From c1e52b0ec559f7546d3efcc4dafbcaec7a5e0135 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 25 Jan 2026 16:38:51 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 --- package-lock.json | 15 +++++---------- package.json | 2 +- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index ef50935..335f216 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "express-routes-versioning": "^1.0.1", "express-winston": "^4.2.0", "knex": "^3.0.1", - "lodash": ">= 4.17.21", + "lodash": "^4.17.23", "pg": "^8.11.3", "winston": "^3.11.0", "yup": "^1.4.0" @@ -83,7 +83,6 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.25.2.tgz", "integrity": "sha512-BBt3opiCOxUr9euZ5/ro/Xv8/V7yJ5bjYMqG/C1YAo8MIKAnumZalCN+msbci3Pigy4lIQfPUpfMM27HMGaYEA==", "dev": true, - "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.24.7", @@ -1219,7 +1218,6 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz", "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==", "devOptional": true, - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -1598,7 +1596,6 @@ "url": "https://github.com/sponsors/ai" } ], - "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001646", "electron-to-chromium": "^1.5.4", @@ -2462,7 +2459,6 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", "dev": true, - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -2518,7 +2514,6 @@ "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz", "integrity": "sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==", "dev": true, - "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -4379,9 +4374,10 @@ } }, "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "license": "MIT" }, "node_modules/lodash.camelcase": { "version": "4.3.0", @@ -7449,7 +7445,6 @@ "version": "3.13.1", "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.1.tgz", "integrity": "sha512-SvZit7VFNvXRzbqGHsv5KSmgbEYR5EiQfDAL9gxYkRqa934Hnk++zze0wANKtMHcy/gI4W/3xmSDwlhf865WGw==", - "peer": true, "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.2", diff --git a/package.json b/package.json index dd74ca2..df89882 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "express-routes-versioning": "^1.0.1", "express-winston": "^4.2.0", "knex": "^3.0.1", - "lodash": ">= 4.17.21", + "lodash": ">=4.17.23", "pg": "^8.11.3", "winston": "^3.11.0", "yup": "^1.4.0"