[Snyk] Upgrade: , , express, express-validator, mongoose, nodemon, stripe, uuid

[Sandani2000]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@react-pdf/renderer
from 3.1.13 to 3.4.4 | 20 versions ahead of your current version | 5 months ago
on 2024-04-25
@stripe/react-stripe-js
from 2.3.1 to 2.8.0 | 12 versions ahead of your current version | a month ago
on 2024-08-14
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-validator
from 7.0.1 to 7.2.0 | 2 versions ahead of your current version | a month ago
on 2024-08-11
mongoose
from 7.4.2 to 7.8.1 | 25 versions ahead of your current version | a month ago
on 2024-08-19
nodemon
from 3.0.1 to 3.1.4 | 7 versions ahead of your current version | 3 months ago
on 2024-06-20
stripe
from 13.10.0 to 13.11.0 | 2 versions ahead of your current version | a year ago
on 2023-10-16
uuid
from 9.0.0 to 9.0.1 | 1 version ahead of your current version | a year ago
on 2023-09-12

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	424	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	424	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	424	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	424	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	424	Proof of Concept
	Malicious Package SNYK-JS-LEGACYSWCHELPERS-7647380	424	Mature

Release notes

Package name: @react-pdf/renderer

• 3.4.4 - 2024-04-25
  

  Patch Changes

  • Updated dependencies [22a34a9]:
    • @ react-pdf/[email protected]
    • @ react-pdf/[email protected]
    • @ react-pdf/[email protected]
    • @ react-pdf/[email protected]
• 3.4.3 - 2024-04-23
  

  Patch Changes

  • Updated dependencies [67c265a, 713690c]:
    • @ react-pdf/[email protected]
    • @ react-pdf/[email protected]
    • @ react-pdf/[email protected]
• 3.4.2 - 2024-03-27
• 3.4.1 - 2024-03-25
• 3.4.0 - 2024-03-15
• 3.3.8 - 2024-02-08
• 3.3.7 - 2024-02-06
• 3.3.6 - 2024-02-06
• 3.3.5 - 2024-02-03
• 3.3.4 - 2024-01-23
• 3.3.3 - 2024-01-22
• 3.3.2 - 2024-01-22
• 3.3.1 - 2024-01-20
• 3.3.0 - 2024-01-19
• 3.2.1 - 2024-01-18
• 3.2.0 - 2024-01-18
• 3.1.17 - 2024-01-15
• 3.1.16 - 2024-01-15
• 3.1.15 - 2024-01-11
• 3.1.14 - 2023-10-25
• 3.1.13 - 2023-10-10

from @react-pdf/renderer GitHub release notes

Package name: @stripe/react-stripe-js

• 2.8.0 - 2024-08-14
  

  New features

  • Update EmbeddedCheckoutProvider prop types (#525)

  Fixes

  Changed

• 2.7.3 - 2024-07-02
  

  Fixes

  • Bump ws from 7.4.6 to 7.5.10 (#508)
• 2.7.2 - 2024-06-27
  
  • chore(deps): update @ stripe/stripe-js to support v4 (#513)
  • v2.7.1

  New features

  Fixes

  Changed

• 2.7.1 - 2024-05-06
  

  Fixes

  • Run @ arethetypeswrong/cli in CI + before publish (#493)
  • Bump tar from 6.1.11 to 6.2.1 (#490)
• 2.7.0 - 2024-04-08
  

  New features

  • Add onLoadError to card and cardNumber elements (#488)

  Fixes

  • Remove cart Element (#487)

  Changed

  • Bump express from 4.17.1 to 4.19.2 (#486)
  • Update @ stripe/stripe-js dev dependency (#489)
• 2.6.2 - 2024-03-14
  

  Fixes

  • Fix dependency (#484)
• 2.6.1 - 2024-03-14
  

  Changed

  • Bump es5-ext from 0.10.53 to 0.10.63 (#475)
  • @ stripe/stripe-js 3.0.9 (#483)
• 2.6.0 - 2024-03-11
  

  New features

  • Update stripe-js for Custom Checkout types (#479)
  • upgrade rollup (#480)
  • Add support for fetchClientSecret param to Embedded Checkout (#481)

  Fixes

  Changed

• 2.5.1 - 2024-02-26
  

  New features

  Fixes

  • Remove cyclic dependency (#474)

  • Bump ip from 1.1.5 to 1.1.9 (#473)

  Changed

• 2.5.0 - 2024-02-12
  

  Changed

  • update peer dependency (#471)
• 2.4.0 - 2023-11-21
• 2.3.2 - 2023-11-13
• 2.3.1 - 2023-10-02

from @stripe/react-stripe-js GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: [email protected]
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: [email protected]

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: [email protected] and [email protected] by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add [email protected] by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: [email protected]
    • deps: [email protected]
    • perf: remove unnecessary object clone
  • deps: [email protected]

from express GitHub release notes

Package name: express-validator

• 7.2.0 - 2024-08-11
  
  • Add hide() method (#1304, #1305)
  • Add wildcard values to custom validator's metadata (#1297, #1308)
  • Correctly select properties of primitives (#1245, #1279)
• 7.1.0 - 2024-05-19
  
  • Upgraded validator to v13.12.0 (see their release notes: https://github.com/validatorjs/validator.js/releases/tag/13.12.0)
  • Added missing fields to IsURLOptions (#1258, #1259)
  • Added isULID() validator (#1248)
  • Several improvements to docs
• 7.0.1 - 2023-04-16
  
  • Fixed checkSchema() warning that known validators are unknown when its value is false - #1223

from express-validator GitHub release notes

Package name: mongoose

• 7.8.1 - 2024-08-19
  

  chore: release 7.8.1

• 7.8.0 - 2024-07-23
• 7.7.0 - 2024-06-18
• 7.6.13 - 2024-06-05
• 7.6.12 - 2024-05-21
• 7.6.11 - 2024-04-11
• 7.6.10 - 2024-03-13
• 7.6.9 - 2024-02-26
• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29
• 7.4.5 - 2023-08-25
• 7.4.4 - 2023-08-22
• 7.4.3 - 2023-08-11
• 7.4.2 - 2023-08-03

from mongoose GitHub release notes

Package name: nodemon

• 3.1.4 - 2024-06-20
  

  3.1.4 (2024-06-20)

  Bug Fixes

  • ensure local env have priority (6020968), closes #2209
• 3.1.3 - 2024-06-03
  

  3.1.3 (2024-06-03)

  Bug Fixes

  • cast the nodemon function as Nodemon type (eaa1d54), closes #2206
• 3.1.2 - 2024-05-29
  

  3.1.2 (2024-05-29)

  Bug Fixes

  • Type exports correctly (#2207) (789663c), closes #2206
• 3.1.1 - 2024-05-25
  

  3.1.1 (2024-05-25)

  Bug Fixes

  • add types to help with required nodemon usage (#2204) (cd27c0b)
• 3.1.0 - 2024-02-22
  

  3.1.0 (2024-02-22)

  Features

  • Enable nodemon to monitor file removal (#2182) (02d216f)
• 3.0.3 - 2024-01-16
  

  3.0.3 (2024-01-16)

  Bug Fixes

  • use node when using --import (d3ee86e), closes #2157
• 3.0.2 - 2023-12-01
  

  3.0.2 (2023-12-01)

  Bug Fixes

  • bump debug out of vuln range (533ad9c), closes #2146
• 3.0.1 - 2023-07-09
  

  3.0.1 (2023-07-09)

  Bug Fixes

  • restore default ext watch behaviour (95bee00), closes #2124 #1957

from nodemon GitHub release notes

Package name: stripe

• 13.11.0 - 2023-10-16
  
  • #1924 Update generated code
    • Add support for new values issuing_token.created and issuing_token.updated on enum Event.type
    • Add support for new values issuing_token.created and issuing_token.updated on enums WebhookEndpointCreateParams.enabled_events[] and WebhookEndpointUpdateParams.enabled_events[]
  • #1926 Add named unions for all polymorphic types
  • #1921 Add event types

  See the changelog for more details.

• 13.11.0-beta.1 - 2023-10-11
  
  • #1919 Update generated code for beta
    • Add support for new resources AccountNotice and Issuing.CreditUnderwritingRecord
    • Add support for list, retrieve, and update methods on resource AccountNotice
    • Add support for correct, create_from_application, create_from_proactive_review, list, report_decision, and retrieve methods on resource CreditUnderwritingRecord
    • Change type of Checkout.Session.automatic_tax.liability.account, Checkout.Session.invoice_creation.invoice_data.issuer.account, Invoice.automatic_tax.liability.account, Invoice.issuer.account, Quote.automatic_tax.liability.account, Quote.invoice_settings.issuer.account, Subscription.automatic_tax.liability.account, SubscriptionSchedule.default_settings.automatic_tax.liability.account, SubscriptionSchedule.default_settings.invoice_settings.issuer.account, SubscriptionSchedule.phases[].automatic_tax.liability.account, and SubscriptionSchedule.phases[].invoice_settings.issuer.account from expandable(Account) | null to expandable(Account)
    • Change Checkout.Session.automatic_tax.liability.account, Checkout.Session.invoice_creation.invoice_data.issuer.account, Invoice.automatic_tax.liability.account, Invoice.issuer.account, Issuing.Transaction.network_data.processing_date, Quote.automatic_tax.liability.account, Quote.invoice_settings.issuer.account, Subscription.automatic_tax.liability.account, SubscriptionSchedule.default_settings.automatic_tax.liability.account, SubscriptionSchedule.default_settings.invoice_settings.issuer.account, SubscriptionSchedule.phases[].automatic_tax.liability.account, and SubscriptionSchedule.phases[].invoice_settings.issuer.account to be optional
    • Add support for new values account_notice.created and account_notice.updated on enum Event.type
    • Add support for new values local_amusement_tax and state_communications_tax on enums Tax.Registration.country_options.us.type and Tax.RegistrationCreateParams.country_options.us.type
    • Add support for new values account_notice.created and account_notice.updated on enums WebhookEndpointCreateParams.enabled_events[] and WebhookEndpointUpdateParams.enabled_events[]

  See the changelog for more details.

• 13.10.0 - 2023-10-11
  
  • #1920 Update generated code
    • Add support for redirect_on_completion, return_url, and ui_mode on Checkout.SessionCreateParams and Checkout.Session
    • Change Checkout.Session.custom_fields[].dropdown, Checkout.Session.custom_fields[].numeric, Checkout.Session.custom_fields[].text, Checkout.SessionCreateParams.success_url, PaymentLink.custom_fields[].dropdown, PaymentLink.custom_fields[].numeric, and PaymentLink.custom_fields[].text to be optional
    • Add support for client_secret on Checkout.Session
    • Change type of Checkout.Session.custom_fields[].dropdown from PaymentPagesCheckoutSessionCustomFieldsDropdown | null to PaymentPagesCheckoutSessionCustomFieldsDropdown
    • Change type of Checkout.Session.custom_fields[].numeric and Checkout.Session.custom_fields[].text from PaymentPagesCheckoutSessionCustomFieldsNumeric | null to PaymentPagesCheckoutSessionCustomFieldsNumeric
    • Add support for postal_code on Issuing.Authorization.verification_data
    • Change type of PaymentLink.custom_fields[].dropdown from PaymentLinksResourceCustomFieldsDropdown | null to PaymentLinksResourceCustomFieldsDropdown
    • Change type of PaymentLink.custom_fields[].numeric and PaymentLink.custom_fields[].text from PaymentLinksResourceCustomFieldsNumeric | null to PaymentLinksResourceCustomFieldsNumeric
    • Add support for offline on Terminal.ConfigurationCreateParams, Terminal.ConfigurationUpdateParams, and Terminal.Configuration
  • #1914 Bump get-func-name from 2.0.0 to 2.0.2

  See the changelog for more details.

from stripe GitHub release notes

Package name: uuid

• 9.0.1 - 2023-09-12
  

  chore(release): 9.0.1

• 9.0.0 - 2022-09-05
  

  chore(release): 9.0.0

from uuid GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs