[Snyk] Fix for 17 vulnerabilities #13

vultuk · 2024-02-05T03:59:16Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature
509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: request-promise-native

The new version differs by 27 commits.

578970f Version 1.0.9
8388f42 chore: bumped request-promise-core due to security vulnerability of lodash
f53ac09 docs: reference to request deprecation and alternative libs
1165c4e Merge pull request #58 from shisama/readme-shows-deprecation
086632b docs: deprecated as well as request
6498be1 Version 1.0.8
3e8df67 Merge branch 'master' of https://github.com/request/request-promise-native
1592a31 chore: updated request-promise-core that updates lodash
171f3b5 Merge pull request #46 from tbjgolden/docs/clarify-es6-finally
239ce46 docs: es6+, finally
2ae195a Version 1.0.7
ecf8621 fix: tough-cookie version
7c5f721 chore: updated publish-please config
7ad655a Version 1.0.6 (now really)
1240b80 fix: updated indirect lodash dependency to fix security vulnerability
80947a1 Version 1.0.6
ad529a3 chore: fix ci build for node v8+
c2c54c4 Merge pull request #33 from jasonmit/u/jasonmit/fix-node-6
67f7ed2 Merge branch 'master' into u/jasonmit/fix-node-6
4633d4c fix: breaking change in tough-cookie v3
14aa6ee chore: added node 8 and 10 to ci build
9cfcaaa Update package.json
049152b fix: target tough-cookie 2.x to preserve node 6 support
1874877 Version 1.0.5