[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • functions/package.json
  • functions/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GSAP-1054614	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Configuration Override SNYK-JS-HELMETCSP-469436	No	No Known Exploit
	663/1000 Why? Currently trending on Twitter, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	550/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-VUETIFY-474604	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 2 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)

See the full diff

Package name: body-parser

The new version differs by 145 commits.

• 424dadd 1.19.2
• 11248a2 deps: raw-body@2.4.3
• 7a088eb build: Node.js@14.19
• ecedf31 build: Node.js@16.14
• b6bfabd build: Node.js@17.5
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: Node.js@17.4
• 70560b1 build: mocha@9.2.0
• 548a06f build: supertest@6.2.2
• 3b00678 deps: bytes@3.1.2
• d5acb61 build: mocha@9.1.4
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: qs@6.9.7
• c631b58 build: supertest@6.2.1
• c81a8e2 build: eslint-plugin-import@2.25.4
• 3c4dcb8 build: Node.js@17.3
• d0a214b 1.19.1
• fb172d4 build: eslint-plugin-promise@5.2.0
• c5e63cb build: Node.js@17.2
• c6d43bd build: eslint-plugin-import@2.25.3
• 313ed6d build: eslint-plugin-promise@5.1.1
• 8389b51 deps: bytes@3.1.1
• aae94b2 deps: http-errors@1.8.1
• 7f84d4f deps: raw-body@2.4.2

See the full diff

Package name: express

The new version differs by 117 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: qs@6.9.7
• a007863 deps: body-parser@1.19.2
• e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use minimatch@3.0.4 for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: supertest@6.2.2
• 43cc56e build: clean up gitignore
• 1c7bbcc build: Node.js@14.19
• 9cbbc8a deps: cookie@0.4.2
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: helmet

The new version differs by 35 commits.

• 5d964d4 3.21.1
• 1e9b8ea Update changelog for 3.21.1 release
• 86f1f59 Update helmet-csp to 2.9.2
• 76ca5bd Update Standard devDependency to latest version
• 0dad3c2 3.21.0
• 33cfd10 Update changelog for 3.21.0 release
• 349117f Update helmet-csp to 2.9.1
• 03d4fa6 Update x-xss-protection from 1.2.0 to 1.3.0
• 3b9d0e8 Update devDependencies to latest versions
• 80fe85f Remove old HISTORY.md
• e3ea074 Use sinon's default sandbox feature
• 968fabd 3.20.1
• d588453 Update changelog for 3.20.1 release
• a5a9679 Update Sinon and Standard to latest versions
• 844739c Update helmet-csp to v2.9.0
• b2a3700 3.20.0
• 87d7323 Update changelog for 3.20.0 release
• a711731 Update Mocha and Standard to latest versions
• 6aab72d Update helmet-csp to 2.8.0
• ac46aaf Minor: in changelog, change "updated" header in under 3.19.0
• 17707ae 3.19.0
• ca34982 Update changelog for 3.19.0 release
• 06d5bde Update all remaining outdated dependencies
• 91e071c Update helmet-crossdomain from 0.3.0 to 0.4.0

See the full diff

Package name: vuetify

The new version differs by 50 commits.

• 5b1cff5 chore(release): publish v1.5.20
• 7ae69a5 chore: modify release scripts to target stable tag
• 9fd5e0a fix(VMesssages): apply escapeHTML to provided values
• 79e50a9 chore: fix deployment script
• 9dd3785 chore(release): publish v1.5.19
• 996d148 chore(deploy.sh): update tag with lerna publish
• a7df4cc fix(elevatable): fix elevation 0 not being accepted (#9173)
• 80a2bdb docs(HomeFooter): fix overlapped display
• 4f14ba7 chore(release): publish v1.5.18
• a2fccb4 fix(DataIterable): do not update selection if totalItems is set (#7396)
• a03714b chore(release): publish v1.5.17
• c40919b Merge branch 'stable' of github.com:vuetifyjs/vuetify into stable
• e99cfb4 chore(lerna.json): allow publishing from stable branch
• 1af26df Merge branch 'stable' of github.com:vuetifyjs/vuetify into stable
• cf8cbb2 fix(VMenu): ignore click outside if component is being destroyed (#8471)
• 3f96592 fix(goTo): get clientHeight from <html> when target is <body>
• d9b6867 chore: restrict vuetify and other libs version to current major (#8002)
• 43d83bb chore: restrict vuetify version in cdn to 1.5
• 7cdb481 docs: update branch for 1.5 docs
• 3bf0fa0 docs: remove irrelevant information, update some links, setup ci
• 13d4c25 docs(notify): remove core snackbar
• 28c808c revert: fix(VDialog): focus the first child when tab leaves the dialog
• 7a65960 docs: remove irrelevant information, update some links, setup ci
• 4ae06b1 docs(Validatable): fix a typo (#7851)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Use of a Broken or Risky Cryptographic Algorithm 🦉 More lessons are available in Snyk Learn