Patches Security Vulnerabilities

[DiscoverSquishy]

Things that were changed/upgraded:
(Refer to the CVE or CWE notes for more info about each)

Prototype Pollution - SNYK-JS-AJV-584908 Part of CVE-2020-15366
Arbitrary Code Execution - SNYK-JS-JSYAML-174129 Part of CWE-94
Remote Code Execution (RCE) - SNYK-JS-BUNYAN-573166 Part of CWE-94
Regular Expression Denial of Service (ReDoS)- SNYK-JS-CSVPARSE-467403 Part of CVE-2019-17592
Denial of Service (DoS) - SNYK-JS-JSYAML-173999 Part of CWE-400
Timing Attack - npm:http-signature:20150122 Part of CWE-310
Denial of Service (DoS) - npm:mem:20180117 Part of CWE-400

Debug upgraded from 2.6.8 to 2.6.9 || PATCH: remove ReDoS regexp in %o formatter (#504) Part of CVE-2020-15366
Lodash from 4.17.15 to 4.17.19. Long list of patches.
Eslint from 4.16.0 to 4.18.2 Long list of patches.
Extend from 3.0.1 to 3.0.2 Patch: #48

Hope these help, unsure if it actually works on a server. Travis says no but I haven't tested it yet, I can if it's required though.

[ArnaudLier]

There's a lot of things to do if you want to update restify.

[DaneEveritt]

Closing. Blind updating of dependencies will break many things, especially given the fragile nature of this codebase. Additionally you broke the docker image by pulling unsupported SFTP versions.

While I understand the desire to make these scammers report no issues, there's also jothong in the PR indicating which specific vulnerability was being addressed by each change, and it's pretty clear you didn't actually try to run the program which is a huge red flag for me to even begin reviewing something.