From 6d72729ca7c4c001a29cf7371466383df018cba4 Mon Sep 17 00:00:00 2001 From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 04:41:51 +0000 Subject: [PATCH] fix: payment-components/vanilla-js/apps/client/package.json & payment-components/vanilla-js/apps/client/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-14157151 --- .../vanilla-js/apps/client/package-lock.json | 49 ++++++++++++------- .../vanilla-js/apps/client/package.json | 2 +- 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/payment-components/vanilla-js/apps/client/package-lock.json b/payment-components/vanilla-js/apps/client/package-lock.json index f491eda..47946d5 100644 --- a/payment-components/vanilla-js/apps/client/package-lock.json +++ b/payment-components/vanilla-js/apps/client/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "chargebee": "^2.42.0", - "express": "^4.21.0", + "express": "^4.22.0", "http": "^0.0.1-security" }, "devDependencies": { @@ -345,39 +345,39 @@ } }, "node_modules/express": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", - "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "version": "4.22.0", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.0.tgz", + "integrity": "sha512-c2iPh3xp5vvCLgaHK03+mWLFPhox7j1LwyxcZwFVApEv5i0X+IjPpbT50SJJwwLpdBVfp45AkK/v+AFgv/XlfQ==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.3", - "content-disposition": "0.5.4", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", "content-type": "~1.0.4", - "cookie": "0.7.1", - "cookie-signature": "1.0.6", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", "debug": "2.6.9", "depd": "2.0.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", - "finalhandler": "1.3.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", "merge-descriptors": "1.0.3", "methods": "~1.1.2", - "on-finished": "2.4.1", + "on-finished": "~2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.12", + "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", - "qs": "6.13.0", + "qs": "~6.14.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", - "send": "0.19.0", - "serve-static": "1.16.2", + "send": "~0.19.0", + "serve-static": "~1.16.2", "setprototypeof": "1.2.0", - "statuses": "2.0.1", + "statuses": "~2.0.1", "type-is": "~1.6.18", "utils-merge": "1.0.1", "vary": "~1.1.2" @@ -390,6 +390,21 @@ "url": "https://opencollective.com/express" } }, + "node_modules/express/node_modules/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/fill-range": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", diff --git a/payment-components/vanilla-js/apps/client/package.json b/payment-components/vanilla-js/apps/client/package.json index 7a217bc..670cca5 100644 --- a/payment-components/vanilla-js/apps/client/package.json +++ b/payment-components/vanilla-js/apps/client/package.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "chargebee": "^2.42.0", - "express": "^4.21.0", + "express": "^4.22.0", "http": "^0.0.1-security" }, "devDependencies": {