[Snyk] Fix for 1 vulnerabilities

[pantsel]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 250 commits.

• 35b40af Publish
• f18a3ba Merge pull request #840 from clavin/increase-test-timeout-scalars
• a7f44c7 Incrase test timeout multipliers
• 8d56368 Merge pull request #839 from aoberoi/feat-remote-files
• 162b489 synchronize arguments and requiredness with public API docs
• 76a7aee jk the method is cursor pagination enabled
• cc2ef48 apply traditional paging interface instead of repeating arguments
• 0295088 simplify type definitions to make them generatable in the future
• 135b0b9 adds support for the Remote Files API
• bf4f18d Merge pull request [Snyk] Security upgrade ip from 1.1.5 to 1.1.9 #832 from seratch/response_metadata.messages
• 885b680 Merge pull request [Snyk] Security upgrade jsonwebtoken from 8.5.1 to 9.0.0 #795 from slackapi/add_code_of_conduct_file
• 673aaf3 Merge pull request [Snyk] Security upgrade node-sass from 4.14.0 to 5.0.0 #835 from clavin/api-call-extra-debug
• f4f0a30 Merge branch 'master' into add_code_of_conduct_file
• 86e2e89 Resolving linter line-length error
• 267647c Merge branch 'master' into api-call-extra-debug
• 7d36254 Merge branch 'master' into response_metadata.messages
• dd26e23 Merge pull request failed to restart to Konga with LocalDb #797 from deremer/patch-1
• 96b1b39 Merge pull request Unexpected behavior in Konga dashboard: Accepted & Handled count increment on dashboard reload #836 from clavin/fix-integration-test-types
• 54b9661 Level up: verbositiy, clarity, readability
• 2a7c135 Fix ye olde integration type tests
• d903789 Merge pull request an issue when i install konga #799 from clavin/convert-typescript
• b806e32 Merge branch 'master' into convert-typescript
• 3eabc38 Fix documentation & typos, better respond resolved type
• a6b22bc Remove unneeded condition

See the full diff

Package name: grunt-contrib-jst

The new version differs by 11 commits.

• 376f0d0 fix up the line endings on windows
• ed88af9 v2.0.0
• 1bd3d2a Merge pull request adding basic auth support in the konga dashboard , #65 from shailesh-kanzariya/upgrade_lodash_to_4.17.20
• 0d595c2 updated ci script
• e659f27 modified engine prop to nodejs 4.x
• af22b11 bumped lodash, modified jst and test cases to work with latest lodash version
• 719a961 Normalize line endings.
• 285f3ec Trying to fix Windows tests; one is left broken.
• 806ddbe Minor lint tweaks.
• adb8c04 Add AppVeyor support.
• c8bf51f Update grunt-contrib-internal

See the full diff

Package name: nodemailer-mailgun-transport

The new version differs by 14 commits.

• eebbfb3 Merge pull request "angular is not defined" error #84 from framp/master
• 87204df Small refactoring
• 7c861c3 Merge pull request Kong loopback API configuration : strip_request_path no longer works #78 from strix/es6-syntax
• 79f5eb8 Fixed reference to
• 5af88a4 Changed self to simply this.
• fdc108b linting cleanup
• 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
• 4d50b02 Fixed path the handlebars template
• d2352c1 Updated syntax to es6
• 285e420 Merge pull request bootstrap.js error : EACCES: permission denied, mkdir '/kongadata/' #77 from perzanko/master
• ff5ff0b Fixed type in readme
• c4f1a1e updated readme, es6 variables definitions, callback functions, region env info
• 31d6cb3 added vuln badge
• 9fe4182 Update README.md

See the full diff

Package name: sails

The new version differs by 250 commits.

• 3bda9ca 1.1.0
• a127401 Fix typo
• adf3bab 1.1.0-3
• fb6cc8f Use PassThrough stream for file downloads in actions2 (brings in MaA prerelease)
• f709b1e Merge pull request #4486 from oaksofmamre/master
• 9ad1de3 Link names to repos
• ad0b7c4 Update changelog (thanks @ oaksofmamre!)
• 661dfac Fix one more test related to c694f2d2b1db4b9f397c52f540b19d7d4a4125f4
• 8868300 Fix expectations of test to match correct child process output (follow up to c694f2d2b1db4b9f397c52f540b19d7d4a4125f4)
• c694f2d Fix test now that async is no longer included as a dep. in newly generated sails apps (thanks to await and sails.helpers.flow via organics)
• 6e0d30e Pin merge-dictionaries
• f72f5f3 1.1.0-2
• 043623d Fix sails-generate SVR
• 73d1aa9 1.1.0-1
• 8d17695 use prerelease of sails-generate
• 13eb858 Update MODULES.md
• 2b5f6e4 Update MODULES.md
• ef8e98f 2nd follow up to 97082b8e067a490531758f6bcbc471e08874c209 to allow for "$" in route bindings
• a5dedce 1.1.0-0
• 100e4b5 Update error messages for bootstrap/initialize to reflect new reality.
• c66468b Clarify optional-ness of bootstrap callback in comment.
• eaafcc1 1.0.3-4
• 6447a4b Bump skipper dep
• 2eec58d minor clarification

See the full diff

Package name: sails-disk

The new version differs by 85 commits.

• 15faa44 1.0.0
• a2b7ee6 1.0.0-12
• 9d7118c Only set footprint keys for uniqueness violations.
• a2c2261 Add some assertions.
• a222824 Update gitignore and scripts
• 3b3c334 1.0.0-11
• cef95b4 Support updating the primary key value, as long as it's not using _id as the column.
• aad2a15 Set _id column to value of primary key when creating records.
• 333e2d1 1.0.0-10
• c8a26c5 Add shim to replicate MongoDB's behavior w/ `{ $ne: null }` and empty arrays.
• bf92cb8 1.0.0-9
• af97943 Workaround issue with projections including only `_id`
• b5b985b Relax restrictions on using `_id` column in sails disk.
• f4adfd7 Add an entry in the `refCols` dictionary for every model, so we don't have to short-circuit checks for it later
• b494fd9 In `find`, deserialize Buffer objects into `ref` attributes where possible.
• 7aaaaa4 Merge pull request Cannot assign ACL plugin to existing API #58 from balderdashy/expose-lib
• 70ead96 (whoops) Add back 0.10 and 0.12 in appveyor.yml
• beabe7a Merge pull request Can not access the konga #57 from balderdashy/expose-lib
• 9c80187 1.0.0-8
• f7a349d Actually, don't expose the static lib. (No reason to do so, and better to not introduce something experimental if there's any chance it could make an app dependent on random stuff in a dev-only adapter)
• 2d4d97e 1.0.0-7
• f2dd761 Rename afterwards function to avoid perceived scope conflict (whether or not it'd ever actually be a big deal, this avoids any potential future scope issues from refactoring, etc).
• 4051e5e 1.0.0-6
• 250c32e Handle stray error (and a couple of other trivial changes just from when I was reading through the code)

See the full diff

Package name: sails-mongo

The new version differs by 211 commits.

• 18d0f31 1.0.0
• 8d7a5a9 Merge pull request Use kong tags to configure tags for service object #465 from lusid/patch-1
• 18b5494 Adding missing appname to config whitelist
• a5bddd1 Add mongo back to Travis file
• 91e3895 1.0.0-11
• 8c21360 Solve 'TypeError: Cannot read property 'indexOf' of undefined', restoring old error message for when no 'url' is specified (https://snyk.io/redirect/github/balderdashy/sails-mongo/commit/e91c851d48c7a683fbcd507e45bcc6e9a63c21d1#commitcomment-24688823)
• d5a5fcd Update boilerplate
• 89109a4 1.0.0-10
• 81f33c6 Run "unique" feature tests
• a848a7c Transform MongoError instances into regular errors so that Waterline can understand them.
• f19c1dc Merge branch 'Josebaseba-master'
• 5ab4f71 Have `sum` and `avg` return zero if no records match criteria
• f784149 Merge branch 'master' of https://github.com/Josebaseba/sails-mongo into Josebaseba-master
• cd5354d Return null if there are no documents to sum
• 3a0b5e8 Merge branch 'master' of https://github.com/Josebaseba/sails-mongo into Josebaseba-master
• a3dbb81 Merge pull request Passive health checks got "expected an integer" #463 from balderdashy/fix-for-waterline-1405
• c0832cb Skip running native `.sort()` if there's nothing to sort.
• 3464162 Get a grip, eslint.
• 33443de add note about url escaping
• b609ecb Return 0 if there are no documents to sum
• 00ec486 1.0.0-9
• e91c851 Merge pull request [Snyk] Fix for 1 vulnerabilities #461 from balderdashy/allow-mongo-atlas-urls
• fb3af37 Add tests for normalizeDatastoreConfig
• fabcae5 Move check for Atlas URLs into `normalize-datastore-config`

See the full diff

Package name: sails-mysql

The new version differs by 202 commits.

• e9ca5d0 1.0.0
• 1c8eba9 1.0.0-17
• 2384285 Same as 2cc4850eb0fc3ff58eeaef044c2b14379af1be32 but for 2 other occurrences.
• 2cc4850 Apply fix from eslint to properly pass through compileStatement() errors
• ba40d9a Update eslint
• ed86ee1 1.0.0-16
• 227e9ba Bump versions of mariadb tests-- and explicitly test node 8
• 917db33 Use mp-mysql@3 (see https://github.com/Memory leak balderdashy/sails#4264#issuecomment-353152823)
• 5e8ed7e Follow-up to 075d7590dfb5fc51ee7c3084df87261b46ea5356
• 075d759 Update machine runner to v15. (refs https://github.com/Memory leak balderdashy/sails#4264)
• 0d0503c Even better
• 6186297 Update language in config errors
• d1f0791 1.0.0-15
• d511f24 Allow `ref` type attributes to represent any object, not just Buffers.
• 3a62cf5 1.0.0-14
• b8c74aa Merge pull request does konga support cassandra or can we integrate cassandra #349 from balderdashy/revert-utf8mb4-default
• b98a2f0 Revert code that defaults to the `utf8mb4` character set.
• 987f467 Merge pull request Doesn't work properly with 1.1.0rc1 #346 from balderdashy/support-emojis
• 3adc445 1.0.0-13
• 65aa28f lint fix
• 9fd09c9 1.0.0-12
• e9cbd78 Change default charset to support emojis. This also adds some comments and notes for the future.
• 6efdddc 1.0.0-11
• 056b12b use LONGTEXT by default because mysql truncates data silently

See the full diff

Package name: sails-postgresql

The new version differs by 250 commits.

• e9728fe 1.0.0
• 3ee54ac 1.0.0-13
• a2b0da4 Bump mp-postgresql version
• 0266a58 Update `.exec({...})` to `.switch({...})`
• 50a8e22 Update helpers to work w/ new machine runner
• cf3a294 Bypass `bigint` validation for auto timestamps
• b9352bd If invalid model definitions are detected, just return an error message _without_ a stack trace.
• 296f538 Coerce empty string to zero when bigint column type is in use
• 6dea61c Throw an error if `type: 'number'` is used with `columnType: 'bigint'`
• 24164da Update language in config errors
• 67aa86b 1.0.0-12
• cae9019 Stringify strings before using them as values for JSON attributes
• beb7415 1.0.0-11
• 2691491 Allow `ref` type attributes to represent any object, not just Buffers.
• bdf2b7d 1.0.0-10
• 1b34e1f use column name when parsing values
• b004869 1.0.0-9
• a4c8d2c Merge pull request A help message was inverted for the cors plugin #270 from balderdashy/fixes
• 8765654 bump min wl-util version
• 913cad6 key orm by identity rather than table name
• a0ae8a2 add depth validation to pre-process
• 1196975 make sure to process each record when no child statements are needed
• 2c894d2 pass true to process each record deep to show it uses column names
• 5822b3d include strategy type when building the query cache

See the full diff

Package name: sails-sqlserver

The new version differs by 21 commits.

• 5815e09 chore: version bump 2.0.1
• 2f5fd9d fix: add machinepack-mssql dependency
• 5bec31a Merge pull request Konga crashes when adding API key to consumer with no prior keys #4 from intel/sails-v1
• e0c4b0b refactor: use WATERLINE_ADAPTER_TESTS_URL
• d72e2d7 refactor: unused/unneeded references
• 36747d6 feat: support for sails-v1
• 726ecdf chore: add .npmrc to .gitignore
• 0cc307f major version update
• 655da19 feat: update dependencies and improve join performance
• 71a6291 Merge pull request backendURL in frontend config incorrect #1 from jkeczan/master
• a94851c Merge pull request Fixes typo. #3 from peoplewareDo/master
• c2a8582 Merge pull request frontend model npm install error #2 from kdelmonte/master
• dbc4d96 fixed insert returning wrong id
• f693b74 update mssql v4.0.1 dependency
• 789d1de Fix issue were insert would break if the PK was a GUID due to the adapter adding an SET IDENTITY_INSERT clause which should only be used with integer PKs
• f764cfb Merge pull request Make konga work with relative paths #21 from RubiconInternational/master
• 5068798 Merge pull request Unable to login with docker instance #28 from keeganmccallum/master
• 5587101 Allow using the meta "schemaName" property to override schema
• b420eee Merge pull request When changing kong nodes / adding new onces consumers are not listed #23 from some-say/master
• d120f0b issue orm fail when kill sails.js
• 53bdeaa fix issue with string literal values not prepended with 'N' before the delimeter, which is imperative for unicode values

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution