[Snyk] Fix for 18 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/database/package.json
  • packages/database/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Command Injection SNYK-JS-AWSLAMBDA-540839	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775	Yes	Mature
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: got

The new version differs by 222 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• f896aa5 11.8.2
• 3bd245f Instantiate CacheableLookup only when needed (#1529)
• a72ed84 11.8.1
• 4c815c3 Do not throw on custom stack traces (#1491)
• e0cb820 11.8.0
• f65c9ef Upgrade dependencies
• 7acd380 Fix for sending files with size `0` on `stat` (#1488)
• 6aa86f2 Fix indentation in the readme
• 3dd2273 `beforeRetry` allows stream body if different from original (#1501)
• b1afa2b Fix readme example comment (#1505)
• 390b145 Set default value for an options object (#1495)
• 87dadd5 Fixed documentation example for `responseType` (#1494)
• 3bf3e3b Add `lookup` option documentation (#1483)
• c31366b Add a test for [Snyk] Fix for 2 vulnerabilities #1438 (chore(deps): bump cookiejar from 2.1.2 to 2.1.4 #1469)
• 5d62958 11.7.0
• 88b32ea Fix a regression where body was sent after redirect

See the full diff

Package name: parse-domain

The new version differs by 2 commits.

• a22b76e chore(release): 3.0.0 [skip ci]
• 9f38492 feat: Complete rewrite in TypeScript and several bug fixes and improvements

See the full diff

Package name: serverless

The new version differs by 250 commits.

• 16c29da chore: Release v3.0.0
• ad1faa3 chore: Bump dependencies
• c150045 refactor: Rename `…nts/api-gateway/lib/method/requestParameters.test.js`
• 95e308d refactor: Rename `…s/package/compile/events/alb/lib/healthCheck.test.js`
• 358a1cf refactor: Rename `lib/plugins/aws/package/compile/events/eventBridge`
• 88b52ab test: Rename `test/integrationPackage`
• 3f8b1a1 refactor: Rename `…e/compile/events/api-gateway/lib/hack/updateStage.js`
• 93d1c29 refactor: Rename `…events/api-gateway/lib/hack/disassociateUsagePlan.js`
• bb70c63 refactor: Rename `…kage/compile/events/websockets/lib/routeResponses.js`
• bff4cc7 refactor: Rename `…/events/websockets/lib/pickWebsocketsTemplatePart.js`
• 20b90cb refactor: Rename `…kage/compile/events/api-gateway/lib/usagePlanKeys.js`
• 3ea8389 refactor: Rename `…/package/compile/events/api-gateway/lib/usagePlan.js`
• 04158ea refactor: Rename `…ws/package/compile/events/api-gateway/lib/restApi.js`
• 897fdfc refactor: Rename `…e/compile/events/api-gateway/lib/requestValidator.js`
• 44f48f5 refactor: Rename `…ws/package/compile/events/api-gateway/lib/apiKeys.js`
• cb3518e refactor: Rename `lib/plugins/aws/package/compile/events/apiGateway`
• 98e454e refactor: Rename `…/aws/package/compile/events/alb/lib/listenerRules.js`
• 0b542a1 refactor: Rename `…s/aws/package/compile/events/alb/lib/targetGroups.js`
• 72624b0 refactor: Rename `…lugins/aws/package/compile/events/s3/configSchema.js`
• 6ee1a79 refactor: Rename `…package/compile/events/msk/getMskClusterNameToken.js`
• f2a4f96 refactor: Rename `…compile/events/lib/ensureApiGatewayCloudWatchRole.js`
• 364e52a refactor: Rename `lib/plugins/aws/package/compile/events/httpApi.js`
• ebe4035 refactor: Rename `…s/aws/package/compile/events/iotFleetProvisioning.js`
• 04f6318 refactor: Rename `…lugins/aws/package/compile/events/cognitoUserPool.js`

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn