Bump open-graph-scraper from 4.7.0 to 4.9.0

[dependabot-preview]

Bumps open-graph-scraper from 4.7.0 to 4.9.0.

Changelog

Sourced from open-graph-scraper's changelog.

4.9.0

• Dropping support for Node10 since it has reach it's end of life
• Setting response.rawBody to the parsed body since response.body is a buffer
• Updating Dependencies

4.8.2

• Adding support for Node16
• Updating Dependencies

4.8.1

• Fixing bug where the title fallback would return multiple titles

4.8.0

• Adding support for Proxies
• Updating Dependencies

4.7.1

• Updating Dependencies to fix a security vulnerability

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[guardrails]

⚠️ We detected 17 security issues in this pull request:

Hard-Coded Secrets (1)

Docs	Details
💡	Title: Hard-coded Secrets, Severity: Medium api-vote.stuysu.org/.github/workflows/nodejs.yml Line 41 in 20c2150 MONGO_URL: mongodb://root:password@localhost:27017/vote-stuysu-org

More info on how to fix Hard-Coded Secrets in General.

---

Insecure File Management (4)

Docs	Details
💡	Title: Use of non-literal require, Severity: High api-vote.stuysu.org/src/graphql/resolvers/index.js Line 23 in 20c2150 resolvers[type] = require(dirPath);
💡	Title: Use of non-literal require, Severity: High api-vote.stuysu.org/src/graphql/resolvers/index.js Line 30 in 20c2150 propResolvers[propName] = require(resolverPath);
💡	Title: Use of non-literal require, Severity: High api-vote.stuysu.org/src/graphql/schema/index.js Line 12 in 20c2150 const schema = require(file);
💡	Title: Use of non-literal require, Severity: High api-vote.stuysu.org/src/models/index.js Line 13 in 20c2150 require(file);

More info on how to fix Insecure File Management in JavaScript.

---

Vulnerable Libraries (8)

Severity	Details
High	axios@unknown - no patch available
Medium	glob-parent@5.1.1 upgrade to >=5.1.2
High	lodash@4.17.19 upgrade to >=4.17.21
Medium	mquery@3.2.2 upgrade to >=3.2.3
Critical	nodemailer@6.4.14 upgrade to >=6.4.16
High	normalize-url@5.3.0 upgrade to `>4.5.0
Medium	ws@6.2.1 upgrade to `>6.2.1
High	y18n@4.0.0 upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

Insecure Use of SQL Queries (4)

Docs	Details
💡	Title: SQL Injection (MongoDB - findOne), Severity: High api-vote.stuysu.org/src/graphql/resolvers/Mutation/login.js Line 45 in 20c2150 .exec();
💡	Title: SQL Injection (MongoDB - findOne), Severity: High api-vote.stuysu.org/src/graphql/resolvers/Query/authenticatedUser.js Line 6 in 20c2150 return User.findOne({ _id: jwt.user.id });
💡	Title: SQL Injection (MongoDB - findOne), Severity: High api-vote.stuysu.org/src/models/election.js Line 87 in 20c2150 .findOne({ _id: this._id })
💡	Title: SQL Injection (MongoDB - findOne), Severity: High api-vote.stuysu.org/src/models/election.js Line 215 in 20c2150 .findOne({ _id: this._id })

More info on how to fix Insecure Use of SQL Queries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.