[Snyk] Fix for 10 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/acceptance/workspaces/monorepo-with-nuget/src/paymentservice/package.json
  • test/acceptance/workspaces/monorepo-with-nuget/src/paymentservice/package-lock.json
  • test/acceptance/workspaces/monorepo-with-nuget/src/paymentservice/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/profiler

The new version differs by 177 commits.

• f2807b7 chore: release 4.1.3 ([Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 #755)
• fc48f9a fix(deps): update dependency pprof to v3.2.0 ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #754)
• 79a3d50 chore(deps): update dependency @ types/tmp to v0.2.1 ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #753)
• 26d7439 build: auto-approve renovate-bot PRs for minor updates ([Snyk] Security upgrade mocha from 2.5.3 to 10.1.0 #1145) ([Snyk] Security upgrade request from 2.57.0 to 2.73.0 #752)
• b038650 build(node): do not throw on deprecation ([Snyk] Fix for 23 vulnerabilities #1140) ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #751)
• b740c06 build(node): don't throw on deprecation in unit tests ([Snyk] Fix for 1 vulnerabilities #749)
• c3adca7 chore: clean npm cache on package installations ([Snyk] Security upgrade qs from 6.9.4 to 6.9.7 #748)
• 95f61fc build: remove errant comma ([Snyk] Security upgrade tap from 2.3.4 to 14.6.8 #1113) ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #747)
• ed4003c chore(nodejs): remove api-extractor dependencies ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #746)
• 3569ca2 build: add auto-approve to Node libraries ([Snyk] Fix for 26 vulnerabilities #1100) ([Snyk] Fix for 1 vulnerabilities #745)
• a23829b chore(nodejs): use cloud-rad publication process ([Snyk] Fix for 18 vulnerabilities #1112) ([Snyk] Security upgrade qs from 0.6.6 to 6.2.4 #744)
• fbce773 chore: Report warning on `.github/workflows/ci.yaml` ([Snyk] Security upgrade qs from 0.6.6 to 6.2.4 #742)
• cd983f4 chore(deps): update dependency sinon to v11 ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #739)
• e5b8626 chore(deps): update dependency @ types/node to v14 ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #738)
• 776916e chore: migrate to owl bot ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #737)
• df22483 chore: release 4.1.2 ([Snyk] Security upgrade snyk from 1.320.0 to 1.1064.0 #734)
• 33abbeb fix(deps): update dependency protobufjs to ~6.11.0 ([Snyk] Security upgrade sinatra from 1.3.2 to 2.2.3 #733)
• bb51a1a chore: add SECURITY.md ([Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 #730)
• ba96e49 fix(deps): update dependency pprof to v3.1.0 ([Snyk] Security upgrade django from 1.6.1 to 3.2.15 #731)
• 1086dd5 build: warn uses when they edit auto-generated files ([Snyk] Security upgrade sinatra from 1.3.2 to 2.2.3 #732)
• aaf1e6c chore: regenerate common templates ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.2 #728)
• d372427 chore(deps): update dependency sinon to v10 ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.1 #726)
• 31dbceb chore: release 4.1.1 ([Snyk] Fix for 1 vulnerabilities #723)
• fcd1239 fix(deps): update dependency parse-duration to v1 ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #725)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn