[Snyk] Security upgrade tedious from 14.3.0 to 16.6.1

[bluemel-gov]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • api/package.json
  • api/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tedious

The new version differs by 121 commits.

• 57998f2 fix: add Node.js v20 support by bumping `@ azure/identity` to `v3.4.1` (#1575)
• d26df9b docs: fix various typos (#1589)
• 78a4530 feat: improve performance of response data parsing (#1580)
• 443701f feat: improve performance on Node.js 16 by disabling class property definitions (#1581)
• f4d91f1 chore: fix benchmark files (#1578)
• 8c7e440 fix: handle timeouts during tls negotiation for `strict` encryption (#1564)
• 4f3e210 test: allow easier test debugging via `TEDIOUS_DEBUG` env variable (#1567)
• 0f105c6 chore: replace `isolatedModules` with `verbatimModuleSyntax` (#1555)
• 2b27531 test: fix TDS 8.0 test cases not being executed correctly (#1565)
• b78df14 feat: add redirect info to connection errors (#1527)
• c02e30f feat: add TDS8.0 Support for tedious (#1522)
• 07cac40 test: fix TVP test not working on Azure SQL (#1556)
• 299d576 chore: update devcontainer configuration (#1548)
• 9359077 chore: upgrade dependencies (#1554)
• af9ed26 chore: upgrade some dependencies to their latest versions (#1549)
• ae51c05 chore: remove commit lint messages check (#1553)
• a093a25 chore: fix devcontainer setup (#1543)
• a37199b feat: support TVP parameters in `Connection.execSql` (#1327)
• ed02374 docs: add comment about a request lasting longer than its timeout (#1486)
• 9070fa3 ci: update windows ci download links (#1544)
• e4eadf8 feat: add connector factory method (#1540)
• d075b9c chore: upgrade to `node-abort-controller@3.1.1` (#1537)
• f76fb87 ci: update windows sql server 2019 and 2022 update urls (#1538)
• 2859339 ci: also run integration tests against sql server 2016, 2017 & 2019 on windows (#1531)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Authentication
🦉 More lessons are available in Snyk Learn