[Snyk] Fix for 8 vulnerabilities

[rickhull67]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 148, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	No	Proof of Concept
	219/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00305, Social Trends: No, Days since published: 873, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 3.65, Score Version: V5	Denial of Service (DoS) SNYK-JS-DICER-2311764	No	Mature
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 313, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 148, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	/1000 Why?	Information Exposure SNYK-JS-MONGODB-5871303	No	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 968, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dustjs-linkedin

The new version differs by 7 commits.

• 5cd5529 Release v3.0.1
• 0d72e0b Merge pull request Circleci project setup snyk-labs/nodejs-goof#808 from sumeetkakkar/topic/update-deps
• b2aaa47 Merge branch 'master' into topic/update-deps
• bd397ea Update tests.yaml: add --legacy-peer-deps to support npm 8 restrictions
• 115f78c dependency update: chokidar
• d951a90 Update tests.yml
• ea9ae70 Create tests.yml

See the full diff

Package name: express-fileupload

The new version differs by 67 commits.

• 4f81fc8 1.4.0
• 78a66c1 Merge pull request [Snyk-dev Update] New fixes for 54 vulnerable dependency paths snyk-labs/nodejs-goof#315 from duterte/master
• 310a382 Merge branch 'richardgirges:master' into master
• f57198b fix linting error
• ce713c2 add workflow job filters
• e47cc7d trigger ci
• 74a0830 Refactor: upgrade to busboy 1.6.0
• d1d6c66 Refactor busboy is no longer a constructor, its a function
• 30d8535 Merge pull request [Snyk-dev] Fix for 5 vulnerable dependencies snyk-labs/nodejs-goof#310 from richardgirges/dependabot/npm_and_yarn/minimist-1.2.6
• e6948f9 Bump minimist from 1.2.5 to 1.2.6
• c9c7d83 Create SECURITY.md
• f9237aa help wanted readme update
• 651421b help wanted readme update
• 290f3cc 1.3.1
• ab3d252 node 12+ support
• 4afa5a1 1.3.0
• fe0ce3f circleci status badge
• 26f4a92 comment out console logs
• edd91ce Merge pull request [Snyk Update] New fixes for 5 vulnerable dependency paths snyk-labs/nodejs-goof#301 from zwade/master
• 47bc50c Merge remote-tracking branch 'origin/master'
• 3ba7d94 Merge pull request [Snyk Update] New fixes for 5 vulnerable dependency paths snyk-labs/nodejs-goof#302 from zwade/zw-fix-tests
• ddf5530 support node 12+. fix security vulnerabilities re: npm audit
• 3cfbc7f Have promiseCallback make callbacks and promises behave the same
• 5e83249 Refactor prototype pollution check to be more comprehensive

See the full diff

Package name: mongodb

The new version differs by 34 commits.

• 1297cd1 chore(release): 3.6.10
• e9196ab refactor(NODE-3324): bump max wire version to 13 (#2875)
• 3ce148d fix(NODE-3397): report more helpful error with unsupported authMechanism in initial handshake (#2876)
• 558182f test(NODE-3307): unified runner does not assert identical keys (#2867)
• 621677a fix(NODE-3380): perform retryable write checks against server (#2861)
• e4a9a57 fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)
• 750760c fix(NODE-3358): Command monitoring objects hold internal state references (#2858)
• a917dfa fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagate (#2852)
• b98f206 refactor(NODE-3356): Update command monitoring logging (#2853)
• 68b4665 test(NODE-2856): ensure defaultTransactionOptions get used from session (#2845)
• 8c8b4c3 fix(NODE-3356): update redaction logic for command monitoring events (#2847)
• 2c5d440 test(NODE-3357): extend timeout for atlas connectivity (#2846)
• fd97808 test(NODE-3288): sync command-monitoring spec tests to 3.6 (#2838)
• bf8b21b docs: change links to use https (#2836)
• f42ac4c refactor(NODE-2752): deprecate strict option for Db.collection (#2819)
• 394832a chore(release): 3.6.9
• fac9610 fix(NODE-3309): remove redundant iteration of bulk write result (#2815)
• 58c4e69 fix: fix url parsing for a mongodb+srv url that has commas in the database name (#2789)
• 6c8cc84 chore(release): 3.6.8
• 6e3bab3 fix(cmap): undo flipping of `beforeHandshake` flag for timeout errors (#2813)
• 4fd03e8 chore(release): 3.6.7
• 6ceace6 fix(NODE-3192): check clusterTime is defined before access (#2806)
• 1967515 test(NODE-3187): port unified test runner (#2783)
• 5d8f649 fix(NODE-3252): state transistion from DISCONNECTED (#2807)

See the full diff

Package name: tap

The new version differs by 250 commits.

• 7c022d0 update versions
• ba9fc18 Update many deps, fix audit complaints
• 922de9d update minimum node version to 18.6
• 3526a59 update read, use built-in types instead of patched
• 3e461a0 update pacote and polite-json
• 48513e3 update markdown-it, fix netlify deploy path
• ac90f5a c8@10
• 7fc57cd fixup! update deps
• 39d144b update deps
• 6bb8d64 update versions
• d76fffd fix spaces in cwd causing problems with plugin add
• 2c889bb update versions
• ee796e3 core: do not double-inherit t.context
• c2005fa update versions
• 31bace4 chdir: don't need to depend on @ tapjs/after
• c32cded fixture: safely delete when in a subdir of testdir
• 4c23c76 update versions
• 5edeb4b run: add missing origin in resolveImport
• b540d4e update versions
• 956aeb5 chdir: fix detection of original cwd
• 71570ad add @ tapjs/chdir to typedocs
• 42f02af update versions
• 4e65ee7 changelog 19.2
• 969600d Add t.chdir()

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption
🦉 Prototype Pollution