[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • backend/package.json
  • backend/package-lock.json
  • backend/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: globby

The new version differs by 12 commits.

• 878ef6e 10.0.0
• 3706920 Upgrade `fast-glob` package to v3 (build(deps): bump axios from 1.7.2 to 1.7.7 in /backend BigDataBoutique/ElastiQuill#126)
• 8aadde8 Add `globby.stream` (build(deps): bump semver from 6.3.0 to 6.3.1 BigDataBoutique/ElastiQuill#113)
• 2dd76d2 Remove `**/bower_components/**` as a default ignore pattern
• 9f781ce Require Node.js 8
• 04d51bf Upgrade `ignore` package (build(deps-dev): bump elliptic from 6.5.4 to 6.5.7 in /admin-frontend BigDataBoutique/ElastiQuill#120)
• 2b61484 Readme tweaks
• ff3e1f9 Tidelift tasks
• 31f18ae Create funding.yml
• 33ca01c Fix using the `gitignore` and `stats` options together (build(deps): bump send and express in /admin-frontend BigDataBoutique/ElastiQuill#121)
• c737820 Minor TypeScript definition improvements
• 82db101 Add Node.js 12 to testing (build(deps): bump postcss from 8.4.22 to 8.4.31 in /backend BigDataBoutique/ElastiQuill#117)

See the full diff

Package name: handlebars

The new version differs by 112 commits.

• 91a1b5d v4.6.0
• 770d746 Update release notes
• d7f0dcf refactor: fix typo in private test method
• 187d611 test: add path to nodeJs when running test:bin
• d337f40 test: show diff when test:bin fails
• d03b6ec feat: access control to prototype properties via whitelist
• 164b7ff chore: ignore .nyc_output
• ac4655e chore: disable "dot-notation" rule
• 14b621c test/style: remove or hide unused code in git.js, add tests
• 1ec1737 test/style: refactor remaining grunt tasks to use promises instead of callbacks
• 1ebce2b test/style: use nyc instead of istanbul, npm audit fix
• 3a5b65e test/style: refactor parser task
• dde108e test/style: refactor test-task to make it more readable
• dc54952 chore: change eslint-rules for tasks/
• d1fb07b Update (C) year in the LICENSE file
• 04b1984 chore: try to fix saucelabs credentials (#1627)
• c40d9f3 chore: active linting and formatting on commit
• 8901c28 chore: fix task name in build
• e97685e style: reformat all files using prettier
• e913dc5 chore: restructure build commands
• 1f61f21 chore: configure prettier and eslint
• 587e7a3 remove yarn.lock
• edcc84f Update readme.md with updated links (#1620)
• 23d58e7 fix(runtime.js): partials compile not caching (#1600)

See the full diff

Package name: markdown-it

The new version differs by 38 commits.

• b5d7ea5 10.0.0 released
• 26eacad Browser files rebuild
• 3d24bda Deps bump
• 33dfd12 Changelog format update
• 07a62c6 Move nested delimiter info to opening token instead of inline state
• 3c67c8f Add funding info
• 9e5015f 9.1.0 released
• 5093920 Browser files rebuild
• 39a35f4 Remove extra chars from line breaks check (match CM spec)
• faecae0 Match CommonMark spec exactly
• d9cb3cc Don’t recognize U+2028 as a newline character
• 9bbefc1 Create issue templates
• 28cec6d 9.0.1 released
• 7961e5a Browser files rebuild
• a1c9381 Fix incorrect level recalculation in text_collapse
• d08c7c3 Add an example related to case-insensitive comparisons
• bd43aae 9.0.0 released
• cb4f862 Browser files rebuild
• c36309e Bump eslint & update CS
• a52d724 Deps bump
• c93ad3a jade => pug
• 1ba6def Deps: coverall bump
• 457f471 Travis-CI: refresh node versions to actual
• fa7a419 Fix edge case for list indents

See the full diff

Package name: multer-s3

The new version differs by 3 commits.

• 6a14dcb 🚢 2.9.1
• 36719fb 🌹 Update README to Correct Backend API (#148)
• 59609db 🐛 Fix SVG check for large files (build(deps): bump json5 from 2.2.1 to 2.2.3 in /backend BigDataBoutique/ElastiQuill#103)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• d7ebe15 Merge pull request #1093 from snyk/feat/bump-deps-to-use-patched-lodash
• c359e05 feat: patching vulnerable lodash with @ snyk/lodash
• 39a5284 Merge pull request #1092 from snyk/fix/app-os-cli
• 71ed530 fix: make sure branch exists
• c8b4b8e Merge pull request #1090 from snyk/feat/app-os-cli
• 4b969fd feat: adding target to container projects
• fccaaae feat: bump docker-plugin to use new format
• 2961d79 Merge pull request #1089 from snyk/feat/add-reachable-vulns-to-summary
• 3487ca5 feat: add reachable vulns to the `snyk test` summary line
• b1d0311 feat: include better user messages for reachable vuln
• d4db5fe chore: add call graph size to analytics
• 33fad1c Merge pull request #1079 from snyk/chore/upgrading-vuln-pkg
• 8df372e fix: cli-server, fake-server and their tests now support Restify v8
• b59f0b5 Merge pull request #1087 from snyk/feat/experimental-docker-archive
• 5e627c6 feat: enable experimental docker-archive scanning
• 3a383f0 Merge pull request #1085 from snyk/feat/update-opn-to-open
• 1474223 feat: switch to use 'open' since 'opn' is deprecated
• 0ca8676 Merge pull request #1086 from snyk/chore/fix-prettify
• 9882190 chore: fix prettify for analytics.js
• c728ada chore: lint
• 1e0f0d2 chore: Update Restify to V8
• 4836982 Merge pull request #1068 from snyk/feat/add-integration-name-to-analytics
• 6316140 Merge pull request #1084 from snyk/fix/bump-ruby-semver
• a3ea038 fix: bump ruby-semver to use min Node 8 instead of 10

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.