[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: googleapis

The new version differs by 250 commits.

• f9336af chore: release 26.0.1 (MQTT: Connect to MQTT broker with a unique client-id GladysAssistant/Gladys#997)
• 7c95fb4 chore(package): update @ types/node to version 9.4.5 (When starting 2 scenes on the same trigger, and one scene abort, the other one is aborted too GladysAssistant/Gladys#994)
• a0f6332 chore(package): update @ types/node to version 9.4.3 (MQTT: If the user started a MQTT container automatically with Gladys, be able to create a MQTT user from Gladys GladysAssistant/Gladys#992)
• 51a57b9 chore(package): update @ types/node to version 9.4.2 (Add prefer-template rule GladysAssistant/Gladys#990)
• 9ecd78b chore(package): update @ types/node to version 9.4.1 (docs: add thebradleysanders as a contributor GladysAssistant/Gladys#987)
• ab38db3 chore: unify release notes (MQTT: generate a password with only lowercase, uppercase and number characters GladysAssistant/Gladys#984)
• 0b42287 chore: fix and run generator (MQTT: Random password something has special characters that mess up the configuration? GladysAssistant/Gladys#981)
• a97d41d chore(package): update @ types/mocha to version 2.2.48 (Scene: Be able to disable a scene in the UI GladysAssistant/Gladys#980)
• 2012a59 chore: improve typing (Improve resilience of calendar service GladysAssistant/Gladys#975)
• 0ea5654 chore: make a few generator APIs async ([philips-hue] Auto detect feature GladysAssistant/Gladys#970)
• cda3604 chore(package): update @ types/node to version 9.4.0 (@Atrovato Settings page to manage services GladysAssistant/Gladys#973)
• ca1f910 chore: improve typing (WIP : Meross service GladysAssistant/Gladys#968)
• 8d56eac chore: improve typing and build ([philips-hue] Use MarkupText for error on Philips Hue Setup Page GladysAssistant/Gladys#967)
• 0b806da chore: remove .npmignore (Chart box on dashboard GladysAssistant/Gladys#966)
• 30e8c15 chore(package): update source-map-support to version 0.5.3 ([philips-hue] Answer message when no lights found in a room GladysAssistant/Gladys#965)
• 6258b40 test: fix windows issues with appveyor magic (Update questions.fr.json GladysAssistant/Gladys#962)
• e6f2a5d test: add test for typescript d.ts (Investigate if the NLP service can be more tolerant to spelling mistake in one word GladysAssistant/Gladys#958)
• f78d239 chore: enable stricter compilation for the generator (Weather module GladysAssistant/Gladys#961)
• 8318e7e fix: add files section to package.json (NLP: When asking to turn on the light, and no lights was found, Gladys replies that the light was turned on GladysAssistant/Gladys#959)
• 098c2ae docs: update readme to reflect new api ([WIP] Tasks.todoist GladysAssistant/Gladys#960)
• 4de975d Create .appveyor.yml (Philips Hue: Add device LCT003 GladysAssistant/Gladys#954)
• 619a017 feat: distribute functional d.ts (MQTT: UI bug when connecting external broker GladysAssistant/Gladys#943)
• 48a290b chore(package): update @ types/mocha to version 2.2.47 (Philips Hue: Add device LCL001 GladysAssistant/Gladys#950)
• eb9e1d9 chore: upgrade to the latest google-auth-library and fix the build (Philips Hue: Add device 440400982841 GladysAssistant/Gladys#953)

See the full diff

Package name: pushbullet

The new version differs by 63 commits.

• 1f8c1fd Update to version 3.0.0
• 9186bd9 Add `createChannel()`
• ac2fe7e Deprecate `sendSMS()`
• 9b7bcda Add support for the text API
• 5f501c5 Fix some comments
• 426de2b Remove old Travis CI yaml file
• 6a0076c Update ESLint rules and apply fixes
• ebdc39e Merge branch 'github-action-tests'
• ffd626d Add GitHub action to run tests
• f68187d Add tests using nock for mocking the API
• 45a657f Remove tests for now
• 72e856e Codestyle, modernisation, misc fixes
• a899190 Update dependencies to latest versions
• dca0e34 Merge branch 'node-fetch-migration'
• 3f89158 Update changelog
• 6508617 Update README
• 6a83ef9 Replace request with node-fetch
• 0f18e80 Switch CJS requires to ESM imports
• 8b5eaef Update to version 2.4.0
• c1581bb Update dependency requirements
• eadb250 Reconnect to websocket stream if disconnected
• 3ea3f0c Update version to 2.3.0
• e662e3c Add fullResponses option to return response object
• 7b78838 Switch to ws module for stream handling

See the full diff

Package name: request

The new version differs by 250 commits.

• e9f09c2 Update changelog
• edcdf64 2.75.0
• 561c16b Merge pull request #2381 from simov/drop-0-10
• 5eeafa2 Drop support for Node 0.10
• ca4293b Merge pull request #2377 from request/greenkeeper-form-data-2.0.0
• 44a80f3 chore(package): update form-data to version 2.0.0
• 06e8f85 Merge pull request #2353 from simov/greenkeeper-options
• 00ac507 Merge pull request #2351 from request/greenkeeper-karma-tap-3.0.1
• 6b24418 Merge branch 'master' into greenkeeper-karma-tap-3.0.1
• 185f13d Add greenkeeper ignore packages
• bfb3a46 Update docs to reflect the new time property
• 20156e3 Merge branch 'master' into responsestarttime
• 0304bc1 Merge pull request #2348 from request/greenkeeper-form-data-1.0.1
• 9457ea5 Merge branch 'master' into greenkeeper-form-data-1.0.1
• 4d33333 Merge pull request #2349 from scotttrinh/null-form-data
• ba2d946 Add tests for responseStartTime
• 33aa744 Add responseStartTime timing
• 62712d4 chore(package): update karma-tap to version 3.0.1
• 1389216 Check error type instead of string
• a10af07 chore(package): update form-data to version 1.0.1
• 9e17ba4 2.74.1
• 76e8235 Update changelog
• ae1fd8e 2.74.0
• 274d391 Merge pull request #2295 from stash-sfdc/patch-1

See the full diff

Package name: sails

The new version differs by 250 commits.

• 6e73a65 1.0.0
• 5f1d8b3 1.0.0-49
• 616e4e1 Insist on the latest sails-generate.
• 6ab0a5a 1.0.0-48
• 1e28823 Lifting with --redis now sets @ sailshq/connect-redis and @ sailshq/socket.io-redis.
• 9f29a03 Change approach from what was begun in 520a3c8cac5db1d9698c50efff82e476ec64fca8 so that we maintain the correct package name for the purpose of require().
• 520a3c8 Tolerate '@ sailshq/connect-redis' as session adapter.
• e2813f5 1.0.0-47
• 6768743 Tweak warning message.
• ce95c84 Update comments to reflect that req.setLocale() is fully supported as of Sails v1.0 and beyond.
• 0753a99 Trivial
• 3bdd786 Tweak troubleshooting tips.
• e8f9bee Check dev-dependencies for sails-hook-grunt
• e8493a6 1.0.0-46
• d1b6061 run tests on Node 9
• b3afed7 Fix issue with CSRF black/whitelists and routes containing optional params when the requested URL contains a querystring but NOT the optional param (whew!)
• 663527f Fix test error output
• 69ead96 Revert 35ae3ccba472bf4a8edb8ffd7d579d18391d1ba0 in favor of clarifying some of the wording.
• 35ae3cc Experiment with customizable www path
• a89d7a4 extrapolate www path
• a2a0789 Tolerate sails-hook-grunt specified in devDependencies when running sails www
• 0b42c59 Don't attempt to create a Redis connection if "client" is provided.
• 1700788 Update LICENSE.md
• 9c532dc Merge pull request #4267 from luislobo/patch-3

See the full diff

Package name: serialport

The new version differs by 131 commits.

• a8df919 Getting ready for the 2.1.1 release
• 7b815fd Using clang and cpplint lint our c++ as much as I can (feat(openweather): implementation to API openweather GladysAssistant/Gladys#762)
• 1bd3e06 SerialportList updates (Seems there is some bugs on Firefox/Safari GladysAssistant/Gladys#761)
• 73509e3 Stop bundling node-pre-gyp to allow for upgrades ([WIP] - Zwave: add multi-instance devices support, comClass and Units mapping, modify device view,  GladysAssistant/Gladys#759)
• 6945217 Isolate the bindings (@Atrovato Fix #728 limit websocket messages GladysAssistant/Gladys#755)
• aff6e99 Give instructions to link to different versions of our docs as the api will be different with different major version (MQTT Service : copy function doesn't work GladysAssistant/Gladys#756)
• a39d612 Bump to version 2.1.0
• b9304d5 Update README on opening ports and cleanup examples (ScheduledTrigger.jsx - DatePicker not ordered correctly GladysAssistant/Gladys#750)
• 0f158bb Code of Conduct
• 3749b73 Test on latest versions of node (Fix #722 include mqtt broker docker GladysAssistant/Gladys#745)
• 742779c 2.0.7-beta5 Release
• 8342d17 Add support for bluetooth devices /dev/rfcomm (Add a view to see how many device feature state are in DB and a manual way to purge them GladysAssistant/Gladys#742)
• 156e405 Define, document, and test flow control and setting port flags (Replace DarkSky by OpenWeatherMap API integration GladysAssistant/Gladys#726)
• 8bc3eea Update .list docs to be up to date
• 39946c4 Make the output of .list undefined if it’s an empty string (Add a page after gateway was connected with success, asking to backup… GladysAssistant/Gladys#740)
• f0d7319 Put all builds in /build/{Release,Debug}/ (Performance: Rethink device.new-state event flow GladysAssistant/Gladys#737)
• b20ed9c Merge pull request Z-Wave device "Qubino ZMNHJD1" is not well handled GladysAssistant/Gladys#734 from fivdi/master
• e194b4c Fix typo
• 3ce0ea8 Fix pre-gyp's binding paths so bindings can find it when not built locally.
• 4f5442a Version 2.0.7-beta3
• b5a154f Upgrade to NAN v2.2.1 for Node.js v6.0.0-nightly compatability
• 7ee1c1e Merge pull request Improve Telegram integration GladysAssistant/Gladys#730 from voodootikigod/windows-error-handling
• 79ec178 Fixes 100% cpu when serial ports disconnect on windows
• 6d2e4b5 Return after encountering errors in windows write

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution