From 0aaa7887551a4797453ecd9c145506e3f4492088 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 28 Oct 2024 20:57:27 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 --- package-lock.json | 33 ++++++++++++++++++++------------- package.json | 2 +- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0252969..d8deb62 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "cva": "npm:class-variance-authority@^0.6.1", "lucide-react": "^0.256.0", "next": "^13.4.7", - "next-auth": "^4.22.1", + "next-auth": "^4.24.9", "nodemailer": "^6.9.3", "openai-edge": "^1.2.2", "react": "^18.2.0", @@ -3543,9 +3543,10 @@ "dev": true }, "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", "engines": { "node": ">= 0.6" } @@ -6230,9 +6231,10 @@ } }, "node_modules/jose": { - "version": "4.14.4", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.4.tgz", - "integrity": "sha512-j8GhLiKmUAh+dsFXlX1aJCbt5KMibuKb+d7j1JaOJG6s2UjX1PQlW+OKB/sD4a/5ZYF4RcmYmLSndOoU3Lt/3g==", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" } @@ -7030,14 +7032,15 @@ } }, "node_modules/next-auth": { - "version": "4.22.1", - "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.22.1.tgz", - "integrity": "sha512-NTR3f6W7/AWXKw8GSsgSyQcDW6jkslZLH8AiZa5PQ09w1kR8uHtR9rez/E9gAq/o17+p0JYHE8QjF3RoniiObA==", + "version": "4.24.9", + "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.9.tgz", + "integrity": "sha512-1eSvaJb5I3EIzSkU+HMBnLPQTD+q23CuBhWRW6PvT7x5wVHTAkOTpnLobczPjqra38ai8E6uSlVy/HSV3gecXw==", + "license": "ISC", "dependencies": { "@babel/runtime": "^7.20.13", "@panva/hkdf": "^1.0.2", - "cookie": "^0.5.0", - "jose": "^4.11.4", + "cookie": "^0.7.0", + "jose": "^4.15.5", "oauth": "^0.9.15", "openid-client": "^5.4.0", "preact": "^10.6.3", @@ -7045,12 +7048,16 @@ "uuid": "^8.3.2" }, "peerDependencies": { - "next": "^12.2.5 || ^13", + "@auth/core": "0.34.2", + "next": "^12.2.5 || ^13 || ^14 || ^15", "nodemailer": "^6.6.5", "react": "^17.0.2 || ^18", "react-dom": "^17.0.2 || ^18" }, "peerDependenciesMeta": { + "@auth/core": { + "optional": true + }, "nodemailer": { "optional": true } diff --git a/package.json b/package.json index 7096d66..1132f69 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "cva": "npm:class-variance-authority@^0.6.1", "lucide-react": "^0.256.0", "next": "^13.4.7", - "next-auth": "^4.22.1", + "next-auth": "^4.24.9", "nodemailer": "^6.9.3", "openai-edge": "^1.2.2", "react": "^18.2.0",