[Snyk] Fix for 77 vulnerabilities

[cbirdaha]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	No	No Known Exploit
	574/1000 Why? Has a fix available, CVSS 7.2	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-DOTTIE-3332763	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	519/1000 Why? Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Authorization Bypass SNYK-JS-EXPRESSJWT-575022	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	666/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Improper Control of Generation of Code ('Code Injection') SNYK-JS-PUGCODEGEN-7086056	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	Yes	No Known Exploit
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SANITIZEHTML-6256334	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	319/1000 Why? Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	SQL Injection SNYK-JS-SEQUELIZE-2932027	Yes	Proof of Concept
	564/1000 Why? Has a fix available, CVSS 7	SQL Injection SNYK-JS-SEQUELIZE-2959225	Yes	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SEQUELIZE-3324089	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	Yes	No Known Exploit
	319/1000 Why? Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept
	649/1000 Why? Has a fix available, CVSS 8.7	Uncaught Exception SNYK-JS-SOCKETIO-7278048	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-SQLITE3-3358947	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-WS-7266574	Yes	Proof of Concept
	741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1	Uninitialized Memory Exposure npm:base64url:20180511	Yes	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Authentication Bypass npm:jsonwebtoken:20150331	Yes	Proof of Concept
	649/1000 Why? Has a fix available, CVSS 8.7	Forgeable Public/Private Tokens npm:jws:20160726	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:moment:20160126	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Cross-site Scripting (XSS) npm:sanitize-html:20141024	No	No Known Exploit
	449/1000 Why? Has a fix available, CVSS 4.7	Cross-site Scripting (XSS) npm:sanitize-html:20160801	No	No Known Exploit
	656/1000 Why? Mature exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:sanitize-html:20161026	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 80 commits.

• 1752951 1.20.3
• 39744cf chore: linter (Update swagger-ui-express to the latest version 🚀 juice-shop/juice-shop#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (Update mocha to the latest version 🚀 juice-shop/juice-shop#531)
• 99a1bd6 deps: [email protected] (Add reflected XSS challenge juice-shop/juice-shop#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (Persist language selection in cookie juice-shop/juice-shop#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (New Crowdin translations juice-shop/juice-shop#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: [email protected]
• 2c35b41 build: [email protected]
• f0646c2 build: [email protected]
• f345fb1 build: [email protected]
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: [email protected]
• 8e605b3 build: [email protected]
• cba6e77 build: [email protected]
• 6a464ab build: [email protected]
• 7ebf276 build: [email protected]
• 69bb649 build: [email protected]
• 8ff995f docs: switch badges to badgen
• 850832f build: [email protected]
• dad8f34 build: actions/download-artifact@v3

See the full diff

Package name: check-dependencies

The new version differs by 61 commits.

• 03c8847 Tag 2.0.0
• 65d9ef5 Set Node.js requirement in package.json engines to >=18.3
• 4917ab0 Simplify the spawn logic
• fc04cc8 Drop support for the callback interface
• 28257dd Tweak ESLint settings
• dc16e8a Drop the bluebird devDependency
• 412337a Drop fs-extra & graceful-fs devDependencies
• 091279a Drop the findup-sync dependency
• 10ac9c5 Drop lodash.camelcase & minimist dependencies
• 35dce52 Update dependencies
• 2929ba7 Update tested Node.js versions
• 1f514eb Don't invoke `npm prune`, `npm install` is already enough
• 65107d2 Drop support for Bower & the `checkCustomPackageNames` option
• f28ba1b Avoid `git://` URLs, they're no longer supported
• 8fdc6ad Limit allowed `packageManager` values
• 9809f13 Bump word-wrap from 1.2.3 to 1.2.4 (Random alexeisnyk/juice-shop#58)
• e522471 Bump semver from 7.3.8 to 7.5.2 (Login page v2 alexeisnyk/juice-shop#57)
• 031416d Bump yaml from 2.2.1 to 2.2.2 (Vulnerable branch alexeisnyk/juice-shop#56)
• dff3ab9 Build: Fix running tests on Windows
• 062005f Build: Update the GitHub Actions config
• ecf138f Build: Update dependencies
• 15c13b3 Build: Remove AppVeyor
• 89b9df0 Build: Update .gitattributes to files always use LF line endings
• db8c172 Build: Tweak GitHub Actions workflow code style

See the full diff

Package name: cookie-parser

The new version differs by 12 commits.

• 5d61e1e 1.4.7
• ccf1f54 deps: [email protected] ([Snyk] Security upgrade @angular-devkit/build-angular from 0.1000.8 to 13.3.6 alexeisnyk/juice-shop#116)
• 429cfd4 ci: Use GITHUB_OUTPUT envvar instead of set-output command ([Snyk] Security upgrade @angular-devkit/build-angular from 0.1000.8 to 13.3.2 alexeisnyk/juice-shop#100)
• ca4c97e ci: fix errors in ci pipeline for node 8 and 9 (Test branch alexeisnyk/juice-shop#104)
• 97bdf39 ci: add support for OSSF scorecard reporting ([Snyk] Security upgrade socket.io-client from 2.4.0 to 3.0.0 alexeisnyk/juice-shop#103)
• e5862bd build: [email protected]
• f0688d2 build: [email protected]
• 44ec541 build: [email protected]
• 695435a deps: [email protected]
• f66e7e1 build: [email protected]
• 05e40b1 build: [email protected]
• bc1d501 build: use [email protected] for Node.js 6.x

See the full diff

Package name: dottie

The new version differs by 6 commits.

• e0c8bae 2.0.4
• 7d3aee1 rudimentary __proto__ guarding
• b48e227 add github action to run tests
• 001ca40 2.0.3
• dbf26a6 Setting a null value should convert it to object ([Snyk] Fix for 3 vulnerabilities #37)
• b581120 added power support arch ppc64le on yml file. ([Snyk] Security upgrade @angular/cli from 10.2.4 to 14.2.12 #35)

See the full diff

Package name: express

The new version differs by 219 commits.

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate `"back"` magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 [email protected] (#5902)
• 2a980ad [email protected] (#5781)
• a3e7e05 docs: specify new instructions for `question` and `discuss`
• c5addb9 deps: [email protected] (#5603)
• e35380a docs: add @ IamLizu to the triage team (#5836)
• f5b6e67 docs: update scorecard link (#5814)
• 2177f67 docs: add OSSF Scorecard badge (#5436)
• f4bd86e Replace Appveyor windows testing with GHA (#5599)
• 2ec589c Fix Contributor Covenant link definition reference in attribution section (#5762)
• 4cf7eed remove minor version pinning from ci (#5722)
• 6d08471 📝 update people, add ctcpip to TC (#5683)
• 61421a8 skip QUERY tests for Node 21 only, still not supported (#5695)

See the full diff

Package name: file-stream-rotator

The new version differs by 13 commits.

• 321241d v1.0.0
• 6daf865 improved readme
• 375dc2e force manual stream rotation
• 7e595e4 rewrite using TS.
• 2b41e6a fix for PR [Snyk] Security upgrade sequelize from 5.22.5 to 6.21.2 alexeisnyk/juice-shop#87. no check before setting hashType.
• 0030fb1 fix rotation without date.
• 0a8faeb Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.1000.8 to 13.3.9 alexeisnyk/juice-shop#83 from chneil/master
• 9c487ca Merge pull request adding terraform to create eks cluster and dependencies alexeisnyk/juice-shop#81 from afrobros/fix_mkdirSync
• 325ccfa version 0.6.0. Includes fix to initial commit alexeisnyk/juice-shop#85, adding state file for drift detection purposes alexeisnyk/juice-shop#82
• 7764aac allow to specify hashing algorithm to use for the audit log
• 48d3e61 updated moment to 2.29.1
• 7fd96fe Emitting new event when the logfile is re-created after deletion so that the watcher is readded
• 35b36a8 fix Throw exist error on mkdirSync

See the full diff

Package name: finale-rest

The new version differs by 5 commits.

• d94ee1f 1.2.0
• 5834732 Fix search with substring (Add new vulns alexeisnyk/juice-shop#90)
• 5d1de6b Add deletedInstance property to context on delete ([Snyk] Security upgrade sequelize from 5.22.5 to 6.21.2 alexeisnyk/juice-shop#87)
• b005710 README Update
• 2514b90 Bump lodash from 4.17.15 to 4.17.19 (Test alexeisnyk/juice-shop#68)

See the full diff

Package name: glob

The new version differs by 116 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: grunt

The new version differs by 36 commits.

• 8372e11 1.6.1
• 72f6f03 Changelog updates
• 8d4c183 Merge pull request Facing DatabaseError [SequelizeDatabaseError]: SQLITE_ERROR: no such table: Wallets , while doing npm start after npm install. Also tried changing access rights but got similar error.[🐛]  juice-shop/juice-shop#1755 from gruntjs/rm-dep
• 1c7d483 Add recursive
• 2d4fd38 Merge pull request New Crowdin updates juice-shop/juice-shop#1756 from gruntjs/downgrade-glob
• 902db7c Downgrade glob
• 494f243 Fix syntax
• b01389e remove mkdirp
• 0072510 remove dep on rimraf and mkdirp
• 0afeb5c 1.6.0
• 2805dc3 Merge pull request [🐛] Version 13.1.0 does not work on ARM-based systems (rPi, Mac M1, ...) juice-shop/juice-shop#1750 from gruntjs/dep-update-jan28
• 3f1e423 README updates
• 8fd096d Bump to 16
• 42c5f95 Update more deps
• 1d88050 Bump eslint and node version
• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request Bug/code injection juice-shop/juice-shop#1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request Fix error rendering bug in 'Change Password' form juice-shop/juice-shop#1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling

See the full diff

Package name: grunt-contrib-compress

The new version differs by 5 commits.

• bd9fc8e v2.0.0
• b8565a9 Update Archiver ([Snyk] Security upgrade express from 4.17.2 to 4.21.0 alexeisnyk/juice-shop#232)
• f6815bf Update deps and remove nodeunit loading ([Snyk] Fix for 4 vulnerabilities alexeisnyk/juice-shop#231)
• b70c1d9 Update tests and dependencies ([Snyk] Fix for 4 vulnerabilities alexeisnyk/juice-shop#230)
• 5759edd Bump ini from 1.3.5 to 1.3.7 ([Snyk] Fix for 18 vulnerabilities alexeisnyk/juice-shop#228)

See the full diff

Package name: i18n

The new version differs by 93 commits.

• 02dd49d tests: use arrow function
• fa50268 eslint refactor var -> const,let
• abb05ec refactor to arrow functions
• 5855724 drop node support < 10
• 9e6559a Merge branch 'gajus-master'
• 234b94b (re-)added tests fast-printf Update jasmine to the latest version 🚀 juice-shop/juice-shop#453
• ef5675c Merge branch 'master' of git://github.com/gajus/i18n-node into gajus-master
• 2461a97 typo
• 737b67d refactored test to cover mf plurals
• 42f12d3 Merge branch 'calmonr-fix-messageformat'
• 0faeee0 Merge branch 'fix-messageformat' of https://github.com/calmonr/i18n-node into calmonr-fix-messageformat
• 6018b9f Merge tag '0.13.4'
• 9683cc6 Merge branch 'release/0.13.4' into npm
• bdce606 v0.13.4
• 4e6963f upgrade tested
• 3139881 save update
• aa60ac7 upgraded devDeps
• b6e672d Merge pull request New Crowdin translations juice-shop/juice-shop#482 from Justman10000/patch-1
• ed5c03f should fix coverage report
• 10daf65 publish coverage
• 84008b8 sad to see travis go paid only
• d433ebe Update node.js.yml
• 7b4a0a2 Create node.js.yml
• 5a08ecc Update sinon to the latest version 🚀 juice-shop/juice-shop#486 - test path traversal vulnerability

See the full diff

Package name: juicy-chat-bot

The new version differs by 15 commits.

• 705832f Bump version
• 147fb16 Only load english ([Snyk] Fix for 1 vulnerabilities #15)
• 11bbd8b Bump CI/CD to Node.js 18
• 3b677b5 Bump to v0.7.1
• 4a90dc5 Merge remote-tracking branch 'origin/develop' into develop
• 7b32e43 Pin version of VM2 to 3.9.17 without vulnerability ([Snyk] Security upgrade @angular/cli from 10.2.4 to 11.0.0 #14)
• 8e63414 Pin version of VM2 to 3.9.17 without vulnerability ([Snyk] Security upgrade @angular/cli from 10.2.4 to 11.0.0 #14)
• 61a1f1a Bump version
• 5ef0011 Add typescript definition for juicy-chat-bot
• d816d29 Bump copyright notes to include 2023
• 53fdc22 Update contributor statistics
• d5bc807 Bump to recent supported Node.js versions
• 956f6df Merge pull request [Snyk] Security upgrade @angular/cli from 10.2.4 to 12.0.0 #13 from pattyjogal/pattyjogal-patch-1
• 24c7cbd Pin version of VM2 to version w/o vulnerability
• 93e1fab Add contributors chart

See the full diff

Package name: pdfkit

The new version differs by 98 commits.

• 82920c6 0.14.0
• befd432 Merge pull request [🐛] Checkout without having enough money :) juice-shop/juice-shop#1471 from mflasquin/bump-crypto-js
• 7135056 Bump crypto-js from 4.0.0 to 4.2.0 to fix CVE-2023-46233
• 4ec77dd Merge pull request Security juice-shop/juice-shop#1456 from andreiaugustin/docs_pdfa_update
• 92c593f Added note to docs regarding PDF/A not supporting the standard AFM fonts
• c1d7700 Support for PDF/A-2 and PDF/A-3 subsets ([⭐]Bellingen, stay away for me.  juice-shop/juice-shop#1432)
• d81f13b test: CI node16 and 18 (New Crowdin updates juice-shop/juice-shop#1426)