[Snyk] Fix for 2 vulnerabilities

[idirouhab]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-6056393	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk

The new version differs by 250 commits.

• 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
• eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
• 8045ceb test: update proxy tests for the new proxy global-agent
• 0d0c76a feat: support lowercase http_proxy envvars
• e597846 test(proxy): acceptance test for Proxy envvar settings
• 6d67579 fix: replace vulnerable proxy dependency
• 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
• 3d872fb test: assert exact errors for unsupported
• 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
• 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
• fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
• 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
• 77e6665 chore: lerna release with exact version
• f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
• b286418 feat: v1 support for previously fixed reqs.txt
• 0384020 feat: basic pip fix -r support
• f94c558 feat: include pins optionally
• 66ca77a feat: do not skip files with -r directive
• bc44f9a refactor: fix individual reqs manifest
• 6e84322 feat: fix individual file with provenance
• 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
• c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
• ca508ac test: smoke test for `snyk fix`
• c68c7da feat: add @ snyk/fix as a dep

See the full diff

Package name: swagger-ui-express

The new version differs by 68 commits.

• aa3d56a Bumped version of swagger-ui-dist and moved js template usage
• ff10df4 Update README.md
• fe789d8 Update README.md
• d07439b Merge pull request #270 from jdgarcia/security-update
• 9011cdf Merge pull request #269 from artyhedgehog/patch-1
• e09c35f update swagger-ui-dist dependency to fix security vulnerabilities
• de8e7eb readme: fix broken link to swagger-jsdoc
• 5824af0 Merge pull request #236 from H3nSte1n/feature/Add_converage_section_to_readme
• da7b5ff feat: Remove Coverage headline from README
• b46e892 feat: Add coverage section to README
• feb0664 Merge pull request #235 from tingstad/patch-1
• 1699685 Update README - two swagger documents (typo)
• 44d5e10 Updated docs for multiple instances example
• 5071048 Fix issue with swaggerInit
• da6d0e2 Stop leaking Package.json
• 98f40f8 Bump version
• 669b881 Merge pull request #153 from ffflorian/fix/typo
• 9d8267b fix: Typo in customSiteTitle
• daf1305 Merge pull request #150 from marcobiedermann/hotfix/middlware
• 6dc9e6f fix: name middleware
• 0c422ed Relax npm express peer dependency, also inslude in dev dependencies for testing
• 8c91c10 Merge pull request #146 from RDeluxe/master
• a2f78e1 📦 Mode express to peerDependencies
• 5132d58 Remove fs as not longer needed

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Server-side Request Forgery (SSRF)