fix: resolve security issues of node packages (#159)

42atomys · Jul 1, 2022 · fa731db · fa731db
1 parent 8b2c3c8
commit fa731db
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 171 deletions.
diff --git a/web/ui/package.json b/web/ui/package.json
@@ -28,7 +28,7 @@
   "dependencies": {
     "@apollo/client": "^3.6.6",
     "@apollo/react-hooks": "^4.0.0",
-    "@grpc/grpc-js": "^1.6.5",
+    "@grpc/grpc-js": "^1.6.7",
     "@headlessui/react": "^1.6.4",
     "@sentry/nextjs": "^6.19.6",
     "@sentry/tracing": "^6.19.6",
@@ -39,15 +39,14 @@
     "graphql-request": "^4.3.0",
     "graphql-tag": "^2.12.6",
     "graphql-ws": "^5.7.0",
-    "grpc": "^1.24.11",
     "grpc-tools": "^1.11.2",
     "grpc_tools_node_protoc_ts": "^5.3.2",
     "isomorphic-unfetch": "^3.1.0",
     "js-cookie": "^3.0.1",
     "jsonwebtoken": "^8.5.1",
     "jwks-rsa": "^2.1.4",
     "next": "^12.1.6",
-    "next-auth": "^4.3.2",
+    "next-auth": "^4.8.0",
     "protoc-gen-ts": "^0.8.2",
     "react": "17",
     "react-burger-menu": "^3.0.6",
@@ -58,7 +57,7 @@
   },
   "devDependencies": {
     "@babel/core": "^7.18.0",
-    "@graphql-codegen/cli": "2.6.2",
+    "@graphql-codegen/cli": "2.6.4",
     "@graphql-codegen/introspection": "2.1.1",
     "@graphql-codegen/typescript": "2.5.1",
     "@graphql-codegen/typescript-operations": "2.3.7",

diff --git a/web/ui/src/pages/api/auth/[...nextauth].ts b/web/ui/src/pages/api/auth/[...nextauth].ts
@@ -24,8 +24,8 @@ export default NextAuth({
       scope: 'user,user:email,user:follow',
     }),
     DiscordProvider({
-      clientId: process.env.DISCORD_ID,
-      clientSecret: process.env.DISCORD_SECRET,
+      clientId: process.env.DISCORD_ID as string,
+      clientSecret: process.env.DISCORD_SECRET as string,
       authorization:
         'https://discord.com/api/oauth2/authorize?scope=identify+email+connections+guilds.join',
     }),