[Snyk] Fix for 86 vulnerabilities

[Seanland]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • SCA/JS/package.json
  • SCA/JS/package-lock.json
  • SCA/JS/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-DUSTJSLINKEDIN-1089257	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	819/1000 Why? Mature exploit, Has a fix available, CVSS 7.8	Arbitrary Code Execution SNYK-JS-EXIFTOOLVENDOREDPL-1279041	No	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	/1000 Why?	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1056408	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1298037	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1766967	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1910225	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-543825	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-568922	No	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-598223	No	No Known Exploit
	/1000 Why?	Arbitrary Code Execution SNYK-JS-TOTAL4-1130527	No	Proof of Concept
	/1000 Why?	Arbitrary Code Execution SNYK-JS-TOTALJS-1088607	No	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	/1000 Why?	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Code Injection npm:dustjs-linkedin:20160819	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Remote Memory Exposure npm:mongoose:20160116	No	Mature
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Directory Traversal npm:st:20140206	No	Proof of Concept
	644/1000 Why? Mature exploit, Has a fix available, CVSS 4.3	Open Redirect npm:st:20171013	Yes	Mature
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 134 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request [Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser

The new version differs by 221 commits.

• 0f1bed0 1.17.1
• 0532096 lint: remove unreachable code branches
• b34aab5 build: eslint-config-standard@7.0.0
• 77b1ca1 build: eslint-plugin-markdown@1.0.0-beta.4
• e51dbc5 deps: qs@6.4.0
• 79bc939 1.17.0
• e6140e1 build: Node.js@7.7
• 42f467d deps: qs@6.3.1
• 4954aec build: test against Node.js 8.x nightly
• e2050df build: Node.js@7.6
• 2f941c4 build: Node.js@6.10
• 6549617 build: Node.js@4.8
• d1c2c7f deps: http-errors@~1.6.1
• e7b86ba build: eslint@3.16.1
• 7b630f7 1.16.1
• de574bf build: eslint@3.15.0
• 889bcc9 build: Node.js@7.5
• dba8ac4 deps: debug@2.6.1
• 95a3ebb docs: fix history file with incorrect qs version
• c5a73d5 1.16.0
• 9744dda deps: qs@6.3.0
• 7807757 deps: debug@2.6.0
• 0e44768 lint: use standard style in the README
• 14952be build: eslint-config-standard@6.2.1

See the full diff

Package name: cfenv

The new version differs by 1 commits.

• fb0a2aa update dependencies, now at version 1.2.4

See the full diff

Package name: errorhandler

The new version differs by 85 commits.

• c41e9aa 1.4.3
• ffce329 build: istanbul@0.4.2
• 90a8777 build: Node.js@4.2
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: istanbul@0.4.1
• fdeb13c build: mocha@2.3.4
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: istanbul@0.3.19
• 5ee62b7 deps: escape-html@1.0.3
• 1e89ae7 build: istanbul@0.3.18
• ef1e8f1 build: supertest@1.1.0
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: io.js@2.5
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: exiftool-vendored.pl

The new version differs by 9 commits.

• d66f29b 12.25.0
• c51aba6 v12.25
• 1a38890 v12.25.0-pre
• 85a87b3 12.23.0
• 2e8f0b4 v12.23
• 0e946b6 v12.23.0-pre
• 7d535c6 12.21.0
• c03ce10 v12.21
• 76f0d44 v12.21.0-pre

See the full diff

Package name: express

The new version differs by 250 commits.

• f974d22 4.16.0
• 8d4ceb6 docs: add more information to installation
• c0136d8 Add express.json and express.urlencoded to parse bodies
• 86f5df0 deps: serve-static@1.13.0
• 4196458 deps: send@0.16.0
• ddeb713 tests: add maxAge option tests for res.sendFile
• 7154014 Add "escape json" setting for res.json and res.jsonp
• 628438d deps: update example dependencies
• a24fd0c Add options to res.download
• 95fb5cc perf: remove dead .charset set in res.jsonp
• 44591fe deps: vary@~1.1.2
• 2df1ad2 Improve error messages when non-function provided as middleware
• 12c3712 Use safe-buffer for improved Buffer API
• fa272ed docs: fix typo in jsdoc comment
• d9d09b8 perf: re-use options object when generating ETags
• 02a9d5f deps: proxy-addr@~2.0.2
• c2f4fb5 deps: finalhandler@1.1.0
• 673d51f deps: utils-merge@1.0.1
• 5cc761c deps: parseurl@~1.3.2
• ad7d96d deps: qs@6.5.1
• e62bb8b deps: etag@~1.8.1
• 70589c3 deps: content-type@~1.0.4
• 9a99c15 deps: accepts@~1.3.4
• 550043c deps: setprototypeof@1.1.0

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.4 to 4.17.21 snyk-matt/goof-platform#240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix [Snyk] Upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.26 #2
• 829f395 version bump
• db49535 Merge pull request [Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-matt/goof-platform#237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk(Unlimited)] Upgrade typeorm from 0.2.30 to 0.2.31 snyk-matt/goof-platform#232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-matt/goof-platform#230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: file-type

The new version differs by 218 commits.

• b5fe3b9 16.5.4
• d868356 Fix: Malformed MKV could cause an infinite loop
• 3b08ab1 Upgrade and unlock dependencies
• c011315 Lock strtok3 dependency
• 9102f1c Update dependency to token-types v3, supporting BigInt ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#465)
• ac866f9 16.5.1
• 0012c56 Fix `mimeTypes` TypeScript type ([Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#464)
• 92f3f50 Meta tweaks
• 4ea7bff 16.5.0
• 57ecf2d Add support for JPEG XL image format ([Snyk(Unlimited)] Upgrade lodash from 4.17.4 to 4.17.21 snyk-matt/goof-platform#455)
• 07101ac Remove ASAR 240 bytes of JSON payload length limitation ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#453)
• 3df0ed1 Remove an unnecessary dependency ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-matt/goof-platform#458)
• 1e4e8df 16.4.0
• 29618c8 Add support for VCF (and fix ICS detection) ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#451)
• 6ab25f3 Add support for XCF ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#450)
• 7021d9a Remove moot check for sync word at odd offsets for MPEG detection ([Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#448)
• fd1e72c 16.3.0
• 9319167 Add support for Zstandard compressed file ([Snyk(Unlimited)] Upgrade lodash from 4.17.4 to 4.17.21 snyk-matt/goof-platform#439)
• 2cc0869 Add file type descriptions ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#433)
• 98e6886 16.2.0
• 9736aa3 Improve PDF / AI (Adobe Illustrator) recognition ([Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#396)
• 7f95cd2 Add support for 3mf ([Snyk] Fix for 2 vulnerabilities snyk-matt/goof-platform#415)
• 579f8cb 16.1.0
• e43cdc9 Add support for CHM ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.5.3 snyk-matt/goof-platform#424)

See the full diff

Package name: karma

The new version differs by 250 commits.

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
• 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
• db53785 chore(release): 6.3.13 [skip ci]
• 5bf2df3 fix(deps): bump log4js to resolve security issue
• 36ad678 chore(release): 6.3.12 [skip ci]
• 41bed33 fix: remove depreciation warning from log4js
• c985155 docs: create security.md
• c96f0c5 chore(release): 6.3.11 [skip ci]
• a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
• de0df2f test: fix version regex in the CLI test case
• eddb2e8 chore(release): 6.3.10 [skip ci]
• 0d24bd9 fix(logger): create parent folders if they are missing
• b8eafe9 chore(release): 6.3.9 [skip ci]
• cf318e5 test: add test case for restarting test run on file change
• 92ffe60 fix: restartOnFileChange option not restarting the test run
• b153355 style: fix grammar error in browser capture log message
• 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-matt/goof-platform#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.5.5 snyk-matt/goof-platform#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 ([Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.5 snyk-matt/goof-platform#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 snyk-matt/goof-platform#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.5.5 snyk-matt/goof-platform#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-matt/goof-platform#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 ([Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#2336)