[Snyk] Fix for 14 vulnerabilities

[colmoreilly]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	No	Mature
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-fileupload

The new version differs by 67 commits.

• 4f81fc8 1.4.0
• 78a66c1 Merge pull request [Snyk-dev Update] New fixes for 54 vulnerable dependency paths snyk-labs/nodejs-goof#315 from duterte/master
• 310a382 Merge branch 'richardgirges:master' into master
• f57198b fix linting error
• ce713c2 add workflow job filters
• e47cc7d trigger ci
• 74a0830 Refactor: upgrade to busboy 1.6.0
• d1d6c66 Refactor busboy is no longer a constructor, its a function
• 30d8535 Merge pull request [Snyk-dev] Fix for 5 vulnerable dependencies snyk-labs/nodejs-goof#310 from richardgirges/dependabot/npm_and_yarn/minimist-1.2.6
• e6948f9 Bump minimist from 1.2.5 to 1.2.6
• c9c7d83 Create SECURITY.md
• f9237aa help wanted readme update
• 651421b help wanted readme update
• 290f3cc 1.3.1
• ab3d252 node 12+ support
• 4afa5a1 1.3.0
• fe0ce3f circleci status badge
• 26f4a92 comment out console logs
• edd91ce Merge pull request [Snyk Update] New fixes for 5 vulnerable dependency paths snyk-labs/nodejs-goof#301 from zwade/master
• 47bc50c Merge remote-tracking branch 'origin/master'
• 3ba7d94 Merge pull request [Snyk Update] New fixes for 5 vulnerable dependency paths snyk-labs/nodejs-goof#302 from zwade/zw-fix-tests
• ddf5530 support node 12+. fix security vulnerabilities re: npm audit
• 3cfbc7f Have promiseCallback make callbacks and promises behave the same
• 5e83249 Refactor prototype pollution check to be more comprehensive

See the full diff

Package name: humanize-ms

The new version differs by 7 commits.

• d9cdffe Release 1.2.1
• c6da77c deps: ms@2
• 3b6f1ba fix: package.json to reduce vulnerabilities ([Snyk] Upgrade moment from 2.15.1 to 2.29.0 #3)
• 51a95e8 Add license text ([Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #2)
• 627c5c4 Release 1.2.0
• e584c58 add benchmark
• 4cf945f deps: upgrade ms to 0.7.0

See the full diff

Package name: tap

The new version differs by 250 commits.

• 793c1c0 update versions
• 47a2289 add missing @ tapjs/mock service key polyfill
• 6622dca snapshot: update snapshot
• 556e520 mock: actually be resilient against multiple instances
• 2c135b0 Add `t.mockAll` method
• d7e7e4f clean process.cwd() out of snapshots by default
• 4c0dc72 use the released version of tshy
• c858f37 need to check in .tshy configs for typedoc to work
• 82f48cd update versions
• 0f27f73 TypeScript 5.2, use tshy for hybrid builds
• de09096 remove my home directory from parser snapshots
• 46e2bbb repl: mkdirp the .tap dir if missing
• acfae01 link typedocs to main website
• 2ece1da core spawn test even less flaky
• a7a12d2 update typedoc to latest, ts-node to temporary fork
• a5c0e0c some changelog updates
• caf8d81 document repl
• a5dc854 Store t.testdir() fixtures in .tap/fixtures
• 6914d23 remove docs from source control
• 1dcc6a7 exclude test files themselves from coverage
• aff25fc update versions
• c5972e7 core: make spawn timeout test less flaky
• 1c11b37 stack: properly parse ErrnoException errors
• 1280a55 parser: remove node v12 skip check

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn