From cc8c2707b014bdfc972e3c57ded3663ded001b95 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 19 Oct 2024 05:16:01 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 --- package-lock.json | 57 +++++++++++++++++++++++++++++++++-------------- package.json | 2 +- 2 files changed, 41 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0d9ed7c4..2ce12ef3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -63,7 +63,7 @@ "@vaadin/progress-bar": "23.5.6", "@vaadin/radio-group": "23.5.6", "@vaadin/rich-text-editor": "23.5.6", - "@vaadin/router": "1.7.5", + "@vaadin/router": "^2.0.0", "@vaadin/scroller": "23.5.6", "@vaadin/select": "23.5.6", "@vaadin/split-layout": "23.5.6", @@ -126,7 +126,7 @@ "construct-style-sheets-polyfill": "3.1.0", "date-fns": "2.30.0", "lit": "2.6.1", - "proj4": "^2.12.1" + "proj4": "2.12.1" }, "devDependencies": { "@rollup/plugin-replace": "3.1.0", @@ -3333,12 +3333,26 @@ } }, "node_modules/@vaadin/router": { - "version": "1.7.5", - "resolved": "https://registry.npmjs.org/@vaadin/router/-/router-1.7.5.tgz", - "integrity": "sha512-uRN3vd1ihgd596bF/NMZqpgxau0nlvIc0/JDd1EwStFNbZID/xIVse5LXdQhIyUKLmSl4T0GeCQK505xerWX0w==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@vaadin/router/-/router-2.0.0.tgz", + "integrity": "sha512-IjOlzuUsrVhfBId+ypcdDLM3+GZHo64DUlkr8IjFe04A4kMvt0zVFIpPH03X52/tMiwyYOF0Sw6p53DXkWiZcA==", + "license": "Apache-2.0", "dependencies": { - "@vaadin/vaadin-usage-statistics": "^2.1.0", - "path-to-regexp": "2.4.0" + "@vaadin/vaadin-usage-statistics": "^2.1.2", + "path-to-regexp": "^6.3.0", + "type-fest": "^4.26.1" + } + }, + "node_modules/@vaadin/router/node_modules/type-fest": { + "version": "4.26.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.26.1.tgz", + "integrity": "sha512-yOGpmOAL7CkKe/91I5O3gPICmJNLJ1G4zFYVAsRHg7M64biSnPtRj0WNQt++bRkjYOqjWXrhnUw1utzmVErAdg==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/@vaadin/scroller": { @@ -6120,9 +6134,10 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.4.0.tgz", - "integrity": "sha512-G6zHoVqC6GGTQkZwF4lkuEyMbVOjoBKAEybQUypI1WTkqinCOrq2x6U2+phkJ1XsEMTy4LjtwPI7HW+NVrRR2w==" + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz", + "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==", + "license": "MIT" }, "node_modules/pbf": { "version": "3.2.1", @@ -9897,12 +9912,20 @@ } }, "@vaadin/router": { - "version": "1.7.5", - "resolved": "https://registry.npmjs.org/@vaadin/router/-/router-1.7.5.tgz", - "integrity": "sha512-uRN3vd1ihgd596bF/NMZqpgxau0nlvIc0/JDd1EwStFNbZID/xIVse5LXdQhIyUKLmSl4T0GeCQK505xerWX0w==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@vaadin/router/-/router-2.0.0.tgz", + "integrity": "sha512-IjOlzuUsrVhfBId+ypcdDLM3+GZHo64DUlkr8IjFe04A4kMvt0zVFIpPH03X52/tMiwyYOF0Sw6p53DXkWiZcA==", "requires": { "@vaadin/vaadin-usage-statistics": "2.1.3", - "path-to-regexp": "2.4.0" + "path-to-regexp": "^6.3.0", + "type-fest": "^4.26.1" + }, + "dependencies": { + "type-fest": { + "version": "4.26.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.26.1.tgz", + "integrity": "sha512-yOGpmOAL7CkKe/91I5O3gPICmJNLJ1G4zFYVAsRHg7M64biSnPtRj0WNQt++bRkjYOqjWXrhnUw1utzmVErAdg==" + } } }, "@vaadin/scroller": { @@ -11947,9 +11970,9 @@ "dev": true }, "path-to-regexp": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.4.0.tgz", - "integrity": "sha512-G6zHoVqC6GGTQkZwF4lkuEyMbVOjoBKAEybQUypI1WTkqinCOrq2x6U2+phkJ1XsEMTy4LjtwPI7HW+NVrRR2w==" + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz", + "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==" }, "pbf": { "version": "3.2.1", diff --git a/package.json b/package.json index 402e0b99..4a9157f3 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "@vaadin/progress-bar": "23.5.6", "@vaadin/radio-group": "23.5.6", "@vaadin/rich-text-editor": "23.5.6", - "@vaadin/router": "1.7.5", + "@vaadin/router": "2.0.0", "@vaadin/scroller": "23.5.6", "@vaadin/select": "23.5.6", "@vaadin/split-layout": "23.5.6",