From 740348fcf99a1992e2d503bc08a57c5a511499cd Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 10 Feb 2022 23:54:14 +0200 Subject: [PATCH] [Snyk] Security upgrade twilio from 3.52.0 to 3.54.2 (#26) * fix: modules/sms/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346 * chore: update yarn.lock Co-authored-by: kkopanidis --- modules/sms/package.json | 2 +- yarn.lock | 28 +++++++--------------------- 2 files changed, 8 insertions(+), 22 deletions(-) diff --git a/modules/sms/package.json b/modules/sms/package.json index b060fac22..34e1e3017 100644 --- a/modules/sms/package.json +++ b/modules/sms/package.json @@ -26,7 +26,7 @@ "@grpc/grpc-js": "^1.3.4", "lodash": "^4.17.15", "@grpc/proto-loader": "^0.5.4", - "twilio": "3.52.0" + "twilio": "3.54.2" }, "devDependencies": { "@types/convict": "^4.2.1", diff --git a/yarn.lock b/yarn.lock index aa1797097..09ced65fe 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3185,20 +3185,13 @@ axios@0.20.0: dependencies: follow-redirects "^1.10.0" -axios@0.21.4, axios@^0.21.4: +axios@0.21.4, axios@^0.21.1, axios@^0.21.4: version "0.21.4" resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg== dependencies: follow-redirects "^1.14.0" -axios@^0.19.2: - version "0.19.2" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.19.2.tgz#3ea36c5d8818d0d5f8a8a97a6d36b86cdc00cb27" - integrity sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA== - dependencies: - follow-redirects "1.5.10" - axios@^0.21.0: version "0.21.1" resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.1.tgz#22563481962f4d6bde9a76d516ef0e5d3c09b2b8" @@ -4714,7 +4707,7 @@ debug@2, debug@2.6.9, debug@^2.2.0, debug@^2.3.3, debug@~2.6.9: dependencies: ms "2.0.0" -debug@3.1.0, debug@=3.1.0: +debug@3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261" integrity sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g== @@ -5832,13 +5825,6 @@ fn.name@1.x.x: resolved "https://registry.yarnpkg.com/fn.name/-/fn.name-1.1.0.tgz#26cad8017967aea8731bc42961d04a3d5988accc" integrity sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw== -follow-redirects@1.5.10: - version "1.5.10" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.5.10.tgz#7b7a9f9aea2fdff36786a94ff643ed07f4ff5e2a" - integrity sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ== - dependencies: - debug "=3.1.0" - follow-redirects@^1.10.0: version "1.13.0" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.13.0.tgz#b42e8d93a2a7eea5ed88633676d6597bc8e384db" @@ -12281,12 +12267,12 @@ tweetnacl@^0.14.3, tweetnacl@~0.14.0: resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64" integrity sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q= -twilio@3.52.0: - version "3.52.0" - resolved "https://registry.yarnpkg.com/twilio/-/twilio-3.52.0.tgz#197408019534de9a11afad686ed55e25ec211404" - integrity sha512-G/2J4iva5T8080Mei3e24bCBxAemVe766iYQP+OonAzP7EUx9sv/hnNoNsM5u1vKkqKn7ER2uJ+mRI6bJrdEMA== +twilio@3.54.2: + version "3.54.2" + resolved "https://registry.yarnpkg.com/twilio/-/twilio-3.54.2.tgz#b938ea7d6f9d26bcc98650624a645ecf9b527ee2" + integrity sha512-Hr3mb8/2yLaVIbcSLWtymPzt42atExlBU5eydI6oKAhAZiTuER4LyDsqKcJ4PBFeZDFzG7Qu0yLZ8bYp8ydV4w== dependencies: - axios "^0.19.2" + axios "^0.21.1" dayjs "^1.8.29" jsonwebtoken "^8.5.1" lodash "^4.17.19"