From 0ce0928d73d60e147ea11ed6437dc300a0b8e727 Mon Sep 17 00:00:00 2001 From: "kiloconnect-development[bot]" <242397087+kiloconnect-development[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 14:02:08 +0000 Subject: [PATCH] fix: upgrade ejs to 3.1.7 to remediate CVE-2022-29078 (GHSA-phwq-j96m-2c2q) --- package-lock.json | 95 ++++++++++++++---------------------- package.json | 121 +++++++++++++++++++++++----------------------- 2 files changed, 97 insertions(+), 119 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1cde3c1..2071d68 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "debug": "4.3.1", "dompurify": "2.3.0", "dotenv": "10.0.0", - "ejs": "3.1.6", + "ejs": "^3.1.7", "engine.io": "6.2.0", "express": "4.17.1", "fast-xml-parser": "4.0.7", @@ -369,9 +369,6 @@ "cpu": [ "arm64" ], - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -388,9 +385,6 @@ "cpu": [ "arm64" ], - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -407,9 +401,6 @@ "cpu": [ "x64" ], - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -426,9 +417,6 @@ "cpu": [ "x64" ], - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -1061,9 +1049,6 @@ "arm64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -1078,9 +1063,6 @@ "arm64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -1095,9 +1077,6 @@ "ppc64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -1112,9 +1091,6 @@ "riscv64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -1129,9 +1105,6 @@ "riscv64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -1146,9 +1119,6 @@ "s390x" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -1163,9 +1133,6 @@ "x64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -1180,9 +1147,6 @@ "x64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -2898,12 +2862,12 @@ "license": "MIT" }, "node_modules/ejs": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.6.tgz", - "integrity": "sha512-9lt9Zse4hPucPkoP7FHDF0LQAlGyF9JVpnClFLFH3aSSbxmyoqINRpp/9wePWJTUl4KOQwRL72Iw3InHPDkoGw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.7.tgz", + "integrity": "sha512-BIar7R6abbUxDA3bfXrO4DSgwo8I+fB5/1zgujl3HLLjwd6+9iOnrT+t3grn2qbk9vOgBubXOFwX2m9axoFaGw==", "license": "Apache-2.0", "dependencies": { - "jake": "^10.6.1" + "jake": "^10.8.5" }, "bin": { "ejs": "bin/cli.js" @@ -5995,6 +5959,19 @@ "node": ">=8.6" } }, + "node_modules/micromatch/node_modules/picomatch": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, "node_modules/mime": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", @@ -6985,13 +6962,13 @@ "license": "ISC" }, "node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz", + "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", "dev": true, "license": "MIT", "engines": { - "node": ">=8.6" + "node": ">=12" }, "funding": { "url": "https://github.com/sponsors/jonschlinkert" @@ -9106,19 +9083,6 @@ "url": "https://github.com/sponsors/SuperchupuDev" } }, - "node_modules/tinyglobby/node_modules/picomatch": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", - "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -9376,6 +9340,21 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/typescript": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz", + "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==", + "dev": true, + "license": "Apache-2.0", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, "node_modules/ua-parser-js": { "version": "0.7.28", "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.28.tgz", diff --git a/package.json b/package.json index 27f2b81..cb07413 100644 --- a/package.json +++ b/package.json @@ -10,86 +10,85 @@ "lint": "next lint" }, "dependencies": { - "next": "13.4.0", - "react": "18.2.0", - "react-dom": "18.2.0", - - "lodash": "4.17.19", + "async": "3.2.0", "axios": "0.21.1", + "body-parser": "1.19.0", + "chalk": "4.1.1", + "commander": "7.2.0", + "cookie-parser": "1.4.5", + "cors": "2.8.5", + "crypto-js": "4.1.1", + "debug": "4.3.1", + "dompurify": "2.3.0", + "dotenv": "10.0.0", + "ejs": "^3.1.7", + "engine.io": "6.2.0", "express": "4.17.1", + "fast-xml-parser": "4.0.7", + "follow-redirects": "1.14.7", + "glob-parent": "5.1.1", + "got": "11.8.2", + "handlebars": "4.7.6", + "helmet": "4.6.0", + "highlight.js": "10.4.0", + "ip": "1.1.8", + "jose": "4.6.0", + "json5": "2.2.1", "jsonwebtoken": "8.5.1", - "node-fetch": "2.6.1", + "lodash": "4.17.19", + "luxon": "2.3.0", + "marked": "4.0.10", "minimist": "1.2.5", - "qs": "6.5.2", - "semver": "7.3.5", - "got": "11.8.2", - "tar": "6.1.0", - "node-forge": "1.2.1", - "shelljs": "0.8.4", "moment": "2.29.1", - "underscore": "1.12.0", - "xml2js": "0.4.23", - "helmet": "4.6.0", "mongoose": "5.13.0", - "sequelize": "6.6.2", + "mysql2": "2.3.0", + "nanoid": "3.1.20", + "next": "13.4.0", + "node-fetch": "2.6.1", + "node-forge": "1.2.1", + "normalize-url": "6.0.0", "passport": "0.5.0", - "cookie-parser": "1.4.5", - "body-parser": "1.19.0", - "cors": "2.8.5", - "dotenv": "10.0.0", - "uuid": "8.3.2", - "debug": "4.3.1", - "chalk": "4.1.1", - "commander": "7.2.0", - "yargs": "16.2.0", - "glob-parent": "5.1.1", "path-parse": "1.0.6", - "trim-newlines": "3.0.0", - "normalize-url": "6.0.0", - "postcss": "8.3.0", - "nanoid": "3.1.20", - "follow-redirects": "1.14.7", - "json5": "2.2.1", - "tough-cookie": "4.0.0", - "word-wrap": "1.2.3", - "ws": "7.4.5", - "engine.io": "6.2.0", - "socket.io": "4.4.1", - "mysql2": "2.3.0", "pg": "8.7.1", + "postcss": "8.3.0", + "protobufjs": "6.11.2", + "pug": "3.0.0", + "qs": "6.5.2", + "react": "18.2.0", + "react-dom": "18.2.0", "redis": "3.1.2", + "request": "2.88.2", + "sanitize-html": "2.3.3", + "semver": "7.3.5", + "sequelize": "6.6.2", "sharp": "0.30.0", - "ip": "1.1.8", - "jose": "4.6.0", + "shelljs": "0.8.4", + "socket.io": "4.4.1", + "tar": "6.1.0", + "terser": "5.10.0", + "tough-cookie": "4.0.0", + "trim-newlines": "3.0.0", + "underscore": "1.12.0", "undici": "5.8.0", - "yaml": "2.1.1", - "fast-xml-parser": "4.0.7", - "protobufjs": "6.11.2", - "crypto-js": "4.1.1", - "highlight.js": "10.4.0", - "marked": "4.0.10", - "dompurify": "2.3.0", - "sanitize-html": "2.3.3", + "uuid": "8.3.2", "validator": "13.6.0", - "luxon": "2.3.0", - "async": "3.2.0", - "request": "2.88.2", - "handlebars": "4.7.6", - "ejs": "3.1.6", - "pug": "3.0.0", "webpack": "5.64.0", - "terser": "5.10.0" + "word-wrap": "1.2.3", + "ws": "7.4.5", + "xml2js": "0.4.23", + "yaml": "2.1.1", + "yargs": "16.2.0" }, "devDependencies": { + "ansi-regex": "5.0.0", + "decode-uri-component": "0.2.0", "eslint": "8.20.0", "eslint-config-next": "13.4.0", - "nth-check": "1.0.2", "immer": "9.0.5", - "ua-parser-js": "0.7.28", - "minimatch": "3.0.4", - "decode-uri-component": "0.2.0", - "loader-utils": "2.0.2", "json-schema": "0.2.3", - "ansi-regex": "5.0.0" + "loader-utils": "2.0.2", + "minimatch": "3.0.4", + "nth-check": "1.0.2", + "ua-parser-js": "0.7.28" } }