[Snyk] Fix for 3 vulnerabilities

[notwaving]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	No	Mature
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-fileupload

The new version differs by 67 commits.

• 4f81fc8 1.4.0
• 78a66c1 Merge pull request #315 from duterte/master
• 310a382 Merge branch 'richardgirges:master' into master
• f57198b fix linting error
• ce713c2 add workflow job filters
• e47cc7d trigger ci
• 74a0830 Refactor: upgrade to busboy 1.6.0
• d1d6c66 Refactor busboy is no longer a constructor, its a function
• 30d8535 Merge pull request #310 from richardgirges/dependabot/npm_and_yarn/minimist-1.2.6
• e6948f9 Bump minimist from 1.2.5 to 1.2.6
• c9c7d83 Create SECURITY.md
• f9237aa help wanted readme update
• 651421b help wanted readme update
• 290f3cc 1.3.1
• ab3d252 node 12+ support
• 4afa5a1 1.3.0
• fe0ce3f circleci status badge
• 26f4a92 comment out console logs
• edd91ce Merge pull request #301 from zwade/master
• 47bc50c Merge remote-tracking branch 'origin/master'
• 3ba7d94 Merge pull request #302 from zwade/zw-fix-tests
• ddf5530 support node 12+. fix security vulnerabilities re: npm audit
• 3cfbc7f Have promiseCallback make callbacks and promises behave the same
• 5e83249 Refactor prototype pollution check to be more comprehensive

See the full diff

Package name: node-geocoder

The new version differs by 33 commits.

• 9463c76 v4.0.0
• 72bb7d2 Fix google geocoder buffer
• 5534878 Remove deprecated option from here geocoder (#333)
• b701cd5 Remove http adapters (#332)
• 6ef1f47 Prepare 4.0 release
• 836ff39 Add integration test for google geocoder
• 18fd945 v.3.29.0
• d0485bc Here batchGeocoding using the Here Batch API (#329)
• e225fa7 Support country param for TomTom geocoder (#330)
• b9b0e40 Standardize batch output (#328)
• 4082187 Update changelog
• fd381de Fix workflow env variables
• 2761be6 Add integration test for here and tomtom
• 17a7019 Improve batch geocoding for TomTom (#325)
• 06f7018 Run on workflow dispatch
• 254d5a9 Add secrets
• e7a5529 Add workflow on comment
• 5a86d48 Add integration test workflow
• 0f33036 Init integration test
• 5de7be0 Fix fetch adapter to handle custom json content type
• da4d378 Init changelog for 3.29.0
• c5fcf0e feat: mapbox geocoder (#317)
• 434c517 Improving error handling (#324)
• bfefe65 Add .github to .npmignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution