[Snyk] Fix for 29 vulnerabilities #187

cha3ban · 2024-02-28T12:37:35Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
Prototype Pollution SNYK-JS-TYPEORM-590152	No	Mature
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit

Commit messages

Package name: adm-zip

The new version differs by 50 commits.

80d259f Version bump
3f00a03 Fixed [Snyk] Fix for 16 vulnerabilities #176
650e752 Fixed wrong date on files (issue [Snyk] Security upgrade node from 18.13.0 to 18.20.2 #203)
d01fa8c Fixed bugs introduced with 0.4.9
c0cc85d Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.4 #219 from jontore/master
39c83a2 Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #209 from poshta1900/fix
b94c5dd Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.20.0 #227 from hhaidar/master
c95c553 Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.20.0 #228 from jmcollin78/patch-1
cda668c Fix issue [Snyk] Fix for 1 vulnerabilities #218
0f2cb41 Fix octal literals so they work in strict mode
888931d To support strict mode use 0o prefix to octal numbers
89b6f67 Update package.json
9592298 Update README.md
ce59e5a Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #215 from grnd/master
38cb4a4 fix: resolve both target and entry path
18c3d31 Update package.json
666adec Update package.json
499d59b Update package.json
62f6400 Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.3 #212 from aviadatsnyk/master
6f4dfeb fix: prevent extracting archived files outside of target path
ef0abe6 add try-catch around fs.writeSync
e116bc1 Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #208 from pmuens/patch-1
12d2099 Fix data accessing example in README
032566b Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.2 #204 from BridgeAR/master

See the full diff

Package name: cfenv

The new version differs by 3 commits.

fb0a2aa update dependencies, now at version 1.2.4
63e072a version 1.2.3
02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

9f22db7 version bump
9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#240 from AmazingMech2418/patch-1
1530cf5 Make Travis happy
e43bfcf Fix typo
8bf7427 Update processNested.js
fd40389 version bump
94c9cf9 prototype pollution fix [Snyk] Security upgrade moment from 2.15.1 to 2.19.3 #2
829f395 version bump
db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#237 from richardgirges/fix-236-proto-pollution
d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
e9848fc Update package-lock.json
d536cfb Update package.json
c7a6b9c Merge pull request [Snyk] Security upgrade tap from 11.1.5 to 18.0.0 #233 from RomanBurunkov/master
a53b93f Update tests to support empty files
d8c00c5 Add empty files support for tempFileHandler
b24233d Comment extra condition in fileFactory(issue [Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1), add more logging
d57ee02 Formatting utilities
b6097df Merge pull request [Snyk] Security upgrade tap from 11.1.5 to 18.0.0 #232 from RomanBurunkov/master
05004b7 Merge pull request [Snyk] Fix for 1 vulnerabilities #230 from Code42Cate/readme-timeout
1afa527 Update dependencies
880c2b7 Improve timeout option documentation
3f130b0 Add timeout option to README.MD
d55fa83 Merge pull request [Snyk] Fix for 36 vulnerabilities #222 from wbt/patch-1
d61f02f Fix some small typos

See the full diff

Package name: hbs

The new version differs by 107 commits.

00764e0 v4.1.2
8dcac86 tests: add test for layout that does not exist
1046191 test: add test for layout using async helper
9c6ee6f test: add test for async helper with layout
b109867 lint: fix redeclared variable
7920ac6 build: [email protected]
5623682 deps: [email protected]
81ee48a build: [email protected]
c90ac58 build: [email protected]
5179777 build: [email protected]
4c73a69 build: [email protected]
0826373 build: [email protected]
711c4fa build: [email protected]
a48b2bf build: [email protected]
c9ba0a3 build: [email protected]
dfc44e3 build: [email protected]
f3f5697 build: [email protected]
b2a461b build: [email protected]
3852e7c build: [email protected]
67c942d build: [email protected]
14c84ff build: [email protected]
1fcbd8b build: [email protected]
20afe45 build: [email protected]
bd96ad1 build: [email protected]

See the full diff

Package name: tap

The new version differs by 11 commits.

7a20037 12.0.2
cf95e01 bump nyc and standard
7f54124 Bump deps for security and bugfixes
f323cdc 12.0.1
6745ecf fix test regression in node <10
39f73f9 docs(coverage): browser launching details
3336514 Fix interse typo in asserts docs
c1070a7 Add twing to the 100 club
51ae4f2 Do not run coverage report if ended with a signal
d5f7b12 12.0.0
5de8801 Update tsame and tmatch, resolve request security vuln

See the full diff

Package name: validator

The new version differs by 114 commits.

47ee5ad 13.7.0
496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
83cb7f8 chore: merge conflict clean-up
f17e220 feat(isMobilePhone): add El Salvador es-SV locale
5b06703 feat(isMobilePhone): add Palestine ar-PS locale
a3faa83 feat(isMobilePhone): add Botswana en-BW locale
26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
8627e48 feat(isMobilePhone): add Kiribati en-KI locale
ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
c96d805 feat(isMobilePhone): add Maldives dv-MV locale
5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (#1772)
5773869 feat(isVAT): add dutch NL locale (#1825)
de1cb29 fix: Russian passport number regex (#1810)
7bee611 add CDN use option with unpkg (#1844)
57cc14e feat(isIdentityCard): add finnish locale (#1838)
2201869 feat: added finnish locale to isAlpha and isAlphanumeric (#1837)