[Snyk] Fix for 14 vulnerabilities

[debrupishere]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/storage

The new version differs by 250 commits.

• 6161c63 chore: release 5.17.0 (Improvements/outgoing hooks RocketChat/Rocket.Chat#1744)
• 97edb9a sample: add turbo replication samples (RocketChat.Info is not available on local dev build RocketChat/Rocket.Chat#1618)
• 809bf11 fix: remove compodoc dev dependency (Suggestion: Allow screen sharing, even when camera/mic not available RocketChat/Rocket.Chat#1745)
• 291e6ef feat: add support for rpo (turbo replication) metadata field when cre… (first user was not made admin RocketChat/Rocket.Chat#1648)
• 437d400 chore(deps): gcs-resumable-upload migration (Can't connect to custom deployed using Desktop or mobile apps RocketChat/Rocket.Chat#1736)
• 00392a4 chore: add api_shortname and library_type to repo metadata (rocket.chat-v.latest.tgz: 404 Not Found  RocketChat/Rocket.Chat#1737)
• 9758632 docs(badges): tweak badge to use new preview/stable language (How can i help with translate? RocketChat/Rocket.Chat#1314) (adjust tgz filename RocketChat/Rocket.Chat#1739)
• 552ebef docs(node): support "stable"/"preview" release level (Channel protected by password? RocketChat/Rocket.Chat#1312) (adjust tgz filename RocketChat/Rocket.Chat#1738)
• 42f4207 chore(deps): update dependency @ types/tmp to v0.2.3 (Livechat department improvements and queue RocketChat/Rocket.Chat#1734)
• 2aad922 samples: Delete setPublicAccessPreventionUnspecified.js (Mail messages RocketChat/Rocket.Chat#1733)
• 257f771 samples: download byte range (#1732)
• 29f91cb samples: added samples for upload from / download into memory (Sensitive server data exposed for non logged in users. RocketChat/Rocket.Chat#1731)
• 8ecb70e build: add generated samples to .eslintignore (Crash when pasting an "empty" clipboard RocketChat/Rocket.Chat#1730)
• 1457404 chore: create interfaces for conformance test API results (#1728)
• 09af838 chore: release 5.16.1 (fix URL RocketChat/Rocket.Chat#1717)
• 2c2510a chore: address lint issues (Attachment View in Browser RocketChat/Rocket.Chat#1726)
• 6490abf Revert "fix: revert skip validation (Multi-level messaging RocketChat/Rocket.Chat#1718)" (Searching for an invalid RegExp shows UNDEFINED RocketChat/Rocket.Chat#1721)
• db4e2df samples: upload without authentication (Option to switch menu's position RocketChat/Rocket.Chat#1711)
• d77979b fix: stop File.download from truncating output file on failure (Created and pushed by LingoHub. RocketChat/Rocket.Chat#1720)
• 0c75e33 fix: revert skip validation (Multi-level messaging RocketChat/Rocket.Chat#1718)
• c365254 fix: change properties with function value to methods (update RocketChat/Rocket.Chat#1715)
• 669a34d chore(deps): update gcs-resumable-upload to ^3.6.0 (Maybe use control-mergebox instead of meteor-streams RocketChat/Rocket.Chat#1710)
• 9018e17 chore: release 5.16.0 (Duplicate mentions. RocketChat/Rocket.Chat#1709)
• 50cdbb6 feat: improved error messages for resumable uploads (Settings for server default language  RocketChat/Rocket.Chat#1708)

See the full diff

Package name: juice

The new version differs by 37 commits.

• a628051 v7.0.0
• 5d89c6e Merge pull request Migrating flow-router into 2.0 RocketChat/Rocket.Chat#368 from TrySound/upgrade-web-resource-inliner
• ef3a266 Merge pull request Scalable File Sharing RocketChat/Rocket.Chat#369 from TrySound/published-files
• 335ed19 Publish only necessary files in package
• 3ec34d3 Upgrade web-resource-inliner
• 56e8fbc Merge pull request Images are not showing in lan RocketChat/Rocket.Chat#367 from TrySound/upgrade-commander
• 1dac1f4 Upgrade commander
• 1f82379 Merge pull request Latest code is not working with IE 11 RocketChat/Rocket.Chat#366 from TrySound/upgrade-cheerio
• 4178da6 Upgrade typescript
• 0ea9842 Upgrade to cheerio v1
• ec41c65 Merge pull request Verify Account with phone number RocketChat/Rocket.Chat#352 from hansottowirtz/support-htmlparser2
• f55f820 Merge pull request Sort of users in view RocketChat/Rocket.Chat#364 from TrySound/drop-deep-extend
• 7116879 Replace deep-extend with nested Object.assign
• 879e34c Merge pull request Add External Chat Window RocketChat/Rocket.Chat#363 from TrySound/unused-inliner-options
• 8899cd7 Merge pull request Allow to paste images from clipboard RocketChat/Rocket.Chat#365 from TrySound/object-assign
• 0765875 Merge pull request Upload RocketChat/Rocket.Chat#362 from TrySound/cross-spawn-dev
• d08b1ed Replace custom extend utility with native Object.assign
• fb22fc0 Drop unused cssmin and uglify options from cli
• f3307de Move cross-spawn to dev dependencies
• 49b5412 Merge pull request Implement REST-full API RocketChat/Rocket.Chat#349 from ArsenyYankovsky/master
• 0ce3da7 Merge pull request fix prob when room id is not valid RocketChat/Rocket.Chat#360 from nekocode/fix-empty-tag
• 990f0dd Merge pull request Room isolation RocketChat/Rocket.Chat#353 from asztal/patch-1
• 35d9a9d fix Fix message deletion and fix render of previous message RocketChat/Rocket.Chat#359
• 6963fe6 Add changelog entry for v6.0.0

See the full diff

Package name: node-gcm

The new version differs by 44 commits.

• c6b9eab Restore old dependency versions in package-lock.json (Disable e-mail verification RocketChat/Rocket.Chat#373)
• 42afc1b Replace request with axios (SMTP settings RocketChat/Rocket.Chat#372) (thanks @ pmb-cl)
• d5cfe6a README: Update instructions on obtaining FCM Server Key (Migrating flow-router into 2.0 RocketChat/Rocket.Chat#368)
• e034e7d ci: improve node job names (Add External Chat Window RocketChat/Rocket.Chat#363)
• 46f03d7 ci: add CI tests (Latest RocketChat (demo) don't work in IE11 RocketChat/Rocket.Chat#361)
• 924a4f8 fix prob when room id is not valid RocketChat/Rocket.Chat#360: Improve code sample for unregistered device token detection
• a4df9a3 Fix Improve view to change avatar RocketChat/Rocket.Chat#358: rectify coding mistake in failedTokens snippets
• 345392c 1.0.5
• f268b8b Room isolation RocketChat/Rocket.Chat#353: npm audit: update vulnerable dependencies
• 31e89bd 1.0.4
• 72a883f Merge pull request Implement REST-full API RocketChat/Rocket.Chat#349 from marneborn/upgrade-request
• dc80fc5 Merge pull request show offline users RocketChat/Rocket.Chat#337 from yog27ray/internalServer
• 29bb027 upgrade lodash
• 2b82cac use request@2.88.0
• 4bec224 1.0.3
• cbb1115 1.0.2
• 6d0bcc6 Merge pull request Allow scrolling user status sidebar when screen height is too small RocketChat/Rocket.Chat#345 from pertu/allow-uri-override
• fcb8d8c Move options.uri to overridable section
• 6c77b95 Add unit tests for uri override
• 2390554 Fix package.json: remove trailing comma in contributor list
• 456b0de README: Fix formatting of `fcm_options` param doc
• db66259 Merge pull request Case insensitive username RocketChat/Rocket.Chat#342 from SpellChucker/add-fcm-options-message
• e435347 Fix syntax of link
• 859625a Update README with usage

See the full diff

Package name: turndown

The new version differs by 15 commits.

• 4e36b45 6.0.0
• 9026414 5.1.0
• bc23db7 Update acorn for https://npmjs.com/advisories/1488
• b9898b7 Update travis node version
• 1559f32 Update to latest rollup (+ plugins) versions
• 73a7539 Target new versions of node
• 166a41a Update jsdom to v16 to fix potential security vulnerabilities
• 0b5d4d5 Merge pull request Fix minor bugs in irc plugin. RocketChat/Rocket.Chat#302 from fredck/t/domchristie/turndown/300
• e5bd9f8 Use the repeat utility function for consistency.
• d1ee0ac Simplified the fence character sniffing.
• 99b0516 Minor stylistic fixes.
• 8e072d2 Fixed the wrong trimming of line break at at the start of code blocks.
• a24c58b Fixed multiple ticks/tildes inside code blocks.
• cae7098 Merge pull request add Video Chat HD and fullscreen modes for web-rtc #115 RocketChat/Rocket.Chat#281 from kevindew/vanishing-or-duplicating-spacing
• b73068c Consistently handle inline elements with spaces

See the full diff

Package name: webdav

The new version differs by 152 commits.

• 30850ad 4.0.0
• b262b2c Prepare v4.0.0
• 480dfff Audit dependencies
• 98f2af5 4.0.0-r01
• 6d47049 Merge pull request Cleanup in master RocketChat/Rocket.Chat#234 from perry-mitchell/typescript
• 85e9fae Update other dependencies
• 5188ad4 Update deps, format files
• bb6cc02 Merge branch 'typescript' of github.com:perry-mitchell/webdav-client into typescript
• a6a7c16 Update fast-xml-parser
• 862543d Document client options
• 6205d19 Merge branch 'master' into typescript
• 655032a Update readme docs
• 3673df7 Rebuild documentation
• e62706f Remove old source, move typescript to ./source
• 0cbd5d0 Remove old tests
• 347b4a4 Add auth tests
• bb75105 Add digest auth test
• f6fe032 Configure Chrome for Travis
• f1dbeca Add more web tests
• b25ed53 Add exists tests for web
• 9ec69e4 Setup web tests
• b5f15a8 Add getFileUploadLink
• 66892ce Add putFileContents tests
• 7dff381 Add putFileContents

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn