[Snyk] Fix for 17 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JS-BCRYPT-572911	Yes	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Cryptographic Issues SNYK-JS-BCRYPT-575033	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MATHJS-1016401	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Arbitrary Code Execution SNYK-JS-TYPEDFUNCTION-174139	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bcrypt

The new version differs by 167 commits.

• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment
• ca1e43b Add test for embedded NULs
• 1a81858 Pass key_len to bcrypt(). Fix for issues #774, #776
• cf4efd9 Merge pull request #647 from ilatypov/master
• 15febd1 Allow using an enterprise artifactory.
• 96c41e2 Mark z/OS compatibility code as such
• dd32df1 Add z/OS support
• ac14738 Update CHANGELOG.md
• d9e54b4 Merge pull request #806 from techhead/2b_overflow
• 9548df5 Fix overflow bug. See issue #776
• 4c38d38 Merge pull request #804 from jokester/add-arm64-build
• 41d9ba2 add linux-arm64 to build matrix
• bc114fb Update node-addon-api to v3.0.0
• 61f6308 Use travis to deploy future releases
• 87c214f v4.0.1
• 9758e68 Prepare for uploading releases from inside docker
• 1511821 Define _GNU_SOURCE while compiling for MUSL
• e01e78a Add alpine-linux to CI
• bbb6b2d Readme: fix node version for v4.0.0
• 738e4e2 Update CHANGELOG.md

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request #240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix Action Required: Fix WhiteSource Configuration File - .whitesource #2
• 829f395 version bump
• db49535 Merge pull request #237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request #233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Fix for 17 vulnerabilities #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request #232 from RomanBurunkov/master
• 05004b7 Merge pull request #230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request #222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: mathjs

The new version differs by 250 commits.

• 2594c69 Publish v7.5.1
• ecb8051 Fix object pollution vulnerability in `math.config`
• a2858e2 Publish v7.5.0
• a72deb3 Update history
• c5ab722 Merge branch 'pickrandom-allow-any-array)' of https://github.com/KonradLinkowski/mathjs into develop
• 7575156 Publish v7.4.0
• 642db06 Update history
• 439ec41 Feat/rotate matrix (#1984)
• 7854a9b Update history
• a5cbb6a pickRandom - flatten the array
• ca05c25 Allow any array in pickRandom function
• bc4d94b Update history and authors list
• becab40 sqrtm - throw an error for matrices with dimension greater than two (#1977)
• f3c4a90 Update history
• 9f06dad floor and cell with precision (#1967)
• 76f6085 Publish v7.3.0
• 73c66b9 Update devDependencies
• f2d7a1b Update history and authors list
• 1d0ce02 Merge remote-tracking branch 'origin/develop' into develop
• f5d843b Binary, octal, and hexadecimal literals and formatting (#1968)
• d82fc39 Simplify require url in math_worker example
• 91fa8ea Fix require url in math_worker example
• 18996cb Update devDependencies
• 93ac70a Update history and authors list

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 9f47e94 fix(dependencies): update validator dependency to latest version (#13802)
• 71c9130 ci: trigger action rerun
• aca4fbc build: update uuid (#13124)
• 32d1e9e ci: enable semantic-release for v5
• db6d5ec fix(types): allow transaction to be `null` (#13093) (#13101)
• d89dede ci(mssql): fix mssql tests
• d608bc0 ci(typings): fix tests for TS typings in TS 4.0
• a914a47 ci: fix ci
• 4b54342 test: fix 6f74bf62 for Node.js 6
• f42d5f3 ci: move to GitHub Actions
• 5fd55c3 test: add missing dev-dependency
• 6f74bf6 test: improve 'running queries' detection
• 3d2df28 fix(sqlite): describeTable now returns unique and references (#12440)
• 56d07c6 fix(mssql): insert/upsert operations do not return all fields (#12434)
• ad1c153 fix(mssql): bulkUpdate returning values (#12410)
• 26fcbce fix(tests): correct spelling mistakes (#12422)
• 2391d08 feat(sequelize): allow passing dialectOptions.options from url (#12412)
• 8477b07 build: changes for v6 release (#12417)
• 834b9f0 fix(postgres): parse enums correctly when describing a table (#12409) (#12411)
• 7fba668 fix(types): specified 'this' for getters and setters in fields (#12370)
• 41237ae fix(mssql): set correct scale for float (#12340)
• 5c733ef fix(include): check if attributes specified for included through model (#12020)
• 7fdc2dc fix(mssql): tedious connect deprecation (#12275)
• 8a3827d fix(mssql): use uppercase for engine table and columns (#12253)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic