[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • SCA/JS/package.json
  • SCA/JS/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-TOTALJS-1088607	No	Proof of Concept
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 50 commits.

• 80d259f Version bump
• 3f00a03 Fixed [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#176
• 650e752 Fixed wrong date on files (issue [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 snyk-matt/goof-platform#203)
• d01fa8c Fixed bugs introduced with 0.4.9
• c0cc85d Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#219 from jontore/master
• 39c83a2 Merge pull request [Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#209 from poshta1900/fix
• b94c5dd Merge pull request [Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-matt/goof-platform#227 from hhaidar/master
• c95c553 Merge pull request [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.5 snyk-matt/goof-platform#228 from jmcollin78/patch-1
• cda668c Fix issue [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#218
• 0f2cb41 Fix octal literals so they work in strict mode
• 888931d To support strict mode use 0o prefix to octal numbers
• 89b6f67 Update package.json
• 9592298 Update README.md
• ce59e5a Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#215 from grnd/master
• 38cb4a4 fix: resolve both target and entry path
• 18c3d31 Update package.json
• 666adec Update package.json
• 499d59b Update package.json
• 62f6400 Merge pull request [Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-matt/goof-platform#212 from aviadatsnyk/master
• 6f4dfeb fix: prevent extracting archived files outside of target path
• ef0abe6 add try-catch around fs.writeSync
• e116bc1 Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#208 from pmuens/patch-1
• 12d2099 Fix data accessing example in README
• 032566b Merge pull request [Snyk(Unlimited)] Upgrade typeorm from 0.2.30 to 0.2.31 snyk-matt/goof-platform#204 from BridgeAR/master

See the full diff

Package name: total.js

The new version differs by 5 commits.

• 887b0fa Fixed security issue in `U.set()` and `U.get()`.
• 2fe92a6 Updated changelog.
• 84e6d02 Fixed security issue when parsing query arguments.
• 7004957 Added `insecure` flags to the `U.request()` method.
• 398b691 Added HTML escaping for meta tags.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution