[Snyk] Fix for 4 vulnerabilities

[seansund]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-BRAINTREESANITIZEURL-2339882	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUI-2314885	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUIDIST-2314884	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodemon

The new version differs by 82 commits.

• 27e91c3 fix: update packge-lock
• 0144e4f fix: bump update-notifier to v6.0.0 (#2029)
• c870342 chore: update supporters
• 5c0b472 chore: add supporter
• e26aaa9 fix: support windows by using path.delimiter
• 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
• de5d32a docs: Unified Node.js capitalization (#1986)
• e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
• bc4547b chore: update sponsors
• 07159c5 chore: add supporters
• cd100da chore: update supporters
• 6a34922 chore: supporters
• e5d6067 chore: updating supporters
• 242f9f7 Merge branch 'main' of github.com:remy/nodemon
• 141e58c chore: update supporters
• 53422af ci(release): workflow uses 'npm' cache (#1933)
• 581c641 ci(node.js): workflow uses 'npm' cache (#1934)
• cb1c8b9 docs: Fix typo in faq.md (#1950)
• 54784ab fix: bump prod dep versions
• 26db983 chore: update supporters
• 61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
• b449171 docs: Fix typo in faq.md
• 0a3175f chore: update supporters
• 18516d8 chore: add supporter

See the full diff

Package name: swagger-ui

The new version differs by 250 commits.

• 2879773 improvement(docker): migrate run.sh to docker-entrypoint.d-script (#7915) (#7916)
• 77d0bb9 feat: add modelcollapse to primitive models (#7557)
• c81d7f0 feat(docker): add OAUTH_USE_BASIC_AUTH env (#7474)
• bd19c9c chore(deps): bump @ braintree/sanitize-url from 5.0.2 to 6.0.0 (#7914)
• d064198 fix(auth): add name tag to bearer input field (#7743)
• 076b46c chore(deps-dev): bump @ commitlint/cli from 15.0.0 to 16.2.1 (#7901)
• 8f63462 feat(oauth2): authActions.authPopup plugin accessible wrapper (#7699)
• a5aca55 fix(css): update flex and overflow properties on tags (#7566)
• c60a32a chore(deps-dev): bump cypress from 9.0.0 to 9.5.1 (#7889)
• d191c1c chore(release): cut the v4.6.2 release
• 5874d2b fix(swagger-ui-react): amend prop validation for plugins (#7900)
• 08829b1 chore(deps-dev): bump @ babel/register from 7.16.0 to 7.17.0 (#7887)
• 59acd1b chore(deps-dev): bump jest from 27.4.7 to 27.5.1 (#7886)
• a746013 chore(deps-dev): bump @ babel/eslint-parser from 7.16.3 to 7.17.0 (#7884)
• 3d79c24 fix(examples): allow string created by regex pattern (#7829)
• 7d4086b chore(deps-dev): bump prettier from 2.3.2 to 2.5.1 (#7882)
• 74c527e chore(deps-dev): bump mini-css-extract-plugin from 2.4.6 to 2.5.3 (#7883)
• a165775 chore(deps): bump prop-types from 15.7.2 to 15.8.1 (#7881)
• 1dd3ef6 chore(release): cut the v4.6.1 release
• 4109efd fix(docker-nginx): Output yml/yaml as text/plain (#7749)
• 09a403f docs: move summary to README (#7816)
• 434e9cf chore(deps-dev): bump eslint-plugin-jest from 25.2.4 to 26.1.1 (#7870)
• 3eb0528 fix(oauth2): addEventListener only if document state is not 'loading' (#7879)
• 824917c fix(oauth2): addEventListener only if document state is not 'loading' (#7828)

See the full diff

Package name: swagger-ui-express

The new version differs by 12 commits.

• aa3d56a Bumped version of swagger-ui-dist and moved js template usage
• ff10df4 Update README.md
• fe789d8 Update README.md
• d07439b Merge pull request #270 from jdgarcia/security-update
• 9011cdf Merge pull request #269 from artyhedgehog/patch-1
• e09c35f update swagger-ui-dist dependency to fix security vulnerabilities
• de8e7eb readme: fix broken link to swagger-jsdoc
• 5824af0 Merge pull request #236 from H3nSte1n/feature/Add_converage_section_to_readme
• da7b5ff feat: Remove Coverage headline from README
• b46e892 feat: Add coverage section to README
• feb0664 Merge pull request #235 from tingstad/patch-1
• 1699685 Update README - two swagger documents (typo)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Cross-site Scripting (XSS)