[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • SCA/JS/package.json
  • SCA/JS/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) npm:tinymce:20150610	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 50 commits.

• 80d259f Version bump
• 3f00a03 Fixed [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#176
• 650e752 Fixed wrong date on files (issue [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 snyk-matt/goof-platform#203)
• d01fa8c Fixed bugs introduced with 0.4.9
• c0cc85d Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#219 from jontore/master
• 39c83a2 Merge pull request [Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#209 from poshta1900/fix
• b94c5dd Merge pull request [Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-matt/goof-platform#227 from hhaidar/master
• c95c553 Merge pull request [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.5 snyk-matt/goof-platform#228 from jmcollin78/patch-1
• cda668c Fix issue [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#218
• 0f2cb41 Fix octal literals so they work in strict mode
• 888931d To support strict mode use 0o prefix to octal numbers
• 89b6f67 Update package.json
• 9592298 Update README.md
• ce59e5a Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#215 from grnd/master
• 38cb4a4 fix: resolve both target and entry path
• 18c3d31 Update package.json
• 666adec Update package.json
• 499d59b Update package.json
• 62f6400 Merge pull request [Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-matt/goof-platform#212 from aviadatsnyk/master
• 6f4dfeb fix: prevent extracting archived files outside of target path
• ef0abe6 add try-catch around fs.writeSync
• e116bc1 Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#208 from pmuens/patch-1
• 12d2099 Fix data accessing example in README
• 032566b Merge pull request [Snyk(Unlimited)] Upgrade typeorm from 0.2.30 to 0.2.31 snyk-matt/goof-platform#204 from BridgeAR/master

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 87f691e chore: release 5.4.10
• 09dd3cf docs(jest): improve docs about fake timers
• e778e0b chore: upgrade to mongodb driver 3.1.13
• 42aa401 refactor: be slightly more defensive about setting document arrays
• e5948b8 fix(document): copy atomics when setting document array to an existing document array
• a4e33dd test(document): repro [Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-matt/goof-platform#7472
• 704a5a4 docs: remove confusing references to executing a query immediately
• bc95a22 docs(guides+schematypes): link to custom schematypes docs
• ad71535 style: fix lint
• bc5d96a Merge branch 'gh6706'
• ab208b1 docs: hook up navbar search
• 3fc3e2b docs: add basic search page re: [Snyk] Security upgrade snyk from 1.439.1 to 1.685.0 snyk-matt/goof-platform#6706
• a7ccba7 chore: add domainwheel.com as a sponsor
• 91755fa Merge branch 'master' into gh6706
• 3150958 docs(api): dont display type if method or function
• bfb3a9a style: fix lint
• 899ccdd Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#7478 from chrischen/master
• ef2ab11 chore(Makefile): remove unused rule
• bb1e8b4 chore: now working on 5.4.10
• 6032685 Added dot sytnax support for alias queries.
• 316936f chore: release 5.4.9
• 1bfdafd Merge pull request [Snyk] Security upgrade node from 6-stretch to 17-slim snyk-matt/goof-platform#7474 from arniu/fix-doc
• f67e30c docs: add Marcus Hiles and monovm as sponsors
• f08a4bd docs(documents): improve explanation of documents and use more modern syntax

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[vberegov]

test

[vberegov]

test