[Snyk] Security upgrade @uppy/companion from 0.17.5 to 4.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/@uppy/companion/examples/serverless/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Configuration Override SNYK-JS-HELMETCSP-469436	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-UPPYCOMPANION-2414367	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Server-side Request Forgery (SSRF) SNYK-JS-UPPYCOMPANION-574719	Yes	No Known Exploit
	679/1000 Why? Has a fix available, CVSS 9.3	Server-side Request Forgery (SSRF) SNYK-JS-UPPYCOMPANION-609858	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @uppy/companion

The new version differs by 250 commits.

• aa4548b Merge 071974c into ac10c6d
• 071974c Nest 3.0-beta changelogs in 3.0 release
• 8c1a5e1 @ uppy/react-native is beta still
• 3fe8707 Release: [email protected]
• ac10c6d Update README.md
• f3aeac4 Update README.md
• da27a55 meta: Use RemoteSources in readme example (meta: Use RemoteSources in readme example transloadit/uppy#4030)
• 8773dcd Add migration guide for Uppy 3.x, Companion 4.x, and Robodog (Add migration guide for Uppy 3.x, Companion 4.x, and Robodog transloadit/uppy#3913)
• 7d74d3a example: upgrade React example to use React 18 (example: upgrade React example to use React 18 transloadit/uppy#4002)
• bbcc146 readme: Use new ESM syntax (readme: Use new ESM syntax transloadit/uppy#4028)
• ee83d33 fixup! meta: fix linter failures (meta: fix linter failures transloadit/uppy#4029)
• 524b783 @ uppy/vue: move `@ uppy/` packages to peer dependencies (@uppy/vue: move @uppy/ packages to peer dependencies transloadit/uppy#4024)
• 70a4615 meta: fix linter failures (meta: fix linter failures transloadit/uppy#4029)
• 4bb9988 @ uppy/robodog: remove package (@uppy/robodog: remove package transloadit/uppy#3946)
• bef7b58 example: migrate `digitalocean-spaces` to ESM (example: migrate digitalocean-spaces to ESM transloadit/uppy#4015)
• 183187d example: replace Robodog example with Transloadit + RemoteSources + Form (example: replace Robodog example with Transloadit + RemoteSources + Form transloadit/uppy#4027)
• 0da66ff website: replace Robodog example with Uppy plugins (website: replace Robodog example with Uppy plugins transloadit/uppy#4026)
• d7180db @ uppy/tus, @ uppy/xhr-upload, @ uppy/aws-s3: `metaFields` -> `allowedMetaFields` (@uppy/tus, @uppy/xhr-upload, @uppy/aws-s3: metaFields -> allowedMetaFields transloadit/uppy#4023)
• 089aaed example: showcase migration out of Robodog (example: showcase migration out of Robodog transloadit/uppy#4021)
• ff2eed4 example: fix Svelte dev mode (example: fix Svelte dev mode transloadit/uppy#4025)
• 5353874 example: fix docs and env for Vite examples (example: fix docs and env for Vite examples transloadit/uppy#4018)
• 97c6507 @ uppy/tus: avoid crashing when Tus client reports an error (@uppy/tus: avoid crashing when Tus client report an error before any … transloadit/uppy#4019)
• ef7cbea @ uppy/react: move `@ uppy/` packages to peer dependencies (@uppy/react: move @uppy/ packages to peer dependencies transloadit/uppy#4004)
• 7c460f3 core: uppy.addFile should accept browser File objects (core: uppy.addFile should accept browser File objects transloadit/uppy#4020)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn