[Snyk] Fix for 12 vulnerabilities

[gopikrishna7]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	Arbitrary Code Execution npm:pg:20170813	Yes	Mature
	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

Commit messages

Package name: body-parser

The new version differs by 250 commits.

• 424dadd 1.19.2
• 11248a2 deps: raw-body@2.4.3
• 7a088eb build: Node.js@14.19
• ecedf31 build: Node.js@16.14
• b6bfabd build: Node.js@17.5
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: Node.js@17.4
• 70560b1 build: mocha@9.2.0
• 548a06f build: supertest@6.2.2
• 3b00678 deps: bytes@3.1.2
• d5acb61 build: mocha@9.1.4
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: qs@6.9.7
• c631b58 build: supertest@6.2.1
• c81a8e2 build: eslint-plugin-import@2.25.4
• 3c4dcb8 build: Node.js@17.3
• d0a214b 1.19.1
• fb172d4 build: eslint-plugin-promise@5.2.0
• c5e63cb build: Node.js@17.2
• c6d43bd build: eslint-plugin-import@2.25.3
• 313ed6d build: eslint-plugin-promise@5.1.1
• 8389b51 deps: bytes@3.1.1
• aae94b2 deps: http-errors@1.8.1
• 7f84d4f deps: raw-body@2.4.2

See the full diff

Package name: express

The new version differs by 250 commits.

• b28db2c 4.19.2
• 0b74695 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• 4ee853e docs: loosen TC activity rules
• 414854b docs: nominating @ wesleytodd to be project captian
• 06c6b88 docs: update release date
• 1b51eda 4.18.3
• b625132 build: pin Node 21.x to minor
• e3eca80 build: pin Node 21.x to minor
• 23b44b3 build: support Node.js 21.6.2
• b9fea12 build: support Node.js 21.x in appveyor
• c259c34 build: support Node.js 21.x
• fdeb1d3 build: support Node.js 20.x in appveyor
• 734b281 build: support Node.js 20.x
• 0e3ab6e examples: improve view count in cookie-sessions
• 59af63a build: Node.js@18.19
• e720c5a docs: add documentation for benchmarks

See the full diff

Package name: log4js

The new version differs by 250 commits.

• 9fdbed5 6.4.0
• 788c7a8 Merge pull request #1150 from log4js-node/update-changelog
• 7fdb141 chore: updated changelog for 6.4.0
• e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
• ac599e4 allow for zero backup - in sync with https://github.com/fix: allow for zero backups and zero daysToKeep log4js-node/streamroller#74
• 53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
• 436d9b4 Merge pull request #1148 from log4js-node/update-docs
• d6b017e chore(docs): updated fileSync.md and misc comments
• d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
• 0ad0133 Merge pull request #1147 from log4js-node/update-deps
• 773962b Merge pull request #1146 from log4js-node/update-deps
• 823bb46 Merge pull request #1145 from log4js-node/update-deps
• 6cc0035 chore(deps): bump streamroller from 3.0.1 to 3.0.2
• 0f39859 chore(deps): bump date-format from 4.0.2 to 4.0.3
• 85ac31e chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0
• acd41ef Merge pull request #1144 from log4js-node/refactor
• 4c4bbe8 chore(refactor): using writer.writable instead of alive for checking
• e86a809 Merge pull request #1097 from 4eb0da/datefile-error-handling
• 34ab3b2 Merge pull request #1143 from log4js-node/update-test
• 8cba85f chore(test): renamed tap.teardown() to tap.tearDown() for consistency (while both works, only tap.tearDown() is documented)
• a0baec2 chore(test): fixed teardown() causing tests to fail due to fs errors on removal
• 51ac865 Merge pull request #1103 from polo-language/recording-typescript
• 653a20f Merge pull request #1028 from techmunk/master
• 43a2199 chore(test): Changed default TAP test suite timeout from 30s to 45s because Windows takes a long time

See the full diff

Package name: morgan

The new version differs by 114 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

Package name: pg-promise

The new version differs by 250 commits.

• 508970e upped the version
• 449d875 Merge pull request #672 from vitaly-t/proc
• c5b8942 adding tests
• df2b3a7 set beta version
• d26ff26 adding tests
• 471af3a docs
• c6e4d28 docs for #670
• 0545ede refactoring tests for functions
• 08ab235 fixing linting
• fd98947 docs update for #670
• f06e609 updating typescript
• f3e7eb5 docs for #670
• b516c86 fixed integration
• e603d4e adding server version patch
• ab42306 trying to patch postgresql on travis ci
• a46d06a trying to upgrade the server
• 1dfb365 initial implementation of #670
• dba477f upped the version
• 9db2481 updating TypeScript
• 37a59a2 adding a test
• 22d37b9 refactoring schema logic
• 644c88d throwing away the flaky quality budge
• 2541ee5 improving on #667
• 951a704 updating tests

See the full diff

Package name: serve-favicon

The new version differs by 50 commits.

• 68b34f5 2.4.5
• 930b0a0 deps: fresh@0.5.2
• 8105b88 deps: etag@~1.8.1
• c050d26 2.4.4
• d36c44e deps: fresh@0.5.1
• c33f25e deps: parseurl@~1.3.2
• 878c248 tests: use mocha context for server
• e24fa4b deps: safe-buffer@5.1.1
• 998dcb5 build: eslint-plugin-node@5.1.1
• a5cff5d build: eslint-plugin-import@2.7.0
• c2e05e8 build: support Node.js 8.x
• 52cb604 build: Node.js@7.10
• 44c4c6e build: Node.js@6.11
• 9293f89 2.4.3
• 53a3778 deps: ms@2.0.0
• b5b9412 build: eslint-config-standard@10.2.1
• df97c51 build: eslint-plugin-markdown@1.0.0-beta.6
• dcf75b3 build: Node.js@7.9
• 11108e1 Use safe-buffer for improved Buffer API
• 08135aa tests: use temp-path for paths
• ca3ce4e build: eslint@3.19.0
• b450452 2.4.2
• 0b0bf0a build: eslint-config-standard@7.1.0
• 4e083b7 build: eslint-plugin-markdown@1.0.0-beta.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Information Exposure
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn