[Snyk] Upgrade: , ajv, archiver, dayjs, dockerode, dotenv, express, express-rate-limit, express-validator, file-type, helmet, http-status, joi, mongoose, papaparse, passport, passport-jwt, redis, swagger-ui-express, winston

[FlorentinTh]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@babel/runtime
from 7.18.6 to 7.25.0 | 40 versions ahead of your current version | 2 months ago
on 2024-07-26 ajv
from 8.11.0 to 8.17.1 | 8 versions ahead of your current version | 2 months ago
on 2024-07-12 archiver
from 5.3.1 to 5.3.2 | 1 version ahead of your current version | a year ago
on 2023-08-17 dayjs
from 1.11.3 to 1.11.13 | 10 versions ahead of your current version | 22 days ago
on 2024-08-20 dockerode
from 3.3.2 to 3.3.5 | 3 versions ahead of your current version | a year ago
on 2023-03-12 dotenv
from 16.0.1 to 16.4.5 | 19 versions ahead of your current version | 7 months ago
on 2024-02-20 express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25 express-rate-limit
from 6.4.0 to 6.11.2 | 13 versions ahead of your current version | a year ago
on 2023-09-12 express-validator
from 6.14.2 to 6.15.0 | 2 versions ahead of your current version | 2 years ago
on 2023-02-16 file-type
from 16.5.3 to 16.5.4 | 1 version ahead of your current version | 2 years ago
on 2022-07-21 helmet
from 5.1.0 to 5.1.1 | 1 version ahead of your current version | 2 years ago
on 2022-07-23 http-status
from 1.5.2 to 1.7.4 | 9 versions ahead of your current version | 7 months ago
on 2024-02-23 joi
from 17.6.0 to 17.13.3 | 27 versions ahead of your current version | 3 months ago
on 2024-06-19 mongoose
from 6.4.1 to 6.13.0 | 59 versions ahead of your current version | 3 months ago
on 2024-06-06 papaparse
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | a year ago
on 2023-03-23 passport
from 0.6.0 to 0.7.0 | 1 version ahead of your current version | 9 months ago
on 2023-11-27 passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24 redis
from 4.1.0 to 4.7.0 | 24 versions ahead of your current version | a month ago
on 2024-07-29 swagger-ui-express
from 4.4.0 to 4.6.3 | 5 versions ahead of your current version | a year ago
on 2023-05-05 winston
from 3.8.0 to 3.14.2 | 12 versions ahead of your current version | a month ago
on 2024-08-14

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	519	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	519	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	519	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	519	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	519	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	519	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	519	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	519	No Known Exploit

Release notes

Package name: @babel/runtime

• 7.25.0 - 2024-07-26
  

  v7.25.0 (2024-07-26)

  Thanks @ davidtaylorhq and @ slatereax for your first PR!

  You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

  👓 Spec Compliance

  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
    • #16537 await using normative updates (@ JLHwung)
  • babel-plugin-transform-typescript
    • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@ liuxingbaoyu)

  🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
    • #16658 Move ensureFunctionName to NodePath.prototype (@ nicolo-ribaudo)
  • babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
    • #16644 Move hoistVariables to Scope.prototype (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
    • #16645 Move splitExportDeclaration to NodePath.prototype (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
    • #16649 Move environment-visitor helper into @ babel/traverse (@ nicolo-ribaudo)
  • babel-core, babel-parser
    • #16480 Expose wether a module has TLA or not as .extra.async (@ nicolo-ribaudo)
  • babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
    • #16569 Introduce bugfix-safari-class-field-initializer-scope (@ davidtaylorhq)
  • babel-plugin-transform-block-scoping, babel-traverse, babel-types
    • #16551 Add NodePath#getAssignmentIdentifiers (@ JLHwung)
  • babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
    • #16579 Add uncheckedRequire option for JSON imports to CJS (@ nicolo-ribaudo)
  • babel-helper-transform-fixture-test-runner, babel-node
    • #16642 Allow using custom config in babel-node --eval (@ slatereax)
  • babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
    • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@ JLHwung)

  🐛 Bug Fix

  • babel-generator
    • #16678 Print parens around as expressions on the LHS (@ nicolo-ribaudo)
  • babel-template, babel-types
    • #15286 fix: Props are lost when the template replaces the node (@ liuxingbaoyu)

  🏠 Internal

  • Other
    • #16674 bump gulp to 5 (@ JLHwung)
  • babel-generator
    • #16651 Simplify the printing logic for ( before ambiguous tokens (@ nicolo-ribaudo)
  • babel-helper-function-name, babel-plugin-transform-arrow-functions, babel-plugin-transform-function-name, babel-preset-env, babel-traverse
    • #16652 Simplify helper-function-name logic (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-parser, babel-plugin-proposal-pipeline-operator
    • #16461 Some minor parser performance improvements for ts (@ liuxingbaoyu)

  🔬 Output optimization

  • babel-plugin-transform-classes
    • #16670 Reduce redundant assertThisInitialized (@ liuxingbaoyu)
  • babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-object-super, babel-plugin-transform-private-methods, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16374 Improve super.x output (@ liuxingbaoyu)
  • babel-plugin-transform-class-properties, babel-plugin-transform-classes
    • #16656 Simplify output for anonymous classes with no methods (@ nicolo-ribaudo)

  Committers: 6

  • Artem (@ slatereax)
  • Babel Bot (@ babel-bot)
  • David Taylor (@ davidtaylorhq)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.24.8 - 2024-07-11
  

  v7.24.8 (2024-07-11)

  Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!

  👓 Spec Compliance

  • babel-parser
    • #16567 Do not use strict mode in TS declare (@ liuxingbaoyu)

  🐛 Bug Fix

  • babel-generator
    • #16630 Correctly print parens around in in for heads (@ nicolo-ribaudo)
    • #16626 Fix printing of comments in await using (@ nicolo-ribaudo)
    • #16591 fix typescript code generation for yield expression inside type expre… (@ SreeXD)
  • babel-parser
    • #16613 Disallow destructuring assignment in using declarations (@ H0onnn)
    • #16490 fix: do not add .value: undefined to regexp literals (@ liuxingbaoyu)
  • babel-types
    • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@ nicolo-ribaudo)
  • babel-plugin-transform-typescript
    • #16566 fix: Correctly handle export import x = (@ liuxingbaoyu)

  💅 Polish

  • babel-generator
    • #16625 Avoid unnecessary parens around async in for await (@ nicolo-ribaudo)
  • babel-traverse
    • #16619 Avoid checking Scope.globals multiple times (@ liuxingbaoyu)

  Committers: 9

  • Amjad Yahia Robeen Hassan (@ amjed-98)
  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Jon Kuperman (@ jkup)
  • Nagendran N (@ SreeXD)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sukka (@ SukkaW)
  • @ H0onnn
  • @ liuxingbaoyu
• 7.24.7 - 2024-06-05
  

  v7.24.7 (2024-06-05)

  🐛 Bug Fix

  • babel-node
    • #16554 Allow extra flags in babel-node (@ nicolo-ribaudo)
  • babel-traverse
    • #16522 fix: incorrect constantViolations with destructuring (@ liuxingbaoyu)
  • babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
    • #16524 fix: Transform using in switch correctly (@ liuxingbaoyu)

  🏠 Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16525 Delete unused array helpers (@ blakewilson)

  Committers: 7

  • Amjad Yahia Robeen Hassan (@ amjed-98)
  • Babel Bot (@ babel-bot)
  • Blake Wilson (@ blakewilson)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sukka (@ SukkaW)
  • @ liuxingbaoyu
• 7.24.6 - 2024-05-24
  

  v7.24.6 (2024-05-24)

  Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!

  🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
    • #16514 Fix source maps for private member expressions (@ nicolo-ribaudo)
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
    • #16515 Fix source maps for template literals (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #16485 Support undecorated static accessor in anonymous classes (@ JLHwung)
    • #16484 Fix decorator bare yield await (@ JLHwung)
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@ JLHwung)
  • babel-parser, babel-plugin-transform-typescript
    • #16476 fix: Correctly parse cls.fn<C> = x (@ liuxingbaoyu)

  🏠 Internal

  • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16501 Generate helper metadata at build time (@ nicolo-ribaudo)
  • babel-helpers
    • #16499 Add tsconfig.json for @ babel/helpers/src/helpers (@ nicolo-ribaudo)
  • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16495 Move all runtime helpers to individual files (@ nicolo-ribaudo)
  • babel-parser, babel-traverse
    • #16482 Statically generate boilerplate for bitfield accessors (@ nicolo-ribaudo)
  • Other
    • #16466 Migrate import assertions syntax (@ JLHwung)

  Committers: 9

  • Amjad Yahia Robeen Hassan (@ amjed-98)
  • Babel Bot (@ babel-bot)
  • Blake Wilson (@ blakewilson)
  • Huáng Jùnliàng (@ JLHwung)
  • Lucas Coelho (@ coelhucas)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sukka (@ SukkaW)
  • Zzzen (@ Zzzen)
  • @ liuxingbaoyu
• 7.24.5 - 2024-04-29
  

  v7.24.5 (2024-04-29)

  Thanks @ romgrk and @ sossost for your first PRs!

  🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
    • #16377 fix: TypeScript annotation affects output (@ liuxingbaoyu)
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
    • #16440 Fix suppressed error order (@ sossost)
    • #16408 Await nullish async disposable (@ JLHwung)

  💅 Polish

  • babel-parser
    • #16407 Recover from exported using declaration (@ JLHwung)

  🏠 Internal

  • Other
    • #16414 Relax ESLint peerDependency constraint to allow v9 (@ liuxingbaoyu)
  • babel-parser
    • #16425 Improve @ babel/parser AST types (@ nicolo-ribaudo)
    • #16417 Always pass type argument to .startNode (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
    • #16439 Make NodePath<T | U> distributive (@ nicolo-ribaudo)
  • babel-plugin-proposal-partial-application, babel-types
    • #16421 Remove JSXNamespacedName from valid CallExpression args (@ nicolo-ribaudo)
  • babel-plugin-transform-class-properties, babel-preset-env
    • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
    • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@ romgrk)

  Committers: 6

  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Rom Grk (@ romgrk)
  • @ liuxingbaoyu
  • ynnsuis (@ sossost)
• 7.24.4 - 2024-04-03
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.8 - 2024-01-08
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.4 - 2023-11-20
• 7.23.2 - 2023-10-11
• 7.23.1 - 2023-09-25
• 7.23.0 - 2023-09-25
• 7.22.15 - 2023-09-04
• 7.22.11 - 2023-08-24
• 7.22.10 - 2023-08-07
• 7.22.6 - 2023-07-04
• 7.22.5 - 2023-06-08
• 7.22.3 - 2023-05-27
• 7.22.0 - 2023-05-26
• 7.21.5 - 2023-04-28
• 7.21.4-esm.4 - 2023-04-04
• 7.21.4-esm.3 - 2023-04-04
• 7.21.4-esm.2 - 2023-04-04
• 7.21.4-esm.1 - 2023-04-04
• 7.21.4-esm - 2023-04-04
• 7.21.0 - 2023-02-20
• 7.20.13 - 2023-01-21
• 7.20.7 - 2022-12-22
• 7.20.6 - 2022-11-28
• 7.20.5 - 2022-11-28
• 7.20.1 - 2022-11-01
• 7.20.0 - 2022-10-27
• 7.19.4 - 2022-10-10
• 7.19.0 - 2022-09-05
• 7.18.9 - 2022-07-18
• 7.18.6 - 2022-06-27

from @babel/runtime GitHub release notes

Package name: ajv

• 8.17.1 - 2024-07-12
  

  What's Changed

  • bump version to 8.17.1 by @ jasoniangreen in #2472

  Full Changelog: v8.17.0...v8.17.1

  Plus everything in 8.17.0 which failed to release

  The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

  Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
  fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
  docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
  docs: refactor to improve legibility by @ blottn in #2432
  Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
  docs: Fix broken strict-mode link by @ alexanderjsx in #2459
  feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
  fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
  fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457

• 8.16.0 - 2024-06-04
  

  What's Changed

  • Revert fast-uri change by @ jasoniangreen in #2444

  Full Changelog: v8.15.0...v8.16.0

• 8.15.0 - 2024-06-03
  

  What's Changed

  • Replace uri-js with fast-uri by @ vixalien in #2415
  • Bump to 8.15.0 by @ jasoniangreen in #2442

  New Contributors

  • @ vixalien made their first contribution in #2415

  Full Changelog: v8.14.0...v8.15.0

• 8.14.0 - 2024-05-25
  

  What's Changed

  • readme: build badge by @ epoberezkin in #2424
  • Update workflows by @ rotu in #2410
  • docs: add warning to maxLength / minLength by @ jasoniangreen in #2428
  • fix: broken link in docs warning by @ jasoniangreen in #2431
  • compileAsync a schema with discriminator and $ref, fixes #2427 by @ jasoniangreen in #2433
  • bump version to 8.14.0 for publishing by @ jasoniangreen in #2440

  New Contributors

  • @ rotu made their first contribution in #2410

  Full Changelog: v8.13.0...v8.14.0

• 8.13.0 - 2024-04-29
  
  • add named exports
  • update dependencies
  • update node.js
• 8.12.0 - 2023-01-03
  
  • fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @ piliugin-anton)
  • empty JTD "values" schema (#2191)
  • empty object to work with JTD utility type (#2158, @ erikbrinkman)
  • fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
  • correctly narrow "number" type to "integer" (#2192, @ JacobLey)
  • update Node.js versions in CI to 14, 16, 18 and 19
• 8.11.2 - 2022-11-13
  

  Update dependencies

  Export ValidationError and MissingRefError (#1840, @ dannyb648)

• 8.11.1 - 2022-11-13
  

  Update dependencies

  Export ValidationError and MissingRefError (#1840, @ dannyb648)

• 8.11.0 - 2022-03-22
  

  Use root schemaEnv when resolving references in oneOf (#1901, @ asprouse)

  Only use equal function in generated code when it is used (#1922, @ bhvngt)

from ajv GitHub release notes

Package name: archiver

• 5.3.2 - 2023-08-17
  

  What’s changed

  • test: run tests against node 18 @ yharaskrik (#637)

  Dependency updates

  • Bump release-drafter/release-drafter from 5.19.0 to 5.23.0 @ dependabot (#652)
  • Bump actions/setup-node from 3.1.1 to 3.6.0 @ dependabot (#638)
  • Bump chai from 4.3.6 to 4.3.7 @ dependabot (#627)
  • Bump mkdirp from 1.0.4 to 2.1.5 @ dependabot (#657)
  • Bump rimraf from 3.0.2 to 4.3.1