[Snyk] Fix for 20 vulnerabilities

[lisong]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-DOTTIE-3332763	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cos-nodejs-sdk-v5

The new version differs by 22 commits.

• 94d51c3 支持 STS Scope
• b737f86 支持 STS Scope
• b77ee1f 支持 Timeout 选项
• 87d1b71 update test
• fbaf025 优化代码
• 8a32648 修改最大分片大小
• 1996a59 更新版本号
• 23b5c27 修改测试用例
• 5211239 调整上传调用顺序
• 3067bd3 优化进度反馈
• d45d313 优化进度反馈
• fb82f20 修改 demo 和用例
• c8ef701 修复分片上传大小 0 的文件时，出现两个任务
• 33c8e05 修改 demo
• 60d34c0 修 bug，支持上传 Content-MD5，支持初始化传入 XCosSecurityToken，支持 UseRawKey
• e148e66 Rule -> Rules
• cfd6a3b 修复 getObjectUr bug，支持 path style
• 96bddb6 优化自动计算的分块大小
• 510eeb4 修复上传10000个的报错
• da5719d update test ut
• 0074a7b update tcb test ut
• b95d61a add tcb test ut

See the full diff

Package name: log4js

The new version differs by 250 commits.

• 9fdbed5 6.4.0
• 788c7a8 Merge pull request #1150 from log4js-node/update-changelog
• 7fdb141 chore: updated changelog for 6.4.0
• e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
• ac599e4 allow for zero backup - in sync with https://github.com/fix: allow for zero backups and zero daysToKeep log4js-node/streamroller#74
• 53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
• 436d9b4 Merge pull request #1148 from log4js-node/update-docs
• d6b017e chore(docs): updated fileSync.md and misc comments
• d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
• 0ad0133 Merge pull request #1147 from log4js-node/update-deps
• 773962b Merge pull request #1146 from log4js-node/update-deps
• 823bb46 Merge pull request #1145 from log4js-node/update-deps
• 6cc0035 chore(deps): bump streamroller from 3.0.1 to 3.0.2
• 0f39859 chore(deps): bump date-format from 4.0.2 to 4.0.3
• 85ac31e chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0
• acd41ef Merge pull request #1144 from log4js-node/refactor
• 4c4bbe8 chore(refactor): using writer.writable instead of alive for checking
• e86a809 Merge pull request #1097 from 4eb0da/datefile-error-handling
• 34ab3b2 Merge pull request #1143 from log4js-node/update-test
• 8cba85f chore(test): renamed tap.teardown() to tap.tearDown() for consistency (while both works, only tap.tearDown() is documented)
• a0baec2 chore(test): fixed teardown() causing tests to fail due to fs errors on removal
• 51ac865 Merge pull request #1103 from polo-language/recording-typescript
• 653a20f Merge pull request #1028 from techmunk/master
• 43a2199 chore(test): Changed default TAP test suite timeout from 30s to 45s because Windows takes a long time

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 901bceb 6.1.0
• 6b32821 6.0.0-beta.7
• 0ca8d72 docs: prepare for v6 release (#12416)
• 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
• c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
• e33d2bd fix(reload): include default scope (#12399)
• 5611ef0 build: update dependencies (#12395)
• e80501d fix(types): transactionType in Options (#12377)
• 4914367 fix(types): add clientMinMessages to Options interface (#12375)
• b71cd05 fix(query): preserve cls context for logger (#12328)
• 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
• ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
• 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
• f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
• 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
• f9e660f docs: update feature request template
• 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
• 65a9e1e fix(types): add Association into OrderItem type (#12332)
• 1b86729 docs: responsive (#12308)
• 59b8a7b fix(include): check if attributes specified for included through model (#12316)
• 6d87cc5 docs(associations): belongs to many create with through table
• a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
• 0769aea refactor: cleanup query generators (#12304)
• 4d9165b feat(postgres): native upsert (#12301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn

[SunnyEver0]

您好，来信已收到，谢谢！