[Snyk] Fix for 4 vulnerabilities

[maidul98]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • backend/package.json
  • backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
	/1000 Why?	Information Exposure SNYK-JS-FASTIFYSWAGGERUI-6157561	Yes	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @fastify/swagger-ui

The new version differs by 27 commits.

• 7aaad5a Bumped v2.1.0
• 13d799a Merge pull request from GHSA-62jr-84gf-wmg4
• a47ddd6 docs(readme): replace `fastify.io` links with `fastify.dev` (Adding automatic linter for checking commit #119)
• 3cf8d5d test: deflake tests (Unable to store infisical cli login credentials in Ubuntu Server 22.04 system keyring. #113)
• 532770a fix(examples): use IIFE to ensure proper loading of plugins (Begin reset password backend functionality #114)
• be4f775 one more await
• 5a78c10 fix: add validatorUrl type (Bake workspace id and environment name into service token  #109)
• 21493f1 build(deps-dev): Bump tsd from 0.29.0 to 0.30.0 (Add local SMTP server for development #112)
• e4c7fec build(deps-dev): Bump swagger-ui-dist from 5.10.3 to 5.10.5 (Add husky and lint-staged #111)
• 267f38f Allow serving static assets from `baseDir` (Updated the start developing guide as suggested in issue #75 #108)
• 0287d28 Bumped v2.0.1
• ad3fee2 set validatorUrl to null by default
• 9465b59 Bumped v2.0.0
• 23ad7ff Add validatorUrl option (Custom environments #105)
• 1ab87ea Bumped v1.10.2
• 109ff1d build(deps): Bump actions/checkout from 3 to 4 (Infisical command not found when i try to deploy the application on vercel  #107)
• b40db96 build(deps): Bump actions/setup-node from 3 to 4 (Rectified typo in README :) #106)
• 9a9b473 build(deps-dev): Bump swagger-ui-dist from 5.10.0 to 5.10.3 (Install CLI on Windows system #104)
• 350a350 build(deps-dev): Bump swagger-ui-dist from 5.9.4 to 5.10.0 (Infisical CLI, .network tld email domains not valid. #103)
• 2c698a8 Update README.md (Test PR -- DO NOT MERGE -- #101)
• aee66c4 test: add e2e tests with playwright (Add PR gate workflows #99)
• 1bb92b1 build(deps-dev): Bump swagger-ui-dist from 5.9.1 to 5.9.4 (Test PR -- DO NOT MERGE -- #100)
• fd10ae9 fix: call transformSpecification correctly ([Snyk] Upgrade mongoose from 6.7.1 to 6.7.2 #97)
• da04d53 build(deps-dev): Bump swagger-ui-dist from 5.9.0 to 5.9.1 ([Snyk] Upgrade express-rate-limit from 6.6.0 to 6.7.0 #96)

See the full diff

Package name: axios

The new version differs by 11 commits.

• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors

See the full diff

Package name: probot

The new version differs by 1 commits.

• 948a1b7 feat: v13 (Updates api endpoints for project role and identity specfic privilege #1874)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
8529478	Triggered	Generic High Entropy Secret	5439dde	.env.example	View secret
9387833	Triggered	Generic Password	5439dde	.env.example	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

<sup>🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!</sup>