[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	XML External Entity (XXE) Injection SNYK-JS-JSTOXML-1017039	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ali-oss

The new version differs by 97 commits.

• b0f5930 chore: publish 6.17.0
• 96141c6 chore: publish beta version
• 4790a19 chore: build 6.17.0
• e65ec97 chore: update 6.17.0 changelog
• b2cef94 chore(release): 6.17.0
• 7ece938 Merge branch 'master' of github.com:ali-sdk/ali-oss
• a759699 chore: release 6.17.0 (adding support for Alibaba cloud access key/security token authentication aquasecurity/cloudsploit#1047)
• c884299 chore: document the completion
• 45a0730 chore: rebuild
• 95abe3b chore: rebuild
• 7cf195f chore: use stream-http 2.8.2
• 4f19fe6 fix(test): test case optimized (Added ssmManagedInstances plugin and spec aquasecurity/cloudsploit#1045)
• e8eed0a fix(test): test case optimized (SAAS-3401: Added Azure Storage Account TLS version plugin aquasecurity/cloudsploit#1044)
• 4fc3bd4 fix: fix list() and listV2() params and test case (SAAS-3395: Added Lookout Vision Model Data Encrypted Plugin aquasecurity/cloudsploit#1043)
• 9b0e299 chore:merge master
• c60ae46 chore(test): test case optimized (SAAS/3260: Added fsxFileSystemEncrypted plugin and spec aquasecurity/cloudsploit#1041)
• 17206a1 chore(CI):github action optimized (SAAS-3391: Added Lookout Metrics Anomaly Detectors Encrypted Plugin aquasecurity/cloudsploit#1039)
• 2bfd726 chore(CI):github action optimized (SAAS-3380: Added GuardDuty Export Findings Encrypted Plugin aquasecurity/cloudsploit#1040)
• 8e35cad chore(test case): fix test case (SAAS-3383: Added Lookout Equipment Dataset Encrypted Plugin aquasecurity/cloudsploit#1037)
• f7e9255 chore: remove 6.17.0 changelog
• 374231c chore: develop merge master (SAAS-3381: Added Location Tracker Data Encrypted Plugin aquasecurity/cloudsploit#1035)
• 102f362 add multipartUploadCopy method (SAAS/3257: Added wisdomDomainEncrypted Plugin and spec aquasecurity/cloudsploit#1032)
• 2678db8 fix: to append method signatureNotMath (SAAS-3369: Added Video Stream Data Encrypted Plugin aquasecurity/cloudsploit#1033)
• 78ffb5d fix: fix some test error and variable (SAAS-3354: Implemented jitter for AWS custom collector calls aquasecurity/cloudsploit#1030)

See the full diff

Package name: azure-storage

The new version differs by 21 commits.

• ad8472f Merge pull request Alibaba ram user plugin added for inactive user disabled aquasecurity/cloudsploit#702 from EmmaZhu/master
• ddc7e8b Upgrade json-schema to 0.4.0. fixed an issue where customized retry interval doesn't take effact.
• 7a42c7b Merge pull request build(deps): bump lodash from 4.17.20 to 4.17.21 aquasecurity/cloudsploit#699 from Azure/dependabot/npm_and_yarn/validator-13.7.0
• 5c5f836 Bump validator from 13.6.0 to 13.7.0
• c422631 Merge pull request feature/AKD-221: Added Alibaba ECS Open SSH plugin and test cases aquasecurity/cloudsploit#695 from EmmaZhu/validator
• cf37807 Update package version to 2.10.5
• 35676b4 Upgrade validator 13.6.0.
• c2656be Merge pull request feature/AKD-191: Added Alibaba RAM Users MFA Enabled plugin and test cases aquasecurity/cloudsploit#684 from Azure/dependabot/npm_and_yarn/lodash-4.17.21
• d813bde Merge pull request feature/AKD-212: Added Alibaba OSS Bucket Private plugin and test cases aquasecurity/cloudsploit#690 from Azure/dependabot/npm_and_yarn/postcss-7.0.36
• 58c92d1 Bump lodash from 4.17.19 to 4.17.21
• b120cd5 Merge pull request GCP storage plugin added for uniform level access with spec file. aquasecurity/cloudsploit#692 from Azure/dependabot/npm_and_yarn/path-parse-1.0.7
• 0036af3 Merge pull request modification: Modified index to accommodate Alibaba cloud aquasecurity/cloudsploit#682 from Azure/dependabot/npm_and_yarn/handlebars-4.7.7
• 92dac84 Merge pull request spec/virtualMachines: Added test cases for virtual machine plugins aquasecurity/cloudsploit#681 from Azure/dependabot/npm_and_yarn/grunt-1.3.0
• 9efb7bc Merge pull request HOTIX: Fixed undefined resource issue aquasecurity/cloudsploit#674 from Azure/dependabot/npm_and_yarn/elliptic-6.5.4
• ca9449c Bump ini from 1.3.5 to 1.3.8
• 4896fce Bump path-parse from 1.0.6 to 1.0.7
• b64a539 Update readme with links to the new Tables SDK (feature/AKD-224: Added Alibaba RDS Log Duration plugin and test cases  aquasecurity/cloudsploit#689)
• d77d825 Bump postcss from 7.0.32 to 7.0.36
• 18e0ad2 Bump handlebars from 4.7.6 to 4.7.7
• 96c97e4 Bump grunt from 1.2.1 to 1.3.0
• c1af3fa Bump elliptic from 6.5.3 to 6.5.4

See the full diff

Package name: googleapis

The new version differs by 107 commits.

• 20409df chore: release 49.0.0 (syncing with saas aquasecurity/cloudsploit#2022)
• 7de4e78 chore(deps): update dependency null-loader to v4 (syncing with saas aquasecurity/cloudsploit#2044)
• 340f78d chore(deps): update dependency ts-loader to v7 (Syncing with SAAS aquasecurity/cloudsploit#2043)
• 254f878 chore: remove unused dev packages (F/AWS-GuarddutyActiveFindings aquasecurity/cloudsploit#2042)
• f4eb6e0 chore: update lint ignore files (F/aws health lake has tags aquasecurity/cloudsploit#2040)
• 0110f3e docs: update readme for drive readme (F/azure mysql flexible server latest version aquasecurity/cloudsploit#2039)
• 73d284b fix(deps): update common and auth (F/azure mysql server managed identity aquasecurity/cloudsploit#2038)
• 476b71e test: use discovery docs from fixture (F/Azure-mysqlFlexibleServerLogs aquasecurity/cloudsploit#2037)
• 3a3b61d build: remove unused codecov config (Plugin Batch Account Public Access aquasecurity/cloudsploit#2034)
• fea414a feat!: regenerate the API (M/azure/api management service has tags aquasecurity/cloudsploit#2028)
• 48a4f05 chore(dep)!: deprecate node 8 (Azure/gov cloud aquasecurity/cloudsploit#2021)
• 99ebacf test: the kitchen sink system test sometimes times out (hotfix aquasecurity/cloudsploit#2020)
• 05090da fix: apache license URL (remediation: Added SQL Server TLS Version remediation aquasecurity/cloudsploit#468) (Azure/Event-Hubs-Diagnostic-Logs aquasecurity/cloudsploit#2017)
• d15c656 chore: remove duplicate mocha config (Azure/batch account diagnostic logs aquasecurity/cloudsploit#2016)
• 874edc3 build: update templates (Machine learining public access aquasecurity/cloudsploit#2013)
• dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (Machine learing workspace tags aquasecurity/cloudsploit#2012)
• 741c58b chore: update github actions configuration (Fb server log duration aquasecurity/cloudsploit#1999)
• 1fe744b chore(deps): update dependency @ types/rimraf to v3 (Azure/Databricks-Workspace-Managed-Disk-CMK-Encrypted aquasecurity/cloudsploit#1995)
• 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (Azure/Databricks-Workspace-Has-Tags aquasecurity/cloudsploit#1993)
• 0a4db38 chore: release 48.0.0 (containerAppManagedIdentity aquasecurity/cloudsploit#1979)
• 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (Authenticate with AWS IAM Identity Center User aquasecurity/cloudsploit#1988)
• 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (Unable to run Azure Cloud scan aquasecurity/cloudsploit#1989)
• 8677588 build(tests): fix coveralls and enable build cop (update plugin aquasecurity/cloudsploit#1982)
• 0679c78 build: update linkinator config (Container app external access aquasecurity/cloudsploit#1981)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn