[Snyk] Fix for 37 vulnerabilities

[bicbot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • NodeRestAPI/package.json
  • NodeRestAPI/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-URIJS-1055003	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-1078286	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-1319803	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-URIJS-1319806	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2401466	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-2415026	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2419067	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Misinterpretation of Input SNYK-JS-URIJS-2440699	Yes	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: koa-router

The new version differs by 91 commits.

• 8fe1d54 11.0.1
• d2ad849 feat: allow set router host match (Bump Microsoft.Owin from 2.0.2 to 4.2.2 in /ProfilingWorkshop/AdoNetProfiling.Common rstropek/Samples#156)
• 54a3198 11.0.0
• fdf7117 chore: drop node 12 from tests
• d0c6d8b feat: require node >= 12, modernize, bump deps
• 68253f6 fix(lib/test/doc): fix jsdoc and typo (Bump Microsoft.Owin from 3.0.0 to 4.1.1 in /SimpleOwinDatabaseSample/JiraWebhook rstropek/Samples#146)
• c6a8fc8 feat: add `exclusive` option (Bump Microsoft.Owin from 3.0.0 to 4.0.0 in /SimpleOwinDatabaseSample/SimpleOwinDatabaseSample rstropek/Samples#129)
• 3454a7d doc: add comma for better understanding (Bump Microsoft.Owin from 3.0.1 to 4.1.1 in /ODataFaq/ODataFaq.SelfHostService rstropek/Samples#145)
• 13a634d Support symbols as route names (Bump Microsoft.Owin from 3.0.0 to 4.1.1 in /WiXSamples/WebInstaller/WebHelloWorld rstropek/Samples#143)
• 6ba3efa feat(deps): update minimal version from 8 -> 12 (Bump Microsoft.Owin from 2.0.2 to 4.2.2 in /OwinFundamentals/25-Owin-Pipeline rstropek/Samples#152)
• 6db0e68 feat(default-params): replace || cond with default params (Bump Microsoft.Owin from 3.0.0 to 4.2.2 in /WiXSamples/WebInstaller/WebHelloWorld rstropek/Samples#153)
• 6aca720 Improve path checking before route registration (Bump Microsoft.Owin from 3.0.0-beta1 to 4.2.2 in /OWinWebApiOData rstropek/Samples#155)
• 4fb50ac improve doc for prefix method. (Bump Microsoft.Owin from 3.0.1 to 4.2.2 in /Snek2015AngularWebApiSample/WebApi rstropek/Samples#151)
• 65414f4 * update deps (Bump Microsoft.Owin from 3.0.1 to 4.2.2 in /ProfilingWorkshop/AdoNetPerfProfiling.Web rstropek/Samples#150)
• 1aead99 doc: add header to refer to api reference. (Bump Newtonsoft.Json from 6.0.3 to 13.0.1 in /BeeInMyGarden/BeeInMyGarden.Tests rstropek/Samples#112)
• 05fe8dd Include type installation instructions in README (Bump Microsoft.Owin from 3.0.1 to 4.0.0 in /CustomODataProvider/CustomODataProvider.Hosting rstropek/Samples#134)
• 5cec6fb Replace user with ctx.user in param docs (Bump terser from 5.14.0 to 5.14.2 in /AzureDevEndToEnd/VatCalculator.Web rstropek/Samples#136)
• 90dd73c 10.1.1
• 904db98 Correct @ hapi/boom usage example (Bump Microsoft.Owin from 3.0.0 to 4.0.0 in /WiXSamples/WebInstaller/WebHelloWorld rstropek/Samples#128)
• fa48560 10.1.0
• e9fa04b Fix additional entry inejcted to params (Bump Microsoft.Owin from 2.0.2 to 4.0.0 in /ProfilingWorkshop/AdoNetProfiling.Common rstropek/Samples#124)
• 344ba0b 10.0.0
• 89b7c02 Allow router.redirect() to accept external destinations (Bump Newtonsoft.Json from 6.0.6 to 13.0.1 in /WhatsNewInCSharp6/CSharpInfotagFinish rstropek/Samples#110)
• 56735f0 v9.4.0

See the full diff

Package name: nunjucks

The new version differs by 50 commits.

• 53d1223 Release v3.2.1
• 93129bf Replace yargs with commander
• 17691da Chokidar bump
• 40dfdf0 Remove dead link
• cefb1cf Prevent optional dependency Chokidar from loading when not watching
• 1485a44 Add badges in README.md
• 2246457 Add Mozilla Code of Conduct file
• ff5571c Release v3.2.0
• f997a52 Add NodeResolveLoader
• 34b0a26 Fix syntax typos in CONTRIBUTING.md
• 55e0b7a Set dash as joiner element
• c99154e Update faq.md
• 1338712 Emit 'load' events on Loader and Environment instances
• 057e7b3 Add test for line/column info in user-function exception
• bcf38f3 Emit line and column info for functions
• fbddcd5 lexer more accurately tracks token line and column information
• 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
• b828158 Fix documentation typo
• 1370361 v3.1.7
• 0a65e1f Fixes for replace example
• 2946fb4 Removed postinstall-build in favor of npm prepare script
• 9fd5bdb Add link to Plugin syntax highlighting for VSCode
• 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
• 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn