From 9a4b0243caa142c4253bfe459e192fdc398bbd3f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 12 Jan 2022 19:55:23 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
---
 package-lock.json | 101 ++++++++++++++++++++++++++++------------------
 package.json      |   2 +-
 2 files changed, 63 insertions(+), 40 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bad6d31ef7f2..153b1c9327af 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
 	"name": "Rocket.Chat",
-	"version": "2.4.0-develop",
+	"version": "2.5.0-develop",
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
@@ -16641,6 +16641,14 @@
 			"resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
 			"integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc="
 		},
+		"fast-xml-parser": {
+			"version": "3.21.1",
+			"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz",
+			"integrity": "sha512-FTFVjYoBOZTJekiUsawGsSYV9QL0A+zDYCRj7y34IO6Jg+2IMYEtQa+bbictpdpV8dHxXywqU7C0gRDEOFtBFg==",
+			"requires": {
+				"strnum": "^1.0.4"
+			}
+		},
 		"fault": {
 			"version": "1.0.3",
 			"resolved": "https://registry.npmjs.org/fault/-/fault-1.0.3.tgz",
@@ -19039,6 +19047,18 @@
 						"hoek": "2.x.x",
 						"joi": "6.x.x",
 						"wreck": "5.x.x"
+					},
+					"dependencies": {
+						"wreck": {
+							"version": "5.6.1",
+							"resolved": "https://registry.npmjs.org/wreck/-/wreck-5.6.1.tgz",
+							"integrity": "sha1-r/ADBAATiJ11YZtccYcN0qjdBpo=",
+							"dev": true,
+							"requires": {
+								"boom": "2.x.x",
+								"hoek": "2.x.x"
+							}
+						}
 					}
 				},
 				"heavy": {
@@ -19050,6 +19070,20 @@
 						"boom": "2.x.x",
 						"hoek": "2.x.x",
 						"joi": "5.x.x"
+					},
+					"dependencies": {
+						"joi": {
+							"version": "5.1.0",
+							"resolved": "https://registry.npmjs.org/joi/-/joi-5.1.0.tgz",
+							"integrity": "sha1-FSrQfbjunGQBmX/1/SwSiWBwv1g=",
+							"dev": true,
+							"requires": {
+								"hoek": "^2.2.x",
+								"isemail": "1.x.x",
+								"moment": "2.x.x",
+								"topo": "1.x.x"
+							}
+						}
 					}
 				},
 				"hoek": {
@@ -22462,11 +22496,6 @@
 				}
 			}
 		},
-		"merge": {
-			"version": "1.2.1",
-			"resolved": "https://registry.npmjs.org/merge/-/merge-1.2.1.tgz",
-			"integrity": "sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ=="
-		},
 		"merge-anything": {
 			"version": "2.4.1",
 			"resolved": "https://registry.npmjs.org/merge-anything/-/merge-anything-2.4.1.tgz",
@@ -23906,6 +23935,11 @@
 			"integrity": "sha512-MFh0d/Wa7vkKO3Y3LlacqAEeHK0mckVqzDieUKTT+KGxi+zIpeVsFxymkIiRpbpDziHc290Xr9A1O4Om7otoRA==",
 			"dev": true
 		},
+		"nested-property": {
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/nested-property/-/nested-property-4.0.0.tgz",
+			"integrity": "sha512-yFehXNWRs4cM0+dz7QxCd06hTbWbSkV0ISsqBfkntU6TOY4Qm3Q88fRRLOddkGh2Qq6dZvnKVAahfhjcUvLnyA=="
+		},
 		"next-tick": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz",
@@ -26593,8 +26627,7 @@
 		"querystringify": {
 			"version": "2.1.1",
 			"resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.1.1.tgz",
-			"integrity": "sha512-w7fLxIRCRT7U8Qu53jQnJyPkYZIaR4n5151KMfcJlO/A9397Wxb1amJvROTK6TOnp7PfoAmg/qXiNHI+08jRfA==",
-			"dev": true
+			"integrity": "sha512-w7fLxIRCRT7U8Qu53jQnJyPkYZIaR4n5151KMfcJlO/A9397Wxb1amJvROTK6TOnp7PfoAmg/qXiNHI+08jRfA=="
 		},
 		"queue-fifo": {
 			"version": "0.2.5",
@@ -29496,6 +29529,11 @@
 			"resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
 			"integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo="
 		},
+		"strnum": {
+			"version": "1.0.5",
+			"resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz",
+			"integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA=="
+		},
 		"stubs": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz",
@@ -31288,7 +31326,6 @@
 			"version": "1.4.7",
 			"resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz",
 			"integrity": "sha512-d3uaVyzDB9tQoSXFvuSUNFibTd9zxd2bkVrDRvF5TmvWWQwqE4lgYJ5m+x1DbecWkw+LK4RNl2CU1hHuOKPVlg==",
-			"dev": true,
 			"requires": {
 				"querystringify": "^2.1.1",
 				"requires-port": "^1.0.0"
@@ -31647,48 +31684,34 @@
 			}
 		},
 		"webdav": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/webdav/-/webdav-2.10.0.tgz",
-			"integrity": "sha512-wwvVL8IINaQlhHJb2b4z0K1V8nFO5XR+HB+epGfFc2JXqeRRAD68ksq94jl54/JdkHKAr5nlvU9JpW8GML8yBw==",
+			"version": "3.5.0",
+			"resolved": "https://registry.npmjs.org/webdav/-/webdav-3.5.0.tgz",
+			"integrity": "sha512-0/itk3lAdrROBDE5YmlUvuOawjRuEudIEo0aKxGSYhu+FteTiIfWh5uXpXoETK0C35yFZgFbOX69TQ11FIi2nQ==",
 			"requires": {
-				"axios": "^0.19.0",
+				"axios": "^0.20.0",
 				"base-64": "^0.1.0",
+				"fast-xml-parser": "^3.17.4",
+				"he": "^1.2.0",
 				"hot-patcher": "^0.5.0",
-				"merge": "^1.2.1",
 				"minimatch": "^3.0.4",
+				"nested-property": "^4.0.0",
 				"path-posix": "^1.0.0",
 				"url-join": "^4.0.1",
-				"url-parse": "^1.4.7",
-				"xml2js": "^0.4.19"
+				"url-parse": "^1.4.7"
 			},
 			"dependencies": {
 				"axios": {
-					"version": "0.19.0",
-					"resolved": "https://registry.npmjs.org/axios/-/axios-0.19.0.tgz",
-					"integrity": "sha512-1uvKqKQta3KBxIz14F2v06AEHZ/dIoeKfbTRkK1E5oqjDnuEerLmYTgJB5AiQZHJcljpg1TuRzdjDR06qNk0DQ==",
+					"version": "0.20.0",
+					"resolved": "https://registry.npmjs.org/axios/-/axios-0.20.0.tgz",
+					"integrity": "sha512-ANA4rr2BDcmmAQLOKft2fufrtuvlqR+cXNNinUmvfeSNCOF98PZL+7M/v1zIdGo7OLjEA9J2gXJL+j4zGsl0bA==",
 					"requires": {
-						"follow-redirects": "1.5.10",
-						"is-buffer": "^2.0.2"
+						"follow-redirects": "^1.10.0"
 					}
 				},
-				"is-buffer": {
-					"version": "2.0.4",
-					"resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.4.tgz",
-					"integrity": "sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A=="
-				},
-				"querystringify": {
-					"version": "2.1.1",
-					"resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.1.1.tgz",
-					"integrity": "sha512-w7fLxIRCRT7U8Qu53jQnJyPkYZIaR4n5151KMfcJlO/A9397Wxb1amJvROTK6TOnp7PfoAmg/qXiNHI+08jRfA=="
-				},
-				"url-parse": {
-					"version": "1.4.7",
-					"resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz",
-					"integrity": "sha512-d3uaVyzDB9tQoSXFvuSUNFibTd9zxd2bkVrDRvF5TmvWWQwqE4lgYJ5m+x1DbecWkw+LK4RNl2CU1hHuOKPVlg==",
-					"requires": {
-						"querystringify": "^2.1.1",
-						"requires-port": "^1.0.0"
-					}
+				"follow-redirects": {
+					"version": "1.14.7",
+					"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.7.tgz",
+					"integrity": "sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ=="
 				}
 			}
 		},
diff --git a/package.json b/package.json
index 82625d5d864d..21bc5a87b6b7 100644
--- a/package.json
+++ b/package.json
@@ -214,7 +214,7 @@
 		"underscore.string": "^3.3.5",
 		"url-polyfill": "^1.1.5",
 		"uuid": "^3.3.2",
-		"webdav": "^2.10.0",
+		"webdav": "^3.5.0",
 		"wolfy87-eventemitter": "^5.2.5",
 		"xml-crypto": "^1.0.2",
 		"xml-encryption": "0.11.2",