[Snyk] Fix for 4 vulnerabilities

[ntheanh201]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • backend/package.json
  • backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-jwt

The new version differs by 23 commits.

• c4de5de 6.1.1
• 691fd6a Merge pull request #272 from ryanpcmcquen/prototype-pollution-vulnerability-fix
• 551bf40 Fix prototype pollution vulnerability.
• 354e1f8 6.1.0
• 3db0e6b Merge pull request #265 from pipeline1987/master
• 67bd3c4 upgrade express-unless dependency to v1.0.0
• 5cf9b0b Merge pull request #236 from auth0/dependabot/npm_and_yarn/lodash-4.17.19
• adf60bb Merge pull request #239 from auth0/update-changelog
• ed743a8 Updated changelog
• 61776e2 Bump lodash from 4.17.15 to 4.17.19
• 5fb8c88 Merge pull request #234 from gkwang/update-readme
• 43b7921 Update readme on 6.0.0 changes
• 678f3b0 6.0.0
• 7ecab5f Merge pull request from GHSA-6g6m-m6h5-w9gf
• 304a1c5 Made algorithms mandatory
• e9ed6d2 5.3.3
• 8662579 Make clearer sections in the Readme
• d3e86bf Update README.md
• c5d8419 Add a note about OAuth2 bearer tokens
• 888f0e9 Update Readme and use a consistent JS style for code examples
• 6591014 5.3.2
• f4f4d1d fix license field
• 1789282 fix dependencies vulnerabilities and test against 8, 10 and 12 from now on

See the full diff

Package name: passport-auth0

The new version differs by 37 commits.

• 3fe9208 Release v1.4.1 (#147)
• 7e5bd48 Fix build status badge (#145)
• 1aaf257 [SDK-2811] Replace request with axios (#144)
• 53dc43e Run CI on Node 12, 14 and 16 (#143)
• 45a3d21 Run npm audit fix (#142)
• 3feaf0f fix: upgrade request from 2.88.0 to 2.88.2 (#140)
• 4927efb fix: upgrade passport-oauth2 from 1.5.0 to 1.6.0 (#141)
• fb0608d Merge pull request #139 from auth0/circleci-project-setup
• ecec81e Migrate to CircleCI
• 1920790 Update lock file - ajv (#138)
• 7a672c8 Merge pull request #136 from auth0/add-templates
• 77f1ec9 Update config.yml
• 52b5dc7 Setup pull-request and issue templates
• 8fd4b15 Merge pull request #135 from auth0/davidpatrick-patch-1
• 684fbb6 README Update with Maintenance Advisory
• f19e222 Merge pull request #134 from auth0/add-templates
• f3b1214 update issue template config.yml
• e7faa31 Setup pull-request and issue templates
• 97da27d Merge pull request #133 from auth0/add-codeowners-eng
• 81ce782 Setup the CODEOWNERS for pull request reviews
• 6b715cf Merge pull request #132 from auth0/release-1.4.0
• 34c855a Release v1.4.0
• c453513 Merge pull request #131 from alexbjorlig/allow-extra-params
• 0b7f58e Merge branch 'master' into allow-extra-params

See the full diff

Package name: winston-loggly-bulk

The new version differs by 53 commits.

• 9f925a1 Merge pull request Update config.yml udacity/cdond-c3-projectstarter#93 from loggly/temp-gold
• 103a756 G1C-1760 Update package version
• 7e208a5 Fix
• 2ccecb6 3.2.1
• 435d36d LOG-10856 upgrade node-loggly-bulk (Falay dev udacity/cdond-c3-projectstarter#75)
• 1af15d6 3.2.0
• 35c54ed LOG-11499 update dependencies for security reasons (Dev branch udacity/cdond-c3-projectstarter#74)
• c058aff 3.1.1
• 632e8f2 Merge pull request Dev branch udacity/cdond-c3-projectstarter#66 from alfasin/master
• c56320e Print an error to console when fails to deliver a log event to Loggly
• 2542c24 Merge pull request Not prod udacity/cdond-c3-projectstarter#59 from loggly/LOG-8039-update
• cc945fa set version stable
• 6653450 update version
• 7f45e1b update readme
• a46d63c fix "details" prop duplicity
• bc2a7ba code cleaning
• 32d20ec fix empty details
• 65d4270 redo tests
• 644466d use lodash.clonedeep instead of clone
• 583e02e fix sending splats
• 95225d9 update version
• efb5a49 code cleaning
• 3d9ca73 remove legacy code
• 8df87fe Merge remote-tracking branch 'origin/master' into LOG-8039-update

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)