[Snyk] Fix for 5 vulnerabilities

[NivLipetz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **676/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.1 | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | Yes | Proof of Concept  | **761/1000**
**Why?** Mature exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | No | Mature  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: artillery

The new version differs by 250 commits.

• f449d5d ci: release v2.0.1 of Artillery
• 498fd09 chore: update package-lock.json
• add1543 dep(artillery): update dependency-tree to v10
• c163dc0 feat(fargate): update worker image version
• b67bebb chore(telemetry): add fake-data plugin to official plugins (#2323)
• 486ce72 docs: update README
• 5d82798 ci: release v1.0.1 of artillery-plugin-fake-data
• 68bb52a fix(fake-data): use correct key to look up config
• cad8289 chore: update package-lock.json
• 2def81d ci: publish canary releases of artillery-plugin-fake-data
• 471bd16 feat(artillery): include artillery-plugin-fake-data
• 2064ae3 ci: release v1.0.0 artillery-plugin-fake-data (#2320)
• ed9565a feat(plugins): add official plugin for test data generation (#2318)
• ecfb4ff ci: release v1.1.0 of artillery-engine-playwright
• d6a468b ci: release v1.3.0 of artillery-plugin-ensure
• a8bfa8e ci: release v2.9.0 of artillery-plugin-publish-metrics
• 18186a1 Merge pull request #2319 from artilleryio/improvements-to-otel-reporter
• c117677 ci: release v2.3.3 of artillery-plugin-expect
• 8d8e549 refactor: set tracer only once per test
• 93d3c90 refactor: remove duplicated attribute setting
• 572880f ci: release v2.2.2 of @ artilleryio/int-core
• 12670e3 ci: release v2.0.4 of @ artilleryio/int-commons
• 642759d ci: set tag to latest explicitly when publishing to npm
• 9277f14 ci: set latest tag explicitly for @ artilleryio/int-core

See the full diff

Package name: express-fileupload

The new version differs by 67 commits.

• 4f81fc8 1.4.0
• 78a66c1 Merge pull request #315 from duterte/master
• 310a382 Merge branch 'richardgirges:master' into master
• f57198b fix linting error
• ce713c2 add workflow job filters
• e47cc7d trigger ci
• 74a0830 Refactor: upgrade to busboy 1.6.0
• d1d6c66 Refactor busboy is no longer a constructor, its a function
• 30d8535 Merge pull request #310 from richardgirges/dependabot/npm_and_yarn/minimist-1.2.6
• e6948f9 Bump minimist from 1.2.5 to 1.2.6
• c9c7d83 Create SECURITY.md
• f9237aa help wanted readme update
• 651421b help wanted readme update
• 290f3cc 1.3.1
• ab3d252 node 12+ support
• 4afa5a1 1.3.0
• fe0ce3f circleci status badge
• 26f4a92 comment out console logs
• edd91ce Merge pull request #301 from zwade/master
• 47bc50c Merge remote-tracking branch 'origin/master'
• 3ba7d94 Merge pull request #302 from zwade/zw-fix-tests
• ddf5530 support node 12+. fix security vulnerabilities re: npm audit
• 3cfbc7f Have promiseCallback make callbacks and promises behave the same
• 5e83249 Refactor prototype pollution check to be more comprehensive

See the full diff

Package name: tedious

The new version differs by 250 commits.

• 6b8bd41 Merge pull request #1335 from tediousjs/feature/remove-azure-ms-rest-nodeauth-1238
• ed81a16 chore(lock): update lock to remove azure auth deps
• 406ad78 chore: remove adal-node dependency
• 46f330f chore: remove @ azure/ms-rest-nodeauth dependency
• 8eca444 feat: convert @ azure/ms-rest-nodeauth to identity
• 62fd077 Merge pull request #1334 from tediousjs/arthur/specify-azure-tenant-ci
• b49464e ci: specify azure tenant id
• 7b4be33 Merge pull request #1333 from tediousjs/arthur/deprecate-azure-options
• 596e575 feat: deprecate azure authentication options that will be removed
• 78728b8 Merge pull request #1332 from tediousjs/arthur/fix-benchmarks
• e4242ad chore: fix `RPCRequest` benchmarks
• b100407 Merge pull request #1329 from tediousjs/arthur/update-dependencies
• acf9966 chore: update all `commitlint` packages
• 6aadb41 chore: update to `@ azure/identity@1.5.2`
• ff0d009 chore: update to `@ azure/keyvault-keys@4.3.0`
• 401b3a6 chore: update to `@ typescript-eslint/parser@4.30.0` and `@ typescript-eslint/eslint-plugin@4.30.0`
• dce6a18 chore: update to `eslint@7.32.0`
• 7ae2457 chore: update to `@ types/chai@4.2.21`
• 180e102 chore: update to `node-abort-controller@3.0.0`
• 6dc3615 chore: update to `sinon@11.1.2`
• 7cc368e chore: update to `semantic-release@17.4.7`
• bb1f9d4 chore: upgrade to `@ types/mocha@9.0.0`
• e1be7ef chore: upgrade to `mocha@9.1.1`
• 96fc3a5 chore: upgrade to `typedoc@0.21.9`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"af6ede6b-c695-4263-a61e-0f0d0ae7901c","prPublicId":"af6ede6b-c695-4263-a61e-0f0d0ae7901c","dependencies":[{"name":"artillery","from":"1.7.9","to":"2.0.1"},{"name":"express-fileupload","from":"1.1.10","to":"1.4.0"},{"name":"tedious","from":"9.2.2","to":"13.0.0"}],"packageManager":"npm","projectPublicId":"a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293","projectUrl":"https://app.snyk.io/org/nivlipetz/project/a48a4b5e-7e8f-4e90-bf88-baa2f1cfb293?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-6032459","SNYK-JS-DICER-2311764","SNYK-JS-GOT-2932019","SNYK-JS-TOUGHCOOKIE-5672873"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-6032459","SNYK-JS-DICER-2311764","SNYK-JS-GOT-2932019","SNYK-JS-TOUGHCOOKIE-5672873"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,676,761,484,646],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Cross-site Request Forgery (CSRF)](https://learn.snyk.io/lesson/csrf-attack/?loc=fix-pr) 🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)