[Snyk] Upgrade: , node-fetch, , , argon2, big-integer, bootstrap, braintree-web-drop-in, bufferutil, core-js, koa, oidc-client-ts, tldts, utf-8-validate, zone.js

[TheAutisticTechie]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@koa/router
from 12.0.0 to 12.0.1 | 1 version ahead of your current version | a year ago
on 2023-10-12
node-fetch
from 2.6.12 to 2.7.0 | 2 versions ahead of your current version | a year ago
on 2023-08-23
@microsoft/signalr
from 6.0.21 to 6.0.25 | 3 versions ahead of your current version | 10 months ago
on 2023-11-14
@microsoft/signalr-protocol-msgpack
from 6.0.21 to 6.0.25 | 3 versions ahead of your current version | 10 months ago
on 2023-11-14
argon2
from 0.31.0 to 0.40.3 | 8 versions ahead of your current version | 3 months ago
on 2024-05-25
big-integer
from 1.6.51 to 1.6.52 | 1 version ahead of your current version | 10 months ago
on 2023-11-21
bootstrap
from 4.6.0 to 4.6.2 | 2 versions ahead of your current version | 2 years ago
on 2022-07-19
braintree-web-drop-in
from 1.40.0 to 1.43.0 | 5 versions ahead of your current version | 2 months ago
on 2024-07-12
bufferutil
from 4.0.7 to 4.0.8 | 1 version ahead of your current version | a year ago
on 2023-10-15
core-js
from 3.32.0 to 3.38.0 | 14 versions ahead of your current version | a month ago
on 2024-08-04
koa
from 2.14.2 to 2.15.2 | 3 versions ahead of your current version | 6 months ago
on 2024-03-21
oidc-client-ts
from 2.3.0 to 2.4.0 | 1 version ahead of your current version | 10 months ago
on 2023-10-27
tldts
from 6.1.0 to 6.1.39 | 39 versions ahead of your current version | a month ago
on 2024-08-10
utf-8-validate
from 6.0.3 to 6.0.4 | 1 version ahead of your current version | 4 months ago
on 2024-05-10
zone.js
from 0.12.0 to 0.14.10 | 14 versions ahead of your current version | a month ago
on 2024-08-05

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	696	Proof of Concept

Release notes

Package name: @koa/router

• 12.0.1 - 2023-10-12
  
  • fix: fixed API ToC > Index to preserve links due to remark issue 072b545
  • fix: fixed remark-cli version and markdown 147a934
  • chore: bump deps, fixed linting 9a45a3b
  • revert conversion of 'debug' package for 'node:util::debuglog' (#173) 04884de
  • fix: revert version bump due to <bc135480d4ab41ca4570c7af4cddfb4dc27b825c\#r129747049> 8d390a9
  • fix the two routes with the same path conflicts (#160) bc13548
  • Suggest installing types as dev dependencies (#163) ae98680
  • fix: invalid directory link. (#162) ceb3d16

  v12.0.0...v12.0.1

• 12.0.0 - 2022-07-19
  
  • chore: fixed linting 8042eb6
  • URL-encode path parameters for Router.url (#116) 94039ef

  v11.0.1...v12.0.0

from @koa/router GitHub release notes

Package name: node-fetch

• 2.7.0 - 2023-08-23
  

  2.7.0 (2023-08-23)

  Features

  • AbortError (#1744) (9b9d458)
• 2.6.13 - 2023-08-18
  

  2.6.13 (2023-08-18)

  Bug Fixes

  • Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736
• 2.6.12 - 2023-06-29
  

  2.6.12 (2023-06-29)

  Bug Fixes

  • socket variable testing for undefined (#1726) (8bc3a7c)

from node-fetch GitHub release notes

Package name: @microsoft/signalr

• 6.0.25 - 2023-11-14
  

  Release

  What's Changed

  • Fix pRequestInfo INVALID_POINTER_READ caused by GCs (v6 backport) by @ NGloreous in #50447
  • [release/6.0] Update jquery-validation to v1.19.5 by @ MackinnonBuck in #50484
  • Merging internal commits for release/6.0 by @ vseanreesermsft in #50661
  • Update branding to 6.0.24 by @ vseanreesermsft in #51115
  • [release/6.0] (deps): Bump src/submodules/googletest from 8a6feab to e47544a by @ dependabot in #51049
  • [release/6.0] Fix DragDrop_CanTrigger() flakiness by @ MackinnonBuck in #51142
  • [release/6.0] Dispose CTS in HubConnection streaming by @ github-actions in #51139
  • Merging internal commits for release/6.0 by @ vseanreesermsft in #51265
  • [release/6.0] Update dependencies from dotnet/arcade by @ dotnet-maestro in #51329
  • Update branding to 6.0.25 by @ vseanreesermsft in #51478

  Full Changelog: v6.0.24...v6.0.25

• 6.0.23 - 2023-10-10
  

  Release

• 6.0.22 - 2023-09-12
  

  Release

• 6.0.21 - 2023-08-08

from @microsoft/signalr GitHub release notes

Package name: @microsoft/signalr-protocol-msgpack

• 6.0.25 - 2023-11-14
  

  Release

  What's Changed

  • Fix pRequestInfo INVALID_POINTER_READ caused by GCs (v6 backport) by @ NGloreous in #50447
  • [release/6.0] Update jquery-validation to v1.19.5 by @ MackinnonBuck in #50484
  • Merging internal commits for release/6.0 by @ vseanreesermsft in #50661
  • Update branding to 6.0.24 by @ vseanreesermsft in #51115
  • [release/6.0] (deps): Bump src/submodules/googletest from 8a6feab to e47544a by @ dependabot in #51049
  • [release/6.0] Fix DragDrop_CanTrigger() flakiness by @ MackinnonBuck in #51142
  • [release/6.0] Dispose CTS in HubConnection streaming by @ github-actions in #51139
  • Merging internal commits for release/6.0 by @ vseanreesermsft in #51265
  • [release/6.0] Update dependencies from dotnet/arcade by @ dotnet-maestro in #51329
  • Update branding to 6.0.25 by @ vseanreesermsft in #51478

  Full Changelog: v6.0.24...v6.0.25

• 6.0.23 - 2023-10-10
  

  Release

• 6.0.22 - 2023-09-12
  

  Release

• 6.0.21 - 2023-08-08

from @microsoft/signalr-protocol-msgpack GitHub release notes

Package name: argon2

• 0.40.3 - 2024-05-25
• 0.40.2 - 2024-05-25
  

  Fix issue with publishing tags starting with v

• 0.40.1 - 2024-02-22
• 0.40.0-alpha.3 - 2024-01-10
• 0.40.0-alpha.2 - 2023-12-30
• 0.40.0-alpha.1 - 2023-12-20
• 0.31.2 - 2023-11-04
  

  Note: this is the last version that will support Node 16 since it's support has ended on 2023-09-11. Please upgrade to 18 or preferably 20 as soon as possible.

  What's Changed

  • Fix macos m1 build/release by @ CarsonF in #387
  • Change workflow bridge routes by @ RavelloH in #388

  New Contributors

  • @ CarsonF made their first contribution in #387
  • @ RavelloH made their first contribution in #388

  Full Changelog: v0.31.1...v0.31.2

• 0.31.1 - 2023-09-01
  

  Maintenance release intended to fix missing prebuilts due to failure when building v0.31.0

  Note: v0.31.x will be the last version supporting Node v16. Please update to Node v18 or newer.

  Full Changelog: v0.31.0...v0.31.1

• 0.31.0 - 2023-08-02
  

  What's Changed

  • Security update: bump @ mapbox/node-pre-gyp by @ jdforsythe in #383

  Please update to v0.31.0 as soon as possible.

  New Contributors

  • @ abcfy2 made their first contribution in #371
  • @ jdforsythe made their first contribution in #383

  Full Changelog: v0.30.3...v0.31.0

from argon2 GitHub release notes

Package name: big-integer

• 1.6.52 - 2023-11-21
  No content.
• 1.6.51 - 2021-11-10
  No content.

from big-integer GitHub release notes

Package name: bootstrap

• 4.6.2 - 2022-07-19
  

  Highlights

  • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
  • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
  • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
  • Improved accessibility around our dropdowns, color contrast, and role attributes.
  • Fixed some broken links to supporting documentation.
  • Updated dependencies across the board.

  What's Changed

  • Removed blurred background reference from the Toast Docs. by @ pricop in #35190
  • Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls, more resources by @ patrickhlauke in #35427
  • v4-dev backports and updates by @ XhmikosR in #35482
  • Backport #35556 by @ julien-deramond in #35558
  • Tweak toast docs by @ patrickhlauke in #35633
  • v4-dev backports and updates by @ XhmikosR in #35642
  • Doc: Reorder alphabetically lists of components by @ julien-deramond in #36128
  • Updated the small-font-size to use a round value by @ pricop in #36172
  • v4 dev backports and updates by @ XhmikosR in #35767
  • _custom-forms.scss: fix order of attributes by @ twin-elements in #36231
  • Replace the deprecated color-adjust with print-color-adjust by @ AdrianCurtin in #36283
  • [v4] Doc: remove role="group" from some split drop* buttons by @ julien-deramond in #36254
  • Dynamic tabs: use buttons rather than links (backport to v4) by @ patrickhlauke in #33163
  • v4 dev updates by @ XhmikosR in #36430
  • Fix closing HTML tag in navs docs by @ julien-deramond in #36466
  • v4: Horizontal collapse by @ mdo in #36434
  • Fixing tabs' tests v4 by @ louismaximepiton in #36485
  • Docs: fix some ARIA Authoring Practices Guides broken links by @ julien-deramond in #36490
  • v4 - Remove confusing unnecessary id/aria-labelledby for dropdown menus by @ patrickhlauke in #36491
  • v4 Docs: outdated ARIA/PF link, expand contrast explanation in accessibility.md by @ patrickhlauke in #36492
  • v4: Improve accessible name of version dropdown in docs navbar by @ patrickhlauke in #36504
  • Update devDependencies by @ XhmikosR in #36522
  • Docs: update clipboard.js to v2.0.11 by @ julien-deramond in #36631
  • Update devDependencies by @ XhmikosR in #36724
  • v4: Add Fathom by @ mdo in #36727
  • Docs: Capitalize Unicode by @ julien-deramond in #36735
  • Release v4.6.2 by @ XhmikosR in #36725

  New Contributors

  • @ twin-elements made their first contribution in #36231
  • @ AdrianCurtin made their first contribution in #36283

  Full Changelog: v4.6.1...v4.6.2

• 4.6.1 - 2021-10-28
  

  What's changed

  • Replace Sass division with multiplication and custom divide() function by @ mdo in #34571
  • Update RFS to v8.1.0 by @ XhmikosR in #34571
  • fix(forms): input-group and validation icons by @ ffoodd in #32968
  • Fix minor visual bug in Firefox caused by moz-focusring by @ kremit in #32821
  • Adjust SAFE_URL_PATTERN regex for use with test method of regexes by @ nikonthethird in #33153
  • Add sms in the SAFE_URL_PATTERN for sanitizer by @ XhmikosR in #35074
  • Adjust feedback icon position and padding for select.form-control by @ mdo in #33206
  • Carousel: use buttons, not links, for prev/next controls by @ patrickhlauke in #33165
  • v4: Sass docs for default variables by @ mdo in #33392
  • Handle complex expressions in add() & subtract() by @ ffoodd in #34047
  • More concise improvements for add() and subtract() by @ ffoodd in #34432
  • Remove aria-haspopup from dropdowns by @ patrickhlauke in #33624
  • Dropdown: support .dropdown-item wrapped in <li> tags by @ cpsievert in #33649
  • Update Node versions in JS tests (drop Node 10, add Node 16), update docs JS assets and add variables for vertical-align in spinners by @ XhmikosR in #33807
  • Replace Freenode with Libera IRC server by @ midzer #34050
  • Fix repetition in the Navbar docs description by @ coliff in