[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express-fileupload

• 1.1.6 - 2019-11-19
• 1.1.6-alpha.6 - 2019-10-22
• 1.1.6-alpha.5 - 2019-09-19
• 1.1.6-alpha.4 - 2019-09-12
• 1.1.6-alpha.3 - 2019-09-11
• 1.1.6-alpha.2 - 2019-09-10
• 1.1.6-alpha.1 - 2019-09-10
• 1.1.5 - 2019-06-07
• 1.1.4 - 2019-04-02
• 1.1.3-alpha.2 - 2019-03-25
• 1.1.3-alpha.1 - 2019-03-12
• 1.1.2-alpha.1 - 2019-03-06
• 1.1.1-alpha.3 - 2019-02-18
• 1.1.1-alpha.2 - 2019-02-08
• 1.1.1-alpha.1 - 2018-12-28
• 1.0.0 - 2018-10-18
• 1.0.0-alpha.1 - 2018-09-22
• 0.4.0 - 2018-01-24
• 0.3.0 - 2017-10-07
• 0.2.0 - 2017-08-28
• 0.1.4 - 2017-06-30
• 0.1.3 - 2017-04-30
• 0.1.2 - 2017-03-09
• 0.1.1 - 2017-02-18
• 0.1.0 - 2017-02-18
• 0.0.7 - 2017-02-10
• 0.0.6 - 2017-01-14
• 0.0.5 - 2016-04-22

from express-fileupload GitHub release notes

Package name: marked

• 0.3.18 - 2018-03-22
  
  • Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
  • Updates to our CI pipeline; we're all green! #1098 with the caveat that there is a test that needs to get sorted (help us out #1092)
  • Start ordered lists using the initial numbers from markdown lists (#1144)
  • Added GitHub Pages site for documentation https://marked.js.org/ (#1138)
• 0.3.17 - 2018-02-27
  
  • The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) #1083
  • The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
  • Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
  • New release PR template available #1076
  • Updates to default PR and Issue templates #1076
  • Lint checks + tests + continuous integration using Travis #1020
  • Updated testing output #1085 & #1087
• 0.3.16 - 2018-02-20
• 0.3.15 - 2018-02-19
  

  Fixes unintended breaking change from v0.3.14

• 0.3.14 - 2018-02-16
  
  • Marked has a new home under the MarkedJS org! Other advances soon to come.
  • Updated minifier.
  • Various parser fixes
• 0.3.13 - 2018-02-16
• 0.3.12 - 2018-01-09
  
  • Addresses issue where some users might not have been able to update due to missing use strict #991
  • Parser fix #977
  • New way to perform tests with options and running individual tests #1002
  • Improved test cases
  • Improved links
• 0.3.9 - 2017-12-23
  

  We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.

• 0.3.7 - 2017-12-01
  

  Should fix XSS issue discovered.

• 0.3.6 - 2016-07-30
  

  v0.3.6

• 0.3.5 - 2015-07-31
  

  v0.3.5

from marked GitHub release notes

Commit messages

Package name: marked

The new version differs by 250 commits.

• 98c9d14 Update home page
• 5d5fa04 0.3.18
• f886f40 Merge pull request #1147 from 8fold/update-badges
• 044683b Remove Authors ~Head
• cceac77 Merge remote-tracking branch 'upstream/master' into update-badges
• 265d6c1 pre-commit
• 341d128 Merge branch 'master' into update-badges
• eef9de4 Add /docs directory for GitHub Pages (#1138)
• 682b9c6 grammar
• e3489ca Add marked mark maker badge
• 03d0ed0 [editorconfig]: All md files except in test use tab (#1111)
• c22be25 Create CNAME for marked.js.org
• 35214c5 Add initial docs with logo
• 3e681a6 Move most of README.md to /docs/README.md
• 94b8b3e Move existing docs to /docs dir
• 2509660 Rename doc to docs
• d4e7bb4 Code of conduct (#1094)
• 214468b Merge pull request #1121 from UziTech/jasmine
• ad0585d Merge pull request #1122 from alextrastero/patch-1
• e3a988c Fix usage links in README
• ecbf4b0 Minor docs update for easier maintenance (#1116)
• 5768180 travis build stages (#1113)
• 9c6c13f fix tests
• 79325aa add tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.