[Snyk] Fix for 30 vulnerabilities

[iliutastoica]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	No	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-SAILS-2428337	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Uncaught Exception SNYK-JS-SAILS-5808437	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	No	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYK-3038622	No	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Code Injection SNYK-JS-SNYK-3111871	No	No Known Exploit
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	No	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: critical

The new version differs by 231 commits.

• c5565bf 5.0.2
• 116b9c3 bump dependencies (#544)
• 1d210bf 5.0.1
• 80d6d26 adds missing exports in package.json
• 4749fb3 Update README.md
• d64bb6b 5.0.0
• 58c3958 rewrite paths in lcov.info
• 8cf283f rewrite paths in lcov.info
• 589dcde rewrite paths in lcov.info
• 14122a5 deactivates coveralls debug mode
• cdbdaa3 updates package-lock
• 5df9861 deactivates coveralls debug mode & adds jest coverage config
• c6ad4df coveralls debug mode
• 5e04dce debug coveralls
• 595d9fb debug coveralls
• acf5402 Run coveralls on node 16
• 618dfb6 Removes david dependency badges
• b92a55c audit fix
• b030b79 Bump deps, moves to ESM & require Node.js 14 (#543)
• 3fa92c4 Correct the parameters in callback example (#537)
• 2206d45 Bump got from 11.8.2 to 11.8.5 (#539)
• 8c28b57 Bump async from 3.2.0 to 3.2.2 (#531)
• e3a4e8c TASK: Fix typo in cli help output (#512)
• 08debdc Bump path-parse from 1.0.6 to 1.0.7 (#513)

See the full diff

Package name: sails

The new version differs by 176 commits.

• 99947a5 1.5.7
• 4a023dc Improve virtual request parsing (#7287)
• 406a120 `semver` 4.3.6 » 7.5.2 (#7288)
• 8a63c31 1.5.6
• c7dcb10 [fix] update logic to display local URL (#7285)
• ceb0f3b 1.5.5
• 9127e63 [feat] Implement custom inspect on sails.helpers (#7282)
• ed6bf2e Add note about `initialValues` mutation to create() and createEach() doc pages
• 59b9644 Merge pull request #7277 from Sampfluger88/patch-1
• 34fbba4 Removed "Newsgroup" link
• 3435261 1.5.4
• d6c863e Add note about valuesToSet mutation
• 333a8e9 bump expressjs to version 4.17.3 (#7268)
• 3ad94ff Update helpers.md docs to explain subfolders (#7263)
• 75851f4 [docs] update platzi course link
• 64efed8 [docs] Update whitespace on Attributes.md
• bdd7a1c 1.5.3
• 6f875c0 upgrade ejs to 3.1.7 (#7243)
• e4184a5 Add heading about the __Host- prefix (#7245)
• d666ada bump async to 2.6.4 (#7244)
• 555f51f upgrade minimist to v1.2.6 (#7242)
• 21b874b Documentation: add .populate() note
• c408c31 Update Travis CI config: node -> 16 (#7226)
• fc8d79b Merge pull request #7219 from pbkompasz/patch-1

See the full diff

Package name: sails-disk

The new version differs by 23 commits.

• ac63467 2.1.2
• 0856cd1 Merge pull request [Snyk] Security upgrade critical from 1.3.5 to 2.0.0 #62 from balderdashy/update-dependencies
• 2539cba Merge pull request [Snyk] Security upgrade critical from 1.3.5 to 2.0.0 #63 from balderdashy/eashaw-patch-1
• 5c284b8 Update Travis CI configuration
• 1518cea Update package.json
• fc8baca Update node version in travis tests
• 569a44e 2.1.1
• 148ec31 Merge pull request [Snyk] Security upgrade sails from 1.2.2 to 1.5.11 #61 from balderdashy/use-nedb-fork
• ff29d16 use @ sailshq/nedb, update require
• 70790fd 2.1.0
• 7d587f3 Slightly more generic naming (like https://github.com/added meta option makeLikeModifierCaseInsensitiveInMongo  balderdashy/sails-mongo#470/commits/2d659ff299b6f067ff340c907b2ceb1ec9bc0cbc)
• a16b775 Obey 'makeLikeModifierCaseInsensitive' meta key. (like anterodev's https://github.com/added meta option makeLikeModifierCaseInsensitiveInMongo  balderdashy/sails-mongo#470)
• 52b74b5 2.0.0
• 809ccc2 2.0.0-2
• a86b65a Merge pull request [Snyk] Security upgrade snyk from 1.226.0 to 1.996.0 #60 from balderdashy/mongo-mode
• 14a559c Update node support
• cc94140 2.0.0-1
• af8bc9e improve error messages
• b30bbca 2.0.0-0
• b1b8649 Allow using mongo-like object ids for pks
• bc5f727 clarifying another comment
• e5f6248 Tolerate pk attr with autoMigrations.imitateMongo: true (+ clarify some comments)
• c14c515 conventional require order

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn