[Snyk] Fix for 14 vulnerabilities

[ToshKoevoets]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Filter Bypass SNYK-JS-EXPRESSVALIDATOR-174763	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTCSV-1049538	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-validator

The new version differs by 105 commits.

• cd4136e 6.5.0
• 612e2d9 Don't modify requests if oneOf chain didn't succeed (#877)
• 7595c94 chain: comment out isDate for now
• 8b604af chain: add missing methods to Validators interface
• ab6ffe4 npm: upgrade validator to 13.0.0 (#874)
• 29374cb 6.4.1
• 70af46e npm: audit fix dependencies
• efbfe3a Only consider . to be special char for now
• 42819ae npm: update dependencies
• 7736384 Remove console.log
• 3814c0a Fix use of special chars in selectors
• 0c450a9 docs: fix... typo? (#842)
• 246f2ea docs: improve wording in matchedData page (#846)
• 6123155 docs: improve wording in whole-body validation (#845)
• 3124129 docs: fix typo in schema validation and improve wording (#844)
• d85b368 docs: fix verb tense in the custom validator page (#841)
• 19531ec docs: fix verb tense in the validationResult page (#847)
• f868e23 docs: small fixes in the wildcard feature (#843)
• 31d73c2 npm: add build script
• 008a0ae docs: migrate usages of sanitize to check
• 4bbe421 6.4.0
• acb2ad7 npm: run docs:build before git add on versioning
• 5e293cf Compile TS to ES2017 (#826)
• 0163461 npm: upgrade a few packages (#825)

See the full diff

Package name: fast-csv

The new version differs by 250 commits.

• 3dc859e chore(release): publish v4.3.6
• 4bbd39f fix: Simplify empty row check by removing complex regex
• 1d18b89 chore(deps): update dependency eslint-plugin-tsdoc to v0.2.10
• 6101e60 chore(deps): update dependency eslint-plugin-prettier to v3.2.0
• 864e5cf chore(deps): update dependency eslint-plugin-tsdoc to v0.2.9
• e04342f chore(deps): update dependency @ types/jest to v26.0.16
• ef3d802 chore(deps): update typescript-eslint monorepo to v4.9.0
• 5c35dbc chore(deps): update dependency eslint-plugin-tsdoc to v0.2.8
• 3540be6 chore(deps): update dependency prettier to v2.2.1
• a6befe2 chore(deps): update dependency @ types/sinon to v9.0.9
• f7e1236 chore(deps): update typescript-eslint monorepo to v4.8.2
• b69808b chore(deps): update dependency eslint to v7.14.0
• 9af7a41 fix(deps): update dependency @ types/yargs to v15.0.10
• 057a4da fix(deps): update dependency yargs to v16.1.1
• 5f2a15a chore(deps): update dependency prettier to v2.2.0
• 979cfcf chore(deps): update typescript-eslint monorepo to v4.8.1
• 97a0cc5 chore(deps): update typescript-eslint monorepo to v4.8.0
• fb7f92d chore(deps): update dependency eslint-plugin-jest to v24.1.3
• 3bf2919 chore(deps): update dependency eslint-plugin-jest to v24.1.2
• 35fcaf9 chore(deps): update dependency eslint-plugin-jest to v24.1.1
• b03b546 chore(deps): update typescript-eslint monorepo to v4.7.0
• d1aa33e chore(deps): update dependency ts-jest to v26.4.4
• df5c4fe chore(deps): update dependency eslint to v7.13.0
• 051d143 chore(deps): update dependency jest to v26.6.3

See the full diff

Package name: node-fetch

The new version differs by 7 commits.

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)

See the full diff

Package name: nunjucks

The new version differs by 10 commits.

• fd50090 Release v3.2.3
• d34fdbf Temporarily comment out codecov action
• cefad41 Replace README.md travis badge with github actions
• 7601ff4 Fixup github actions workflow file
• de9dc67 Add GitHub Workflow for tests. fixes #1333
• aa9e5b9 Fix prototype pollution security issue. fixes #1331
• f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
• f91f1c3 Fix `groupby` example formatting
• 7ef121c Add base and default args to int filter
• 0c02062 Use attribute getter for `sort` filter

See the full diff

Package name: sanitize-html

The new version differs by 98 commits.

• fd3cb54 changelog credit
• 6012524 Merge pull request #460 from apostrophecms/iframe-validation-redux
• 5395e36 markdown
• bff6d9f Merge pull request #459 from Aspedm/main
• 1ecf30f pass eslint
• 54851d0 new and interesting iframe validation exploits
• dafee4f Update README.md
• b77e1d9 2.3.1
• bdf7836 Merge pull request #458 from apostrophecms/stop-idna-iframe-attacks
• 477b032 Updates README to specify node version (#457)
• 5804fa9 changelog
• ca4b62a stop IDNA iframe attacks
• 7229906 Fleshes out changelog message
• 5d6c6e6 Updates the version number
• af6e348 Fixes a typo in the changelog
• 251e14a Merge pull request #429 from TrySound/upgrade-htmlparser2
• 102c623 Upgrade to v6
• f07bf65 Upgrade htmlparser2
• 6a7b0ca bumps the version number (#446)
• 4be8a61 Adds acknowledgement to changelog. (#445)
• d59fdac Merge pull request #444 from aHerbots/patch-1
• 34f00be Update CHANGELOG.md
• 5ae731e Update README.md
• 07d1523 Allow 'tel' links by default

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 Filter Bypass
🦉 More lessons are available in Snyk Learn