[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-KEYCLOAKCONNECT-575263	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

Commit messages

Package name: keycloak-connect

The new version differs by 42 commits.

• c0e91c1 Set version to 10.0.0
• 1c3758e KEYCLOAK-12771 Added missing type definitions
• c695149 Set version to 10.0.0-dev
• 49f313d [KEYCLOAK-10389] Add verify-token-audience support in the NodeJS adapter
• 0438075 Set version to 9.0.4-dev
• df93857 KEYCLOAK-13389 Fix identity provider urls configuration
• c664a8f [KEYCLOAK-12784] Review dependencies for Node.js adapter
• ecb7e3a KEYCLOAK-12978 Node.js build is broken on Travis due to chromedriver updates
• 9f0d0c8 KEYCLOAK-12974 Fix incorrect urls in nodejs-test-realm.json realm
• 87be0c4 Set version to 9.0.1-dev
• 9fb430a KEYCLOAK-12951 Add run-tests.sh to RH-SSO dist
• 292065e Update issues reported by npm audit
• fca7166 [KEYCLOAK-12428] Extra '/' character in the client > OIDC Json installation file
• 1e472c4 [KEYCLOAK-12820] Update Travis to test the most recent Node.js releases
• 3546dc2 [KEYCLOAK-10442] Undefined variable error on token without any resource_access
• c1ea3e1 [KEYCLOAK-12482] Keycloak Node.js Adapter example realm file cannot be imported
• 5c34de0 fix: errors in typings
• e33dfff KEYCLOAK-12042 Fix doubled slash in realm urls
• b88c2e1 [KEYCLOAK-12341] Replace references to Keycloak dev mailing list in the repositories
• 23d5c39 Update README.md
• eeaccdc KEYCLOAK-11885 Add keycloak.d.ts to "files" property (#222)
• 9f1aba6 Set version to 9.0.0-dev
• 9d8276d [KEYCLOAK-11978] Integration tests failing for the Node.js adapter
• 2730d4b KEYCLOAK-11321 Switch NPM product builds to Indy registry

See the full diff

Package name: xo

The new version differs by 64 commits.

• 084e7a3 0.32.1
• 7d015ac Update devDependency ava from v1.1.0 to v3.9.0 (#490)
• 744090a Update meow from v5.0.0 to v7.0.1 (#489)
• 522d264 Test on Node.js 14 (#488)
• 245f7d3 0.32.0
• 0dd4a9d Disable some problematic rules
• d3abdb6 Add more extensions to `import/extensions` rule
• aa8508b 0.31.0
• 32d96c3 Upgrade dependencies
• 1240dd2 Enable `import/no-anonymous-default-export` and `import/no-named-default` (#472)
• 6a05691 Add support for scoped shareable configs (#480)
• ca21492 Add some eslint-plugin-node rules
• bdc13e2 Fix Travis
• c7d64de 0.30.0
• ca31f1c Upgrade dependencies
• 07e2762 Prevent extraneous newline from `--stdin --fix` (#460)
• a592d3d 0.29.1
• 4783f26 Add `tap-snapshots/*.cjs` to default ignore list (#461)
• 967927d Temporarily disable the `unicorn/string-content` rule (#462)
• 87e3615 0.29.0
• f59ec7b Update dependencies
• e05efc3 Upgrade to Prettier 2.0.4 (#458)
• f20f6d2 Allow `nodeVersion` in XO config to override `engines.node` (#457)
• ec87ef3 0.28.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic