[Snyk] Fix for 9 vulnerabilities

[john-goldsmith]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: json-api-serializer

The new version differs by 13 commits.

• 4ddf2d8 2.5.0
• 841b93e Add browser support
• f99b2c0 Add browser-support (Update pg to the latest version 🚀 #75)
• a8244cf 2.4.2
• b27783e Fix preventing circular relationships. (Update json-api-serializer to the latest version 🚀 #108)
• 08c7e38 2.4.1
• a7b4e88 prevent circular deserialization (Update cz-conventional-changelog to the latest version 🚀 #107)
• 9de7a78 2.4.0
• d7815de feat: serialization/deserialization hooks (Update aws-sdk to the latest version 🚀 #105)
• 4452605 fix deserialize an included relationship with `alternativeKey`
• eb8127a remove node 8 from travis build, prettier@2.0.0 doesn't support it anymore
• 5750170 add default error class name into 'title' field of JSON API errors
• da9f73e update dependencies

See the full diff

Package name: node-vault

The new version differs by 123 commits.

• e709b04 0.10.0
• 9b6a076 0.9.23-canary.4
• 28d5f9d 0.9.23-canary.3
• a4a935d chore: fixing version extraction for releases
• 1d6e65b 0.9.23-canary.2
• efba4b7 new: release will now create GH release
• 7938ef5 0.9.23-canary.1
• 7bcf82c 0.9.22-canary.0
• cc2b586 chore: fixing workflow permissions
• b1ac54f chore: fixing ssh access
• 468cc8b chore: updated job name
• ed4cc2b fix: Updated permissions for release job
• 50b912a chore: update job name for release
• 081c5e5 new: automation for package release to NPM
• 877f591 Replace request with postman-request
• 4c7b0c2 Merge pull request [Snyk] Security upgrade nodemailer from 6.4.2 to 6.9.9 #236 from nodevault/chore/better-codecov
• 8c5a08b chore: better codecov usage
• 098cb0a Merge pull request [Snyk] Security upgrade pm2 from 4.2.1 to 4.5.6 #232 from orgads/test-images
• 1c2b76a Merge branch 'master' into test-images
• 04cc618 Fixing a typo in action from [Snyk] Security upgrade pm2 from 4.2.1 to 4.5.6 #233 ([Snyk] Security upgrade pm2 from 4.2.1 to 5.3.1 #235)
• ac25b18 Merge branch 'master' into chore/fix-action-type
• 8b5d985 Bump word-wrap from 1.2.3 to 1.2.4 ([Snyk] Security upgrade pm2 from 4.2.1 to 4.4.0 #234)
• e3fb47e chore: typos in readme, permissions in actions and actions upgrade ([Snyk] Security upgrade pm2 from 4.2.1 to 4.5.6 #233)
• 1605c2a Merge branch 'master' into test-images

See the full diff

Package name: pm2

The new version differs by 134 commits.

• 1d81757 pm2@4.5.6
• a6a52dc pm2@4.5.5
• 5e18920 pm2@4.5.4
• b743ce0 pm2@4.5.3
• 88b5ab4 pm2@4.5.2
• cc9714c bump copyright years
• 64f8ea0 pm2@4.5.1
• c0372a8 prepare 4.5.1
• 56ffa13 upgrade debug
• 452cc85 upgrade systeminformation
• f376825 feat: restore --sort option on pm2 ls #4536
• 2f61ddb fix: cron-restart in cluster mode + alias --cron to --cron-restart fix #4834 #4733 #4307 #4834
• 0b56e72 Merge branch 'master' into development
• 2ba6dff Merge pull request #4892 from AdamMajer/fix_npm7_devel
• f830d5f Merge pull request #4897 from Glyphack/patch-2
• d13e4a3 test against Node 15.x
• 94615fb Update systeminformation package to 4.27.11
• 25b7ccd tests: fix tests with npm7
• 73a4eaf [ci skip] bump readme
• 49f1871 pm2@4.5.0
• 3e004dc add udp client/server example + fix typo
• 310d68d pm2@4.5.0 - testing phase
• 7f11906 Merge pull request #4681 from guard43ru/development
• 108ddea Merge pull request #4741 from getsnoopy/fix-unit-test-script

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn