[Snyk] Fix for 114 vulnerabilities

[elise-jones-snyk]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	670/1000 Why? Is reachable, Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit	Reachable
	555/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept	No Path Found
	690/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept	No Path Found
	610/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept	No Path Found
	560/1000 Why? Has a fix available, CVSS 8.2	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept	No Path Found
	515/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	No	No Known Exploit	No Path Found
	600/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept	No Path Found
	645/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature	No Path Found
	805/1000 Why? Proof of Concept exploit, Is reachable, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-DUSTJSLINKEDIN-1089257	Yes	Proof of Concept	Reachable
	430/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	Yes	No Known Exploit	No Path Found
	455/1000 Why? Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit	No Path Found
	405/1000 Why? Has a fix available, CVSS 5.1	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit	No Path Found
	675/1000 Why? Is reachable, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit	Reachable
	750/1000 Why? Proof of Concept exploit, Is reachable, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept	Reachable
	575/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept	No Path Found
	505/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	Yes	No Known Exploit	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	Yes	Proof of Concept	No Path Found
	640/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	Yes	No Known Exploit	No Path Found
	550/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept	No Path Found
	440/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept	No Path Found
	535/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept	No Path Found
	590/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept	No Path Found
	365/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit	No Path Found
	505/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept	No Path Found
	585/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature	No Path Found
	595/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit	No Path Found
	645/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	No	Proof of Concept	No Path Found
	410/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept	No Path Found
	490/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept	No Path Found
	585/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept	No Path Found
	590/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept	No Path Found
	635/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept	No Path Found
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	/1000 Why?	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	/1000 Why?	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	/1000 Why?	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-5777721	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	No	Proof of Concept
	/1000 Why?	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	/1000 Why?	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	/1000 Why?	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-TYPEORM-590152	No	Mature
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	920/1000 Why? Mature exploit, Is reachable, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature	Reachable
	410/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Code Injection npm:dustjs-linkedin:20160819	No	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit	No Path Found
	420/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit	No Path Found
	690/1000 Why? Proof of Concept exploit, Is reachable, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept	Reachable
	740/1000 Why? Is reachable, Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit	Reachable
	675/1000 Why? Is reachable, Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit	Reachable
	675/1000 Why? Is reachable, Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit	Reachable
	540/1000 Why? Is reachable, Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit	Reachable
	675/1000 Why? Is reachable, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit	Reachable
	750/1000 Why? Proof of Concept exploit, Is reachable, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept	Reachable
	405/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit	No Path Found
	595/1000 Why? Is reachable, Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit	Reachable
	335/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit	No Path Found
	675/1000 Why? Mature exploit, Is reachable, Has a fix available, CVSS 5.1	Remote Memory Exposure npm:mongoose:20160116	No	Mature	Reachable
	415/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit	No Path Found
	640/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit	No Path Found
	640/1000 Why? Proof of Concept exploit, Is reachable, Has a fix available, CVSS 5.3	Directory Traversal npm:st:20140206	No	Proof of Concept	Reachable
	665/1000 Why? Mature exploit, Is reachable, Has a fix available, CVSS 4.3	Open Redirect npm:st:20171013	Yes	Mature	Reachable

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 134 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request [Snyk-dev Update] New fixes for 54 vulnerable dependency paths snyk-labs/nodejs-goof#315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request [Snyk-dev Update] New fixes for 14 vulnerable dependency paths snyk-labs/nodejs-goof#322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request [Snyk-dev Update] New fixes for 15 vulnerable dependency paths snyk-labs/nodejs-goof#327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request [Snyk-dev] Fix for 65 vulnerable dependency paths snyk-labs/nodejs-goof#331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser

The new version differs by 250 commits.

• 1752951 1.20.3
• 39744cf chore: linter ([Snyk] Fix for 36 vulnerable dependencies snyk-labs/nodejs-goof#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#531)
• 99a1bd6 deps: qs@6.12.3 ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#523)
• 9d4e212 chore: add support for OSSF scorecard reporting ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• 6a464ab build: eslint-plugin-import@2.27.5
• 7ebf276 build: eslint@8.32.0
• 69bb649 build: Node.js@16.19
• 8ff995f docs: switch badges to badgen
• 850832f build: Node.js@18.13
• dad8f34 build: actions/download-artifact@v3

See the full diff

Package name: errorhandler

The new version differs by 106 commits.

• 6bf441d 1.5.0
• 0933c98 lint: use standard style
• 58b0e7b build: istanbul@0.4.5
• 3319c73 build: after@0.8.2
• 5bbabd3 build: support Node.js 7.x
• 56b4db5 build: Node.js@6.9
• e164cc4 build: Node.js@4.6
• 2765555 docs: add preamble to install section
• 31e1ad9 deps: accepts@~1.3.3
• 04f3f68 build: mocha@2.5.3
• f6e4871 build: istanbul@0.4.4
• f557e51 build: support Node.js 6.x
• b5b8769 build: Node.js@5.12
• d631ecf perf: only load template and stylesheet once
• 7bbfeac perf: front-load HTML template and stylesheet at middleware construction
• 6fbafc5 Pretty print JSON error response
• 8a41c06 perf: resolve file paths at start up
• 7aaf687 build: mocha@2.4.5
• b113a21 build: cache node_modules on Travis CI
• 597ad34 build: Node.js@5.10
• 1e80bf7 build: Node.js@4.4
• c41e9aa 1.4.3
• ffce329 build: istanbul@0.4.2
• 90a8777 build: Node.js@4.2

See the full diff

Package name: express

The new version differs by 250 commits.

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate `"back"` magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for `question` and `discuss`
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @ IamLizu to the triage team (#5836)
• f5b6e67 docs: update scorecard link (#5814)
• 2177f67 docs: add OSSF Scorecard badge (#5436)
• f4bd86e Replace Appveyor windows testing with GHA (#5599)
• 2ec589c Fix Contributor Covenant link definition reference in attribution section (#5762)
• 4cf7eed remove minor version pinning from ci (#5722)
• 6d08471 📝 update people, add ctcpip to TC (#5683)
• 61421a8 skip QUERY tests for Node 21 only, still not supported (#5695)

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix [Snyk] Upgrade moment from 2.15.1 to 2.30.1 #2
• 829f395 version bump
• db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Upgrade body-parser from 1.9.0 to 1.20.2 #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: express-session

The new version differs by 80 commits.

• bbeca94 1.18.1
• 341b179 dep: cookie@0.7.2 ([Snyk] Security upgrade node from 14.1.0 to 14.17.5 snyk-labs/nodejs-goof#997)
• 8f0a1c4 ci: add support for OSSF scorecard reporting ([Snyk-dev] Security upgrade node from 14.1.0 to 14.17.2 snyk-labs/nodejs-goof#984)
• 24d4972 1.18.0
• 855f21a docs: add connect-ottoman to the list of session stores
• 991b7ee Add debug log for pathname mismatch
• 408229e Add "partitioned" to cookie options
• 50e1429 build: Node.js@20.11
• 6153b3f build: Node.js@21.6
• 88e0f2e build: actions/checkout@v4
• d9354ef Fix handling errors from setting cookie
• f9f2318 docs: remove session-rethinkdb to the list of session stores
• 3ee08c4 Add "priority" to cookie options
• 71c3f74 docs: add connect-cosmosdb to the list of session stores
• 9d377c5 docs: add dynamodb-store-v3 to the list of session stores
• a1f884f docs: add @ cyclic.sh/session-store to the list of session stores
• e5f19ce docs: add note on length of secret
• 2a7a50b eslint@8.56.0
• a46e857 supertest@6.3.4
• 7dec651 build: Node.js@18.19
• 8e9f7a4 build: Node.js@20.10
• 6b7c9a0 build: Node.js@21.5
• 825e6c0 build: fix code coverage aggregate upload
• c1611ad build: actions/checkout@v3

See the full diff

Package name: hbs

The new version differs by 107 commits.

• 00764e0 v4.1.2
• 8dcac86 tests: add test for layout that does not exist
• 1046191 test: add test for layout using async helper
• 9c6ee6f test: add test for async helper with layout
• b109867 lint: fix redeclared variable
• 7920ac6 build: Node.js@12.22
• 5623682 deps: handlebars@4.7.7