[Snyk] Upgrade: bcrypt, cloudinary, dotenv, formidable, joi, joi-password-complexity, mongoose

[maleeshaaa]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

bcrypt
from 5.1.0 to 5.1.1 | 1 version ahead of your current version | a year ago
on 2023-08-16
cloudinary
from 1.33.0 to 1.41.3 | 18 versions ahead of your current version | 8 months ago
on 2024-01-18
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
formidable
from 2.1.1 to 2.1.2 | 1 version ahead of your current version | 2 years ago
on 2022-12-01
joi
from 17.7.0 to 17.13.3 | 22 versions ahead of your current version | 3 months ago
on 2024-06-19
joi-password-complexity
from 5.1.0 to 5.2.0 | 1 version ahead of your current version | a year ago
on 2023-07-11
mongoose
from 6.10.5 to 6.13.0 | 18 versions ahead of your current version | 3 months ago
on 2024-06-06

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-5668858	751	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289	751	No Known Exploit
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	751	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5415299	751	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5422057	751	Proof of Concept
	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	751	No Known Exploit
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	751	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-5537100	751	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	751	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	751	Mature
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	751	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	751	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	751	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	751	Proof of Concept

Release notes

Package name: bcrypt

• 5.1.1 - 2023-08-16
  

  What's Changed

  • Refactored example with async await by @ lpizzinidev in #894
  • Fixed z/OS build issue by @ laijonathan in #968
  • Update dependencies by @ recrsn in #993

  New Contributors

  • @ lpizzinidev made their first contribution in #894
  • @ laijonathan made their first contribution in #968

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-10-06
  

  What's Changed

  • Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
  • Update README for inclusion of musl by @ arbourd in #883
  • Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
  • document ESM usage (#892) by @ mariusa in #899
  • fix: update travis CI Docker image repository by @ cokia in #930
  • Update node versions in appveyor test matrix by @ p-kuen in #936
  • chore(appveyor): not use latest npm by @ cokia in #932
  • chore: update Appveyor readme badge by @ cokia in #933
  • Use Github actions for CI by @ recrsn in #858
  • Update dependencies by @ recrsn in #953
  • Migrate tests to use Jest by @ recrsn in #958
  • Pin NAPI to v3 by @ recrsn in #959

  New Contributors

  • @ feuxfollets1013 made their first contribution in #865
  • @ arbourd made their first contribution in #883
  • @ adaniels-parabol made their first contribution in #905
  • @ mariusa made their first contribution in #899
  • @ cokia made their first contribution in #930
  • @ p-kuen made their first contribution in #936

  Full Changelog: v5.0.1...v5.1.0

from bcrypt GitHub release notes

Package name: cloudinary

• 1.41.3 - 2024-01-18
• 1.41.2 - 2024-01-08
• 1.41.1 - 2023-12-18
• 1.41.0 - 2023-09-26
• 1.40.0 - 2023-07-31
• 1.39.0 - 2023-07-24
• 1.38.0 - 2023-07-20
• 1.37.3 - 2023-06-26
• 1.37.2 - 2023-06-19
• 1.37.1 - 2023-06-09
• 1.37.0 - 2023-05-16
• 1.36.4 - 2023-05-02
• 1.36.3 - 2023-05-02
• 1.36.2 - 2023-04-24
• 1.36.1 - 2023-04-13
• 1.36.0 - 2023-04-13
• 1.35.0 - 2023-03-03
• 1.34.0 - 2023-02-13
• 1.33.0 - 2022-12-15

from cloudinary GitHub release notes

Package name: dotenv

• 16.4.5 - 2024-02-20
  

  16.4.5

• 16.4.4 - 2024-02-13
  

  16.4.4

• 16.4.3 - 2024-02-12
  

  16.4.3

• 16.4.2 - 2024-02-10
  

  16.4.2

• 16.4.1 - 2024-01-24
  

  16.4.1

• 16.4.0 - 2024-01-23
  

  16.4.0

• 16.3.2 - 2024-01-19
  

  16.3.2

• 16.3.1 - 2023-06-17
  

  16.3.1

• 16.3.0 - 2023-06-16
  

  16.3.0

• 16.2.0 - 2023-06-16
  

  16.2.0

• 16.1.4 - 2023-06-04
• 16.1.3 - 2023-05-31
• 16.1.2 - 2023-05-31
• 16.1.1 - 2023-05-31
• 16.1.0 - 2023-05-30
• 16.1.0-rc2 - 2023-05-21
• 16.1.0-rc1 - 2023-04-07
• 16.0.3 - 2022-09-29

from dotenv GitHub release notes

Package name: formidable

• 2.1.2 - 2022-12-01
• 2.1.1 - 2022-12-01

from formidable GitHub release notes

Package name: joi

• 17.13.3 - 2024-06-19
  

  17.13.3

• 17.13.2 - 2024-06-19
  

  17.13.2

• 17.13.1 - 2024-05-02
  

  17.13.1

• 17.13.0 - 2024-04-23
  

  17.13.0

• 17.12.3 - 2024-04-03
  

  17.12.3

• 17.12.2 - 2024-02-21
  

  17.12.2

• 17.12.1 - 2024-01-29
  

  17.12.1

• 17.12.0 - 2024-01-17
  

  17.12.0

• 17.11.1 - 2024-01-15
  

  17.11.1

• 17.11.0 - 2023-10-04
• 17.10.2 - 2023-09-17
• 17.10.1 - 2023-08-31
• 17.10.0 - 2023-08-27
• 17.9.2 - 2023-04-24
• 17.9.1 - 2023-03-21
• 17.9.0 - 2023-03-20
• 17.8.4 - 2023-03-14
• 17.8.3 - 2023-02-21
• 17.8.2 - 2023-02-21
• 17.8.1 - 2023-02-19
• 17.8.0 - 2023-02-19
• 17.7.1 - 2023-02-10
• 17.7.0 - 2022-11-01

from joi GitHub release notes

Package name: joi-password-complexity

• 5.2.0 - 2023-07-11
  

  Summary

  • Rebuilds with rollup v3
  • Bumps to newest TS, Yarn, and other dependencies
  • Fixes outstanding vulns
• 5.1.0 - 2021-02-12
  
  • Fixes bad esm imports
  • Updates dependencies
  • Adds CHANGELOG

  Examples of usage:

  const passwordComplexity = require('joi-password-complexity');

  or

  import passwordComplexity from 'joi-password-complexity';

from joi-password-complexity GitHub release notes

Package name: mongoose

• 6.13.0 - 2024-06-06
• 6.12.9 - 2024-05-24
• 6.12.8 - 2024-04-10
• 6.12.7 - 2024-03-01
• 6.12.6 - 2024-01-22
• 6.12.5 - 2024-01-03
• 6.12.4 - 2023-12-27
• 6.12.3 - 2023-11-07
• 6.12.2 - 2023-10-25
• 6.12.1 - 2023-10-12
• 6.12.0 - 2023-08-24
• 6.11.6 - 2023-08-21
• 6.11.5 - 2023-08-01
• 6.11.4 - 2023-07-17
• 6.11.3 - 2023-07-11
• 6.11.2 - 2023-06-08
• 6.11.1 - 2023-05-08
• 6.11.0 - 2023-05-01
• 6.10.5 - 2023-04-06

from mongoose GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"bcrypt","from":"5.1.0","to":"5.1.1"},{"name":"cloudinary","from":"1.33.0","to":"1.41.3"},{"name":"dotenv","from":"16.0.3","to":"16.4.5"},{"name":"formidable","from":"2.1.1","to":"2.1.2"},{"name":"joi","from":"17.7.0","to":"17.13.3"},{"name":"joi-password-complexity","from":"5.1.0","to":"5.2.0"},{"name":"mongoose","from":"6.10.5","to":"6.13.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-FASTXMLPARSER-5668858","issue_id":"SNYK-JS-FASTXMLPARSER-5668858","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","issue_id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WORDWRAP-3149973","issue_id":"SNYK-JS-WORDWRAP-3149973","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5415299","issue_id":"SNYK-JS-VM2-5415299","priority_score":816,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.9","score":495},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Escape"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5422057","issue_id":"SNYK-JS-VM2-5422057","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Escape"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-VM2-5426093","issue_id":"SNYK-JS-VM2-5426093","priority_score":704,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5537079","issue_id":"SNYK-JS-VM2-5537079","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5537100","issue_id":"SNYK-JS-VM2-5537100","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Sandbox Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VM2-5772823","issue_id":"SNYK-JS-VM2-5772823","priority_score":811,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"mature","id":"SNYK-JS-VM2-5772825","issue_id":"SNYK-JS-VM2-5772825","priority_score":876,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MONGOOSE-5777721","issue_id":"SNYK-JS-MONGOOSE-5777721","priority_score":726,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MONGODB-5871303","issue_id":"SNYK-JS-MONGODB-5871303","priority_score":424,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SIDEWAYFORMULA-3317169","issue_id":"SNYK-JS-SIDEWAYFORMULA-3317169","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"}],"prId":"1611367e-ffba-47af-a504-0e91ff338f9f","prPublicId":"1611367e-ffba-47af-a504-0e91ff338f9f","packageManager":"npm","priorityScoreList":[751,589,646,559,506,816,811,704,586,811,811,876,726,424,489,432],"projectPublicId":"3e48a2b1-192d-45a9-aeda-6615b0d937bb","projectUrl":"https://app.snyk.io/org/maleeshas.2000/project/3e48a2b1-192d-45a9-aeda-6615b0d937bb?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-IP-6240864","SNYK-JS-FASTXMLPARSER-5668858","SNYK-JS-IP-6240864","SNYK-JS-IP-7148531","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-IP-7148531","SNYK-JS-WORDWRAP-3149973","SNYK-JS-VM2-5415299","SNYK-JS-VM2-5422057","SNYK-JS-VM2-5426093","SNYK-JS-VM2-5537079","SNYK-JS-VM2-5537100","SNYK-JS-VM2-5772823","SNYK-JS-VM2-5772825","SNYK-JS-MONGOOSE-5777721","SNYK-JS-MONGODB-5871303","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909"],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-08-16T03:48:51.540Z"},"vulns":["SNYK-JS-IP-6240864","SNYK-JS-FASTXMLPARSER-5668858","SNYK-JS-IP-6240864","SNYK-JS-IP-7148531","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-IP-7148531","SNYK-JS-WORDWRAP-3149973","SNYK-JS-VM2-5415299","SNYK-JS-VM2-5422057","SNYK-JS-VM2-5426093","SNYK-JS-VM2-5537079","SNYK-JS-VM2-5537100","SNYK-JS-VM2-5772823","SNYK-JS-VM2-5772825","SNYK-JS-MONGOOSE-5777721","SNYK-JS-MONGODB-5871303","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909"]}'