[Snyk] Fix for 5 vulnerabilities #1

Shadow0ps · 2024-04-04T17:53:18Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- web/package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 250 commits.

b28db2c 4.19.2
0b74695 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
4ee853e docs: loosen TC activity rules
414854b docs: nominating @ wesleytodd to be project captian
06c6b88 docs: update release date
1b51eda 4.18.3
b625132 build: pin Node 21.x to minor
e3eca80 build: pin Node 21.x to minor
23b44b3 build: support Node.js 21.6.2
b9fea12 build: support Node.js 21.x in appveyor
c259c34 build: support Node.js 21.x
fdeb1d3 build: support Node.js 20.x in appveyor
734b281 build: support Node.js 20.x
0e3ab6e examples: improve view count in cookie-sessions
59af63a build: [email protected]
e720c5a docs: add documentation for benchmarks

Package name: extract-text-webpack-plugin

The new version differs by 177 commits.

cc3ba94 chore(release): 3.0.2
d5a1de2 fix: refer to the `entrypoint` instead of the first `module` (`module.identifier`) (#601)
5286ab2 build(defaults): update to v1.6.0 (#652)
4cfde50 chore(release): 3.0.1
8de6558 fix: get real path from `__filename` instead of `__dirname` (`NS`)
510704f fix(index): stricter check for `shouldExtract !== wasExtracted` (#605)
6a660f3 docs(README): update install instructions (#570)
083a6c8 docs(README): add custom `[contenthash]` formats (#566)
d7a75fc chore(release): 3.0.0
7ae32d9 refactor: Apply webpack-defaults & webpack 3.x support (#540)
dd43832 fix: add missing `options.ignoreOrder` details in Error message (#539)
e81b883 chore(release): 2.1.2
8766821 fix(index): resolve schemas relative to `__dirname` (#536)
0271b39 chore(release): 2.1.1
e595417 fix: don't extract from common async chunks (#508)
a8ae003 chore(package): fix broken links && update devDependencies (#531)
c3cb091 fix(loader): rm unnecessary `this.cacheable` (caching) (#530)
eaa5236 docs: rm `RELEASE.md` (#532)
671e35e chore(package): update `webpack-sources` v0.1.0...1.0.1 (#526)
dfeb347 fix: validation schema (`schema-utils`) (#527)
d0e88d0 docs(README): add lead-in description (#517)
58dd5d3 fix: add a not null check for the content property before throwing error (#404)
6c50d8e Update README.md (#469)
c63dc04 docs(README): clarify to set allChunks option when using CommonsChunkPlugin (#476)