[Snyk] Upgrade: cookie-parser, exceljs, express, express-validator, node-fetch, https-localhost, nodemailer, hypersign-auth-js-sdk, mongoose, url-parse, web3

[Vishwas1]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

cookie-parser
from 1.4.5 to 1.4.6 | 1 version ahead of your current version | 3 years ago
on 2021-11-16 exceljs
from 4.2.1 to 4.4.0 | 2 versions ahead of your current version | a year ago
on 2023-10-19 express
from 4.17.1 to 4.19.2 | 9 versions ahead of your current version | 5 months ago
on 2024-03-25 express-validator
from 6.12.0 to 6.15.0 | 8 versions ahead of your current version | 2 years ago
on 2023-02-16 node-fetch
from 2.6.1 to 2.7.0 | 13 versions ahead of your current version | a year ago
on 2023-08-23 https-localhost
from 4.6.5 to 4.7.1 | 2 versions ahead of your current version | 3 years ago
on 2022-02-16 nodemailer
from 6.6.2 to 6.9.14 | 28 versions ahead of your current version | 3 months ago
on 2024-06-19 hypersign-auth-js-sdk
from 2.0.4 to 2.0.8 | 4 versions ahead of your current version | 3 years ago
on 2021-10-10 mongoose
from 5.12.14 to 5.13.22 | 24 versions ahead of your current version | 8 months ago
on 2024-01-02 url-parse
from 1.5.1 to 1.5.10 | 9 versions ahead of your current version | 3 years ago
on 2022-02-22 web3
from 1.3.6 to 1.10.4 | 50 versions ahead of your current version | 7 months ago
on 2024-02-05

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	586	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	586	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579147	586	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	586	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	586	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	586	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	586	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	586	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	586	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	586	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	586	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	586	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	586	No Known Exploit
	Prototype Pollution SNYK-JS-MPATH-1577289	586	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	586	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	586	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	586	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	586	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	586	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	586	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	586	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	586	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	586	No Known Exploit

Release notes

Package name: cookie-parser

• 1.4.6 - 2021-11-16
  
  • deps: cookie@0.4.1
• 1.4.5 - 2020-03-15
  
  • deps: cookie@0.4.0

from cookie-parser GitHub release notes

Package name: exceljs

• 4.4.0 - 2023-10-19
  

  Dear ExcelJS Enthusiasts,

  Your commitment and insights have paved the way for this remarkable release. A deep thank you to every contributor and user! Let's keep the momentum going: join our thriving Discord community and be a part of shaping ExcelJS's next chapter.

  

  Dive in, experiment with the new features, and share your experiences. Your feedback drives us forward.

  Together, we innovate. 🚀

  Changelog Highlights:

  • fix: styles rendering in case when "numFmt" is present in conditional formatting rules (resolves #1814) by @ andreykrupskii in #1815
  • inlineStr cell type support #1575 by @ drdmitry in #1576
  • Fix parsing of boolean attributes by @ bno1 in #1849
  • add optional custom auto-filter to table by @ thambley in #1670
  • Deep copy inherited style by @ ikzhr in #1850
  • Upgrade actions/cache and actions/setup-node by @ cclauss in #1846
  • Check object keys in isEqual by @ bno1 in #1831
  • Add v17 to testing workflow by @ Siemienik in #1856
  • Upgrade jszip to its latest version to date. This version does not have any vulnerability found by Snyk so far by @ ValerioSevilla in #1895
  • Update README.md by @ xjrcode in #1677
  • (docs): set prototype of RegExp correctly. by @ joeldenning in #1700
  • Added timeouts to github actions by @ alexbjorlig in #1733
  • fix issue 1676 by @ skypesky in #1701
  • #2237 : Update CI Tests, Drop support for Node v8 by @ Siemienik in #2242
  • Fix types for getWorksheet() by @ hfhchan-plb in #2223
  • add characters cannot be used for worksheet name by @ tkm-kj in #2126
  • Fix issue #1753 Reject promise when workbook reader is writing to temporary file stream and error occurs by @ pauliusg in #1756
  • README.md to have correct link for Streaming XLSX by @ wulfsolter in #2186
  • Added a polyfill of promise.finally to support lower versions of Firefox. by @ DemoJj in #1982
  • Fix read this.worksheet before assign it by @ ZyqGitHub1 in #1934
  • chore: upgrade jszip to ^3.10.1 by @ jarrod-cocoon in #2211
  • fixed spelling error in README.md file by @ HugoP27 in #2208
  • fix: Fix xlsx.writeFile() not catching error when error occurs by @ zurmokeeper in #2244
  • Improve worksheets' naming validation logic. by @ Siemienik in #2257
  • fix issue 2125 - spliceRows remove last row by @ babu-ch in #2140
  • fix: fix the loss of column attributes due to incorrect column order by @ cpaiyueyue in #2222
  • Fix: Sheet Properties Types by @ albeniraouf in #2327
  • Use node 18 LTS for tsc, and benchmark. Add node 20. to test matrix. … by @ Siemienik in #2354
  • Add missing tooltip attribute to CellHyperlinkValue index.d.ts by @ NiklasPor in #2350
  • Increase resilience to generating large workbooks by @ hfhchan-plb in #2320
  • repair all 'c2fo.io' links ('c2fo.github.io') by @ justintunev7 in #2324
  • fix: fix type definitions about last column, formula values and protection by @ gltjk in #2309
  • fix: add spinCount field for WorksheetProtection type by @ damingerdai in #2284
  • Add type definition for WorksheetModel.merges by @ ytjmt in #2281
  • 1842: New xlsx option for ignoring certain nodes for improved performance by @ hofnarwillie in #2132
  • Update changelog: v4.4.0 preparations by @ Siemienik in #2555

  New Contributors

  • @ andreykrupskii made their first contribution in #1815
  • @ drdmitry made their first contribution in #1576
  • @ bno1 made their first contribution in #1849
  • @ ikzhr made their first contribution in #1850
  • @ cclauss made their first contribution in #1846
  • @ ValerioSevilla made their first contribution in #1895
  • @ xjrcode made their first contribution in #1677
  • @ joeldenning made their first contribution in #1700
  • @ hfhchan-plb made their first contribution in #2223
  • @ tkm-kj made their first contribution in #2126
  • @ pauliusg made their first contribution in #1756
  • @ DemoJj made their first contribution in #1982
  • @ ZyqGitHub1 made their first contribution in #1934
  • @ jarrod-cocoon made their first contribution in #2211
  • @ HugoP27 made their first contribution in #2208
  • @ zurmokeeper made their first contribution in #2244
  • @ babu-ch made their first contribution in #2140
  • @ cpaiyueyue made their first contribution in #2222
  • @ albeniraouf made their first contribution in #2327
  • @ NiklasPor made their first contribution in #2350
  • @ justintunev7 made their first contribution in #2324
  • @ gltjk made their first contribution in #2309
  • @ damingerdai made their first contribution in #2284
  • @ ytjmt made their first contribution in #2281
  • @ hofnarwillie made their first contribution in #2132

  Full Changelog: v4.3.0...v4.4.0

  #2351

• 4.3.0 - 2021-08-21
  

  4.3.0

• 4.2.1 - 2021-03-09
  

  4.2.1

from exceljs GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add Node.js@19.7 by @ abenhamdine in