[Snyk] Fix for 25 vulnerabilities

[RoshanRajapakse]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • engines/bastion/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	651/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANGULAR-2772735	Yes	Mature
	531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-2949781	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANGULAR-3373044	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANGULAR-3373045	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANGULAR-3373046	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: angular-patternfly

The new version differs by 250 commits.

• 3a75254 Merge branch '_bump-v4.3.0-local' into master-dist
• 136d1ba Added files generated by Travis build
• 4ccc15b Bumped version number to 4.3.0
• f029f3f Merge branch 'master-local' into master-dist
• ddec98f Added files generated by Travis build
• 9d45c6c Updated patternfly-eng-release version (code cleanup - class Bytes is not used Katello/katello#553)
• d35e2c3 Merge branch 'master-local' into master-dist
• 25d30a1 Added files generated by Travis build
• a0dd2b4 Merge branch 'master-local' into master-dist
• 64c2d2d Added files generated by Travis build
• f2fbdab Fix draw-expand/drawExpand to drawer-expand/drawerExpand (834013 - return releaseVer as part of consumer json Katello/katello#551)
• b7779a1 Fix notification drawer accordion panel sizing (831664 - Repository sync failures not displaying detailed error in Notices Katello/katello#548)
• 090cdd7 Merge branch 'master-local' into master-dist
• 6691304 Added files generated by Travis build
• 884021d Merge pull request some codestyle fixes, plus two errors Katello/katello#547 from jeff-phillips-18/wizard
• a6bf5f5 Update wizard button components to fix minify/mangle issue
• 061450d Merge branch 'master-local' into master-dist
• 96a5c43 Added files generated by Travis build
• 9742960 Merge pull request 847115 - Extend scroll bug on content tab, with > 50 subscriptions only ... Katello/katello#540 from dtaylor113/pfFilterPanel
• 7cdf406 pfFilterPanel
• 4e5c81a Merge branch 'master-local' into master-dist
• e469667 Added files generated by Travis build
• a3dc2c9 Added a travis config to set the .npmrc file (841857 - fixing LDAP logins in katello mode Katello/katello#535)
• e4e0756 Merge branch 'master-local' into master-dist

See the full diff

Package name: karma

The new version differs by 250 commits.

• 1b48637 chore(release): 5.0.0 [skip ci]
• a5dbe89 Update issue templates (Add subscription totals portlet to the dashboard Katello/katello#3460)
• 1074f38 chore(ci): rely on karma-runnre/integration-tests for saucelabs config (updates for v2 API and ping controller Katello/katello#3462)
• 4d45cf0 chore(ci): remove more old connection security stuffs (Removing Travis configs and scripts as we rely on the Foreman CI infrast... Katello/katello#3459)
• be76fcc chore(ci): use travis UI for sauce config (Engine: Fixes font pathing issues within RCUE library. Katello/katello#3458)
• a04a542 chore(ci): remove secure encryption var (Engine: Fixing lint problems Katello/katello#3457)
• 1eaf35e fix: install semantic-release as a regular dev dependency (fixes #3454 - changing default in UI to publish via http Katello/katello#3455)
• 0647109 docs: Fix simple typo, overriden -> overridden (PR: Request merge of engine branch to master Katello/katello#3453)
• ec1e69a fix(server): replace optimist on yargs lib (Engine: Fixes font pathing issues within RCUE library. Katello/katello#3451)
• ffad7fa refactor(launcher): use class syntax (Engine: moving delta_systems.rabl to the correct place Katello/katello#3437)
• 7166ce2 fix(server): detection new MS Edge Chromium (Adding temporary custom replacement for ruport Katello/katello#3440)
• b8b2ed8 fix(ci): echo travis env that gates release after_success ([DO NOT MERGE] Engine: Adding basic Foreman plugin definition. Katello/katello#3446)
• 33a069f refactor: use native Promise instead of Bluebird (Updating katello engine installation documentation. Katello/katello#3436)
• 131d154 refactor: drop safe-buffer dependency in favor of native Buffer (updates for v2 API and ping controller Katello/katello#3438)
• cb1bcbf fix(server): cleanup import of the removed method (Bastion: fixing issue with template URLs post engine. Katello/katello#3439)
• 5c334f5 fix(server): createPreprocessor was removed (Engine: include only needed sub-engine files Katello/katello#3435)
• d7128d4 refactor(server): remove PromiseContainer class (Bastion: replacing tipsy with bootstrap 3 tooltips. Katello/katello#3416)
• 057d527 feat(docs): document `DEFAULT_LISTEN_ADDR` constant (Bastion: Updating forms to Bootstrap3 styling and encapsulating the Katello/katello#3443)
• a673aa8 ci: drop node 8, adopt node 12 (Engine: Adding request interceptor to allow JS tests to pass Katello/katello#3430)
• 9eb6436 chore(server): Convert PromiseContainer to object and remove (Bastion: making non-required labels black, fixes #3400. Katello/katello#3401)
• 0856234 chore(travis): release on node 10 success (Bastion: Fixes issue with table headers not being frozen on initial Katello/katello#3428)
• 708ae13 feat(preprocessor): obey Pattern.isBinary when set (Add Dynflow development and production mode Katello/katello#3422)
• 00d536f chore(test): logLevel debug in proxy test (Bastion: Fixing issue where previously upgraded angular libraries were Katello/katello#3427)
• da9d8bd chore(docs): delete PULL_REQUEST_TEMPLATE.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn