[Snyk] Security upgrade cookie-parser from 1.4.6 to 1.4.7

[aravindvnair99]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • functions/package.json
  • functions/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cookie-parser

The new version differs by 12 commits.

• 5d61e1e 1.4.7
• ccf1f54 deps: [email protected] (chore(deps): bump @tensorflow/tfjs-core from 3.8.0 to 3.9.0 in /functions #116)
• 429cfd4 ci: Use GITHUB_OUTPUT envvar instead of set-output command ([Snyk] Upgrade @tensorflow/tfjs-converter from 3.3.0 to 3.7.0 #100)
• ca4c97e ci: fix errors in ci pipeline for node 8 and 9 (chore(deps-dev): bump eslint from 7.30.0 to 7.31.0 in /functions #104)
• 97bdf39 ci: add support for OSSF scorecard reporting (chore(deps): bump firebase-admin from 9.10.0 to 9.11.0 in /functions #103)
• e5862bd build: [email protected]
• f0688d2 build: [email protected]
• 44ec541 build: [email protected]
• 695435a deps: [email protected]
• f66e7e1 build: [email protected]
• 05e40b1 build: [email protected]
• bc1d501 build: use [email protected] for Node.js 6.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[guardrails]

⚠️ We detected 8 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 4b06420 path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 4b06420 result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

Vulnerable Libraries (6)

Severity	Details
Medium	pkg:npm/[email protected] upgrade to: 1.6.0
Critical	pkg:npm/[email protected] upgrade to: > 11.3.0
High	pkg:npm/[email protected] upgrade to: > 0.3.1
N/A	pkg:npm/[email protected] upgrade to: 3.1.10
High	pkg:npm/[email protected] upgrade to: > 4.2.1
Critical	pkg:npm/@tensorflow/[email protected] upgrade to: > 3.14.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.