From a6d9195d54e5cbf1fa3d2cac1e0f1349fc518832 Mon Sep 17 00:00:00 2001
From: Simon Krol <simonkrol@users.noreply.github.com>
Date: Wed, 30 Oct 2024 10:12:14 -0400
Subject: [PATCH] Update to v1.5.11 open-source release (#230)

---
 .viperlightignore            |  1 +
 CHANGELOG.md                 |  5 +++++
 source/web/package-lock.json | 27 ++++++++++++++-------------
 source/web/package.json      |  6 ++++--
 4 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/.viperlightignore b/.viperlightignore
index 98b896e..76d4bdb 100644
--- a/.viperlightignore
+++ b/.viperlightignore
@@ -1,5 +1,6 @@
 ^dist/
 CODE_OF_CONDUCT.md:4
+SECURITY.md:10
 CONTRIBUTING.md:50
 .github/workflows/nightly-workflow.yml:19
 .github/workflows/nightly-workflow.yml:18
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7562488..f29e0fb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.11] - 2024-10-29
+### Security: 
+- Bump http-proxy-middleware to `2.0.7` to resolve [cve-2024-21536](https://github.com/advisories/GHSA-c7qv-q95q-8v27)
+- Bump cookie to `0.7.0` to resolve CVE [ CVE-2024-47764](https://github.com/advisories/GHSA-pxg6-pf52-xh8x)  
+
 ## [1.5.10] - 2024-09-20
 ### Security: 
 - Bump webpack to `5.94.0` to resolve [CVE-2024-43788](https://github.com/advisories/GHSA-4vvj-4cpr-p986)
diff --git a/source/web/package-lock.json b/source/web/package-lock.json
index fa7cfcd..e4742e1 100644
--- a/source/web/package-lock.json
+++ b/source/web/package-lock.json
@@ -14471,9 +14471,9 @@
       "license": "MIT"
     },
     "node_modules/cookie": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
-      "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.0.tgz",
+      "integrity": "sha512-qCf+V4dtlNhSRXGAZatc1TasyFO6GjohcOul807YOb5ik3+kQSnb4d7iajeCL8QHaJ4uZEjCgiCJerKXwdRVlQ==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.6"
@@ -16329,17 +16329,18 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
-      "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
+      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
         "body-parser": "1.20.3",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.7.1",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
@@ -16371,9 +16372,9 @@
       }
     },
     "node_modules/express/node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -17535,9 +17536,9 @@
       }
     },
     "node_modules/http-proxy-middleware": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz",
-      "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz",
+      "integrity": "sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/source/web/package.json b/source/web/package.json
index 184b363..fe7741f 100644
--- a/source/web/package.json
+++ b/source/web/package.json
@@ -55,11 +55,13 @@
   "overrides": {
     "fast-xml-parser": "4.4.1",
     "postcss": "8.4.31",
-    "axios": "0.28.0"
+    "axios": "0.28.0",
+    "cookie": "0.7.0"
   },
   "resolutions": {
     "fast-xml-parser": "4.4.1",
     "postcss": "8.4.31",
-    "axios": "0.28.0"
+    "axios": "0.28.0",
+    "cookie": "0.7.0"
   }
 }