[Snyk] Fix for 16 vulnerabilities

[ebarahona]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-6056525	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodemailer

The new version differs by 4 commits.

• eaef3b5 Merge pull request #719 from nodemailer/v3.0.0
• de5b6f6 updated license
• 652ad8e Do not use PRO in name
• 6218b8d Setup files for EUPL licensed v3.0.0

See the full diff

Package name: pm2

The new version differs by 250 commits.

• 56ee2cd pm2@4.4.0
• b73c61a bump CHANGELOG.md
• caca206 psh
• 593b43c various fixes for N14
• 42a10f4 bump @ pm2/js-api + mocharc.yml -> mocharc.js
• e41282d fixes for node 14 + shelljs
• a38b6ed bump pkg
• c667244 add node 14 to travis
• 6f704e6 Merge branch 'master' into development
• 5dfb667 pm2@4.3.1
• 9d763ed cli-table-redemption -> cli-tableau
• 3980bff bump cli-table-redemption
• 9ee8a0f pm2@4.3.0
• 956afe7 pm2@4.3.0-beta.1
• 851c44c update changelog
• 03d0b28 Merge pull request #4662 from Timic3/fix/common-module-import
• d8a6d38 bump pm2-deploy
• 4d1aedf throttle cron test
• 8fae340 bump vizion
• b097dc2 pkg.json version bump
• 7a5da59 drop date-fns
• 195eb6e drop lodash lib
• 526756d 4.3.0
• 7323438 Add .cjs (common JS) as a viable extension

See the full diff

Package name: sails-disk

The new version differs by 85 commits.

• 15faa44 1.0.0
• a2b7ee6 1.0.0-12
• 9d7118c Only set footprint keys for uniqueness violations.
• a2c2261 Add some assertions.
• a222824 Update gitignore and scripts
• 3b3c334 1.0.0-11
• cef95b4 Support updating the primary key value, as long as it's not using _id as the column.
• aad2a15 Set _id column to value of primary key when creating records.
• 333e2d1 1.0.0-10
• c8a26c5 Add shim to replicate MongoDB's behavior w/ `{ $ne: null }` and empty arrays.
• bf92cb8 1.0.0-9
• af97943 Workaround issue with projections including only `_id`
• b5b985b Relax restrictions on using `_id` column in sails disk.
• f4adfd7 Add an entry in the `refCols` dictionary for every model, so we don't have to short-circuit checks for it later
• b494fd9 In `find`, deserialize Buffer objects into `ref` attributes where possible.
• 7aaaaa4 Merge pull request #58 from balderdashy/expose-lib
• 70ead96 (whoops) Add back 0.10 and 0.12 in appveyor.yml
• beabe7a Merge pull request #57 from balderdashy/expose-lib
• 9c80187 1.0.0-8
• f7a349d Actually, don't expose the static lib. (No reason to do so, and better to not introduce something experimental if there's any chance it could make an app dependent on random stuff in a dev-only adapter)
• 2d4d97e 1.0.0-7
• f2dd761 Rename afterwards function to avoid perceived scope conflict (whether or not it'd ever actually be a big deal, this avoids any potential future scope issues from refactoring, etc).
• 4051e5e 1.0.0-6
• 250c32e Handle stray error (and a couple of other trivial changes just from when I was reading through the code)

See the full diff

Package name: sails-mongo

The new version differs by 250 commits.

• 995c476 2.0.0
• 54f03b2 Merge pull request #491 from balderdashy/pr/483
• 5fce6ff Revert "Remove .jshint"
• 72b38d1 Revert a change to a comment
• 82e1fa7 Remove links from "license" section (moved to sails docs)
• a9177b0 Remove documentation from README and link to relevant doc pages (made a separate PR to the docs adding that content)
• a9c5b35 Remove `Roadmap` section from README and move configuration options into `Compatibility` section
• 045b092 Revert "Revert "Merge pull request #489 from luislobo/patch-2""
• 6f02ce2 Revert "Temporarily revert merged PR #483"
• 4d0d2bb Merge branch 'master' into pr/483
• 384758b Temporarily revert merged PR #483
• 88b3f78 Revert "Merge pull request #489 from luislobo/patch-2"
• f2aad81 Merge pull request #489 from luislobo/patch-2
• 8c74bc1 Update CHANGELOG version
• 2b3eb9e 2.0.0-0
• d6ea6cd Merge pull request #483 from Josebaseba/master
• 6c7189d 2.0.0-0
• f78f9fc Remove comment that seems out-of-date now
• 5c06944 Merge branch 'master' into master
• 69d0cdf Update config-whitelist.constant.js
• 0df9191 Merge pull request #486 from luislobo/fix-changelog-author-links
• 7d2c991 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #1 from luislobo/upgrade-mongodb-drivers
• 2a638df Updates changelog and readme
• d0b14f6 Updates mongodb version, and makes version 1.3.0 for more safety

See the full diff

Package name: sails-mysql

The new version differs by 202 commits.

• e9ca5d0 1.0.0
• 1c8eba9 1.0.0-17
• 2384285 Same as 2cc4850eb0fc3ff58eeaef044c2b14379af1be32 but for 2 other occurrences.
• 2cc4850 Apply fix from eslint to properly pass through compileStatement() errors
• ba40d9a Update eslint
• ed86ee1 1.0.0-16
• 227e9ba Bump versions of mariadb tests-- and explicitly test node 8
• 917db33 Use mp-mysql@3 (see https://github.com/Memory leak balderdashy/sails#4264#issuecomment-353152823)
• 5e8ed7e Follow-up to 075d7590dfb5fc51ee7c3084df87261b46ea5356
• 075d759 Update machine runner to v15. (refs https://github.com/Memory leak balderdashy/sails#4264)
• 0d0503c Even better
• 6186297 Update language in config errors
• d1f0791 1.0.0-15
• d511f24 Allow `ref` type attributes to represent any object, not just Buffers.
• 3a62cf5 1.0.0-14
• b8c74aa Merge pull request #349 from balderdashy/revert-utf8mb4-default
• b98a2f0 Revert code that defaults to the `utf8mb4` character set.
• 987f467 Merge pull request #346 from balderdashy/support-emojis
• 3adc445 1.0.0-13
• 65aa28f lint fix
• 9fd09c9 1.0.0-12
• e9cbd78 Change default charset to support emojis. This also adds some comments and notes for the future.
• 6efdddc 1.0.0-11
• 056b12b use LONGTEXT by default because mysql truncates data silently

See the full diff

Package name: sails-postgresql

The new version differs by 250 commits.

• e9728fe 1.0.0
• 3ee54ac 1.0.0-13
• a2b0da4 Bump mp-postgresql version
• 0266a58 Update `.exec({...})` to `.switch({...})`
• 50a8e22 Update helpers to work w/ new machine runner
• cf3a294 Bypass `bigint` validation for auto timestamps
• b9352bd If invalid model definitions are detected, just return an error message _without_ a stack trace.
• 296f538 Coerce empty string to zero when bigint column type is in use
• 6dea61c Throw an error if `type: 'number'` is used with `columnType: 'bigint'`
• 24164da Update language in config errors
• 67aa86b 1.0.0-12
• cae9019 Stringify strings before using them as values for JSON attributes
• beb7415 1.0.0-11
• 2691491 Allow `ref` type attributes to represent any object, not just Buffers.
• bdf2b7d 1.0.0-10
• 1b34e1f use column name when parsing values
• b004869 1.0.0-9
• a4c8d2c Merge pull request #270 from balderdashy/fixes
• 8765654 bump min wl-util version
• 913cad6 key orm by identity rather than table name
• a0ae8a2 add depth validation to pre-process
• 1196975 make sure to process each record when no child statements are needed
• 2c894d2 pass true to process each record deep to show it uses column names
• 5822b3d include strategy type when building the query cache

See the full diff

Package name: sails-redis

The new version differs by 37 commits.

• 1f165fa 1.0.0
• f32fae9 remove outdated options (also it would have to be `pass` and `db` anyway)
• 0093bfb 1.0.0-0
• ed20643 Update example (.datastore() => .getDatastore())
• 266a3eb Tweak usage info.
• 957b88c Expose 'datastores' property on adapter (for use by sails-hook-orm).
• 8f9d0fc registerConnection() => registerDatastore()
• 904a73b Update metadata files, tests, and supported features/interfaces.
• 116c415 One squid is probably sufficient. (This commit also removes some awkward royal we's, adds acknowledgements, and a few other minor tweaks)
• cb18bf2 fix punctuation typo and add clarification in opening paragraph to explain why there was a change
• e72ca43 Merge pull request #105 from treelinehq/master
• d51701e Merge branch 'master' into master
• 9231fe8 Add note about how this is for v0.12 and earlier
• 3f6c29f ..actually, will wait until checking with Ryan on that
• e70e714 Update readme and remove tests. Change package name to sails-redis-lite
• 62cdf29 Deps.
• f44df1d Remove some stuff
• 5b890bb Merge branch 'master' of https://github.com/treelinehq/sails-redis
• 01041c7 setup for sails v1
• 4b841c9 Updated Readme closes #98
• 59a976a Just fixed up an issue where it wouldn't return the correct criteria
• 27a9f05 Fixed up the scheme not getting passed through
• 8c28173 Just fixed up the script
• 1491600 Just removed the database from the tests

See the full diff

Package name: sails-sqlserver

The new version differs by 21 commits.

• 5815e09 chore: version bump 2.0.1
• 2f5fd9d fix: add machinepack-mssql dependency
• 5bec31a Merge pull request [Snyk] Fix for 2 vulnerable dependencies #4 from intel/sails-v1
• e0c4b0b refactor: use WATERLINE_ADAPTER_TESTS_URL
• d72e2d7 refactor: unused/unneeded references
• 36747d6 feat: support for sails-v1
• 726ecdf chore: add .npmrc to .gitignore
• 0cc307f major version update
• 655da19 feat: update dependencies and improve join performance
• 71a6291 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #1 from jkeczan/master
• a94851c Merge pull request [Snyk] Fix for 1 vulnerable dependencies #3 from peoplewareDo/master
• c2a8582 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #2 from kdelmonte/master
• dbc4d96 fixed insert returning wrong id
• f693b74 update mssql v4.0.1 dependency
• 789d1de Fix issue were insert would break if the PK was a GUID due to the adapter adding an SET IDENTITY_INSERT clause which should only be used with integer PKs
• f764cfb Merge pull request [Snyk] Fix for 1 vulnerabilities #21 from RubiconInternational/master
• 5068798 Merge pull request [Snyk] Security upgrade yargs from 6.6.0 to 10.0.0 #28 from keeganmccallum/master
• 5587101 Allow using the meta "schemaName" property to override schema
• b420eee Merge pull request [Snyk] Security upgrade nodemailer from 2.7.2 to 6.4.16 #23 from some-say/master
• d120f0b issue orm fail when kill sails.js
• 53bdeaa fix issue with string literal values not prepended with 'N' before the delimeter, which is imperative for unicode values

See the full diff

Package name: waterline

The new version differs by 250 commits.

• 2c5ec51 0.13.1
• 8156b23 Fixes https://github.com/Decryption doesn't work for records created with Model.findOrCreate method balderdashy/sails#4302#issuecomment-363883885
• 9a32b31 Add note re https://github.com/Decryption doesn't work for records created with Model.findOrCreate method balderdashy/sails#4302#issuecomment-363883885
• 858fe59 Update LICENSE.md
• 0a93d56 Make toJSON overridable to avoid confusing behavior in userland code.
• 47ffea6 update to use `await` and include subtle link to manifesto
• f6313b4 force bump deps to ensure latest anchor
• c2ff1ca Lint fix, and take care of a documentation todo
• 76dab58 Update eslint dep to 4, and update eslintrc.
• e704ffb Force bump to latest parley.
• 86bccd6 0.13.1-9
• 1d0878d Tolerate non-Errors to allow for special exit signals and compatibility with other flow control paradigms.
• 13a64fc Take care of unhandled promise rejections in .stream() iteratees (fixes https://trello.com/c/5JGI0c66)
• 3311327 Enhance error message
• 1d747f6 Fix typos
• 27f472c Same as https://github.com/node-machine/machine/commit/8c4c2d81005959876406510b34bc9df6bcf19f5f
• 7d809e5 Minor tweak to error msg
• 7c71dbe Don't apply `omit` criteria to join tables
• d2cc874 0.13.1-8
• 7aca522 Attempt at doing https://github.com/[patch] Use Node version check to determine whether to process encryption options for each model balderdashy/waterline#1532/files with a slightly smaller change footprint (#1533)
• fb8a1e4 Tweak previous commit to ensure a good error msg is shown
• 5aa605a Attempt at doing https://github.com/[patch] Use Node version check to determine whether to process encryption options for each model balderdashy/waterline#1532/files with a slightly smaller change footprint
• 52e61bc 0.13.1-7
• 6efcda1 Improve error message about bad pk type, particularly for users of mongo/rethink/etc. (https://trello.com/c/x6VSjZbc)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection