[Snyk-dev] Fix for 22 vulnerabilities

[lili2311]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/notification-service/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-DATEANDTIME-1054430	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-FIREBASEUTIL-1038324	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-I18NEXT-1065979	Yes	No Known Exploit
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	Yes	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: i18next

The new version differs by 250 commits.

• aeab3ca 19.8.5
• f58c423 new version
• 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
• 2dc8267 Merge pull request [iOS/Android] Request payment is not received for user B when user A send the payment request to user B  celo-org/celo-monorepo#1533 from pravi/update-rollup-plugin-babel
• dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
• 4f9ef14 Merge pull request [iOS] Toast message “Backup Key copied” is not shown when taps on “Copy” button from “Your Backup Key” screen  celo-org/celo-monorepo#1532 from pravi/update-node-resolve-plugin
• a90fb69 chore: update rollup and plugins
• ad88092 use fallbackLng as default lng
• ba564b3 19.8.4
• 1816290 prepare new release
• 1ed5a71 Updated FormatFunction signature to match codebase (Status bar changes background color for no clear reason when scrolling in feed celo-org/celo-monorepo#1520)
• 2516e89 Update config.yml
• 94dd384 Update config.yml
• 877e250 commit build result
• fa98508 Merge pull request Enable Celo Lite has some UI problems celo-org/celo-monorepo#1518 from KristjanESPERANTO/patch-1
• 749519e Update URLs
• 03ef4ed 19.8.3
• ed6169f fix prototype pollution with constructor
• 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (Remove ContractKit/Protocol building from Transaction Metrics Exporter Docker Image celo-org/celo-monorepo#1513)
• cb780ad 19.8.2
• d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in [Wallet] Remove QR debouncing to improve responsiveness celo-org/celo-monorepo#1480)
• 685aa0f 19.8.1
• b44f64c log optimizations for clone instances
• ba2613b 19.8.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cryptographic Issues
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn