[Snyk] Fix for 12 vulnerabilities

[dukedhx]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node/package.json
  • node/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-URIJS-1055003	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-1078286	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-1319803	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-URIJS-1319806	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2401466	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-2415026	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2419067	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Misinterpretation of Input SNYK-JS-URIJS-2440699	Yes	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: forge-apis

The new version differs by 37 commits.

• e1caf38 updating test specs
• bd9e171 removing or updating legacy packages, migrating request to superagent, bumping version number, fixing samples path issue
• 70eefcd Adding SHA! control, deprecating createFolder API
• 48d3448 s3 api added, fix tests, fix for defaultHeaders
• d507067 removing DAv2, toekn and webhook bugfixes
• b237f47 test restored
• a7d1be4 test temp removal
• 33f0ad6 pushing release 8.4
• 8aa4cc9 Adding webhooks API - reported at #42
• 585e62d objectid parameter for MD /properties
• ae6cef8 adding JobPayloadMisc to index.js
• aa2d79b node version + PR
• 1c3699f bump version
• 77df84d bump version
• abd055a allowing using different servers concurrently, #67
• d2740db update for svf2 support, bump version number
• 408551f fix for #65 - wrong method for commands API
• 33b121b move DA v2 depracted message to display only when using that API
• 9bc0525 Adding 3legged implicit grant flow
• 98bed64 W069 removel, getFolderParent() bugfix
• 7fbde68 2 spaces -> tab, adding DerivativesApi.setReferences() and support for EU region
• 748e29e upgrade dependencies, and fix test all
• 03f09d2 Fix test failure, #44 and #48 (#58)
• b0e5dee put / get with non hardcoded Content-Type / Accepts

See the full diff

Package name: koa-router

The new version differs by 91 commits.

• 8fe1d54 11.0.1
• d2ad849 feat: allow set router host match (#156)
• 54a3198 11.0.0
• fdf7117 chore: drop node 12 from tests
• d0c6d8b feat: require node >= 12, modernize, bump deps
• 68253f6 fix(lib/test/doc): fix jsdoc and typo (#146)
• c6a8fc8 feat: add `exclusive` option (#129)
• 3454a7d doc: add comma for better understanding (#145)
• 13a634d Support symbols as route names (#143)
• 6ba3efa feat(deps): update minimal version from 8 -> 12 (#152)
• 6db0e68 feat(default-params): replace || cond with default params (#153)
• 6aca720 Improve path checking before route registration (#155)
• 4fb50ac improve doc for prefix method. (#151)
• 65414f4 * update deps (#150)
• 1aead99 doc: add header to refer to api reference. (#112)
• 05fe8dd Include type installation instructions in README (#134)
• 5cec6fb Replace user with ctx.user in param docs (#136)
• 90dd73c 10.1.1
• 904db98 Correct @ hapi/boom usage example (#128)
• fa48560 10.1.0
• e9fa04b Fix additional entry inejcted to params (#124)
• 344ba0b 10.0.0
• 89b7c02 Allow router.redirect() to accept external destinations (#110)
• 56735f0 v9.4.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn