[Snyk] Fix for 29 vulnerabilities

[cha3ban]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-TYPEORM-590152	No	Mature
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit

Commit messages

Package name: adm-zip

The new version differs by 50 commits.

• 80d259f Version bump
• 3f00a03 Fixed [Snyk] Fix for 16 vulnerabilities #176
• 650e752 Fixed wrong date on files (issue [Snyk] Security upgrade node from 18.13.0 to 18.20.2 #203)
• d01fa8c Fixed bugs introduced with 0.4.9
• c0cc85d Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.4 #219 from jontore/master
• 39c83a2 Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #209 from poshta1900/fix
• b94c5dd Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.20.0 #227 from hhaidar/master
• c95c553 Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.20.0 #228 from jmcollin78/patch-1
• cda668c Fix issue [Snyk] Fix for 1 vulnerabilities #218
• 0f2cb41 Fix octal literals so they work in strict mode
• 888931d To support strict mode use 0o prefix to octal numbers
• 89b6f67 Update package.json
• 9592298 Update README.md
• ce59e5a Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #215 from grnd/master
• 38cb4a4 fix: resolve both target and entry path
• 18c3d31 Update package.json
• 666adec Update package.json
• 499d59b Update package.json
• 62f6400 Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.3 #212 from aviadatsnyk/master
• 6f4dfeb fix: prevent extracting archived files outside of target path
• ef0abe6 add try-catch around fs.writeSync
• e116bc1 Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #208 from pmuens/patch-1
• 12d2099 Fix data accessing example in README
• 032566b Merge pull request [Snyk] Security upgrade node from 18.13.0 to 18.20.2 #204 from BridgeAR/master

See the full diff

Package name: cfenv

The new version differs by 3 commits.

• fb0a2aa update dependencies, now at version 1.2.4
• 63e072a version 1.2.3
• 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix [Snyk] Security upgrade moment from 2.15.1 to 2.19.3 #2
• 829f395 version bump
• db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk] Fix for 36 vulnerabilities #222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: hbs

The new version differs by 107 commits.

• 00764e0 v4.1.2
• 8dcac86 tests: add test for layout that does not exist
• 1046191 test: add test for layout using async helper
• 9c6ee6f test: add test for async helper with layout
• b109867 lint: fix redeclared variable
• 7920ac6 build: Node.js@12.22
• 5623682 deps: handlebars@4.7.7
• 81ee48a build: supertest@6.1.3
• c90ac58 build: eslint-plugin-markdown@2.0.1
• 5179777 build: eslint@7.24.0
• 4c73a69 build: mocha@8.3.2
• 0826373 build: Node.js@14.16
• 711c4fa build: Node.js@12.21
• a48b2bf build: Node.js@10.24
• c9ba0a3 build: eslint@7.21.0
• dfc44e3 build: eslint-plugin-markdown@2.0.0
• f3f5697 build: Node.js@12.20
• b2a461b build: eslint@7.18.0
• 3852e7c build: supertest@6.1.1
• 67c942d build: eslint@7.16.0
• 14c84ff build: Node.js@14.15
• 1fcbd8b build: mocha@8.2.1
• 20afe45 build: eslint@7.13.0
• bd96ad1 build: Node.js@12.19

See the full diff

Package name: tap

The new version differs by 11 commits.

• 7a20037 12.0.2
• cf95e01 bump nyc and standard
• 7f54124 Bump deps for security and bugfixes
• f323cdc 12.0.1
• 6745ecf fix test regression in node <10
• 39f73f9 docs(coverage): browser launching details
• 3336514 Fix interse typo in asserts docs
• c1070a7 Add twing to the 100 club
• 51ae4f2 Do not run coverage report if ended with a signal
• d5f7b12 12.0.0
• 5de8801 Update tsame and tmatch, resolve request security vuln

See the full diff

Package name: validator

The new version differs by 114 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
• 45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (#1772)
• 5773869 feat(isVAT): add dutch NL locale (#1825)
• de1cb29 fix: Russian passport number regex (#1810)
• 7bee611 add CDN use option with unpkg (#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (#1837)

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn