8O9E2Lq/aRycJq/c//R+inlFQ==", + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/@twilio/runtime-handler/-/runtime-handler-1.3.1.tgz", + "integrity": "sha512-siHhPqJadvzaKrBnRe29RIDos/ipnfl31UhZqb33Yx1KN1x0ZT8uK1d0IMzZjNuuJj2owodZZRuPXfYX4nCYdA==", "dependencies": { - "@twilio-labs/serverless-runtime-types": "^2.2.3", + "@twilio-labs/serverless-runtime-types": "^3.0.0", "@types/express": "4.17.7", "chalk": "^4.1.1", "common-tags": "^1.8.0", @@ -2072,9 +2100,9 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", - "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==", + "version": "1.15.5", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", + "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", "funding": [ { "type": "individual", @@ -3718,6 +3746,11 @@ "node": ">= 0.10" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "node_modules/pseudomap": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", @@ -5337,34 +5370,59 @@ } }, "@twilio-labs/serverless-runtime-types": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/@twilio-labs/serverless-runtime-types/-/serverless-runtime-types-2.2.3.tgz", - "integrity": "sha512-56PbcrZxyNycFYACdErrEKvIq4ThmUkHs6IZYd7u6qt4sbb/qokjgkzvsSKFmnapPxYnTKJRLzNZEJ2BEaKShQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@twilio-labs/serverless-runtime-types/-/serverless-runtime-types-3.0.0.tgz", + "integrity": "sha512-A+760thaqfwLLdsoXBXRn1LGuD1cGG1OJ8e+Zo15VfKeVHzGBxiJ0EvW791b8b0EaTlYeuZePnKfFUXPvmyUhg==", "requires": { "@types/express": "^4.17.11", "@types/qs": "^6.9.4", - "twilio": "^3.60.0" + "twilio": "^4.20.1" }, "dependencies": { "@types/express": { - "version": "4.17.17", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz", - "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", "requires": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.33", "@types/qs": "*", "@types/serve-static": "*" } + }, + "axios": { + "version": "1.6.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", + "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "requires": { + "follow-redirects": "^1.15.4", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "twilio": { + "version": "4.21.0", + "resolved": "https://registry.npmjs.org/twilio/-/twilio-4.21.0.tgz", + "integrity": "sha512-+meDbJPOxs6vEysJ7xX7XMn6FLKmZFSeVzMKjzN9NWgDXssp713Kf1ukteZlXhnhd7/NtNiUv5OU17qVgBb/BQ==", + "requires": { + "axios": "^1.6.0", + "dayjs": "^1.11.9", + "https-proxy-agent": "^5.0.0", + "jsonwebtoken": "^9.0.0", + "qs": "^6.9.4", + "scmp": "^2.1.0", + "url-parse": "^1.5.9", + "xmlbuilder": "^13.0.2" + } } } }, "@twilio/runtime-handler": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@twilio/runtime-handler/-/runtime-handler-1.3.0.tgz", - "integrity": "sha512-xKiE7IGVspEcvP3T2kaB/QfDrE6LK9cu4DN2ds3oqcJIrNHpuPvCJjEn8DcPn8O9E2Lq/aRycJq/c//R+inlFQ==", + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/@twilio/runtime-handler/-/runtime-handler-1.3.1.tgz", + "integrity": "sha512-siHhPqJadvzaKrBnRe29RIDos/ipnfl31UhZqb33Yx1KN1x0ZT8uK1d0IMzZjNuuJj2owodZZRuPXfYX4nCYdA==", "requires": { - "@twilio-labs/serverless-runtime-types": "^2.2.3", + "@twilio-labs/serverless-runtime-types": "^3.0.0", "@types/express": "4.17.7", "chalk": "^4.1.1", "common-tags": "^1.8.0", @@ -6799,9 +6857,9 @@ } }, "follow-redirects": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", - "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==" + "version": "1.15.5", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", + "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==" }, "forever-agent": { "version": "0.6.1", @@ -8045,6 +8103,11 @@ "ipaddr.js": "1.9.1" } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "pseudomap": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz", diff --git a/serverless/package.json b/serverless/package.json index 24784ed..7e124c3 100644 --- a/serverless/package.json +++ b/serverless/package.json @@ -9,7 +9,7 @@ }, "dependencies": { "@sendgrid/client": "^7.7.0", - "@twilio/runtime-handler": "1.3.0", + "@twilio/runtime-handler": "1.3.1", "form-data": "^4.0.0", "jsonwebtoken": "^9.0.1", "twilio": "^3.56"