[Snyk] Upgrade: axios, dotenv, express, helmet, mongoose, nodemon, openai, ws

[Sandaru-IT21001352]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

axios
from 1.5.0 to 1.7.5 | 19 versions ahead of your current version | 23 days ago
on 2024-08-23
dotenv
from 16.3.1 to 16.4.5 | 7 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
helmet
from 7.0.0 to 7.1.0 | 1 version ahead of your current version | 10 months ago
on 2023-11-07
mongoose
from 7.5.0 to 7.8.1 | 21 versions ahead of your current version | a month ago
on 2024-08-19
nodemon
from 3.0.1 to 3.1.4 | 7 versions ahead of your current version | 3 months ago
on 2024-06-20
openai
from 4.4.0 to 4.56.0 | 126 versions ahead of your current version | a month ago
on 2024-08-16
ws
from 8.14.2 to 8.18.0 | 6 versions ahead of your current version | 2 months ago
on 2024-07-03

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	646	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	646	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	646	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	646	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	646	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	646	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	646	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	646	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	646	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	646	Proof of Concept

Release notes

Package name: axios

• 1.7.5 - 2024-08-23
  

  Release notes:

  Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Antonin Bas
  • Hans Otto Wirtz
• 1.7.4 - 2024-08-13
  

  Release notes:

  Bug Fixes

  • sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
  • sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

  Contributors to this release

  • Lev Pachmanov
  • Đỗ Trọng Hải
• 1.7.3 - 2024-08-01
  

  Release notes:

  Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Valerii Sidorenko
  • prianYu
• 1.7.2 - 2024-05-21
  

  Release notes:

  Bug Fixes

  • fetch: enhance fetch API detection; (#6413) (4f79aef)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.1 - 2024-05-20
  

  Release notes:

  Bug Fixes

  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.0 - 2024-05-19
  

  Release notes:

  Features

  • adapter: add fetch adapter; (#6371) (a3ff99b)

  Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
  • Alexandre ABRIOUX
• 1.7.0-beta.2 - 2024-05-19
  

  Release notes:

  Bug Fixes

  • fetch: capitalize HTTP method names; (#6395) (ad3174a)
  • fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
  • fetch: fix headers getting from a stream response; (#6401) (870e0a7)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.0-beta.1 - 2024-05-07
  

  Release notes:

  Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)
  • fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
  • fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

  Contributors to this release

  • Alexandre ABRIOUX
  • Dmitriy Mozgovoy

  Install

  npm i axios@next
  

• 1.7.0-beta.0 - 2024-04-28
  

  Release notes:

  Features

  • adapter: add fetch adapter; (#6371) (a3ff99b)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay

  Install

  npm i axios@next
  

• 1.6.8 - 2024-03-15
• 1.6.7 - 2024-01-25
• 1.6.6 - 2024-01-24
• 1.6.5 - 2024-01-05
• 1.6.4 - 2024-01-03
• 1.6.3 - 2023-12-26
• 1.6.2 - 2023-11-14
• 1.6.1 - 2023-11-08
• 1.6.0 - 2023-10-26
• 1.5.1 - 2023-09-26
• 1.5.0 - 2023-08-26

from axios GitHub release notes

Package name: dotenv

• 16.4.5 - 2024-02-20
  

  16.4.5

• 16.4.4 - 2024-02-13
  

  16.4.4

• 16.4.3 - 2024-02-12
  

  16.4.3

• 16.4.2 - 2024-02-10
  

  16.4.2

• 16.4.1 - 2024-01-24
  

  16.4.1

• 16.4.0 - 2024-01-23
  

  16.4.0

• 16.3.2 - 2024-01-19
  

  16.3.2

• 16.3.1 - 2023-06-17
  

  16.3.1

from dotenv GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add Node.js@19.7 by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

from express GitHub release notes

Package name: helmet

• 7.1.0 - 2023-11-07
  

  7.1.0

• 7.0.0 - 2023-05-06
  

  7.0.0

from helmet GitHub release notes

Package name: mongoose

• 7.8.1 - 2024-08-19
  

  chore: release 7.8.1

• 7.8.0 - 2024-07-23
• 7.7.0 - 2024-06-18
• 7.6.13 - 2024-06-05
• 7.6.12 - 2024-05-21
• 7.6.11 - 2024-04-11
• 7.6.10 - 2024-03-13
• 7.6.9 - 2024-02-26
• 7.6.8 - 2024-01-08
• 7.6.7 - 2023-12-06
• 7.6.6 - 2023-11-27
• 7.6.5 - 2023-11-14
• 7.6.4 - 2023-10-30
• 7.6.3 - 2023-10-17
• 7.6.2 - 2023-10-13
• 7.6.1 - 2023-10-09
• 7.6.0 - 2023-10-06
• 7.5.4 - 2023-10-04
• 7.5.3 - 2023-09-25
• 7.5.2 - 2023-09-15
• 7.5.1 - 2023-09-11
• 7.5.0 - 2023-08-29

from mongoose GitHub release notes

Package name: nodemon

• 3.1.4 - 2024-06-20
  

  3.1.4 (2024-06-20)

  Bug Fixes

  • ensure local env have priority (6020968), closes #2209
• 3.1.3 - 2024-06-03
  

  3.1.3 (2024-06-03)

  Bug Fixes

  • cast the nodemon function as Nodemon type (eaa1d54), closes #2206
• 3.1.2 - 2024-05-29
  

  3.1.2 (2024-05-29)

  Bug Fixes

  • Type exports correctly (#2207) (789663c), closes #2206
• 3.1.1 - 2024-05-25
  

  3.1.1 (2024-05-25)

  Bug Fixes

  • add types to help with required nodemon usage (#2204) (cd27c0b)
• 3.1.0 - 2024-02-22
  

  3.1.0 (2024-02-22)

  Features

  • Enable nodemon to monitor file removal (#2182) (02d216f)
• 3.0.3 - 2024-01-16
  

  3.0.3 (2024-01-16)

  Bug Fixes

  • use node when using --import (d3ee86e), closes #2157
• 3.0.2 - 2023-12-01
  

  3.0.2 (2023-12-01)

  Bug Fixes

  • bump debug out of vuln range (533ad9c), closes #2146
• 3.0.1 - 2023-07-09
  

  3.0.1 (2023-07-09)

  Bug Fixes

  • restore default ext watch behaviour (95bee00), closes #2124 #1957

from nodemon GitHub release notes

Package name: openai

• 4.56.0 - 2024-08-16
  

  4.56.0 (2024-08-16)

  Full Changelog: v4.55.9...v4.56.0

  Features

  • api: add chatgpt-4o-latest model (edc4398)
• 4.55.9 - 2024-08-16
  

  4.55.9 (2024-08-16)

  Full Changelog: v4.55.8...v4.55.9

  Bug Fixes

  • azure/tts: avoid stripping model param (#999) (c3a7ccd)
• 4.55.8 - 2024-08-15
  

  4.55.8 (2024-08-15)

  Full Changelog: v4.55.7...v4.55.8

  Chores

  • types: define FilePurpose enum (#997) (19b941b)
• 4.55.7 - 2024-08-13
  

  4.55.7 (2024-08-13)

  Full Changelog: v4.55.6...v4.55.7

  Bug Fixes

  • json-schema: correct handling of nested recursive schemas (#992) (ac309ab)
• 4.55.6 - 2024-08-13
  

  4.55.6 (2024-08-13)

  Full Changelog: v4.55.5...v4.55.6

  Bug Fixes

  • zod-to-json-schema: correct licensing (#986) (bd2051e)
• 4.55.5 - 2024-08-12
  

  4.55.5 (2024-08-12)

  Full Changelog: v4.55.4...v4.55.5

  Chores

  • examples: minor formatting changes (#987) (8e6b615)
  • sync openapi url (#989) (02ff1c5)
• 4.55.4 - 2024-08-09
  

  4.55.4 (2024-08-09)

  Full Changelog: v4.55.3...v4.55.4

  Bug Fixes

  • helpers/zod: nested union schema extraction (#979) (31b05aa)

  Chores

  • ci: bump prism mock server version (#982) (7442643)
  • ci: codeowners file (#980) (17a42b2)
• 4.55.3 - 2024-08-08
  

  4.55.3 (2024-08-08)

  Full Changelog: v4.55.2...v4.55.3

  Chores

  • internal: updates (#975) (313a190)
• 4.55.2 - 2024-08-08
  

  4.55.2 (2024-08-08)

  Full Changelog: v4.55.1...v4.55.2

  Bug Fixes

  • helpers/zod: add extract-to-root ref strategy (ef3c73c)
  • helpers/zod: add nullableStrategy option (ad89892)
  • helpers/zod: correct logic for adding root schema to definitions (e4a247a)

  Chores

  • internal: add README for vendored zod-to-json-schema (d8a80a9)
  • tests: add more API request tests (04c1590)
• 4.55.1 - 2024-08-07
  

  4.55.1 (2024-08-07)

  Full Changelog: v4.55.0...v4.55.1

  Bug Fixes

  • helpers/zod: correct schema generation for recursive schemas (cb54d93)

  Chores

  • api: remove old AssistantResponseFormat type (#967) (9fd94bf)
  • internal: update test snapshots (bceea60)
  • vendor/zodJsonSchema: add option to duplicate top-level ref (84b8a38)

  Documentation

  • examples: add UI generation example script (c75c017)
• 4.55.0 - 2024-08-06
• 4.54.0 - 2024-08-02
• 4.53.2 - 2024-07-26
• 4.53.1 - 2024-07-25
• 4.53.0 - 2024-07-22
• 4.52.7 - 2024-07-11
• 4.52.6 - 2024-07-11
• 4.52.5 - 2024-07-10
• 4.52.4 - 2024-07-08
• 4.52.3 - 2024-07-02
• 4.52.2 - 2024-06-29
• 4.52.1 - 2024-06-26
• 4.52.0 - 2024-06-19
• 4.51.0 - 2024-06-12
• 4.50.0 - 2024-06-10
• 4.49.1 - 2024-06-07
• 4.49.0 - 2024-06-06
• 4.48.3 - 2024-06-06
• 4.48.2 - 2024-06-05
• 4.48.1 - 2024-06-04
• 4.47.3 - 2024-05-31
• 4.47.2 - 2024-05-28
• 4.47.1 - 2024-05-14
• 4.47.0 - 2024-05-14
• 4.46.1 - 2024-05-13
• 4.46.0 - 2024-05-13
• 4.45.0 - 2024-05-11
• 4.44.0 - 2024-05-09
• 4.43.0 - 2024-05-08
• 4.42.0 - 2024-05-06
• 4.41.1 - 2024-05-06
• 4.41.0 - 2024-05-05
• 4.40.2 - 2024-05-03
• 4.40.1 - 2024-05-02
• 4.40.0 - 2024-05-01
• 4.39.1 - 2024-04-30
• 4.39.0 - 2024-04-29
• 4.38.5 - 2024-04-25
• 4.38.4 - 2024-04-24
• 4.38.3 - 2024-04-22
• 4.38.2 - 2024-04-19
• 4.38.1 - 2024-04-18
• 4.38.0 - 2024-04-18
• 4.37.1 - 2024-04-17
• 4.37.0 - 2024-04-17
• 4.36.0 - 2024-04-16
• 4.35.0 - 2024-04-16
• 4.34.0 - 2024-04-15
• 4.33.1 - 2024-04-13
• 4.33.0 - 2024-04-05
• 4.32.2 - 2024-04-04
• 4.32.1 - 2024-04-02
• 4.32.0 - 2024-04-01
• 4.31.0 - 2024-03-30
• 4.30.0 - 2024-03-28
• 4.29.2 - 2024-03-19
• 4.29.1 - 2024-03-15
• 4.29.0 - 2024-03-13
• 4.28.5 - 2024-03-13
• 4.28.4 - 2024-02-28
• 4.28.0 - 2024-02-13
• 4.27.1 - 2024-02-12
• 4.27.0 - 2024-02-...