[Snyk] Security upgrade @tensorflow/tfjs-node from 3.14.0 to 4.20.0

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• functions/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@tensorflow/tfjs-node","from":"3.14.0","to":"4.20.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"}],"prId":"7843a488-1e50-45ea-8d66-67a8ce5fb66a","prPublicId":"7843a488-1e50-45ea-8d66-67a8ce5fb66a","packageManager":"npm","priorityScoreList":[646],"projectPublicId":"3e229b24-b2de-4c21-9d58-eebf425f44fc","projectUrl":"https://app.snyk.io/org/aravindvnair99-github-marketplace/project/3e229b24-b2de-4c21-9d58-eebf425f44fc?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-TAR-6476909"],"vulns":["SNYK-JS-TAR-6476909"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in e90c30c path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in e90c30c result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.