[Snyk] Fix for 9 vulnerabilities

[wishtree-plokhande]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-6056525	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NEDB-1305279	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bcrypt

The new version differs by 19 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request #856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request #852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request #851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request #825 from dogon11/patch-1
• 2821c03 Merge pull request #811 from techhead/use_buffers
• 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: #828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag

See the full diff

Package name: grunt

The new version differs by 14 commits.

• ffa6775 1.4.0
• 63b2e89 Merge pull request #1728 from gruntjs/update-deps-changelog
• 106ed17 Update changelog and util dep
• 49de70b Merge pull request #1727 from gruntjs/update-deps-apr
• 47cf8b6 Update CLI and nodeunit
• e86db1c Merge pull request #1722 from gruntjs/update-through
• 4952368 Update deps
• 6f49017 1.3.0
• faab6be Merge pull request #1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request #1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request #1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log

See the full diff

Package name: sails

The new version differs by 103 commits.

• e46c83b 1.5.1
• 023319e Update version of prompt to 1.2.1 (#7202)
• ed349a1 Add note about supported versions of Postgres
• 15b43ff Merge pull request #7181 from balderdashy/update-upgrading-to-1.0-docs
• 39e34cd Update To1.0.md
• 9c821ec Add note about undefined attributes
• 799f2c0 Update README.md
• 2533f67 Fix broken link in docs
• ead0403 1.5.0
• 6199f96 Merge pull request #7172 from ElizabethForest/master
• 4bc6054 Merge pull request #7176 from sailscastshq/docs-typo-fix
• 71844d4 fix: correct misspelt waterline
• 780864e Merge pull request #7175 from jarodccrowe/master
• 72609ac going over this PR with @ mikermcneil
• b2bcf39 Add documentation regarding a breaking change in SSL connection syntax
• 384e796 Merge pull request #7174 from eltociear/patch-1
• 4a081c7 Fix typo in sails-run.js
• 8c9012c Restore Construction Type
• 869c0f3 disable no-unused-vars check
• 9747d06 add handleConstructingSessionStore to allow for more flexibility
• 0ad5947 Fix tests - avoid having mongo cause issues for later tests
• cc0820b support connect-mongo v4
• f399a2a Merge pull request #7158 from zsteinkamp/patch-1
• 1b1ca7c Small text correction

See the full diff

Package name: sails-disk

The new version differs by 17 commits.

• 569a44e 2.1.1
• 148ec31 Merge pull request [Snyk] Security upgrade aws-sdk from 2.720.0 to 2.1354.0 #61 from balderdashy/use-nedb-fork
• ff29d16 use @ sailshq/nedb, update require
• 70790fd 2.1.0
• 7d587f3 Slightly more generic naming (like https://github.com/added meta option makeLikeModifierCaseInsensitiveInMongo  balderdashy/sails-mongo#470/commits/2d659ff299b6f067ff340c907b2ceb1ec9bc0cbc)
• a16b775 Obey 'makeLikeModifierCaseInsensitive' meta key. (like anterodev's https://github.com/added meta option makeLikeModifierCaseInsensitiveInMongo  balderdashy/sails-mongo#470)
• 52b74b5 2.0.0
• 809ccc2 2.0.0-2
• a86b65a Merge pull request [Snyk] Security upgrade azure-storage from 2.10.3 to 2.10.4 #60 from balderdashy/mongo-mode
• 14a559c Update node support
• cc94140 2.0.0-1
• af8bc9e improve error messages
• b30bbca 2.0.0-0
• b1b8649 Allow using mongo-like object ids for pks
• bc5f727 clarifying another comment
• e5f6248 Tolerate pk attr with autoMigrations.imitateMongo: true (+ clarify some comments)
• c14c515 conventional require order

See the full diff

Package name: sails-hook-orm

The new version differs by 28 commits.

• 9cc202d 4.0.1
• ab0734f Bump up version of prompt to 1.2.1 (Bump path-parse from 1.0.6 to 1.0.7 #26)
• 3a6dc7e 4.0.0
• 51aef86 Merge pull request Bump tar from 4.4.13 to 4.4.15 #25 from balderdashy/upgrade-waterline-dependency
• 962fbeb waterline 0.14.0 -> 0.15.0
• 9c2a3c7 3.0.2
• f194253 Use strict semver range for externally maintained package
• addda7b Merge pull request [Snyk] Security upgrade nodemailer from 6.4.10 to 6.6.1 #24 from DominusKelvin/fix-node-14-warnings
• d975de5 fix: update prompt version to fix node 14 warnings
• 775cb93 Update appveyor.yml
• 0f03d92 Update .travis.yml
• 86e431e 3.0.1
• b09072e Use sails-disk@2 out of the box
• 13c6a95 3.0.0
• 5728cbf 3.0.0-2
• b9361d6 updated defaultsTo error message (Bump nodemailer from 6.4.10 to 6.4.16 #20)
• a629313 Add todos about better sniffing for 'during' procedural params (.leaseConnection() and .transaction()). See https://github.com/Connection error when using PostgreSQL transactions balderdashy/sails#4573
• 64d1fb6 3.0.0-1
• 9546690 Start using waterline 0.14.0-0 prerelease
• 4c68832 3.0.0-0
• 86cdbd6 Merge pull request [Snyk] Security upgrade grunt from 1.2.1 to 1.3.0 #12 from wulfsolter/patch-1
• cf1cd3e Update help-send-native-query.js
• 193eb7f Merge pull request Bump grunt from 1.2.1 to 1.3.0 #17 from wulfsolter/patch-2
• f46232e Merge pull request Bump lodash from 4.17.19 to 4.17.21 #18 from louistiti/fix-docs-anchor-link

See the full diff

Package name: sails-mongo

The new version differs by 41 commits.

• 995c476 2.0.0
• 54f03b2 Merge pull request #491 from balderdashy/pr/483
• 5fce6ff Revert "Remove .jshint"
• 72b38d1 Revert a change to a comment
• 82e1fa7 Remove links from "license" section (moved to sails docs)
• a9177b0 Remove documentation from README and link to relevant doc pages (made a separate PR to the docs adding that content)
• a9c5b35 Remove `Roadmap` section from README and move configuration options into `Compatibility` section
• 045b092 Revert "Revert "Merge pull request #489 from luislobo/patch-2""
• 6f02ce2 Revert "Temporarily revert merged PR #483"
• 4d0d2bb Merge branch 'master' into pr/483
• 384758b Temporarily revert merged PR #483
• 88b3f78 Revert "Merge pull request #489 from luislobo/patch-2"
• f2aad81 Merge pull request #489 from luislobo/patch-2
• 8c74bc1 Update CHANGELOG version
• 2b3eb9e 2.0.0-0
• d6ea6cd Merge pull request #483 from Josebaseba/master
• 6c7189d 2.0.0-0
• f78f9fc Remove comment that seems out-of-date now
• 5c06944 Merge branch 'master' into master
• 69d0cdf Update config-whitelist.constant.js
• 0df9191 Merge pull request #486 from luislobo/fix-changelog-author-links
• 7d2c991 Merge pull request [Snyk] Upgrade aws-sdk from 2.720.0 to 2.721.0 #1 from luislobo/upgrade-mongodb-drivers
• 2a638df Updates changelog and readme
• d0b14f6 Updates mongodb version, and makes version 1.3.0 for more safety

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn