[Snyk] Fix for 1 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bull

The new version differs by 65 commits.

• f4d715e 3.17.0
• 8a4d3d4 docs: update CHANGELOG
• 6ffe279 chore: upgrade dependencies
• 923ef0c feat: better rate limiter (User info is not being correctly shown in Jira when merging - is this possible? atlassian/github-for-jira#1816)
• 09b9a7f Create node.js.yml
• 332a96b feat(sandbox): kill child workers gracefully (noissue: Set min workers to 5 and max to 15 atlassian/github-for-jira#1802)
• c23ed74 docs: document createClient option (Search of repository doesn't work when trying to create a branch from a Jira ticket atlassian/github-for-jira#1791)
• dfc9211 docs: add some notes to "Reusing Redis Connections" (Username missing from PR's atlassian/github-for-jira#1790)
• 712df1d Update REFERENCE.md
• 013c519 3.16.0
• 15bcef3 docs: update CHANGELOG
• b96fd32 test: give some time slack to rate limiter test
• 75eba49 test: replace uuid() by v4()
• b6a7aef test: more slack for rate limiter test
• 2905a4e chore: removed support for node 8
• 5abcb54 chore: updated yarn.lock
• ac2fc51 feat(rate-limiter): add grouping support
• 71df921 chore: upgrade eslint, deprecated node 8
• c49f8b0 fix: fix lint errors
• 990761a chore: remove utils.isEmpty
• 721172f chore: upgrade eslint java version to 2018
• aa5b99b fix(addbulk): do not mutate inputs
• 17da4e5 3.15.0
• 67a115c chore: upgrade dependencies

See the full diff

Package name: eslint

The new version differs by 210 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-plugin-import

The new version differs by 250 commits.

• b0131d2 Bump to v2.25.0
• 7463de2 utils: v2.7.0
• 900ac9a [resolvers/webpack] [deps] update `is-core-module`
• c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
• 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
• 62e2d88 [New] Support `eslint` v8
• 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
• dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
• 4f0f560 [Docs] `no-namespace`: fix a typo
• 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
• 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
• 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
• 471790f [Tests] fix skip usage
• fd85369 [Tests] skip failing test on eslint < 6 + node < 8
• 64423e9 [Tests] add passing test for export-star
• 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
• 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
• 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
• 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
• 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
• 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
• 7c382f0 [New] `no-unused-modules`: support dynamic imports
• 7579748 [utils] [new] add `visit`, to support dynamic imports
• 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: newrelic

The new version differs by 250 commits.

• 83bcdaa Merge pull request Arc-1466 permissions docs atlassian/github-for-jira#1322 from newrelic/release/v9.0.0
• 04bc2ec changelog updates based on feedback from team
• f3e93a4 Adds auto-generated release notes.
• 9cf6626 Merge pull request ARC-1438 : Update the JiraConfiguration view to show list of GH cloud and GHE organizations separately atlassian/github-for-jira#1319 from mrickard/NR-35280/drop-async-from-pricing-tests
• a485a28 Setting version to v9.0.0.
• 4ee22c8 Dropped async lib from pricing meminfo and cpu tests
• d3b006f Merge pull request Arc 1441 update githubserverapp model for cryptor atlassian/github-for-jira#1318 from bizob2828/backport-8-17-1-changelog
• b88b41e backported 8.17.1 changelog section as we could not merge the release branch since it was made out of band from main
• 5fb4199 Merge pull request Arc 1441 bugfix for cryptor http client atlassian/github-for-jira#1311 from michaelgoin/bump-external-instrumentation
• 6f0db2d Bumped @ newrelic/native-metrics to ^9.0.0.
• f2cae07 Merge pull request ARC-1463 update class names to match file rename atlassian/github-for-jira#1313 from mrickard/NR-35280/drop-async-lib-from-dt-int-test
• 4c2c5b5 Merge pull request Revert "Arc 1441 bugfix for cryptor http client" atlassian/github-for-jira#1314 from bizob2828/update-pg-tests
• a13f56d removed unused instrumentation branches since we only support 8.2.x+ now
• 3f613e4 Merge pull request Arc-1455 server url to app creation atlassian/github-for-jira#1312 from jordigh/grpc-callback-issue
• b176d9d Code cleanup of async/await/promise conversion
• 3554fa2 * removed pre-7 as it is no longer applicable on node 14+
• b23f3a5 grpc: bind the client segment to the onReceiveStatus listener
• 5b68b38 Refactored dt tap test to remove async lib
• c024773 Bumps minimum external instrumentation modules to new major versions.
• 547c546 Merge pull request Adding logging in lambda for debugging auto deployment issue  atlassian/github-for-jira#1309 from bizob2828/defensive-truncate
• 53788ee Added defensive code in util/applicationLogging truncate to check if value is string before checking its length
• 7bdeda1 Merge pull request Create pull_request_template.md atlassian/github-for-jira#1307 from mrickard/NR-38203/rmSync-instead-of-rmdirSync
• 4a731dd Merge pull request testing build atlassian/github-for-jira#1293 from newrelic/remove-cert-bundle
• ad8b3d1 removed unused ssl bundle re-generation code

See the full diff

Package name: nock

The new version differs by 250 commits.

• 11dba99 fix ([QUICK-FIX] - Added an ID for console errors atlassian/github-for-jira#1659)
• bf1d7d6 test: Clarify that cleanAll removes persistent mocks (ARC-1705 Emit SLO for branch creation and failure atlassian/github-for-jira#1647)
• e661d0d bug(recorder): replace qs lib with native querystring. (ARC-1731 - limit initial repos list to connected repos atlassian/github-for-jira#1653)
• 05ae31e Refactor lifecycle tests using got / async (ARC 1602 - Help link and popup for repo search help atlassian/github-for-jira#1646)
• 26fc08f Async Reply functions (always emit errors) (ARC-1673 Populate branches drop down with real data atlassian/github-for-jira#1596)
• 35221ce refactor: overhaul body and query matching (NONE: try not to escape head/ atlassian/github-for-jira#1632)
• 88e85ac fix: trigger release (Closing one of multiple PRs for a given issue transitions the entire issue back from "In Review" to "In Progress" atlassian/github-for-jira#1645)
• e744b0a bug: handle content-type request headers when arrays
• 87cac20 refactor: default function arguments (ARC 1697 - Search Repos by App Token atlassian/github-for-jira#1640)
• 9c504f6 refactor: default options on recorder, remove dead code (Fix build duplication in PR atlassian/github-for-jira#1641)
• ad264cb test: change tests to use test domain (ARC-1714 Adding GHE support for create- branch  atlassian/github-for-jira#1639)
• 4a4b8ec feat(overrider): added support for header modifications before end()
• 213014b Display the badge correctly (Ship It - Adding comments from GitHub to Jira  atlassian/github-for-jira#1637)
• df1a5cd refactor: Convert Scope to a class (ARC-1443 remove db test migration script atlassian/github-for-jira#1636)
• 3bdadef refactor: Convert Socket to a class (NONE: revert retry logic for branches atlassian/github-for-jira#1635)
• 08b1b6b refactor: Convert DelayedBody to a class (NONE: add debug logging atlassian/github-for-jira#1634)
• f385edd Advertise and enforce 100% coverage, drop Coveralls (Fix typo atlassian/github-for-jira#1633)
• 60a055b refactor(interceptor): separate hostname matching
• 2a54482 feat(interceptor): duplicate query calls throw (ARC 1689 - Update the loading states for the Inputs for Repo and Branch atlassian/github-for-jira#1630)
• f015929 chore(deps): bump lodash from 4.17.11 to 4.17.13 (Remove FF for writing to old secret col atlassian/github-for-jira#1629)
• c78ceb3 Clean up some more hostnames in tests (ARC-1684 - Emit create branch analytics events atlassian/github-for-jira#1627)
• a2208d1 feat(interceptor): duplicate query keys throw
• 880224a refactor: Scope.pendingMocks
• a201ac0 test(socket): add coverage for timeout without a callback

See the full diff

Package name: nodemon

The new version differs by 98 commits.

• 27e91c3 fix: update packge-lock
• 0144e4f fix: bump update-notifier to v6.0.0 (ARC-2091 test flags percentage bucket atlassian/github-for-jira#2029)
• c870342 chore: update supporters
• 5c0b472 chore: add supporter
• e26aaa9 fix: support windows by using path.delimiter
• 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (NONE: limit commits page size to 100 atlassian/github-for-jira#1982) (ARC-2052 - adding temp logs to try and track down issue with gh/config response times atlassian/github-for-jira#2004)
• de5d32a docs: Unified Node.js capitalization (Arc 2041 metrics for backfill tasks atlassian/github-for-jira#1986)
• e890927 docs: add note to faq with example showing how to watch any file extension (NONE: improve logging of headers atlassian/github-for-jira#1931)
• bc4547b chore: update sponsors
• 07159c5 chore: add supporters
• cd100da chore: update supporters
• 6a34922 chore: supporters
• e5d6067 chore: updating supporters
• 242f9f7 Merge branch 'main' of github.com:remy/nodemon
• 141e58c chore: update supporters
• 53422af ci(release): workflow uses 'npm' cache (NONE: add more logs to preemptive rate-limit atlassian/github-for-jira#1933)
• 581c641 ci(node.js): workflow uses 'npm' cache (ARC-1231 fix preemptive rate limit negative number problem atlassian/github-for-jira#1934)
• cb1c8b9 docs: Fix typo in faq.md ([ONE-LINER] NONE: show how many PRs should be sent to Jira atlassian/github-for-jira#1950)
• 54784ab fix: bump prod dep versions
• 26db983 chore: update supporters
• 61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (ARC968 delete repos and sync created atlassian/github-for-jira#1938)
• b449171 docs: Fix typo in faq.md
• 0a3175f chore: update supporters
• 18516d8 chore: add supporter

See the full diff

Package name: pg

The new version differs by 250 commits.

• 7ffe68e Publish
• 125a268 Update changelog
• da2bb85 Bump node-fetch from 2.6.0 to 2.6.1
• 7649890 Update SPONSORS.md
• c5445f0 Fix metadata for pg-connection-string
• a02dfac Replace semver with optional peer dependencies
• 5825843 Public export of DatabaseError
• e421167 Add ssl=true into the test
• 9cbea21 Solve issues caused by config.ssl = true
• 6be3b90 Add support for ?sslmode connection string param
• f0fc470 Update README.md (None spa test analytics client atlassian/github-for-jira#2330)
• 95b5daa Publish
• 1f0d3d5 Add test for pgpass check function scope
• 0758b76 Fix context (this) in _checkPgPass.
• acfbafa Publish
• 07ee1ba Bump version
• 65156e7 Small readme updates & auto-formatting
• 61e4b7f Merge pull request DISTURBED: add healtcheck endpoint to troubleshoot GHEs webhooks atlassian/github-for-jira#2309 from chris--young/ssl-err
• f4d123b Prevents bad ssl credentials from causing a crash
• 316bec3 Merge pull request Has anyone tried a forward slash in branch names, e.g., "dev/my-branch"? atlassian/github-for-jira#2294 from charmander/test-fixes
• 3edcbb7 Fix most SSL negotiation packet tests being ignored
• 1b022f8 Remove accidentally duplicated methods
• b8773ce Merge pull request ARC-2323 - Map IP block and SSO errors when users select in the dropdown atlassian/github-for-jira#2289 from brianc/dependabot/npm_and_yarn/lodash-4.17.19
• 692e418 Fix documenation typo in README (add timeout to spa request atlassian/github-for-jira#2291)

See the full diff

Package name: probot

The new version differs by 205 commits.

• 05297fb fix: remove update-notifier (ARC-1766 create branch permissions atlassian/github-for-jira#1706)
• 529197e build(deps-dev): bump got from 11.8.2 to 11.8.5
• 3d30acc build(deps-dev): bump semantic-release from 17.4.7 to 19.0.3
• 4b1ccf8 build(deps): bump semver-regex from 3.1.3 to 3.1.4
• 646b6a9 fix: logging of first octokit instance is not set (ARC-1742- Update success page to stay big mode atlassian/github-for-jira#1676) - thanks @ kammerjaeger @ markjm
• 7fd06d6 fix(deps): bump eventsource from 1.1.0 to 2.0.2
• 559f437 docs: fix localhost link protocol (Arc 1770 fix outbound proxy for oauth router atlassian/github-for-jira#1691)
• 3a7bbb2 docs: added an example of an aws deployment without the serverless framework (added debug on the client info since we are not getting expected res… atlassian/github-for-jira#1683)
• 12d9b05 docs: wrong log call in `onError` method (update volta atlassian/github-for-jira#1681)
• 1a73ff4 build(deps): bump minimist from 1.2.5 to 1.2.6
• 420f886 fix: Replaced hbs with express-handlebars ([QUICK-FIX] - Added an ID for console errors atlassian/github-for-jira#1659)
• 07fe1a7 build(deps): bump url-parse from 1.5.7 to 1.5.10
• ce9c3d1 build(deps): bump node-fetch from 2.6.1 to 2.6.7
• 9cf9be2 build(deps): bump url-parse from 1.5.3 to 1.5.7
• c34f64d docs: fix 404 links for classes and rel links (Backfill targetted atlassian/github-for-jira#1649)
• 5d232e2 docs(webhooks): `onAny` code sample fix (ARC 1727 - [UI] Update the loading & success page atlassian/github-for-jira#1648)
• dd9f5ae fix(security): bump minimal version of `hbs` (Remove the code access to old column atlassian/github-for-jira#1638)
• a85c7a6 build(package): bump package and package-lock (ARC-1443 remove db test migration script atlassian/github-for-jira#1636)
• ec92db2 docs(development): fix `ProbotOctokit` usage example (Ship It - Adding comments from GitHub to Jira  atlassian/github-for-jira#1637)
• 992b480 feat: customize account name for manifest creation flow using `GH_ORG` environment variable (prTitle and prRef are now hashed - removed payload dump on log atlassian/github-for-jira#1606)
• c83edcb style: prettier
• 073f087 fix(types): export `ApplicationFunction` (ARC-1701 - Repo search labels atlassian/github-for-jira#1631)
• bb068d9 fix: log json in production (Server to Cloud migration help atlassian/github-for-jira#1598)
• 25a4eca build(package): lock file

See the full diff

Package name: sequelize

The new version differs by 213 commits.

• 901bceb 6.1.0
• 6b32821 6.0.0-beta.7
• 0ca8d72 docs: prepare for v6 release (#12416)
• 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
• c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
• e33d2bd fix(reload): include default scope (#12399)
• 5611ef0 build: update dependencies (#12395)
• e80501d fix(types): transactionType in Options (#12377)
• 4914367 fix(types): add clientMinMessages to Options interface (#12375)
• b71cd05 fix(query): preserve cls context for logger (#12328)
• 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
• ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
• 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
• f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
• 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
• f9e660f docs: update feature request template
• 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
• 65a9e1e fix(types): add Association into OrderItem type (#12332)
• 1b86729 docs: responsive (#12308)
• 59b8a7b fix(include): check if attributes specified for included through model (#12316)
• 6d87cc5 docs(associations): belongs to many create with through table
• a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
• 0769aea refactor: cleanup query generators (#12304)
• 4d9165b feat(postgres): native upsert (#12301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)