[Snyk] Security upgrade express-fileupload from 0.0.5 to 1.1.10

[cdobru]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	165

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[cdobru]

This is a major version upgrade that introduces new features and important security fixes, but the primary breaking change was reverted before the target version.

Key Changes:

• MD5 Property: A breaking change was introduced in v1.0.0 where the file.md5 property was changed from a checksum string to a function. However, this was reverted in v1.1.1. Since the target version is 1.1.10, the md5 property remains a checksum string, resulting in no net breaking change for this specific upgrade path. [1]
• New Features: The new versions add several non-breaking features, including the ability to use temporary files (useTempFiles) and a debug option. [1]
• Security Fixes: This upgrade is recommended as it fixes multiple vulnerabilities present in earlier 1.x versions, including a Prototype Pollution vulnerability (CVE-2020-7699) and a Denial of Service issue. [7, 6]

Recommendation:
No immediate code changes are required due to the md5 property being reverted. The upgrade is safe and recommended for the security patches.

Source: NPM Documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cdobru]

⛔ Snyk checks have failed. 13 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (13)
⛔	Open Source Security	0	5	8	0	13 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[bojtetami]

⛔ Snyk checks have failed. 13 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (13)
⛔	Open Source Security	0	5	8	0	13 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cdobru]

⛔ Snyk checks have failed. 13 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (13)
⛔	Open Source Security	0	5	8	0	13 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.