[Snyk] Fix for 7 vulnerabilities #19

adrianblynch · 2024-02-02T16:07:05Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	Yes	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: catbox-redis

The new version differs by 85 commits.

66de275 4.2.4
6ea104f update changelog
2efa3dc cleanup
c8445d8 test node 11
d08f2ab bump deps
e43af5a fix url in version comparison
84caaf8 4.2.3
2353f6b update changelog
adfe8e0 address connection issue #92
3571b07 no testing for node 9
92f4a8f show version in readme
847cf64 4.2.2
2ac45e4 update changelog
a75b104 Code cleanup (#86)
57497da minor cleanup
a8d1879 Release 4.2.1
bfa7e94 Merge pull request #91 from hapijs/cache-false
1303a9a allow to store boolena false
9dece84 update readme
91c0775 add node 10 to travis
719ed3d remove package-lock.json
042750d update version and readme
beaae9f Merge pull request #82 from nearform/pass_tls
896831d pass tls in options

See the full diff

Package name: good

The new version differs by 111 commits.

55acdc4 8.1.2
cfe701a Cleanup. Closes #607
fbf4b5c Update API format for hapijs.com (#601)
77e4fa1 Add changelog.md (#600)
d39c594 Update README.md
639fbec Fix a typo in the example code
0e8e574 8.1.1
30441d3 Add error property to server logs (#585)
93d6ed0 v8.1.0
91385ff Add support for request event error field
4037636 Add support for logging response headers
ff874f7 v8.0.1
8ebbac0 Added tests to prevent request id regression
699c4ea request.id is not request.info.id since Hapi 17
fd8acbc v8.0.0
bc26e88 version 8.0.0-rc1
87c2382 Cleanup from 9ec13aa8963106acca821ebf4c79889650366ba3
ce6cc96 responeTime to use request.responded. drop tailTime. (#531)
9ec13aa Migrate to hapi 17, node 8 and async/await (#572)
d490838 v7.3.0
549662a Fix for 557: Provide request headers in various payload events (#562)
301307b Fix typo in API.md (#553)
2c478b3 Test cleanup (#560)
efd3755 version 7.2.0

See the full diff

Package name: good-console

The new version differs by 33 commits.

7c9a73d Update README.md
9de8c84 8.0.0
dc7295d Update node requirements. Closes #114
b22bbf3 Update moment (#112)
9aca297 Add changelog.md (#111)
a69df28 Update README.md
c996499 v7.1.0
da92807 format as error when data.error is populated (#104)
388b0fa Use SafeStringify when serializing the query
fd44bf5 v7.0.1
c8823c0 Revert addition of responseSentTime
3f07b60 v7.0.0
0ab557d pass event.id for every format
eb54cd1 Add responseSentTime to response format (#95)
26b1fc2 v6.4.1
f1b1a5b Upgrade Moment to 2.19.x (#98)
c4fb48f version 6.4.0
729155b separated message and stack with a comma (#85)
e32cec6 leveraged the error formatter when data is an Error (#86)
f0f83c9 version 6.2.0
c8d0de9 log event.id when available (#80)
e91d381 version 6.3.1
95f4762 Bump moment to 2.15.x branch to resolve Regex DOS (#78)
9f1d35e version 6.1.2

See the full diff

Package name: hapi

The new version differs by 250 commits.

b8e64d0 Update version
5ced8ae 18.1.0
7578f61 Expose bourne settings. Closes #3917
3378e78 Update dep. Closes #3922
4b59b3f 18.0.1
5f6a00b misc
ccc538d Typo
1af289f Update deps. Closes #3912. Closes #3914
aa3934f Add IDEs
75756f6 Fix route assert. Closes #3909
06a48ea 18.0.0
4da282e Its 2019
4bd7c38 Update deps. Closes #3905. Closes #3906. Closes #3907. Closes #3908
3350a5c Refactor cache config. Closes #3876, Closes #3904
03e03dc Split request.info.responded to responded and completed. Closes #3901
7521468 Coverage
a3a5ca9 Fix close event handling in node 11. Closes #3898
7b85840 Fix test
17ca301 Exclude vs
5e91092 Fix test. For #3900
89604b0 Merge pull request #3900 from AdriVanHoudt/fix-test-803
a4f9121 Merge pull request #3882 from dominykas/validate-cookies-alt
04758ac Update API.md
413290f For #3897

See the full diff

Package name: inert

The new version differs by 108 commits.

5f699ba 5.1.3
4514a5e Don't resolve against files.relativeTo multiple times. Closes #125
fc143b3 Handle top level directory listing without trailing slash. Closes #119
8633b9f Test using hapi 18
4569240 Merge pull request #123 from Nargonath/changelog
b0c3901 Add changelog.md
d8e55cc 5.1.2
08e2a10 Use new requirements config. Closes #122
7cc122b 5.1.1
dc47399 Cleanup and update deps. Closes #121
84b50b4 5.1.0
302b1e0 Rename internal variable
c2a2703 Add path data to error events. Closes #111
bd48207 Refactor directory file lookup
f424ddb Add boom error type helpers
318f5fa Refactor path normalization
8745e1a Remove a closure
bac2072 Rethrow developer errors. Closes #103
f248b2e Update deps. Closes #102
9f22671 Update docs
ceadca7 Throw when registration options are passed
aa3fe79 Move etagsCacheMaxSize to a server option. Closes #99
5b48693 rc8
988f4e4 rc7

See the full diff

Package name: orientjs

The new version differs by 166 commits.

b8956d2 Bumped to 3.0.0
14bf7ae Bumped to 3.0.8/9-Snapshot + orientjs 3.0.0.beta.3
09628ac Fixed https://github.com/OrientJS 3.0: Error when using null params orientechnologies/orientjs#335
ea9dce6 Bumped to 3.0.0-beta.3
02617db Fixed decimal type https://github.com/Link Maps Unsupported (Field Type 16) orientechnologies/orientjs#332
9ad2a42 Bumped to 3.0.0-beta.2
f1005c1 Added Support for LinkMap https://github.com/Link Maps Unsupported (Field Type 16) orientechnologies/orientjs#332
8149b68 Bumped to 3.0.0-beta.1 and updated ODB on travis
267d4b2 Added mock iteration on tree bag
324169b Added reconnection on TokenSecurityException
e2f1ead Added token expiration handling
6b1d0a0 changed version to 3.0.0-beta.0
a1a0eeb Replaced Buffer() with .alloc and .from : https://github.com/Replace Buffer() with Buffer.alloc() orientechnologies/orientjs#321
6a6f74f Fixed RidBag Tree deserialization
f096fd9 Fixed deserialization of Date type
1461f57 Added serialization for decimal values
d2527db Fixed rawExpression on QueryBuilder. Removed paramify of RawExpressions
f09cd64 Fixed rawExpression test
ca9fb56 Implemented OrientDBClient#listDatabases
18a03f6 Refactor database crud operation within a single _runAsAdmin function
e487c1f Refactor username/password into options in databases CRUD
2d20a8f Restored for now mocha ^2.0.1, caused by https://github.com/this.skip() in before fails to skip tests with nested describe calls mochajs/mocha#2819
fcc276b Refactor client#create/drop/exists with + Database
1bb254d Updated dependencies + Bumped to ODB 3.0.2/3.0.3-SNAPSHOT