[Snyk] Upgrade: , better-sqlite3, dotenv, eris, express, got, puppeteer, sqlite3, yuuko

[whizbangpop]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@pm2/io
from 5.0.0 to 5.0.2 | 1 version ahead of your current version | a year ago
on 2023-09-12
better-sqlite3
from 7.5.1 to 7.6.2 | 5 versions ahead of your current version | 2 years ago
on 2022-07-15
dotenv
from 16.0.0 to 16.4.5 | 20 versions ahead of your current version | 7 months ago
on 2024-02-20
eris
from 0.16.1 to 0.17.2 | 4 versions ahead of your current version | 2 years ago
on 2023-03-09
express
from 4.17.3 to 4.19.2 | 7 versions ahead of your current version | 6 months ago
on 2024-03-25
got
from 11.8.3 to 11.8.6 | 2 versions ahead of your current version | 2 years ago
on 2022-12-08
puppeteer
from 14.1.0 to 14.4.1 | 7 versions ahead of your current version | 2 years ago
on 2022-06-17
sqlite3
from 5.0.8 to 5.1.7 | 12 versions ahead of your current version | 8 months ago
on 2024-01-05
yuuko
from 2.3.2 to 2.3.3 | 1 version ahead of your current version | 2 years ago
on 2022-10-21

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary Code Execution SNYK-JS-SQLITE3-3358947	519	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	519	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	519	No Known Exploit

Release notes

Package name: @pm2/io

• 5.0.2 - 2023-09-12
  
  • up deps
• 5.0.0 - 2021-04-01
  No content.

from @pm2/io GitHub release notes

Package name: better-sqlite3

• 7.6.2 - 2022-07-15
  

  What's Changed

  • Update prebuild dependency to v11.0.4 by @ m4heshd in #845
  • Add support for electron v19 prebuilds by @ m4heshd in #834

  Full Changelog: v7.6.1...v7.6.2

• 7.6.1 - 2022-07-14
  

  What's Changed

  • Update SQLite to version 3.39.1 by @ JoshuaWise in #841

  Full Changelog: v7.6.0...v7.6.1

• 7.6.0 - 2022-07-09
  

  What's Changed

  • Update troubleshooting.md by @ thonkinator in #752
  • Update troubleshooting.md by @ mceachen in #814
  • Update SQLite to version 3.39.0 by @ JoshuaWise in #828

  New Contributors

  • @ thonkinator made their first contribution in #752

  Full Changelog: v7.5.3...v7.6.0

• 7.5.3 - 2022-05-16
  

  Full Changelog: v7.5.2...v7.5.3

• 7.5.2 - 2022-05-15
  

  What's Changed

  • Add support for Node v18 prebuilds by @ m4heshd in #800
  • Upgrade SQLite to 3.38.5. Update dependencies. by @ mceachen in #808

  Full Changelog: v7.5.1...v7.5.2

• 7.5.1 - 2022-04-07
  

  What's Changed

  • Upgraded to SQLite version 3.38.2 (see commit and SQLite's release notes)
  • Add support for electron v17 prebuilds by @ m4heshd in #757
  • Add Linux prebuilt binaries for armv7 and arm64 and other improvements by @ m4heshd in #758
  • Removed usage of symlinks during installation, which caused issues on some platforms b544892

  Full Changelog: v7.5.0...v7.5.1

from better-sqlite3 GitHub release notes

Package name: dotenv

• 16.4.5 - 2024-02-20
  

  16.4.5

• 16.4.4 - 2024-02-13
  

  16.4.4

• 16.4.3 - 2024-02-12
  

  16.4.3

• 16.4.2 - 2024-02-10
  

  16.4.2

• 16.4.1 - 2024-01-24
  

  16.4.1

• 16.4.0 - 2024-01-23
  

  16.4.0

• 16.3.2 - 2024-01-19
  

  16.3.2

• 16.3.1 - 2023-06-17
  

  16.3.1

• 16.3.0 - 2023-06-16
  

  16.3.0

• 16.2.0 - 2023-06-16
  

  16.2.0

• 16.1.4 - 2023-06-04
• 16.1.3 - 2023-05-31
• 16.1.2 - 2023-05-31
• 16.1.1 - 2023-05-31
• 16.1.0 - 2023-05-30
• 16.1.0-rc2 - 2023-05-21
• 16.1.0-rc1 - 2023-04-07
• 16.0.3 - 2022-09-29
• 16.0.2 - 2022-08-30
• 16.0.1 - 2022-05-10
• 16.0.0 - 2022-02-02

from dotenv GitHub release notes

Package name: eris

• 0.17.2 - 2023-03-09
  

  Additions

  • Support Discord's gateway resume URLs (d27ef56)
    • In theory, bots may disconnect less after this change
  • Support GuildScheduledEvents (3e62ca7)
  • Support Member#dynamicAvatarURL() (eb40373)
  • Support addGuildMember() (OAuth2-only) (61b3b4f)

  Fixes

  • Fixed audio send/receive in VoiceConnections (135dc35)
  • Added missing props in guildUpdate event (9320ab2)
  • Fixed the permissions check for the CommandClient help command (e43418d)

  Contributors

  • @ abalabahaha
  • @ bsian03
  • @ DonovanDMC
  • @ ebroder
  • @ eritbh
  • @ Loliticos
  • @ motoenduroboy
  • @ TTtie
  • @ YalphaFR
• 0.17.1 - 2022-06-30
  

  Additions

  • Added config option for shard concurrency (05a932a)
  • Support pagination in getGuildBans() (fe16a8f)
  • Support batch-editing channel positions editChannelPositions() (99b1376)
  • Support setting permissionOverwrites in editChannel() (ba4cb94)
  • Support custom intent numbers (f886ebc)
  • Support interaction appPermissions (c7689d0)

  Fixes

  • Fixed Guild#editCommandPermissions() acting like getCommandPermissions() (b8dcd62)
  • Fixed missing presences when getAllUsers and the presences intent are enabled (f7a8e50)
  • Fixed handling of uncached users/threads in getGuildAuditLog() (e888253)
  • Fixed joinVoiceChannel() erroring when the bot member is uncached (162d4ef)
  • Fixed videoQualityMode option in editChannel() (ba4cb94)
  • Fixed voice receive stopping when reconnecting (a9ad12f)
  • Improved handling of shard concurrency (05a932a, 34cd985)
  • Improved error thrown when calling connect() without a token present (bd58677)
  • Fixed docs (d0099b1), typings (a2e3a00, a2a60a5)

  Contributors

  • @ A5rocks
  • @ abalabahaha
  • @ Catboi8
  • @ DonovanDMC
  • @ eritbh
  • @ frobinsonj
  • @ HcgRandon
  • @ HeadTriXz
  • @ jimchen5209
  • @ xaxim
• 0.17.0 - 2022-06-03
  

  Breaking Changes

  • TextVoiceChannel now exists. Previous assumptions about GuildChannels being text XOR voice are no longer valid.
  • The type of Member#premiumSince has been changed to match the documented behaviour. It was previously being (incorrectly) passed through as the Discord-provided ISO timestamp string.

  Additions

  • Support timeouts (1a6e043)
  • Support text-in-voice channels (d6df49a)
  • Support Moderate Members permission (1a6e043)
  • Support concurrent sharding for large bots (36e7a76)
  • Support editing individual channel positions (bb8a45e)
  • Support new 5/20s editStatus() ratelimit (072db2e)
  • Support passing BigInt to Permission#has() (e963166)
  • Expose headers in DiscordHTTPError and DiscordRESTError (2712a85)

  Fixes

  • Fixed Member#user property de-sync issues (6619b17)
  • Improve handling of shared ratelimits (2712a85)
  • Fixed incorrect Guild#shard calculation (c1f1f86)
  • Fixed some disconnect-related gateway race conditions (a9b8ad4)
    • Including the occasional zlib data error
  • Fixed bitwise overflow error in VoiceConnection (52db153)
  • Updated Constants.Permissions.all with new permissions (b485352)
  • Fixed error when handling USER_UPDATE for uncached users (c223725)
  • Fixed missing audit log reason when using deleteMessages() (017c18a)
  • Fixed Member#premiumSince parsing (65b1850)
  • Fixed error in unknown interaction type handling (c6b380b)
  • Fixed missing file in interaction createMessage() (9a55be5)
  • Fixed missing defaultPermission in command-related requests (90fad3a)
  • Fixed undefined ThreadChannel#ownerID (4ca306d)
  • Fixed errors in THREAD_MEMBERS_UPDATE handling (6ba5b05, 1a79ef6)
  • Fixed error when building Message#jump for private channel messages (2f7526a)
  • Fixed docs (f4db90e, b7a1189), typings (4c631f5, 98c5c8b, 44dba49, cb8971a, 42e713b, f163a56)

  Contributors

  • @ Awoocado
  • @ beanjo55
  • @ bsian03
  • @ curtisf
  • @ d00mster0
  • @ davidffa
  • @ dd-pardal
  • @ DonovanDMC
  • @ Dramex
  • @ eritbh
  • @ frobinsonj
  • @ GweeKwee
  • @ HcgRandon
  • @ james58899
  • @ Linker-123
  • @ ray-1337
  • @ reinhello
  • @ thetimtoy
  • @ ZixeSea
• 0.16.2 - 2023-03-09
  

  Fixes

  • Fixed audio send/receive in VoiceConnections (bf03a54)
• 0.16.1 - 2021-11-17
  

  Additions

  • Exposed methods for directly sending voice packets (dcf8ff1, 7c39e1a)

  Fixes

  • Fixed reconnect handling (4ac1103)
  • Fixed voice receive errors (56e37c0, fa36f0b)
  • Fixed incorrect thread method references in Guild#getActiveThreads() and Message#createThreadWithMessage() (87473ba)
  • Improved ratelimit handling for deleting messages <=10s old (0f3ebc8)
  • Improved ratelimit handling for getRESTGuildChannels() (7743366)
  • Fixed docs (9dd304b), typings (a4023da, 0bc76c9, 67b28a2)

  Contributors

  • @ abalabahaha
  • @ bsian03
  • @ davidffa
  • @ DonovanDMC
  • @ eritbh
  • @ ZixeSea

from eris GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: [email protected]
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: [email protected]

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: [email protected] and [email protected] by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add [email protected] by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in