[Snyk] Fix for 27 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/app/package.json
  • packages/app/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Machine-In-The-Middle SNYK-JS-AIRTABLE-480404	No	No Known Exploit
	Prototype Pollution SNYK-JS-DOTOBJECT-548905	Yes	Proof of Concept
	Arbitrary Code Execution SNYK-JS-ELECTRON-483056	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-564272	Yes	No Known Exploit
	Heap Overflow SNYK-JS-ELECTRON-565051	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-565052	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-565362	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565366	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565368	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565441	Yes	No Known Exploit
	Buffer Underflow SNYK-JS-ELECTRON-565488	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565490	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565494	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565571	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565705	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565709	Yes	No Known Exploit
	Site Isolation Bypass SNYK-JS-ELECTRON-565713	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-570833	Yes	No Known Exploit
	Arbitrary File Read SNYK-JS-ELECTRON-575393	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575394	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575395	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575396	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

Commit messages

Package name: airtable

The new version differs by 40 commits.

• 17e0797 v0.7.2 ([Snyk] Fix for 1 vulnerabilities #145)
• 733468d Update Lodash to 4.17.15 ([Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #141)
• f5aa1ee Properly reject unauthorized certificates ([Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #140)
• 5a3884a Minor tweaks to formatting in README
• b420263 v0.7.1
• 389364f Run `npm audit fix` to fix subdependency vulnerability warnings
• 490f902 Fix User-Agent version bug in Node
• d9bf0f6 Update ESLint to v6.1.0 ([Snyk] Security upgrade react-error-overlay from 1.0.10 to 2.0.0 #131)
• 1396775 Stop publishing non-essential files (like tests and gruntfile) to npm
• f1d7de1 v0.7.0
• b3e7b21 Remove class library, use normal prototypes ([Snyk] Security upgrade lodash from 4.17.11 to 4.17.21 #123)
• da1c2b6 Update Lodash to 4.17.14 ([Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #124)
• 52eb624 Switch from JSHint to ESLint ([Snyk] Security upgrade nginx from 1.16.1-alpine to alpine #122)
• 0621f51 Add partial tests for Record class ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #104)
• 436314a Minor: remove unused variable from query params utility ([Snyk] Fix for 1 vulnerabilities #118)
• b196d13 Minor: remove unnecessary block in tests ([Snyk] Security upgrade @starptech/prettyhtml from 0.8.4 to 0.10.0 #119)
• c0eb17f Minor: use `Object.prototype.hasOwnProperty` instead of calling `hasOwnProperty` on an object ([Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #120)
• a27dbb8 Update body-parser, express, and jest to latest ([Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #121)
• 0e489c1 Clarify error message for missing API key
• 3b9e644 Only use own properties in query string serializer ([Snyk] Security upgrade immer from 3.3.0 to 9.0.6 #105)
• a157ec8 Return consistently in callbackToPromise ([Snyk] Fix for 3 vulnerabilities #109)
• 5a6fb49 v0.6.0 ([Snyk] Security upgrade axios from 0.19.2 to 0.21.3 #111)
• 5b4ad19 Use exponential backoff with jitter on 429 ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #110)
• e027f08 Fix incorrect assertion check ([Snyk] Security upgrade immer from 3.3.0 to 9.0.6 #107)

See the full diff

Package name: dot-object

The new version differs by 32 commits.

• 84356a7 Merge tag 'v2.1.3' into develop
• 67142e7 Merge branch 'release/v2.1.3'
• c4a4dd5 prepare v2.1.3
• f76cff5 guard for possible prototype polution
• ee628c2 Merge tag 'v2.1.2' into develop
• 0c8a4d8 Merge branch 'release/v2.1.2'
• 6bc8849 prepare v2.1.2
• b18aaac Merge branch 'master' into develop
• a292262 add test for deeply nested arrays
• 6a91c11 fix undefined for root level array
• ea358be Merge tag 'v2.1.1' into develop
• 1e6f080 Merge branch 'release/v2.1.1'
• 8dcb301 prepare v2.1.1
• 739c111 Wrong array conversion with [0] fixes [Snyk] Security upgrade airtable from 0.5.10 to 0.10.0 #27
• 7ab7d4f Merge tag 'v2.1.0' into develop
• c2e0b19 Merge branch 'release/v2.1.0'
• c205762 prepare release v2.1.0
• 66bb1ca wrap delete method
• b24a438 Merge branch 'master' into develop
• 2a86afe update bower version
• 51dabd3 Merge tag 'v2.0.0' into develop
• b24eeb8 Merge branch 'release/v2.0.0'
• 0b87c85 prepare version 2.0.0
• 1647da9 version 2.0.0

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (fix: add vendor prefix for file tab styling codesandbox/codesandbox-client#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Reset isForkingSandbox on error codesandbox/codesandbox-client#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Fix(homepage): Second picked sandbox doesn't open in explore codesandbox/codesandbox-client#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Error: "Invalid regular expression... Range out of order in character class" codesandbox/codesandbox-client#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Update prettier to 16.6.4 codesandbox/codesandbox-client#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (Stock vue template has a Babel error codesandbox/codesandbox-client#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Storybook codesandbox/codesandbox-client#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Search Improvements codesandbox/codesandbox-client#1609)

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic