[Snyk] Upgrade: , , debug, , bcrypt, body-parser, dotenv, helmet, joi, mongodb, passport, passport-jwt

[rodcko]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@hapi/boom
from 9.1.0 to 9.1.4 | 4 versions ahead of your current version | 3 years ago
on 2021-08-20
@sentry/tracing
from 5.27.6 to 5.30.0 | 6 versions ahead of your current version | 4 years ago
on 2021-01-13
debug
from 4.3.1 to 4.3.6 | 5 versions ahead of your current version | a month ago
on 2024-07-27
@sentry/node
from 5.27.6 to 5.30.0 | 6 versions ahead of your current version | 4 years ago
on 2021-01-13
bcrypt
from 5.0.0 to 5.1.1 | 3 versions ahead of your current version | a year ago
on 2023-08-16
body-parser
from 1.19.0 to 1.20.2 | 5 versions ahead of your current version | 2 years ago
on 2023-02-22
dotenv
from 8.2.0 to 8.6.0 | 5 versions ahead of your current version | 3 years ago
on 2021-05-05
helmet
from 4.2.0 to 4.6.0 | 7 versions ahead of your current version | 3 years ago
on 2021-05-02
joi
from 17.3.0 to 17.13.3 | 33 versions ahead of your current version | 3 months ago
on 2024-06-19
mongodb
from 3.6.3 to 3.7.4 | 14 versions ahead of your current version | a year ago
on 2023-06-21
passport
from 0.4.1 to 0.7.0 | 6 versions ahead of your current version | 9 months ago
on 2023-11-27
passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	489	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	489	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	489	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	489	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	489	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	489	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	489	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	489	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	489	No Known Exploit
	Session Fixation SNYK-JS-PASSPORT-2840631	489	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	489	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	489	Proof of Concept

Release notes

Package name: @hapi/boom

• 9.1.4 - 2021-08-20
  

  9.1.4

• 9.1.3 - 2021-07-02
  

  9.1.3

• 9.1.2 - 2021-03-16
  

  9.1.2

• 9.1.1 - 2020-12-16
  
  • Clean up typings comments (#278)
  • Allow custom properties on error payload property in typings (#279)
  • Make isBoom type definition laxer (#275)
  • Upgrade lab dependency to v24 and devDependency of typescript (#273)
• 9.1.0 - 2020-03-12
  

  9.1.0

from @hapi/boom GitHub release notes

Package name: @sentry/tracing

• 5.30.0 - 2021-01-13
• 5.29.2 - 2020-12-17
• 5.29.1 - 2020-12-16
• 5.29.0 - 2020-12-07
• 5.28.0 - 2020-12-01
• 5.27.7-beta.0 - 2020-12-01
• 5.27.6 - 2020-11-23

from @sentry/tracing GitHub release notes

Package name: debug

• 4.3.6 - 2024-07-27
  

  What's Changed

  • Avoid using deprecated RegExp.$1 by @ bluwy in #969

  New Contributors

  • @ bluwy made their first contribution in #969

  Full Changelog: 4.3.5...4.3.6

• 4.3.5 - 2024-05-31
  

  Patch

  • cac39b1 Fix/debug depth (#926)

  Thank you @ calvintwr for the fix.

• 4.3.4 - 2022-03-17
  

  What's Changed

  • Add section about configuring JS console to show debug messages by @ gitname in #866
  • Replace deprecated String.prototype.substr() by @ CommanderRoot in #876

  New Contributors

  • @ gitname made their first contribution in #866
  • @ CommanderRoot made their first contribution in #876

  Full Changelog: 4.3.3...4.3.4

• 4.3.3 - 2021-11-27
  

  Patch Release 4.3.3

  This is a documentation-only release. Further, the repository was transferred. Please see notes below.

  • Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
  • Updates repository maintainership information
  • Updates the copyright (no license terms change has been made)
  • Removes accidental epizeuxis (#828)
  • Adds README section regarding usage in child procs (#850)

  Thank you to @ taylor1791 and @ kristofkalocsai for their contributions.

  ---

  Repository Migration Information

  I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

  Q: What impact will this have on me?

  In most cases, you shouldn't notice any change.

  The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

  Q: What are the security implications of this change?

  If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@ Qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

  Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

  Q: What should I do if I encounter an issue related to the migration?

  Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

  Q: Why was this done as a 'patch' release? Isn't this breaking?

  No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

  Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

  I understand there are a lot of edge cases so please open issues as needed so I can assist in any way necessary.

  Q: Why was the repository transferred?

  I'll just list them off in no particular order.

  • The old organization was defunct and abandoned.
  • I was not an owner of the old organization and thus could not ban the non-trivial amount of spam users or the few truly abusive users from the org. This hindered my ability to properly maintain this package.
  • The debug ecosystem intends to grow beyond a single package, and since new packages could not be created in the old org (nor did it make sense for them to live there), a new org made the most sense - especially from a security point of view.
  • The old org has way, way too many approved members with push access, for which there was nothing I could do. This presented a pretty sizable security risk given that many packages in recent years have fallen victim to backdoors and the like due to lax security access.

  Q: Was this approved?

  Yes.^[archive]

  Q: Do I need to worry about another migration sometime in the future?

  No.

• 4.3.2 - 2020-12-09
  

  Patch release 4.3.2

  • Caches enabled statuses on a per-logger basis to speed up .enabled checks (#799)

  Thank you @ omg!

• 4.3.1 - 2020-11-19
  

  Patch release 4.3.1

  • Fixes a ReDOS regression (#458) - see #797 for details.

from debug GitHub release notes

Package name: @sentry/node

• 5.30.0 - 2021-01-13
• 5.29.2 - 2020-12-17
• 5.29.1 - 2020-12-16
• 5.29.0 - 2020-12-07
• 5.28.0 - 2020-12-01
• 5.27.7-beta.0 - 2020-12-01
• 5.27.6 - 2020-11-23

from @sentry/node GitHub release notes

Package name: bcrypt

• 5.1.1 - 2023-08-16
  

  What's Changed

  • Refactored example with async await by @ lpizzinidev in #894
  • Fixed z/OS build issue by @ laijonathan in #968
  • Update dependencies by @ recrsn in #993

  New Contributors

  • @ lpizzinidev made their first contribution in #894
  • @ laijonathan made their first contribution in #968

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-10-06
  

  What's Changed

  • Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
  • Update README for inclusion of musl by @ arbourd in #883
  • Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
  • document ESM usage (#892) by @ mariusa in #899
  • fix: update travis CI Docker image repository by @ cokia in #930
  • Update node versions in appveyor test matrix by @ p-kuen in #936
  • chore(appveyor): not use latest npm by @ cokia in #932
  • chore: update Appveyor readme badge by @ cokia in #933
  • Use Github actions for CI by @ recrsn in #858
  • Update dependencies by @ recrsn in #953
  • Migrate tests to use Jest by @ recrsn in #958
  • Pin NAPI to v3 by @ recrsn in #959

  New Contributors

  • @ feuxfollets1013 made their first contribution in #865
  • @ arbourd made their first contribution in #883
  • @ adaniels-parabol made their first contribution in #905
  • @ mariusa made their first contribution in #899
  • @ cokia made their first contribution in #930
  • @ p-kuen made their first contribution in #936

  Full Changelog: v5.0.1...v5.1.0

• 5.0.1 - 2021-02-26
  

  Update node-pre-gyp to 1.0.0

• 5.0.0 - 2020-06-08
  
  • Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
    It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
    was unsuccessful.
  • Experimental support for z/OS
  • Fix a bug related to NUL in password input
  • Update node-pre-gyp to 0.15.0

from bcrypt GitHub release notes

Package name: body-parser

• 1.20.2 - 2023-02-22
  
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2
• 1.20.1 - 2022-10-06
  
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• 1.20.0 - 2022-04-03
  
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0
• 1.19.2 - 2022-02-16
  
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2
• 1.19.1 - 2021-12-10
  
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
    • deps: inherits@2.0.4
    • deps: toidentifier@1.0.1
    • deps: setprototypeof@1.2.0
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• 1.19.0 - 2019-04-26
  
  • deps: bytes@3.1.0
    • Add petabyte (pb) support
  • deps: http-errors@1.7.2
    • Set constructor name when possible
    • deps: setprototypeof@1.1.1
    • deps: statuses@'>= 1.5.0 < 2'
  • deps: iconv-lite@0.4.24
    • Added encoding MIK
  • deps: qs@6.7.0
    • Fix parsing array brackets after index
  • deps: raw-body@2.4.0
    • deps: bytes@3.1.0
    • deps: http-errors@1.7.2
    • deps: iconv-lite@0.4.24
  • deps: type-is@~1.6.17
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type

from body-parser GitHub release notes

Package name: dotenv

• 8.6.0 - 2021-05-05
  

  Show as 'added' in changelog

• 8.5.1 - 2021-05-05
  

  Bump version 8.5.1

• 8.5.0 - 2021-05-05
  

  Bump version 8.5.0

• 8.4.0 - 2021-05-05
  

  Point to types file for VS Code. Bump 8.4.0

• 8.3.0 - 2021-05-05
  

  Drop node 8 support

• 8.2.0 - 2019-10-16
  

  chore(release): 8.2.0

from dotenv GitHub release notes

Package name: helmet

• 4.6.0 - 2021-05-02
  

  4.6.0

• 4.5.0 - 2021-04-17
  

  4.5.0

• 4.5.0-rc.1 - 2021-04-04
  

  v4.5.0-rc.1

• 4.4.1 - 2021-01-18
  

  4.4.1

• 4.4.0 - 2021-01-18
  

  4.4.0

• 4.3.1 - 2020-12-27
  

  4.3.1

• 4.3.0 - 2020-12-27
  

  4.3.0

• 4.2.0 - 2020-11-01
  

  4.2.0

from helmet GitHub release notes

Package name: joi

• 17.13.3 - 2024-06-19
  

  17.13.3

• 17.13.2 - 2024-06-19
  

  17.13.2

• 17.13.1 - 2024-05-02
  

  17.13.1

• 17.13.0 - 2024-04-23
  

  17.13.0

• 17.12.3 - 2024-04-03
  

  17.12.3

• 17.12.2 - 2024-02-21
  

  17.12.2

• 17.12.1 - 2024-01-29
  

  17.12.1

• 17.12.0 - 2024-01-17
  

  17.12.0

• 17.11.1 - 2024-01-15
  

  17.11.1

• 17.11.0 - 2023-10-04
• 17.10.2 - 2023-09-17
• 17.10.1 - 2023-08-31
• 17.10.0 - 2023-08-27
• 17.9.2 - 2023-04-24
• 17.9.1 - 2023-03-21
• 17.9.0 - 2023-03-20
• 17.8.4 - 2023-03-14
• 17.8.3 - 2023-02-21
• 17.8.2 - 2023-02-21
• 17.8.1 - 2023-02-19
• 17.8.0 - 2023-02-19
• 17.7.1 - 2023-02-10
• 17.7.0 - 2022-11-01
• 17.6.4 - 2022-10-22
• 17.6.3 - 2022-10-11
• 17.6.2 - 2022-09-29
• 17.6.1 - 2022-09-22
• 17.6.0 - 2022-01-26
• 17.5.0 - 2021-12-02
• 17.4.3 - 2021-12-01
• 17.4.2 - 2021-08-01
• 17.4.1 - 2021-07-11
• 17.4.0 - 2021-02-08
• 17.3.0 - 2020-10-24

from joi GitHub release notes

Package name: mongodb

• 3.7.4 - 2023-06-21
  

  The MongoDB Node.js team is pleased to announce version 3.7.4 of the mongodb package!

  Release Highlights

  This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.

  3.7.4 (2023-06-21)

  Bug Fixes

  • NODE-3711: retry txn end on retryable write (#3047) (1595140)
  • NODE-5355: prevent error when saslprep is not a function (#3733) (152425a)

  Documentation

  • Reference
  • API
  • Changelog

  We invite you to try the mongodb library immediately, and report any issues to the NODE project.

• 3.7.3 - 2021-10-20
• 3.7.2 - 2021-10-05
• 3.7.1 - 2021-09-14
• 3.7.0 - 2021-08-31
• 3.6.12 - 2021-08-30
• 3.6.11 - 2021-08-05
• 3.6.10 - 2021-07-06
• 3.6.9 - 2021-05-26
• 3.6.8 - 2021-05-21
• 3.6.7 - 2021-05-18
• 3.6.6 - 2021-04-06
• 3.6.5 - 2021-03-16
• 3.6.4 - 2021-02-02
• 3.6.3 - 2020-11-06

from mongodb GitHub release notes

Package name: passport

• 0.7.0 - 2023-11-27
  

  0.7.0

• 0.6.0 - 2022-05-20
  

  0.6.0

• 0.5.3 - 2022-05-16
  

  0.5.3

• 0.5.2 - 2021-12-16
  

  0.5.2

• 0.5.1 - 2021-12-15
  

  0.5.1

• 0.5.0 - 2021-09-23
  

  0.5.0

• 0.4.1 - 2019-12-09
  

  0.4.1

from passport GitHub release notes

Package name: passport-jwt

• 4.0.1 - 2022-12-24
  
  • Updates jsonwebtoken dependency to ^9.0.0 to address high severity
    vulnerability CVE-2022-3517
  • Updates a number of other dependencies
  • Fixes a number of typos

  [Developer facing]

  • Updates CI to use github actions
• 4.0.0 - 2018-03-13
  

  Fixes #147 - Vulnerability due to dependency on jsonwebtoken 7.x.x

from passport-jwt GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"hapi/boom","to":"hapi/boom"},{"name":"","from":"sentry/tracing","to":"sentry/tracing"},{"name":"debug","from":"4.3.1","to":"4.3.6"},{"name":"","from":"sentry/node","to":"sentry/node"},{"name":"bcrypt","from":"5.0.0","to":"5.1.1"},{"name":"body-parser","from":"1.19.0","to":"1.20.2"},{"name":"dotenv","from":"8.2.0","to":"8.6.0"},{"name":"helmet","from":"4.2.0","to":"4.6.0"},{"name":"joi","from":"17.3.0","to":"17.13.3"},{"name":"mongodb","from":"3.6.3","to":"3.7.4"},{"name":"passport","from":"0.4.1","to":"0.7.0"},{"name":"passport-jwt","from":"4.0.0","to":"4.0.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SIDEWAYFORMULA-3317169","issue_id":"SNYK-JS-SIDEWAYFORMULA-3317169","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MONGODB-5871303","issue_id":"SNYK-JS-MONGODB-5871303","priority_score":424,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-PASSPORT-2840631","issue_id":"SNYK-JS-PASSPORT-2840631","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Session Fixation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536758","issue_id":"SNYK-JS-TAR-1536758","priority_score":410,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MINIMIST-2429795","issue_id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"}],"prId":"f970c963-5a9e-4630-9c54-60aa5409aec8","prPublicId":"f970c963-5a9e-4630-9c54-60aa5409aec8","packageManager":"npm","priorityScoreList":[624,624,639,639,639,696,489,646,424,454,410,506],"projectPublicId":"bb099a96-9b58-4afd-86a4-fa7239baf3b9","projectUrl":"https://app.snyk.io/org/rodcko2417/project/bb099a96-9b58-4afd-86a4-fa7239baf3b9?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-QS-3153490","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909","SNYK-JS-MONGODB-5871303","SNYK-JS-PASSPORT-2840631","SNYK-JS-TAR-1536758","SNYK-JS-MINIMIST-2429795"],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2021-08-20T12:28:53.048Z"},"vulns":["SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-QS-3153490","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909","SNYK-JS-MONGODB-5871303","SNYK-JS-PASSPORT-2840631","SNYK-JS-TAR-1536758","SNYK-JS-MINIMIST-2429795"]}'

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
expressjs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 10, 2024 10:23am