[Snyk] Fix for 5 vulnerabilities

[axxs]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NEDB-1305279	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sails

The new version differs by 103 commits.

• e46c83b 1.5.1
• 023319e Update version of prompt to 1.2.1 (#7202)
• ed349a1 Add note about supported versions of Postgres
• 15b43ff Merge pull request #7181 from balderdashy/update-upgrading-to-1.0-docs
• 39e34cd Update To1.0.md
• 9c821ec Add note about undefined attributes
• 799f2c0 Update README.md
• 2533f67 Fix broken link in docs
• ead0403 1.5.0
• 6199f96 Merge pull request #7172 from ElizabethForest/master
• 4bc6054 Merge pull request #7176 from sailscastshq/docs-typo-fix
• 71844d4 fix: correct misspelt waterline
• 780864e Merge pull request #7175 from jarodccrowe/master
• 72609ac going over this PR with @ mikermcneil
• b2bcf39 Add documentation regarding a breaking change in SSL connection syntax
• 384e796 Merge pull request #7174 from eltociear/patch-1
• 4a081c7 Fix typo in sails-run.js
• 8c9012c Restore Construction Type
• 869c0f3 disable no-unused-vars check
• 9747d06 add handleConstructingSessionStore to allow for more flexibility
• 0ad5947 Fix tests - avoid having mongo cause issues for later tests
• cc0820b support connect-mongo v4
• f399a2a Merge pull request #7158 from zsteinkamp/patch-1
• 1b1ca7c Small text correction

See the full diff

Package name: sails-hook-organics

The new version differs by 29 commits.

• 2858273 2.2.2
• d5492ab Merge pull request Bump eslint-utils from 1.4.0 to 1.4.2 #13 from sailshq/update-machinepack-http
• 3c1ff71 update versions used in travis tests
• 0eaac6e Update package.json
• 4ddca6e 2.2.1
• 08f39bd Merge pull request duplicate key value violates unique constraint "user_username_key" #11 from sailshq/update-async-dependency
• 6c77fae Update package.json
• b8a8c0c 2.2.0
• 14485de Merge pull request [Snyk] Fix for 2 vulnerable dependencies #10 from sailshq/mailgun
• fe6dbf8 Bring back Mailgun support
• 944f356 2.1.0
• 8770035 Add twilio support (Dashboard page not updating after adding your group #9)
• e422326 2.0.0
• a49ed8e Update available methods in README
• a1311a7 Merge pull request Bump lodash from 4.17.11 to 4.17.14 #8 from sailshq/2.0
• 1209d22 add whereToGet.url
• e9b97cb Remove mailgun parameters
• fbe7ea4 Plurals!
• 594f4b0 Fix for attachment formatting
• e7d3ba3 Update attachment format to match `sails.reservoir`
• d670f5f Remove mailgun
• 7b612ce Simplify sendgrid helper
• 6cc45c0 1.1.0
• add3f1c Update README.md

See the full diff

Package name: sails-hook-orm

The new version differs by 28 commits.

• 9cc202d 4.0.1
• ab0734f Bump up version of prompt to 1.2.1 ([Snyk] Security upgrade sails-hook-sockets from 2.0.0 to 2.0.1 #26)
• 3a6dc7e 4.0.0
• 51aef86 Merge pull request [Snyk] Security upgrade snyk from 1.425.4 to 1.465.0 #25 from balderdashy/upgrade-waterline-dependency
• 962fbeb waterline 0.14.0 -> 0.15.0
• 9c2a3c7 3.0.2
• f194253 Use strict semver range for externally maintained package
• addda7b Merge pull request Bump pug-code-gen from 2.0.2 to 2.0.3 #24 from DominusKelvin/fix-node-14-warnings
• d975de5 fix: update prompt version to fix node 14 warnings
• 775cb93 Update appveyor.yml
• 0f03d92 Update .travis.yml
• 86e431e 3.0.1
• b09072e Use sails-disk@2 out of the box
• 13c6a95 3.0.0
• 5728cbf 3.0.0-2
• b9361d6 updated defaultsTo error message (Bump lodash from 4.17.11 to 4.17.19 #20)
• a629313 Add todos about better sniffing for 'during' procedural params (.leaseConnection() and .transaction()). See https://github.com/Connection error when using PostgreSQL transactions balderdashy/sails#4573
• 64d1fb6 3.0.0-1
• 9546690 Start using waterline 0.14.0-0 prerelease
• 4c68832 3.0.0-0
• 86cdbd6 Merge pull request [Snyk] Fix for 3 vulnerable dependencies #12 from wulfsolter/patch-1
• cf1cd3e Update help-send-native-query.js
• 193eb7f Merge pull request [Snyk] Fix for 1 vulnerabilities #17 from wulfsolter/patch-2
• f46232e Merge pull request [Snyk] Security upgrade sails from 1.2.3 to 1.2.4 #18 from louistiti/fix-docs-anchor-link

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 Arbitrary Code Injection