[Snyk] Upgrade: ajv, bcrypt, body-parser, classnames, ejs, eslint, express, express-rate-limit, winston, fabric-ca-client, fabric-network, fast-stats, grpc, js-sha256, jsonwebtoken, log4js, multer, passport, pg, prettyjson, prop-types, save, sequelize, swagger-ui-express, ws

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

ajv
from 6.12.3 to 6.12.6 | 3 versions ahead of your current version | 4 years ago
on 2020-10-10
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
body-parser
from 1.19.2 to 1.20.2 | 3 versions ahead of your current version | 2 years ago
on 2023-02-22
classnames
from 2.3.1 to 2.5.1 | 5 versions ahead of your current version | 9 months ago
on 2023-12-29
ejs
from 3.1.7 to 3.1.10 | 3 versions ahead of your current version | 5 months ago
on 2024-04-12
eslint
from 7.29.0 to 7.32.0 | 3 versions ahead of your current version | 3 years ago
on 2021-07-30
express
from 4.17.3 to 4.19.2 | 7 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 5.2.6 to 5.5.1 | 5 versions ahead of your current version | 3 years ago
on 2021-11-06
winston
from 2.4.5 to 2.4.7 | 2 versions ahead of your current version | 2 years ago
on 2022-11-15
fabric-ca-client
from 2.2.15 to 2.2.20 | 25 versions ahead of your current version | 10 months ago
on 2023-11-13
fabric-network
from 2.2.15 to 2.2.20 | 25 versions ahead of your current version | 10 months ago
on 2023-11-13
fast-stats
from 0.0.3 to 0.0.7 | 4 versions ahead of your current version | a month ago
on 2024-08-06
grpc
from 1.24.10 to 1.24.11 | 1 version ahead of your current version | 3 years ago
on 2021-07-23
js-sha256
from 0.9.0 to 0.11.0 | 3 versions ahead of your current version | 8 months ago
on 2024-01-24
jsonwebtoken
from 9.0.0 to 9.0.2 | 2 versions ahead of your current version | a year ago
on 2023-08-30
log4js
from 6.4.0 to 6.9.1 | 17 versions ahead of your current version | 2 years ago
on 2023-03-08
multer
from 1.4.2 to 1.4.4 | 3 versions ahead of your current version | 3 years ago
on 2021-12-07
passport
from 0.6.0 to 0.7.0 | 1 version ahead of your current version | 10 months ago
on 2023-11-27
pg
from 8.4.0 to 8.12.0 | 19 versions ahead of your current version | 3 months ago
on 2024-06-04
prettyjson
from 1.2.1 to 1.2.5 | 4 versions ahead of your current version | 3 years ago
on 2022-01-11
prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05
save
from 2.4.0 to 2.9.0 | 2 versions ahead of your current version | 2 years ago
on 2022-09-23
sequelize
from 6.29.0 to 6.37.3 | 18 versions ahead of your current version | 5 months ago
on 2024-04-13
swagger-ui-express
from 4.3.0 to 4.6.3 | 6 versions ahead of your current version | a year ago
on 2023-05-05
ws
from 7.5.0 to 7.5.10 | 10 versions ahead of your current version | 3 months ago
on 2024-06-16

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	479	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	479	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	479	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	479	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	479	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	479	No Known Exploit
	Uncontrolled Resource Consumption SNYK-JS-GRPCGRPCJS-7242922	479	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	479	No Known Exploit

Release notes

Package name: ajv

• 6.12.6 - 2020-10-10
  

  Fix performance issue of "url" format.

• 6.12.5 - 2020-09-13
  

  Fix uri scheme validation (@ ChALkeR).
  Fix boolean schemas with strictKeywords option (#1270)

• 6.12.4 - 2020-08-15
  

  Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

• 6.12.3 - 2020-07-04
  

  Pass schema object to processCode function
  Option for strictNumbers (@ issacgerges, #1128)
  Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

from ajv GitHub release notes

Package name: bcrypt

• 5.1.1 - 2023-08-16
  

  What's Changed

  • Refactored example with async await by @ lpizzinidev in #894
  • Fixed z/OS build issue by @ laijonathan in #968
  • Update dependencies by @ recrsn in #993

  New Contributors

  • @ lpizzinidev made their first contribution in #894
  • @ laijonathan made their first contribution in #968

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-10-06
  

  What's Changed

  • Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
  • Update README for inclusion of musl by @ arbourd in #883
  • Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
  • document ESM usage (#892) by @ mariusa in #899
  • fix: update travis CI Docker image repository by @ cokia in #930
  • Update node versions in appveyor test matrix by @ p-kuen in #936
  • chore(appveyor): not use latest npm by @ cokia in #932
  • chore: update Appveyor readme badge by @ cokia in #933
  • Use Github actions for CI by @ recrsn in #858
  • Update dependencies by @ recrsn in #953
  • Migrate tests to use Jest by @ recrsn in #958
  • Pin NAPI to v3 by @ recrsn in #959

  New Contributors

  • @ feuxfollets1013 made their first contribution in #865
  • @ arbourd made their first contribution in #883
  • @ adaniels-parabol made their first contribution in #905
  • @ mariusa made their first contribution in #899
  • @ cokia made their first contribution in #930
  • @ p-kuen made their first contribution in #936

  Full Changelog: v5.0.1...v5.1.0

• 5.0.1 - 2021-02-26
  

  Update node-pre-gyp to 1.0.0

from bcrypt GitHub release notes

Package name: body-parser

• 1.20.2 - 2023-02-22
  
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2
• 1.20.1 - 2022-10-06
  
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• 1.20.0 - 2022-04-03
  
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0
• 1.19.2 - 2022-02-16
  
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2

from body-parser GitHub release notes

Package name: classnames

• 2.5.1 - 2023-12-29
  

  Prepare for release of version 2.5.1 (#351)

• 2.5.0 - 2023-12-28
  

  Prepare for release of version 2.5.0 (#344)

• 2.4.0 - 2023-12-26
  

  Prepare for release of version 2.4.0 (#338)

• 2.3.3 - 2023-12-25
  

  Prepare for release of version 2.3.3 (#308)

• 2.3.2 - 2022-09-13
  

  add missing registry for npm publish (#283)

• 2.3.1 - 2021-04-02
  

  2.3.1

from classnames GitHub release notes

Package name: ejs

• 3.1.10 - 2024-04-12
  

  Version 3.1.10

• 3.1.9 - 2023-03-12
  

  Version 3.1.9

• 3.1.8 - 2022-05-11
  

  Version 3.1.8

• 3.1.7 - 2022-04-20
  

  Version 3.1.7

from ejs GitHub release notes

Package name: eslint

• 7.32.0 - 2021-07-30
  
  • 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
  • faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
  • d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
  • 1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
  • ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
  • d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
  • d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
  • 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
  • f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
  • eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
  • ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
  • 60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
  • 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)
• 7.31.0 - 2021-07-17
  
  • efdbb12 Upgrade: @ eslint/eslintrc to v0.4.3 (#14808) (Brandon Mills)
  • a96b05f Update: add end location to report in consistent-return (refs #12334) (#14798) (Nitin Kumar)
  • e0e8e30 Docs: update BUG_REPORT template (#14787) (Nitin Kumar)
  • 39115c8 Docs: provide more context to no-eq-null (#14801) (gfyoung)
  • 9a3c73c Docs: fix a broken link (#14790) (Sam Chen)
  • ddffa8a Update: Indicating the operator in question (#14764) (Paul Smith)
  • bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#14765) (Paul Smith)
  • b0d22e3 Docs: Mention benefit of providing meta.docs.url (#14774) (Bryan Mishkin)
  • 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
  • a6a7438 Chore: pin fs-teardown@0.1.1 (#14771) (Milos Djermanovic)
• 7.30.0 - 2021-07-02
  
  • 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
  • 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
  • aa87329 Docs: fix broken links (#14756) (Sam Chen)
  • 278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
  • ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
  • 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
  • b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
  • f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
  • 1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
  • aada733 Docs: fix two broken links (#14726) (Sam Chen)
  • 8972529 Docs: Update README team and sponsors (ESLint Jenkins)
• 7.29.0 - 2021-06-18
  
  • bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
  • c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
  • eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
  • 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
  • a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)
  • 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#14699) (薛定谔的猫)
  • 757c495 Chore: add some rules to eslint-config-eslint (#14692) (薛定谔的猫)
  • c93a222 Docs: fix a broken link (#14697) (Sam Chen)
  • 655c118 Sponsors: Sync README with website (ESLint Jenkins)
  • e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
  • 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
  • ddbe877 Sponsors: Sync README with website (ESLint Jenkins)

from eslint GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0bee916

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.