From 4f2b8b405df6bb65f6c72b1962265703927ca0db Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 9 Aug 2025 06:44:37 +0000 Subject: [PATCH] fix: template/package.json & template/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TMP-11501554 --- template/package.json | 2 +- template/yarn.lock | 76 ++++++++++++++++++++++++++++--------------- 2 files changed, 50 insertions(+), 28 deletions(-) diff --git a/template/package.json b/template/package.json index 4d8b6e9..39cd99c 100644 --- a/template/package.json +++ b/template/package.json @@ -94,7 +94,7 @@ "markdown-it-github-headings": "^2.0.0", "markdown-it-highlightjs": "^3.4.0", "markdown-it-task-checkbox": "^1.0.6", - "mongodb-memory-server": "^6.9.3", + "mongodb-memory-server": "^7.0.0", "mongoose": "^5.11.15", "mongoose-common-plugin": "2.0.2", "mongoose-json-select": "^0.2.1", diff --git a/template/yarn.lock b/template/yarn.lock index 8a20432..ff0f923 100644 --- a/template/yarn.lock +++ b/template/yarn.lock @@ -1958,7 +1958,7 @@ resolved "https://registry.yarnpkg.com/@types/minimist/-/minimist-1.2.2.tgz#ee771e2ba4b3dc5b372935d549fd9617bf345b8c" integrity sha512-jhuKLIRrhvCPLqwPcx6INqmKeiA5EWrsCOPhrlFSrbrmU4ZMPjj5Ul/oLCMDO98XRUIwVm78xICz4EPCektzeQ== -"@types/mongodb@^3.5.27": +"@types/mongodb@^3.5.27", "@types/mongodb@^3.6.20": version "3.6.20" resolved "https://registry.yarnpkg.com/@types/mongodb/-/mongodb-3.6.20.tgz#b7c5c580644f6364002b649af1c06c3c0454e1d2" integrity sha512-WcdpPJCakFzcWWD9juKoZbRtQxKIMYF/JIAM4JrNHrMcnJL6/a2NWjXxW7fo9hxboxxkg+icff8d7+WIEvKgYQ== @@ -1991,10 +1991,10 @@ resolved "https://registry.yarnpkg.com/@types/retry/-/retry-0.12.2.tgz#ed279a64fa438bb69f2480eda44937912bb7480a" integrity sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow== -"@types/tmp@^0.2.0": - version "0.2.3" - resolved "https://registry.yarnpkg.com/@types/tmp/-/tmp-0.2.3.tgz#908bfb113419fd6a42273674c00994d40902c165" - integrity sha512-dDZH/tXzwjutnuk4UacGgFRwV+JSLaXL1ikvidfJprkb7L9Nx1njcRHHmi3Dsvt7pgqqTEeucQuOrWHPFgzVHA== +"@types/tmp@^0.2.2": + version "0.2.6" + resolved "https://registry.yarnpkg.com/@types/tmp/-/tmp-0.2.6.tgz#d785ee90c52d7cc020e249c948c36f7b32d1e217" + integrity sha512-chhaNf2oKHlRkDGt+tiKE2Z5aJ6qalm7Z9rlLdBwmOiAAf09YQvvoLXjWK4HWPF1xU/fqvMgfNfpVoBscA/tKA== "@types/unist@*", "@types/unist@^2.0.0", "@types/unist@^2.0.2", "@types/unist@^2.0.3": version "2.0.6" @@ -2684,7 +2684,7 @@ async-foreach@^0.1.3: resolved "https://registry.yarnpkg.com/async-foreach/-/async-foreach-0.1.3.tgz#36121f845c0578172de419a97dbeb1d16ec34542" integrity sha1-NhIfhFwFeBct5Bmpfb6x0W7DRUI= -async-mutex@^0.3.0: +async-mutex@^0.3.2: version "0.3.2" resolved "https://registry.yarnpkg.com/async-mutex/-/async-mutex-0.3.2.tgz#1485eda5bda1b0ec7c8df1ac2e815757ad1831df" integrity sha512-HuTK7E7MT7jZEh1P9GtRW9+aTWiDWWi9InbZ5hjxrnRa39KS4BW04+xLBhYNS2aXhHUIKZSw3gj4Pn1pj+qGAA== @@ -7190,7 +7190,7 @@ finalhandler@^1.1.2: statuses "2.0.1" unpipe "~1.0.0" -find-cache-dir@^3.2.0, find-cache-dir@^3.3.1: +find-cache-dir@^3.2.0, find-cache-dir@^3.3.1, find-cache-dir@^3.3.2: version "3.3.2" resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.2.tgz#b30c5b6eff0730731aea9bbd9dbecbd80256d64b" integrity sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig== @@ -7204,11 +7204,6 @@ find-line-column@^0.5.2: resolved "https://registry.yarnpkg.com/find-line-column/-/find-line-column-0.5.2.tgz#db00238ff868551a182e74a103416d295a98c8ca" integrity sha1-2wAjj/hoVRoYLnShA0FtKVqYyMo= -find-package-json@^1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/find-package-json/-/find-package-json-1.2.0.tgz#4057d1b943f82d8445fe52dc9cf456f6b8b58083" - integrity sha512-+SOGcLGYDJHtyqHd87ysBhmaeQ95oWspDKnMXBrnQ9Eq4OkLNqejgoaD8xVWu6GPa0B6roa6KinCMEMcVeqONw== - find-root@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/find-root/-/find-root-1.1.0.tgz#abcfc8ba76f708c42a97b3d685b7e9450bfb9ce4" @@ -12163,22 +12158,23 @@ module-deps@^6.2.3: through2 "^2.0.0" xtend "^4.0.0" -mongodb-memory-server-core@6.10.0: - version "6.10.0" - resolved "https://registry.yarnpkg.com/mongodb-memory-server-core/-/mongodb-memory-server-core-6.10.0.tgz#9239c7941e5b0a225b50494563f0fc528c056690" - integrity sha512-Mil7M4w1231laVi3RYckVnvHANgSIHUICzdIxI5N2JM/i+uKamxkgUXmjWob188jWrWrTqeCI2vNq6KoGzRlxQ== +mongodb-memory-server-core@7.6.3: + version "7.6.3" + resolved "https://registry.yarnpkg.com/mongodb-memory-server-core/-/mongodb-memory-server-core-7.6.3.tgz#ba3ff2f50dc1cf5105683f15de54202976931af0" + integrity sha512-5rv79YlPoPvguRfFv1fvR78z69/QohGD+65f9UYWDfD70ykXpf6tAXPpWJ4ww/ues7FIVepkFCr3aiUvu6lA+A== dependencies: - "@types/tmp" "^0.2.0" - async-mutex "^0.3.0" + "@types/mongodb" "^3.6.20" + "@types/tmp" "^0.2.2" + async-mutex "^0.3.2" camelcase "^6.1.0" debug "^4.2.0" - find-cache-dir "^3.3.1" - find-package-json "^1.2.0" + find-cache-dir "^3.3.2" get-port "^5.1.1" https-proxy-agent "^5.0.0" md5-file "^5.0.0" mkdirp "^1.0.4" - mongodb "^3.6.9" + mongodb "^3.7.3" + new-find-package-json "^1.1.0" semver "^7.3.5" tar-stream "^2.1.4" tmp "^0.2.1" @@ -12186,15 +12182,15 @@ mongodb-memory-server-core@6.10.0: uuid "^8.3.1" yauzl "^2.10.0" -mongodb-memory-server@^6.9.3: - version "6.10.0" - resolved "https://registry.yarnpkg.com/mongodb-memory-server/-/mongodb-memory-server-6.10.0.tgz#3011f12b69bd5cd3610eb51df57555bdab5383cb" - integrity sha512-u/n35Jdbl6CwlOlpFcCkMcVsckJNhKsldI2ImePe4+5e/kKgyktS97K5VBv5wppTVOblAbebFInnIsvSts74nQ== +mongodb-memory-server@^7.0.0: + version "7.6.3" + resolved "https://registry.yarnpkg.com/mongodb-memory-server/-/mongodb-memory-server-7.6.3.tgz#8b2827363ca16aaf250cba07f7a2b49e502735d4" + integrity sha512-yHDE9FGxOpSRUzitF9Qx3JjEgayCSJI3JOW2wgeBH/5PAsUdisy2nRxRiNwwLDooQ7tohllWCRTXlWqyarUEMQ== dependencies: - mongodb-memory-server-core "6.10.0" + mongodb-memory-server-core "7.6.3" tslib "^2.3.0" -mongodb@3.7.3, mongodb@^3.6.9: +mongodb@3.7.3: version "3.7.3" resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-3.7.3.tgz#b7949cfd0adc4cc7d32d3f2034214d4475f175a5" integrity sha512-Psm+g3/wHXhjBEktkxXsFMZvd3nemI0r3IPsE0bU+4//PnvNWKkzhZcEsbPcYiWqe8XqXJJEg4Tgtr7Raw67Yw== @@ -12207,6 +12203,19 @@ mongodb@3.7.3, mongodb@^3.6.9: optionalDependencies: saslprep "^1.0.0" +mongodb@^3.7.3: + version "3.7.4" + resolved "https://registry.yarnpkg.com/mongodb/-/mongodb-3.7.4.tgz#119530d826361c3e12ac409b769796d6977037a4" + integrity sha512-K5q8aBqEXMwWdVNh94UQTwZ6BejVbFhh1uB6c5FKtPE9eUMZPUO3sRZdgIEcHSrAWmxzpG/FeODDKL388sqRmw== + dependencies: + bl "^2.2.1" + bson "^1.1.4" + denque "^1.4.1" + optional-require "^1.1.8" + safe-buffer "^5.1.2" + optionalDependencies: + saslprep "^1.0.0" + mongoose-common-plugin@2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/mongoose-common-plugin/-/mongoose-common-plugin-2.0.2.tgz#5b877c138e6f98eb27fdc49b91561017c1a92722" @@ -12446,6 +12455,14 @@ nested-error-stacks@^1.0.0, nested-error-stacks@^1.0.1: dependencies: inherits "~2.0.1" +new-find-package-json@^1.1.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/new-find-package-json/-/new-find-package-json-1.2.0.tgz#a2c0684c6539941a711d810acc5c3e9f076a7426" + integrity sha512-Z4v/wBxApGh1cCGEhNmq4p8wjDvM6R6vEuYzlAhzOlXBKLJfjyMvwd+ZHR9fyYKVvXfEn4Z3YX6MD470PxpVbQ== + dependencies: + debug "^4.3.4" + tslib "^2.4.0" + next-line@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/next-line/-/next-line-1.1.0.tgz#fcae57853052b6a9bae8208e40dd7d3c2d304603" @@ -18727,6 +18744,11 @@ tslib@^2.1.0, tslib@^2.2.0, tslib@^2.3.0, tslib@^2.3.1: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.0.tgz#7cecaa7f073ce680a05847aa77be941098f36dc3" integrity sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ== +tslib@^2.4.0: + version "2.8.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f" + integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w== + tsscmp@1.0.6, tsscmp@^1.0.6: version "1.0.6" resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"