From 2d3bf8cb2ffc61336db068db0c82df271d431730 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 21 Apr 2023 03:42:05 +0530 Subject: [PATCH 1/2] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 491f7f4..7ab114c 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "helmet": "^4.4.1", "heroku-logger": "^0.3.3", "jsep": "^0.3.5", - "jsforce": "^1.10.1", + "jsforce": "^1.11.1", "moment": "^2.24.0", "moment-timezone": "^0.5.33", "node-rsa": "^1.1.1", From 5239e4b5f8c3e44854b2d6698c55d3a1b5217770 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 21 Apr 2023 03:42:06 +0530 Subject: [PATCH 2/2] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 --- yarn.lock | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/yarn.lock b/yarn.lock index 2dcbc25..6986c5f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1668,7 +1668,7 @@ faye-websocket@>=0.9.1: dependencies: websocket-driver ">=0.5.1" -faye@^1.2.0: +faye@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/faye/-/faye-1.4.0.tgz#01d3d26ed5642c1cb203eed358afb1c1444b8669" integrity sha512-kRrIg4be8VNYhycS2PY//hpBJSzZPr/DBbcy9VWelhZMW3KhyLkQR0HL0k0MNpmVoNFF4EdfMFkNAWjTP65g6w== @@ -2705,10 +2705,10 @@ jsesc@^2.5.1: resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4" integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA== -jsforce@^1.10.1: - version "1.10.1" - resolved "https://registry.yarnpkg.com/jsforce/-/jsforce-1.10.1.tgz#ca1cf58d4439d94e1f84482d83081acd12c93269" - integrity sha512-rv+UpBR9n/sWdgLhyPOJuKgT9ZKngypYf9XOHoXVRpSllvTFCjn+M3H81Nu1oYjPH9JKXVS8hL1dmmq8+kOAJg== +jsforce@^1.11.1: + version "1.11.1" + resolved "https://registry.yarnpkg.com/jsforce/-/jsforce-1.11.1.tgz#229c176ef43b996438828734a8ba7ee691b61e98" + integrity sha512-u1vL2F4FYRNccwjwA3ftMULEf9Ekeyvsz7vYKeQ03sKg6m7DNwB2O9d0erCM7k5sQUJ44J39CI05nokDKN3ktw== dependencies: base64-url "^2.2.0" co-prompt "^1.0.0" @@ -2716,7 +2716,7 @@ jsforce@^1.10.1: commander "^2.9.0" csv-parse "^4.10.1" csv-stringify "^1.0.4" - faye "^1.2.0" + faye "^1.4.0" inherits "^2.0.1" lodash "^4.17.19" multistream "^2.0.5" @@ -2724,7 +2724,7 @@ jsforce@^1.10.1: promise "^7.1.1" readable-stream "^2.1.0" request "^2.72.0" - xml2js "^0.4.16" + xml2js "^0.5.0" json-parse-even-better-errors@^2.3.0: version "2.3.1" @@ -4516,7 +4516,7 @@ xml-name-validator@^3.0.0: resolved "https://registry.yarnpkg.com/xml-name-validator/-/xml-name-validator-3.0.0.tgz#6ae73e06de4d8c6e47f9fb181f78d648ad457c6a" integrity sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw== -xml2js@^0.4.16, xml2js@^0.4.23: +xml2js@^0.4.23: version "0.4.23" resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.23.tgz#a0c69516752421eb2ac758ee4d4ccf58843eac66" integrity sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug== @@ -4524,6 +4524,14 @@ xml2js@^0.4.16, xml2js@^0.4.23: sax ">=0.6.0" xmlbuilder "~11.0.0" +xml2js@^0.5.0: + version "0.5.0" + resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" + integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== + dependencies: + sax ">=0.6.0" + xmlbuilder "~11.0.0" + xmlbuilder@~11.0.0: version "11.0.1" resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3"