[Snyk] Upgrade: concurrently, config, express-jwt, fs, mongoose, nodemon, pdfkit, validator

[IT21221064]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

concurrently
from 6.3.0 to 6.5.1 | 3 versions ahead of your current version | 3 years ago
on 2021-12-19
config
from 3.3.6 to 3.3.12 | 6 versions ahead of your current version | 3 months ago
on 2024-06-25
express-jwt
from 6.1.0 to 6.1.2 | 2 versions ahead of your current version | 2 years ago
on 2022-04-20
fs
from 0.0.1-security to 0.0.2 | 1 version ahead of your current version | 10 years ago
on 2014-09-12
mongoose
from 6.0.10 to 6.13.0 | 99 versions ahead of your current version | 3 months ago
on 2024-06-06
nodemon
from 2.0.13 to 2.0.22 | 10 versions ahead of your current version | a year ago
on 2023-03-22
pdfkit
from 0.12.3 to 0.15.0 | 3 versions ahead of your current version | 6 months ago
on 2024-03-24
validator
from 13.6.0 to 13.12.0 | 4 versions ahead of your current version | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	574	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHSET-1320032	574	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	574	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	574	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	574	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	574	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	574	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	574	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	574	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	574	No Known Exploit

Release notes

Package name: concurrently

• 6.5.1 - 2021-12-19
  
  • Fix command names when using npm wildcard (#148, #165, #211, #212)
• 6.5.0 - 2021-12-17
  
  • Add support for configuring via environment variables that start with CONCURRENTLY_ prefix (#289)
  • Add --timings flag to show when each process started and stopped, and how long they ran for (#291, #295)
• 6.4.0 - 2021-11-13
  
  • Add --hide flag to hide the output of specified commands (#138, #173)
• 6.3.0 - 2021-10-02
  
  • Distribute prefix colors correctly when using npm/yarn/pnpm script expansion (#186, #210, #234, #286)
  • Add new option to programmatic API, prefixColors, which serves as fallback for commands without a prefixColor (#286)

from concurrently GitHub release notes

Package name: config

• 3.3.12 - 2024-06-25
  

  What's Changed

  • Remove usage of deprecated utils to fix warnings in Node 22 by @ KidkArolis in #764

  New Contributors

  • @ KidkArolis made their first contribution in #764

  Full Changelog: v3.3.11...v3.3.12

• 3.3.11 - 2024-02-01
  

  What's Changed

  • fix: webpack bundling compatibility by @ cbazureau in #757

  New Contributors

  • @ cbazureau made their first contribution in #757

  Full Changelog: v3.3.10...v3.3.11

• 3.3.10 - 2024-01-09
  

  What's Changed

  • replace var to let and const by @ jamashita in #720
  • refactor: 💡 xxx === undefined => typeof xxx === 'undefined' by @ jamashita in #729
  • Fix source maps when using ts config files, improve performance loading ts config files by @ andrzej-woof in #721
  • fix: lack of comments removal, invalid regexp by @ DeutscherDude in #745

  New Contributors

  • @ jamashita made their first contribution in #720
  • @ andrzej-woof made their first contribution in #721
  • @ DeutscherDude made their first contribution in #745

  Full Changelog: v3.3.9...v3.3.10

• 3.3.9 - 2023-01-17
  

  What's Changed

  • Support loading transpiled JS config files by @ Tomas2D in #692
  • fix(vulnerability): upgrade json5 version from 2.2.1 to 2.2.2 by @ veekays in #713

  New Contributors

  • @ Tomas2D made their first contribution in #692
  • @ veekays made their first contribution in #713

  Full Changelog: v3.3.8...v3.3.9

• 3.3.8 - 2022-09-09
  

  What's Changed

  • bump json5 dep to 2.2.1
  • Cleanup of file scoped environment variables by @ jdmarshall in #667
  • Allow multiple relative directory paths separated by path.delimiter to work by @ inside in #661
  • Reentrancy bugs by @ jdmarshall in #668
  • Fixed property mutation. Throw an exception on such an attempt. Updat… by @ fgheorghe in #516
  • docs: update copyright & fix misspelling by @ DigitalGreyHat in #677

  New Contributors

  • @ jdmarshall made their first contribution in #667
  • @ inside made their first contribution in #661
  • @ DigitalGreyHat made their first contribution in #677

  Full Changelog: v3.3.7...v3.3.8

• 3.3.7 - 2022-01-11
  
  • No code changes. Resolving versioning / release mix-up
• 3.3.6 - 2021-03-08
  
  • Added publishConfig element to package.json to prevent publishing to the wrong repository - @ lorenwest

from config GitHub release notes

Package name: express-jwt

• 6.1.2 - 2022-04-20
  

  6.1.2

• 6.1.1 - 2022-02-21
  

  6.1.1

• 6.1.0 - 2021-08-11
  

  6.1.0

from express-jwt GitHub release notes

Package name: fs

• 0.0.2 - 2014-09-12
• 0.0.1-security - 2016-08-23

from fs GitHub release notes

Package name: mongoose

• 6.13.0 - 2024-06-06
• 6.12.9 - 2024-05-24
• 6.12.8 - 2024-04-10
• 6.12.7 - 2024-03-01
• 6.12.6 - 2024-01-22
• 6.12.5 - 2024-01-03
• 6.12.4 - 2023-12-27
• 6.12.3 - 2023-11-07
• 6.12.2 - 2023-10-25
• 6.12.1 - 2023-10-12
• 6.12.0 - 2023-08-24
• 6.11.6 - 2023-08-21
• 6.11.5 - 2023-08-01
• 6.11.4 - 2023-07-17
• 6.11.3 - 2023-07-11
• 6.11.2 - 2023-06-08
• 6.11.1 - 2023-05-08
• 6.11.0 - 2023-05-01
• 6.10.5 - 2023-04-06
• 6.10.4 - 2023-03-21
• 6.10.3 - 2023-03-13
• 6.10.2 - 2023-03-07
• 6.10.1 - 2023-03-03
• 6.10.0 - 2023-02-22
• 6.9.3 - 2023-02-22
• 6.9.2 - 2023-02-16
• 6.9.1 - 2023-02-06
• 6.9.0 - 2023-01-25
• 6.8.4 - 2023-01-17
• 6.8.3 - 2023-01-06
• 6.8.2 - 2022-12-28
• 6.8.1 - 2022-12-19
• 6.8.0 - 2022-12-05
• 6.7.5 - 2022-11-30
• 6.7.4 - 2022-11-28
• 6.7.3 - 2022-11-22
• 6.7.2 - 2022-11-07
• 6.7.1 - 2022-11-02
• 6.7.0 - 2022-10-24
• 6.6.7 - 2022-10-21
• 6.6.6 - 2022-10-20
• 6.6.5 - 2022-10-05
• 6.6.4 - 2022-10-03
• 6.6.3 - 2022-09-30
• 6.6.2 - 2022-09-26
• 6.6.1 - 2022-09-14
• 6.6.0 - 2022-09-08
• 6.5.5 - 2022-09-07
• 6.5.4 - 2022-08-30
• 6.5.3 - 2022-08-25
• 6.5.2 - 2022-08-10
• 6.5.1 - 2022-08-03
• 6.5.0 - 2022-07-26
• 6.4.7 - 2022-07-25
• 6.4.6 - 2022-07-20
• 6.4.5 - 2022-07-18
• 6.4.4 - 2022-07-08
• 6.4.3 - 2022-07-05
• 6.4.2 - 2022-07-01
• 6.4.1 - 2022-06-27
• 6.4.0 - 2022-06-17
• 6.3.9 - 2022-06-17
• 6.3.8 - 2022-06-13
• 6.3.7 - 2022-06-13
• 6.3.6 - 2022-06-07
• 6.3.5 - 2022-05-30
• 6.3.4 - 2022-05-19
• 6.3.3 - 2022-05-09
• 6.3.2 - 2022-05-02
• 6.3.1 - 2022-04-21
• 6.3.0 - 2022-04-14
• 6.2.11 - 2022-04-13
• 6.2.10 - 2022-04-04
• 6.2.9 - 2022-03-28
• 6.2.8 - 2022-03-23
• 6.2.7 - 2022-03-16
• 6.2.6 - 2022-03-11
• 6.2.5 - 2022-03-09
• 6.2.4 - 2022-02-28
• 6.2.3 - 2022-02-21
• 6.2.2 - 2022-02-16
• 6.2.1 - 2022-02-07
• 6.2.0 - 2022-02-02
• 6.1.10 - 2022-02-01
• 6.1.9 - 2022-01-31
• 6.1.8 - 2022-01-24
• 6.1.7 - 2022-01-17
• 6.1.6 - 2022-01-10
• 6.1.5 - 2022-01-04
• 6.1.4 - 2021-12-27
• 6.1.3 - 2021-12-21
• 6.1.2 - 2021-12-15
• 6.1.1 - 2021-12-09
• 6.1.0 - 2021-12-07
• 6.0.15 - 2021-12-06
• 6.0.14 - 2021-11-29
• 6.0.13 - 2021-11-15
• 6.0.12 - 2021-10-21
• 6.0.11 - 2021-10-14
• 6.0.10 - 2021-10-08

from mongoose GitHub release notes

Package name: nodemon

• 2.0.22 - 2023-03-22
  

  2.0.22 (2023-03-22)

  Bug Fixes

  • remove ts mapping if loader present (f7816e4), closes #2083
• 2.0.21 - 2023-03-02
  

  2.0.21 (2023-03-02)

  Bug Fixes

  • remove ts mapping if loader present (1468397), closes #2083
• 2.0.20 - 2022-09-16
  

  2.0.20 (2022-09-16)

  Bug Fixes

  • remove postinstall script (e099e91)
• 2.0.19 - 2022-07-05
  

  2.0.19 (2022-07-05)

  Bug Fixes

  • Replace update notifier with simplified deps (#2033) (176c4a6), closes #1961 #2028
• 2.0.18 - 2022-06-23
  

  2.0.18 (2022-06-23)

  Bug Fixes

  • revert update-notifier forcing esm (1b3bc8c)
• 2.0.17 - 2022-06-23
  

  2.0.17 (2022-06-23)

  Bug Fixes

  • bump update-notifier to v6.0.0 (#2029) (0144e4f)
  • update packge-lock (27e91c3)
• 2.0.16 - 2022-04-29
  

  2.0.16 (2022-04-29)

  Bug Fixes

  • support windows by using path.delimiter (e26aaa9)
• 2.0.15 - 2021-11-09
  

  2.0.15 (2021-11-09)

  Bug Fixes

  • bump prod dep versions (54784ab)
• 2.0.14 - 2021-10-19
  

  2.0.14 (2021-10-19)

  Bug Fixes

  • add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938) (61e7abd), closes #1903 #1915 #1936 #1937 #1882 #1893
• 2.0.14-alpha.1 - 2021-10-18
• 2.0.13 - 2021-09-23
  

  2.0.13 (2021-09-23)

  Bug Fixes

  • bump update-notifier (90e7a3e), closes #1919
  • release process on main (9f82a48)

from nodemon GitHub release notes

Package name: pdfkit

• 0.15.0 - 2024-03-24
  
  • Add subset for PDF/UA
  • Fix for line breaks in list items (#1486)
  • Fix for soft hyphen not being replaced by visible hyphen if necessary (#457)
  • Optimize output files by ignoring identity transforms
  • Fix for Acroforms - setting an option to false will still apply the flag (#1495)
  • Fix for text extraction in PDFium-based viewers due to invalid ToUnicodeMap (#1498)
  • Remove deprecated write method
  • Drop support for Node.js < 18 and for browsers released before 2020
• 0.14.0 - 2023-11-09
  
  • Add support for PDF/A-1b, PDF/A-1a, PDF/A-2b, PDF/A-2a, PDF/A-3b, PDF/A-3a
  • Update crypto-js to v4.2.0 (properly fix security issue)
• 0.13.0 - 2021-10-24
  
  • Add tiling pattern support
• 0.12.3 - 2021-08-01
  

  v0.12.3

from pdfkit GitHub release notes

Package name: validator

• 13.12.0 - 2024-05-09
  

  What's Changed

  New Features / Validators

  • #2143 isAbaRouting @ songyuew

  Fixes, New Locales and Enhancements

  • #2207 isLicensePlate add Pakistani en-PK locale @ anasshakil
  • #2208 isPort fix invalid leading zeros @ anasshakil
  • #2224 isTaxID added Argentina es-AR locale @ estefrare
  • #2257 isDate timezone offset fix @ tomaspanek
  • #2265 isPassportNumber added ZA locale @ GMorris-professional
  • isMobilePhone:
    • #2267 added en-MW locale @ SimranSiddiqui
    • #2140 fix am-AM locale @ AlexKrupko
  • #2271 isPostalAddress fix NL locale @ RobinvanderVliet
  • #2273 isISO4217 add SLE currency @ urg
  • #2278 isStrongPassword fix symbolRegex to include \ @ nandavikas
  • #2279 isVAT fixed KZ locale @ MatthieuLemoine
  • #2285 isAlpha, isAlphanumeric added eo locale @ RobinvanderVliet
  • #2320 isIBAN add Algeria DZ locale @ thibault-lr
  • #2343 isVATimprove AU locale @ matthewberryman
  • #2345 isUUID add support for v7 @ ruscon
  • #2358 isTaxID add Ukraine uk-UA locale @ arttiger
  • #2381 isDate disallow hiphen before year @ Sumit-tech-joshi
  • Doc fixes and others:
    • #2276 @ meyfa
    • #2341 @ WikiRik
    • #2364 @ rubiin
    • #2368 @ ZhulinskiiDanil
    • #2371 @ devmanbud
    • #2386 @ alinaghale88

  New Contributors

  • @ tomaspanek made their first contribution in #2257
  • @ estefrare made their first contribution in #2224
  • @ GMorris-professional made their first contribution in #2265
  • @ SimranSiddiqui made their first contribution in #2267
  • @ ZhulinskiiDanil made their first contribution in #2368
  • @ devmanbud made their first contribution in #2371
  • @ ruscon made their first contribution in #2345
  • @ amaliacatalina made their first contribution in #2284
  • @ RobinvanderVliet made their first contribution in #2285
  • @ anasshakil made their first contribution in #2211
  • @ AlexKrupko made their first contribution in #2140
  • @ urg made their first contribution in #2273