[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • services/client/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JS-BCRYPT-572911	Yes	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Cryptographic Issues SNYK-JS-BCRYPT-575033	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: bcrypt

The new version differs by 137 commits.

• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment
• ca1e43b Add test for embedded NULs
• 1a81858 Pass key_len to bcrypt(). Fix for issues #774, #776
• cf4efd9 Merge pull request #647 from ilatypov/master
• 15febd1 Allow using an enterprise artifactory.
• 96c41e2 Mark z/OS compatibility code as such
• dd32df1 Add z/OS support
• ac14738 Update CHANGELOG.md
• d9e54b4 Merge pull request #806 from techhead/2b_overflow
• 9548df5 Fix overflow bug. See issue #776
• 4c38d38 Merge pull request #804 from jokester/add-arm64-build
• 41d9ba2 add linux-arm64 to build matrix
• bc114fb Update node-addon-api to v3.0.0
• 61f6308 Use travis to deploy future releases
• 87c214f v4.0.1
• 9758e68 Prepare for uploading releases from inside docker
• 1511821 Define _GNU_SOURCE while compiling for MUSL
• e01e78a Add alpine-linux to CI
• bbb6b2d Readme: fix node version for v4.0.0
• 738e4e2 Update CHANGELOG.md

See the full diff

Package name: redis

The new version differs by 142 commits.

• fc28860 Bump version to 3.1.1 (#1597)
• 2d11b6d fix #1569 - improve monitor_regex (#1595)
• 7e77de8 Add Chat (#1594)
• 5d3e995 Merge branch 'master' of https://github.com/NodeRedis/node-redis
• b797cf2 add user to README.md
• 79f34c2 Bump version to 3.1.0 (#1590)
• 7fdc54e fix for 428e1c8a7b2322c2650294638cb1663ac5692728 - fix auth retry when redis is in loading state
• 09f0fe8 "fix" tests
• 428e1c8 Add support for Redis 6 `auth pass [user]` (#1508)
• bb208d0 Add codeclimate badge (#1572)
• 47e2e38 Exclude examples from deepsource (#1579)
• fbca5cd Upgrade node and dependencies (#1578)
• 2188744 Create codeql-analysis.yml (#1577)
• 32861b5 Create .deepsource.toml (#1574)
• 2a34d41 Add LGTM badge (#1571)
• 69b7094 Workflows fixes (#1570)
• 49c4131 Merge pull request #1531 from marnikvde/improve-docs
• 3c8ff5c Merge branch 'master' into improve-docs
• 685a72d Merge pull request #1277 from dcharbonnier/patch-1
• 055f5c5 Merge branch 'master' into patch-1
• c78b6d5 Merge pull request #1527 from heynikhil/patch-1
• 53f1468 Merge branch 'master' into patch-1
• 232f191 Merge pull request #1563 from lebseu/patch-1
• e4cb073 Update README.md

See the full diff

Package name: socket.io

The new version differs by 73 commits.

• 1af3267 chore(release): 3.0.0
• 02951c4 chore(release): 3.0.0-rc4
• 54bf4a4 feat: emit an Error object upon middleware error
• aa7574f feat: serve msgpack bundle
• 64056d6 docs(examples): update TypeScript example
• cacad70 chore(release): 3.0.0-rc3
• d16c035 refactor: rename ERROR to CONNECT_ERROR
• 5c73733 feat: add support for catch-all listeners
• 129c641 feat: make Socket#join() and Socket#leave() synchronous
• 0d74f29 refactor(typings): export Socket class
• 7603da7 feat: remove prod dependency to socket.io-client
• a81b9f3 docs(examples): add example with TypeScript
• 20ea6bd docs(examples): add example with ES modules
• 0ce5b4c chore(release): 3.0.0-rc2
• 8a5db7f refactor: remove duplicate _sockets map
• 2a05042 refactor: add additional typings
• 91cd255 fix: close clients with no namespace
• 58b66f8 refactor: hide internal methods and properties
• 669592d feat: move binary detection back to the parser
• 2d2a31e chore: publish the wrapper.mjs file
• ebb0575 chore(release): 3.0.0-rc1
• c0d171f test: use the reconnect event of the Manager
• 9c7a48d test: use the complete export name
• 4bd5b23 feat: throw upon reserved event names

See the full diff

Package name: socket.io-redis

The new version differs by 16 commits.

• 2e39996 chore(release): 5.4.0
• 5b3ed58 chore: bump notepack.io to version 2.2.0
• fa4d474 chore: update node-redis version to 3.x (#351)
• ed83ba9 chore(release): 5.3.0
• 7a19075 feat: add support for Redis Cluster
• 597a8d1 chore: add docker-compose.yml file
• 2500964 test: add Node.js 10, 12 and 13 in the test matrix
• f257303 chore: add package-lock.json file
• d6242d9 chore: bump debug to version 4.1.0 (#306)
• a1cebc8 [chore] Bump ioredis to version 4.0.0 (#291)
• 6d787fb [chore] Remove support for Node.js 4
• 8fe4e03 [docs] Fix Cluster example in the README
• e9cbe30 [docs] Fix Sentinel example in the README (#276)
• 353870b [chore] Bump debug to version 3.1.0
• 91fb8ed [docs] Add an example with Sentinel in the README
• 5fe5dad [docs] Update README.md about requestsTimeout (#258)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access Restriction Bypass
🦉 Arbitrary Code Injection
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn