[Snyk] Upgrade: argon2, express, express-rate-limit, jsonwebtoken, uuid

[itsdavetho]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

argon2
from 0.31.0 to 0.40.3 | 8 versions ahead of your current version | 4 months ago
on 2024-05-25
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 6.9.0 to 6.11.2 | 4 versions ahead of your current version | a year ago
on 2023-09-12
jsonwebtoken
from 9.0.1 to 9.0.2 | 1 version ahead of your current version | a year ago
on 2023-08-30
uuid
from 9.0.0 to 9.0.1 | 1 version ahead of your current version | a year ago
on 2023-09-12

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Open Redirect SNYK-JS-EXPRESS-6474509	519	No Known Exploit
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	519	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	519	Proof of Concept

Release notes

Package name: argon2

• 0.40.3 - 2024-05-25
• 0.40.2 - 2024-05-25
  

  Fix issue with publishing tags starting with v

• 0.40.1 - 2024-02-22
• 0.40.0-alpha.3 - 2024-01-10
• 0.40.0-alpha.2 - 2023-12-30
• 0.40.0-alpha.1 - 2023-12-20
• 0.31.2 - 2023-11-04
  

  Note: this is the last version that will support Node 16 since it's support has ended on 2023-09-11. Please upgrade to 18 or preferably 20 as soon as possible.

  What's Changed

  • Fix macos m1 build/release by @ CarsonF in #387
  • Change workflow bridge routes by @ RavelloH in #388

  New Contributors

  • @ CarsonF made their first contribution in #387
  • @ RavelloH made their first contribution in #388

  Full Changelog: v0.31.1...v0.31.2

• 0.31.1 - 2023-09-01
  

  Maintenance release intended to fix missing prebuilts due to failure when building v0.31.0

  Note: v0.31.x will be the last version supporting Node v16. Please update to Node v18 or newer.

  Full Changelog: v0.31.0...v0.31.1

• 0.31.0 - 2023-08-02
  

  What's Changed

  • Security update: bump @ mapbox/node-pre-gyp by @ jdforsythe in #383

  Please update to v0.31.0 as soon as possible.

  New Contributors

  • @ abcfy2 made their first contribution in #371
  • @ jdforsythe made their first contribution in #383

  Full Changelog: v0.30.3...v0.31.0

from argon2 GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add Node.js@19.7 by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

from express GitHub release notes

Package name: express-rate-limit

• 6.11.2 - 2023-09-12
  

  Fixed

  • Restored IncrementResponse TypeScript type (See #397)
• 6.11.1 - 2023-09-10
  

  Fixed

  • Check for prefixed keys when validating that the stores have single counted keys (See #395).
• 6.11.0 - 2023-09-06
  

  Added

  • Support for retrieving the current hit count and reset time for a given key from a store (See #390).
• 6.10.0 - 2023-08-30
  

  Added

  • Support for combined RateLimit header from the RateLimit header fields for HTTP standardization draft adopted by the IETF. Enable by setting standardHeaders: 'draft-7'
  • New standardHeaders: 'draft-6' option, treated equivalent to standardHeaders: true from previous releases. (true and false are still supported.)
  • New RateLimit-Policy header added when standardHeaders is set to 'draft-6', 'draft-7', or true
  • Warning when using deprecated draft_polli_ratelimit_headers option
  • Warning when using deprecated onLimitReached option
  • Warning when totalHits value returned from Store is invalid
• 6.9.0 - 2023-08-06
  

  Added

  • New validaion check for double-counted requests
  • Added help link to each ValidationError, directing users to the appropriate wiki page for more info

  Changed

  • Miscaleanous documenation improvements

  You can view the full changelog here.

from express-rate-limit GitHub release notes

Package name: jsonwebtoken

• 9.0.2 - 2023-08-30
  

  Release 9.0.2 (#935)

• 9.0.1 - 2023-07-05
  

  Updating package version to 9.0.1 (#920)

from jsonwebtoken GitHub release notes

Package name: uuid

• 9.0.1 - 2023-09-12
  

  chore(release): 9.0.1

• 9.0.0 - 2022-09-05
  

  chore(release): 9.0.0

from uuid GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"argon2","from":"0.31.0","to":"0.40.3"},{"name":"express","from":"4.18.2","to":"4.19.2"},{"name":"express-rate-limit","from":"6.9.0","to":"6.11.2"},{"name":"jsonwebtoken","from":"9.0.1","to":"9.0.2"},{"name":"uuid","from":"9.0.0","to":"9.0.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INFLIGHT-6095116","issue_id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"}],"prId":"eb397f22-dd40-4083-a35a-0992818f3c1e","prPublicId":"eb397f22-dd40-4083-a35a-0992818f3c1e","packageManager":"npm","priorityScoreList":[519,631,646],"projectPublicId":"1183c870-d3a1-4ff3-b543-2492d078f9ac","projectUrl":"https://app.snyk.io/org/xxorpheus/project/1183c870-d3a1-4ff3-b543-2492d078f9ac?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-EXPRESS-6474509","SNYK-JS-INFLIGHT-6095116","SNYK-JS-TAR-6476909"],"upgradeInfo":{"versionsDiff":8,"publishedDate":"2024-05-25T16:34:43.699Z"},"vulns":["SNYK-JS-EXPRESS-6474509","SNYK-JS-INFLIGHT-6095116","SNYK-JS-TAR-6476909"]}'