[Snyk] Upgrade: , dotenv, express, express-openapi-validator

[rish2497]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@i3m/non-repudiation-library
from 2.6.2 to 2.6.4 | 2 versions ahead of your current version | a year ago
on 2023-04-28
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-openapi-validator
from 5.0.3 to 5.3.1 | 12 versions ahead of your current version | a month ago
on 2024-08-05

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Open Redirect SNYK-JS-EXPRESS-6474509	519	No Known Exploit

Release notes

Package name: @i3m/non-repudiation-library

• 2.6.4 - 2023-04-28
  

  2.6.4

• 2.6.3 - 2023-04-17
  

  2.6.3

• 2.6.2 - 2023-04-14
  

  2.6.2

from @i3m/non-repudiation-library GitHub release notes

Package name: dotenv

• 16.4.5 - 2024-02-20
  

  16.4.5

• 16.4.4 - 2024-02-13
  

  16.4.4

• 16.4.3 - 2024-02-12
  

  16.4.3

• 16.4.2 - 2024-02-10
  

  16.4.2

• 16.4.1 - 2024-01-24
  

  16.4.1

• 16.4.0 - 2024-01-23
  

  16.4.0

• 16.3.2 - 2024-01-19
  

  16.3.2

• 16.3.1 - 2023-06-17
  

  16.3.1

• 16.3.0 - 2023-06-16
  

  16.3.0

• 16.2.0 - 2023-06-16
  

  16.2.0

• 16.1.4 - 2023-06-04
• 16.1.3 - 2023-05-31
• 16.1.2 - 2023-05-31
• 16.1.1 - 2023-05-31
• 16.1.0 - 2023-05-30
• 16.1.0-rc2 - 2023-05-21
• 16.1.0-rc1 - 2023-04-07
• 16.0.3 - 2022-09-29

from dotenv GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add Node.js@19.7 by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

from express GitHub release notes

Package name: express-openapi-validator

• 5.3.1 - 2024-08-05
  

  (2024-08-05)

  • Stripped query params for req.url branch arm (#942) (26d06c4), closes #942
  • Update LICENSE (20727ff)
  • version 5.2.1 (aace73c)
  • FIX: issue #917 (#935) (8e66d3f), closes #917 #935
  • fix: upgrade @ apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4 (#937) (f148eeb), closes #937
  • fix: upgrade ajv from 8.14.0 to 8.15.0 (#938) (a1ea81f), closes #938
  • fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#936) (2d75db4), closes #936
  • chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#928) (093bd3c), closes #928

  (2024-06-02)

  • Add express as peer dependency (#907) (4e8bc84), closes #907
  • Add multipart fix when does not exist any body (#905) (5c98d17), closes #905
  • add reponse serializer tests for arrays (bbbd160)
  • pass coerceTypes through (#809) (8f7c678), closes #809
  • Support async operation handler resolver (#921) (a4a7175), closes #921
  • upgrade ajv (a708132)
  • upgrade example 3 (43cccc8)
  • upgrade example 4 (255f20f)
  • v5.2.0 (42cb3ab)
  • chore: apiSpec may be const literal (#854) (e35a07c), closes #854
  • chore(dependencies): bump @ apidevtools/json-schema-ref-parser to 11.6.2 to prevent vulnerability (#9 (61ff0cf), closes #918
  • chore(deps-dev): bump @ babel/traverse (#924) (5a04ea9), closes #924
  • chore(deps): bump axios, @ nestjs/common, @ nestjs/core, @ nestjs/platform-express and @ nestjs/testing (b77150f), closes #925
  • chore(deps): bump webpack and @ nestjs/cli in /examples/9-nestjs (#831) (c0c5f4c), closes #831
  • fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.jso (87d173b), closes #911
  • fix: package.json & package-lock.json to reduce vulnerabilities (#920) (898ceb7), closes #920
  • fix: upgrade @ types/multer from 1.4.7 to 1.4.11 (#897) (a7d67e7), closes #897
  • fix: upgrade path-to-regexp from 6.2.0 to 6.2.2 (#914) (bce2d6a), closes #914

  5.1.6 (2024-02-11)

  • Fixes for 881 - multiple specs w/validateRequests fail (#903) (766806b), closes #903

  5.1.5 (2024-02-10)

  • fixes write-only tests (8c53e58)
  • Support writeOnly + required combination #149 (#756) (4f16ed2), closes #149 #756
  • v5.1.5 (708f2f5)

  5.1.4 (2024-02-09)

  • add cookies to examples 1 and 2 (#891) (2c95d5b), closes #891
  • Direct example broken link to the guide (00a9c8f)
  • fixes badging for build and test (631fb7b)
  • npm audit fix (#892) (2977c0a), closes #892
  • Remove read only and write only fields (#895) (97617fd), closes #895 #627
  • removes lodash.uniq and lodash.zipobject dependencies (#893) (1206802), closes #893
  • Update CONTRIBUTING.md (6d67169)
  • Update README.md (dffda28)
  • Update README.md (bdd0d79)
  • Update README.md (#896) (bb66916), closes #896
  • v5.1.4 (b3d7483)
  • v5.1.4 (509fa22)
  • fix: #887 allow multiple params with wildcard (#898) (2d33d0a), closes #887 #898 #1
  • docs: fix doc typo in README.md (#885) (8a81bf8), closes #885

  5.1.3 (2024-01-27)

  • CLS Context is lost after using multer middleware (#695) (40716fb), closes #695
  • remove examples from schema (#890) (0ad49ec), closes #890
  • v5.1.3 (f806690)
  • v5.1.3 (e567701)

  5.1.2 (2023-12-04)

  • Normalize request body ContentTypes (#863) (0099b0d), closes #863
  • Safer handling of multipart nested JSON body props (#878) (807e09c), closes #878
  • v5.1.1 (4b0c989)

  5.1.1 (2023-11-21)

  • Pass-through HttpError caught in multipart handler (#867) (240c876), closes #867
  • v5.1.0 (a9a3b0b)
  • v5.1.1 (a4e62ac)

  5.1.0 (2023-11-12)

  • Allow optional use of req.url (#857) (f732379), closes #857
  • Reorder upload and security middlewares (#866) (95543d6), closes #866 #865
  • Update build and packaging scripts (#872) (dd4027f), closes #872
  • update version locks (bb8d6b8)
  • v5.1.0 (839f859)

  5.0.5 (2023-08-23)

  • #841 return error thrown in serDes deserializer (#842) (d029401), closes #841 #842
  • fix documentation links (01950b7)
  • fix example schema removal and upgrade patch version (495dabd)
  • fixing default export function issue (#846) (268d38a), closes #846
  • Remove body-parser deps in example (#845) (c73b7c1), closes #845
  • Remove examples from apiDoc when validating requests (#774) (950d429), closes #774
  • Resolve "reference resolves to more than one schema" errors when AJV processes OpenAPI document and (9d215be), closes #853
  • v5.0.5 change history (b5cc33a)

  5.0.4 (2023-04-30)

  • Switch json-schema-ref-parser to non-deprecated package (#829) (