[Snyk] Fix for 5 vulnerabilities

[thiagobustamante]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2	Prototype Pollution SNYK-JS-IOREDIS-1567196	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ioredis

The new version differs by 250 commits.

• 0587353 chore(release): 4.27.8 [skip ci]
• 7d73b9d fix: handle malicious keys for hgetall (#1416)
• 17c7595 chore: fix potential security vulnerabilities [skip ci]
• a13eddc chore(release): 4.27.7 [skip ci]
• d7477aa fix(cluster): fix autopipeline with keyPrefix or arg array (#1391)
• beefcc1 docs(README): fix docs typo (#1385)
• cae7fc5 chore(release): 4.27.6 [skip ci]
• 42f1ee1 fix: fixed autopipeline performances. (#1226)
• 71f2994 chore(release): 4.27.5 [skip ci]
• f02e383 fix(SENTINEL): actively failover detection under an option (#1363)
• c87ea2a chore(release): 4.27.4 [skip ci]
• 62b6a64 perf: Serialize error stack only when needed (#1359)
• d4a55b5 chore(release): 4.27.3 [skip ci]
• abd9a82 fix: autopipeling for buffer function (#1231)
• e0cfea1 chore(release): 4.27.2 [skip ci]
• aa9c5b1 fix(cluster): avoid ClusterAllFailedError in certain cases
• aafc349 chore(release): 4.27.1 [skip ci]
• d65f8b2 fix: clears commandTimeout timer as each respective command gets fulfilled (#1336)
• 9e140f0 chore(release): 4.27.0 [skip ci]
• a464151 feat(sentinel): detect failover from +switch-master messages (#1328)
• 6b821af docs: add CONTRIBUTING note
• dac428d chore(release): 4.26.0 [skip ci]
• 2e388db feat(cluster): apply provided connection name to internal connections
• 81b9be0 fix(cluster): subscriber connection leaks

See the full diff

Package name: passport

The new version differs by 160 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.
• 8825a9a Add tests.
• c1991cf Add tests.
• 294f22c Better session detection and exceptions.
• 80cc4e3 Add tests.
• 3001654 Add tests.
• b395106 Clean up tests.
• cfa8259 Add tests.
• ee0bf81 Add tests.
• cc7606c Add tests.
• 71c54f6 Add test.
• 88c1f1b Handle logout without session manager.

See the full diff

Package name: typescript-ioc

The new version differs by 25 commits.

• 88192ff rename OnlyContainerCanInstantiate
• 83cd536 readme file
• 97f68a7 readme file
• 804f7c4 Handle direct instantiations with InRequestScope
• 980e9a6 readme
• d7246de readme
• e75d2cc readme
• 194672a fix Trouble with API call #38
• 94b698b fix Fix travis #32
• 405c67a rename @ Provided to @ Factory
• d50923b fix readme
• 3e3b012 Fix tests
• 391143a fix readme
• cc1ae1b only instrument constructor when @ OnlyContainerCanInstantiate is used
• 5075e51 Fix readme
• 9a6e273 Fix Documentation
• c7c3a45 fix readme
• dceeb52 Rename @ AutoWired to @ OnlyContainerCanInstantiate
• 51f1951 AutoWired
• 6f57b03 improve test
• 6919850 refactory packages structure and improve test coverage
• 53990b0 add jest.config.js
• a2167a5 fix dependencies
• 1081df8 update dependencies

See the full diff

Package name: typescript-rest

The new version differs by 136 commits.

• 398e159 fix pipeline
• 3fa54c9 remove travis
• 076195b update CI/CD tool
• d93081f updating dependencies
• 70a2716 Merge pull request update site #144 from mr-short/patch-1
• af159a1 update dependencies
• 6e6e09c Merge pull request fix sample #148 from mr-short/multiple-security-decorators
• 1dbae06 Multiple security decorators
• 78b8c48 ServiceAuthenticator getRoles: add response param
• 7215bff Authenticator getRoles: add response param
• bc1491d new version
• fbc53ae new version
• fc22a52 Merge pull request Fix #137 #141 from abhisekp/fix-null-return
• c3a14b9 Merge pull request Fix #138 #143 from thiagobustamante/snyk-fix-ffa9b8c068604dd0964148211857f5df
• 3a7812a Merge pull request Remove test dependency with httpbin.org, running httpbin in a docker … #142 from msieurtoph/patch-1
• 4f48f43 fix: package.json & package-lock.json to reduce vulnerabilities
• 70582d7 Wait for the reponse from async methods before executing postProcessors
• f6284c7 fix(service): Fix service invoker null return
• b976126 readme file
• 247edc8 Fix serviceFactory
• 3bddb02 remove tyoescript-ioc dependency
• e3b45df allow access the server router
• 6d43e26 add new immutable method
• 976bd27 fix travis deploy

See the full diff

Package name: typescript-rest-swagger

The new version differs by 141 commits.

• 9444142 new version
• 70f7968 Merge pull request fix tests. Increase timeout #125 from thiagobustamante/dependabot/npm_and_yarn/lodash-4.17.19
• 6cc5b44 Merge pull request Code Refactory #124 from alexandreMelloTW/updating-dependencies
• 470115a Bump lodash from 4.17.15 to 4.17.19
• ab66e5b Merge pull request Refactory SDK to remove dependency to GatewayConfig #123 from TeselaGen/master
• 89e360f updating minimist
• 581f5cb updating ts-jest@26.1.0
• 105ab09 updating swagger2openapi@6.0.3
• 1ce12bf updating jest@26.0.1
• 6b01c04 updating mocha@8.0.1
• 7a24c24 updating mkdirp@1.0.4
• 529e8b5 adding a more helpful error message when a type isn't found
• 40cca2b Merge pull request Admin API. #1 from thiagobustamante/master
• 3a47f3c Merge pull request Update dependencies / Fix lint #108 from oranoran/fix/devDependencies
• 83ff9e1 Moved all dependencies to devDependencies to avoid dependency creep
• cc10432 fix travis
• ce35c40 fix release
• c591024 fix travis deploy
• a956a13 Merge branch 'master' of https://github.com/thiagobustamante/typescript-rest-swagger
• c2024a1 support union types
• 5dc6731 Merge pull request Fix circuitbreaker timeWindow #101 from thiagobustamante/dependabot/npm_and_yarn/handlebars-4.5.3
• e474eeb Merge pull request save gateway version on database #85 from thiagobustamante/dependabot/npm_and_yarn/diff-3.5.0
• f3e513f Merge pull request Fix Stats #86 from JulienSergent/hotfix/keep-module-typescript-rest
• 96b5fa9 Merge pull request new stats request mapper #88 from Insalien/add-consumes-decorator

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn