fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788
2025-03-17 00:01:55 +00:00 · 2024-01-05 14:44:11 +00:00
2 changed files with 38 additions and 46 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -24,7 +24,7 @@
        "ajv": "^8.12.0",
        "argon2": "^0.30.3",
        "aws-sdk": "^2.1364.0",
-        "axios": "^1.6.0",
+        "axios": "^1.6.4",
        "axios-retry": "^3.4.0",
        "bcrypt": "^5.1.0",
        "bigint-conversion": "^2.4.0",
@ -59,7 +59,7 @@
        "pg": "^8.11.3",
        "pino": "^8.16.1",
        "pino-http": "^8.5.1",
-        "posthog-node": "^2.6.0",
+        "posthog-node": "^3.1.3",
        "probot": "^12.3.1",
        "query-string": "^7.1.3",
        "rate-limit-mongo": "^2.3.2",
@ -8325,11 +8325,11 @@
      }
    },
    "node_modules/axios": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz",
-      "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==",
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.4.tgz",
+      "integrity": "sha512-heJnIs6N4aa1eSthhN9M5ioILu8Wi8vmQW9iHQ9NUvfkJb0lEEDUiIdQNAuBtfUt3FxReaKdpQA5DbmMOqzF/A==",
      "dependencies": {
-        "follow-redirects": "^1.15.0",
+        "follow-redirects": "^1.15.4",
        "form-data": "^4.0.0",
        "proxy-from-env": "^1.1.0"
      }
@ -10194,9 +10194,9 @@
      "dev": true
    },
    "node_modules/follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+      "version": "1.15.4",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.4.tgz",
+      "integrity": "sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==",
      "funding": [
        {
          "type": "individual",
@ -16251,25 +16251,17 @@
      "dev": true
    },
    "node_modules/posthog-node": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-2.6.0.tgz",
-      "integrity": "sha512-/BiFw/jwdP0uJSRAIoYqLoBTjZ612xv74b1L/a3T/p1nJVL8e0OrHuxbJW56c6WVW/IKm9gBF/zhbqfaz0XgJQ==",
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-3.1.3.tgz",
+      "integrity": "sha512-UaOOoWEUYTcaaDe1w0fgHW/sXvFr3RO0l7yI7RUDzkZNZCfwXNO9r3pc14d1EtNppF/SHBrV5hNiZZATpf/vUw==",
      "dependencies": {
-        "axios": "^0.27.0"
+        "axios": "^1.6.0",
+        "rusha": "^0.8.14"
      },
      "engines": {
        "node": ">=15.0.0"
      }
    },
-    "node_modules/posthog-node/node_modules/axios": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
-      "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
-      "dependencies": {
-        "follow-redirects": "^1.14.9",
-        "form-data": "^4.0.0"
-      }
-    },
    "node_modules/prelude-ls": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
@ -17170,6 +17162,11 @@
        "queue-microtask": "^1.2.2"
      }
    },
+    "node_modules/rusha": {
+      "version": "0.8.14",
+      "resolved": "https://registry.npmjs.org/rusha/-/rusha-0.8.14.tgz",
+      "integrity": "sha512-cLgakCUf6PedEu15t8kbsjnwIFFR2D4RfL+W3iWFJ4iac7z4B0ZI8fxy4R3J956kAI68HclCFGL8MPoUVC3qVA=="
+    },
    "node_modules/safe-buffer": {
      "version": "5.2.1",
      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@ -25250,11 +25247,11 @@
      }
    },
    "axios": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz",
-      "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==",
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.4.tgz",
+      "integrity": "sha512-heJnIs6N4aa1eSthhN9M5ioILu8Wi8vmQW9iHQ9NUvfkJb0lEEDUiIdQNAuBtfUt3FxReaKdpQA5DbmMOqzF/A==",
      "requires": {
-        "follow-redirects": "^1.15.0",
+        "follow-redirects": "^1.15.4",
        "form-data": "^4.0.0",
        "proxy-from-env": "^1.1.0"
      }
@ -26647,9 +26644,9 @@
      "dev": true
    },
    "follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+      "version": "1.15.4",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.4.tgz",
+      "integrity": "sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw=="
    },
    "for-each": {
      "version": "0.3.3",
@ -30995,22 +30992,12 @@
      "dev": true
    },
    "posthog-node": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-2.6.0.tgz",
-      "integrity": "sha512-/BiFw/jwdP0uJSRAIoYqLoBTjZ612xv74b1L/a3T/p1nJVL8e0OrHuxbJW56c6WVW/IKm9gBF/zhbqfaz0XgJQ==",
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-3.1.3.tgz",
+      "integrity": "sha512-UaOOoWEUYTcaaDe1w0fgHW/sXvFr3RO0l7yI7RUDzkZNZCfwXNO9r3pc14d1EtNppF/SHBrV5hNiZZATpf/vUw==",
      "requires": {
-        "axios": "^0.27.0"
-      },
-      "dependencies": {
-        "axios": {
-          "version": "0.27.2",
-          "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
-          "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
-          "requires": {
-            "follow-redirects": "^1.14.9",
-            "form-data": "^4.0.0"
-          }
-        }
+        "axios": "^1.6.0",
+        "rusha": "^0.8.14"
      }
    },
    "prelude-ls": {
@ -31741,6 +31728,11 @@
        "queue-microtask": "^1.2.2"
      }
    },
+    "rusha": {
+      "version": "0.8.14",
+      "resolved": "https://registry.npmjs.org/rusha/-/rusha-0.8.14.tgz",
+      "integrity": "sha512-cLgakCUf6PedEu15t8kbsjnwIFFR2D4RfL+W3iWFJ4iac7z4B0ZI8fxy4R3J956kAI68HclCFGL8MPoUVC3qVA=="
+    },
    "safe-buffer": {
      "version": "5.2.1",
      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -15,7 +15,7 @@
    "ajv": "^8.12.0",
    "argon2": "^0.30.3",
    "aws-sdk": "^2.1364.0",
-    "axios": "^1.6.0",
+    "axios": "^1.6.4",
    "axios-retry": "^3.4.0",
    "bcrypt": "^5.1.0",
    "bigint-conversion": "^2.4.0",
@ -50,7 +50,7 @@
    "pg": "^8.11.3",
    "pino": "^8.16.1",
    "pino-http": "^8.5.1",
-    "posthog-node": "^2.6.0",
+    "posthog-node": "^3.1.3",
    "probot": "^12.3.1",
    "query-string": "^7.1.3",
    "rate-limit-mongo": "^2.3.2",