[Snyk] Fix for 22 vulnerabilities

[wmurphysnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 942, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	94/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00067, Social Trends: No, Days since published: 170, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 4.54, Likelihood: 2.06, Score Version: V5	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00188, Social Trends: No, Days since published: 500, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00049, Social Trends: No, Days since published: 307, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-DOTTIE-3332763	No	Proof of Concept
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00242, Social Trends: No, Days since published: 1189, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00079, Social Trends: No, Days since published: 507, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	No	No Known Exploit
	98/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 16, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 2.15, Score Version: V5	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	193/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00197, Social Trends: No, Days since published: 1380, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 8.63, Likelihood: 2.23, Score Version: V5	Authorization Bypass SNYK-JS-EXPRESSJWT-575022	Yes	No Known Exploit
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 133, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	118/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00065, Social Trends: No, Days since published: 476, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.5, Score Version: V5	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	80/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00079, Social Trends: No, Days since published: 476, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 1.89, Score Version: V5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	130/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00062, Social Trends: No, Days since published: 476, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 8.63, Likelihood: 1.5, Score Version: V5	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0015, Social Trends: No, Days since published: 541, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 752, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	160/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00877, Social Trends: No, Days since published: 494, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.66, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 296, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	178/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 629, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.26, Score Version: V5	SQL Injection SNYK-JS-SEQUELIZE-2959225	No	No Known Exploit
	158/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00152, Social Trends: No, Days since published: 419, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.22, Likelihood: 2.53, Score Version: V5	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	No	No Known Exploit
	60/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 419, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.52, Score Version: V5	Information Exposure SNYK-JS-SEQUELIZE-3324089	No	No Known Exploit
	130/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 419, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.3, Score Version: V5	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	No	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 788, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2389, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 16 commits.

• 424dadd 1.19.2
• 11248a2 deps: [email protected]
• 7a088eb build: [email protected]
• ecedf31 build: [email protected]
• b6bfabd build: [email protected]
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: [email protected]
• 70560b1 build: [email protected]
• 548a06f build: [email protected]
• 3b00678 deps: [email protected]
• d5acb61 build: [email protected]
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: [email protected]
• c631b58 build: [email protected]
• c81a8e2 build: [email protected]
• 3c4dcb8 build: [email protected]

See the full diff

Package name: check-dependencies

The new version differs by 61 commits.

• 03c8847 Tag 2.0.0
• 65d9ef5 Set Node.js requirement in package.json engines to >=18.3
• 4917ab0 Simplify the spawn logic
• fc04cc8 Drop support for the callback interface
• 28257dd Tweak ESLint settings
• dc16e8a Drop the bluebird devDependency
• 412337a Drop fs-extra & graceful-fs devDependencies
• 091279a Drop the findup-sync dependency
• 10ac9c5 Drop lodash.camelcase & minimist dependencies
• 35dce52 Update dependencies
• 2929ba7 Update tested Node.js versions
• 1f514eb Don't invoke `npm prune`, `npm install` is already enough
• 65107d2 Drop support for Bower & the `checkCustomPackageNames` option
• f28ba1b Avoid `git://` URLs, they're no longer supported
• 8fdc6ad Limit allowed `packageManager` values
• 9809f13 Bump word-wrap from 1.2.3 to 1.2.4 ([Snyk] Security upgrade @angular-devkit/build-angular from 0.1000.8 to 15.0.0 #58)
• e522471 Bump semver from 7.3.8 to 7.5.2 ([Snyk] Fix for 50 vulnerabilities #57)
• 031416d Bump yaml from 2.2.1 to 2.2.2 ([Snyk] Security upgrade express-jwt from 3.0.0 to 5.3.0 #56)
• dff3ab9 Build: Fix running tests on Windows
• 062005f Build: Update the GitHub Actions config
• ecf138f Build: Update dependencies
• 15c13b3 Build: Remove AppVeyor
• 89b9df0 Build: Update .gitattributes to files always use LF line endings
• db8c172 Build: Tweak GitHub Actions workflow code style

See the full diff

Package name: dottie

The new version differs by 6 commits.

• e0c8bae 2.0.4
• 7d3aee1 rudimentary __proto__ guarding
• b48e227 add github action to run tests
• 001ca40 2.0.3
• dbf26a6 Setting a null value should convert it to object ([Snyk] Security upgrade @angular-devkit/build-angular from 0.1000.8 to 0.1102.11 #37)
• b581120 added power support arch ppc64le on yml file. ([Snyk] Security upgrade sequelize from 5.22.5 to 6.29.0 #35)

See the full diff

Package name: express

The new version differs by 166 commits.

• b28db2c 4.19.2
• 0b74695 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• 4ee853e docs: loosen TC activity rules
• 414854b docs: nominating @ wesleytodd to be project captian
• 06c6b88 docs: update release date
• 1b51eda 4.18.3
• b625132 build: pin Node 21.x to minor
• e3eca80 build: pin Node 21.x to minor
• 23b44b3 build: support Node.js 21.6.2
• b9fea12 build: support Node.js 21.x in appveyor
• c259c34 build: support Node.js 21.x
• fdeb1d3 build: support Node.js 20.x in appveyor
• 734b281 build: support Node.js 20.x
• 0e3ab6e examples: improve view count in cookie-sessions
• 59af63a build: [email protected]
• e720c5a docs: add documentation for benchmarks

See the full diff

Package name: express-jwt

The new version differs by 186 commits.

• c69a0e4 update changelog
• 2157954 8.0.0
• d8ffa02 upgrade jsonwebtoken to v9
• c555b48 Merge pull request [Snyk] Upgrade core-js from 3.22.8 to 3.39.0 #306 from auth0/SRE-57-Upload-opslevel-yaml
• 172d07c 7.7.7
• f79b001 7.7.6
• 076b3dc remove types for express-unless and update it. closes [Snyk] Upgrade zone.js from 0.10.3 to 0.15.0 #307
• 0c87c3a Upload OpsLevel YAML
• f0e41d6 Fix misspelled word in readme
• 45ba2e0 7.7.5
• 139aa05 update express-unless
• 2f99e2d 7.7.4
• 2242f01 update express-unless
• eb50853 update changelog
• c30feb4 7.7.3
• c583fdd Merge branch 'ItzRabbs-master'
• 9ccf0cf Remove esModuleInterop and fix assert import in tests
• e1fe1d2 Fix tsc build error for express-unless
• 7c1fb33 7.7.2
• 6c87fe4 fix instaceof comparison for UnauthorizedError. closes [Snyk] Upgrade zone.js from 0.10.3 to 0.15.0 #292
• b1344fa update changelog
• c5f00ea 7.7.1
• 7a02ca7 fix readme and package-lock
• f3f5af5 build(deps): required runtime types

See the full diff

Package name: glob

The new version differs by 116 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: grunt

The new version differs by 15 commits.

• 8372e11 1.6.1
• 72f6f03 Changelog updates
• 8d4c183 Merge pull request Facing DatabaseError [SequelizeDatabaseError]: SQLITE_ERROR: no such table: Wallets , while doing npm start after npm install. Also tried changing access rights but got similar error.[🐛]  juice-shop/juice-shop#1755 from gruntjs/rm-dep
• 1c7d483 Add recursive
• 2d4fd38 Merge pull request New Crowdin updates juice-shop/juice-shop#1756 from gruntjs/downgrade-glob
• 902db7c Downgrade glob
• 494f243 Fix syntax
• b01389e remove mkdirp
• 0072510 remove dep on rimraf and mkdirp
• 0afeb5c 1.6.0
• 2805dc3 Merge pull request [🐛] Version 13.1.0 does not work on ARM-based systems (rPi, Mac M1, ...) juice-shop/juice-shop#1750 from gruntjs/dep-update-jan28
• 3f1e423 README updates
• 8fd096d Bump to 16
• 42c5f95 Update more deps
• 1d88050 Bump eslint and node version

See the full diff

Package name: grunt-contrib-compress

The new version differs by 5 commits.

• bd9fc8e v2.0.0
• b8565a9 Update Archiver ([Snyk] Upgrade core-js from 3.22.8 to 3.39.0 #232)
• f6815bf Update deps and remove nodeunit loading ([Snyk] Upgrade @nguniversal/express-engine from 10.0.1 to 10.1.0 #231)
• b70c1d9 Update tests and dependencies ([Snyk] Upgrade rxjs from 6.6.2 to 6.6.7 #230)
• 5759edd Bump ini from 1.3.5 to 1.3.7 ([Snyk] Upgrade zone.js from 0.10.3 to 0.15.0 #228)

See the full diff

Package name: jsonwebtoken

The new version differs by 250 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (Update sequelize to the latest version 🚀 juice-shop/juice-shop#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (Duplicate solves of the Error Handling Challenge juice-shop/juice-shop#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (Update helmet to the latest version 🚀 juice-shop/juice-shop#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (Added text2png for Strong Captcha juice-shop/juice-shop#851)
• 7e6a86b Upload OpsLevel YAML (Update otplib to the latest version 🚀 juice-shop/juice-shop#849)
• 74d5719 docs: update references vercel/ms references (Pastebin-related challenges juice-shop/juice-shop#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (New Crowdin translations juice-shop/juice-shop#754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (Update multer to the latest version 🚀 juice-shop/juice-shop#704)
• 88cb9df Replace tilde-indexOf with includes (Amend typo juice-shop/juice-shop#647)
• a6235fa Adds not to README on decoded payload validation (New Crowdin translations juice-shop/juice-shop#646)
• 5ed1f06 docs: fix tiny style change in readme (Added tests for Services and changed browser for tests. juice-shop/juice-shop#622)
• 9fb90ca style: add missing semicolon (Un-Solve challenges juice-shop/juice-shop#641)
• a9e38b8 ci: use circleci (Prepared Administration Component and replaced star rating. juice-shop/juice-shop#589)
• 7f1f8b4 8.5.1
• e5874ae fix: ensure correct PS signing and verification (Update nyc to the latest version 🚀 juice-shop/juice-shop#585)
• 84e03ef README: fix markdown for algorithms table
• 1c0de55 8.5.0
• eefb9d9 feat: add PS JWA support for applicable node versions (Fixes for code consistency in tracking order juice-shop/juice-shop#573)
• 8737789 Add complete option in jwt.verify (New Crowdin translations juice-shop/juice-shop#522)
• 7b60c12 Force use_strict during testing (Nosql challenge Tier 3 juice-shop/juice-shop#577)

See the full diff

Package name: node-pre-gyp

The new version differs by 14 commits.

• de39503 bump to v0.17.0
• 39eb005 update deps
• dda7bdb skip less
• 834bbe0 latest releases
• 9611242 alt solution to Score Board: Unlocking challenges juice-shop/juice-shop#432 in order to fix windows/appveyor builds
• 3d3b4ee remove broken or partially broken badges
• 99b6f50 attempt to fix webkit tests per https://benlimmer.com/2019/01/14/travis-ci-xvfb/
• 6ff06c8 travis-ci.com link
• 27e150d latest node versions
• a78e473 remove tests related to python that shift depending on the node-gyp version
• ac2a149 Merge pull request Add reflected XSS challenge juice-shop/juice-shop#521 from murgatroid99/version_0.16_update
• 8e7c199 Merge pull request added azure steps juice-shop/juice-shop#520 from murgatroid99/abi_crosswalk_update_15
• 00c594c Bump to 0.16.0 and update changelog
• e8e0908 Update ABI crosswalk with new Node versions including 15.x

See the full diff

Package name: semver

The new version differs by 82 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (Update sinon-chai to the latest version 🚀 juice-shop/juice-shop#566)
• 5c8efbc fix: preserve build in raw after inc (Creates basic views and services in Angular. juice-shop/juice-shop#565)
• 717534e fix: better handling of whitespace (Trainer Guide juice-shop/juice-shop#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (Update nyc to the latest version 🚀 juice-shop/juice-shop#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Create myConfig.yml juice-shop/juice-shop#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (UI-Error. juice-shop/juice-shop#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (Packaged release unpacks in current directory juice-shop/juice-shop#552)
• 503a4e5 feat: allow identifierBase to be false (New Crowdin translations juice-shop/juice-shop#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (Address #545 bad cipher text premium paywall juice-shop/juice-shop#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (CTF deployment help. juice-shop/juice-shop#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Ciphertext for premium paywall challenge is corrupted juice-shop/juice-shop#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (Editing Admin's reviews is not listed as a challenge juice-shop/juice-shop#538)
• aa516b5 fix: faster parse options (rest/user/whoami requests working with expired jwt juice-shop/juice-shop#535)
• 61e6ea1 fix: faster cache key factory for range (Add Order Dashboard tracking utility juice-shop/juice-shop#536)
• f8b8b61 fix: optimistic parse (New Crowdin translations juice-shop/juice-shop#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (Add SAML authentication and challenge juice-shop/juice-shop#533)
• 3f222b1 fix: reuse comparators on subset (New Crowdin translations juice-shop/juice-shop#537)
• 113f513 feat: identifierBase parameter for .inc (Learn about the TokenSale challenge bypassed? juice-shop/juice-shop#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: sequelize

The new version differs by 42 commits.

• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
• 53bd9b7 meta: fix null test getWhereConditions (#15705)
• 13f2e89 fix: accept undefined in where (#15703)
• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)
• fd4afa6 feat(types): use retry-as-promised types for retry options to match documentation (#15484)
• 1247c01 feat: add support for bigints (backport of #14485) (#15413)
• 94beace feat(postgres): add support for lock_timeout [#15345] (#15355)
• 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
• bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
• a205765 fix(postgres): invalidate connection after client-side timeout (#15283)
• 67e69cd fix: remove options.model overwrite on bulkUpdate (#15252)
• 00c6da3 fix(types): add instance.dataValues property to model.d.ts (#15240)
• bf98d7c meta: swap Slack links (#15159)
• 7990095 fix: don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix (#15139)
• 851daaf fix(types): fix TS 4.9 excessive depth error on `InferAttributes` (v6) (#15135)
• 9dd93b8 fix(types): expose legacy "types" folder in export alias ( #15123)
• 06ad05d feat(oracle): add support for `dialectOptions.connectString` (#15042)
• a44772e feat(snowflake): Add support for `QueryGenerator#tableExistsQuery` (#15087)
• 55051d0 docs: add missing ssl options for sequelize instance (v6) (#15049)
• 5c88734 docs(model): Added paranoid option for Model.BelongsToMany.through (#15065)
• 7203b66 fix(postgres): add custom order direction to subQuery ordering with minified alias (#15056)
• 5f621d7 fix(oracle): add support for Oracle DB 18c CI (#15016)
• 3468378 feat(types): add typescript 4.8 compatibility (#14990)

See the full diff

Package name: socket.io

The new version differs by 84 commits.

• f8a66fd chore(release): 3.0.5
• 752dfe3 chore: bump debug version
• bf54327 revert: restore the socket middleware functionality
• 170b739 fix: properly clear timeout on connection failure
• 230cd19 chore: bump dependencies
• a0a3481 test: fix random test failure
• f773b48 chore: update GitHub issue templates
• 292d62e docs(examples): update TypeScript example
• 178e899 docs(examples): add Angular TodoMVC + Socket.IO example
• d1bfe40 refactor: add more typing info and upgrade prettier (#3725)
• 81c1f4e chore(release): 3.0.4
• 1fba399 ci: migrate to GitHub Actions
• 4e6d404 chore: make tests work on Windows (#3708)
• 28c7cc0 style(issue-template): fix typo (#3700)
• 06a2bd3 chore(release): 3.0.3
• 85ebd35 chore: cleanup dist folder before compilation
• 9b6f971 chore(release): 3.0.2
• 43705d7 fix: merge Engine.IO options
• 118cc68 chore: add 3rd party types in the list of dependencies
• c596e54 docs(examples): update React Native example
• f7e0009 docs(examples): update TypeScript example
• e69d0ad chore: bump socket.io-client version
• 0317a07 chore(release): 3.0...