[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/currencyservice/package.json
  • src/currencyservice/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/profiler

The new version differs by 22 commits.

• f2807b7 chore: release 4.1.3 (chore(deps): update dependency org.apache.logging.log4j:log4j-core to v2.17.2 GoogleCloudPlatform/microservices-demo#755)
• fc48f9a fix(deps): update dependency pprof to v3.2.0 (chore(deps): update dependency google-api-core to v1.31.5 GoogleCloudPlatform/microservices-demo#754)
• 79a3d50 chore(deps): update dependency @ types/tmp to v0.2.1 (chore(deps): update dependency geventhttpclient to v1.5.3 - autoclosed GoogleCloudPlatform/microservices-demo#753)
• 26d7439 build: auto-approve renovate-bot PRs for minor updates (Use /kustomize/ in /terraform/ GoogleCloudPlatform/microservices-demo#1145) (chore(deps): update dependency gcr.io/k8s-skaffold/skaffold to v0.41.0 GoogleCloudPlatform/microservices-demo#752)
• b038650 build(node): do not throw on deprecation (chore(deps): update dependency google-api-python-client to v2.64.0 GoogleCloudPlatform/microservices-demo#1140) (chore(deps): update dependency configargparse to v1.5.3 GoogleCloudPlatform/microservices-demo#751)
• b740c06 build(node): don't throw on deprecation in unit tests (chore(deps): update dependency cachetools to v4.2.4 GoogleCloudPlatform/microservices-demo#749)
• c3adca7 chore: clean npm cache on package installations (fix(deps): update module github.com/google/go-cmp to v0.5.7 GoogleCloudPlatform/microservices-demo#748)
• 95f61fc build: remove errant comma (fix(deps): update dependency com.google.api.grpc:proto-google-common-protos to v2.9.4 GoogleCloudPlatform/microservices-demo#1113) (fix(deps): update dependency async to v3.2.3 GoogleCloudPlatform/microservices-demo#747)
• ed4003c chore(nodejs): remove api-extractor dependencies (fix(deps): update dependency @google-cloud/trace-agent to v5.1.6 GoogleCloudPlatform/microservices-demo#746)
• 3569ca2 build: add auto-approve to Node libraries (cartservice - Grpc.AspNetCore 2.49.0 GoogleCloudPlatform/microservices-demo#1100) (fix(deps): update golang.org/x/net commit hash to 27dd868 GoogleCloudPlatform/microservices-demo#745)
• a23829b chore(nodejs): use cloud-rad publication process (chore(deps): update dependency protobuf to v3.20.3 GoogleCloudPlatform/microservices-demo#1112) (fix(deps): update dependency @google-cloud/profiler to v4.1.7 GoogleCloudPlatform/microservices-demo#744)
• fbce773 chore: Report warning on `.github/workflows/ci.yaml` (chore(deps): update dependency urllib3 to v1.26.8 GoogleCloudPlatform/microservices-demo#742)
• cd983f4 chore(deps): update dependency sinon to v11 (chore: update doc for instrument #738 GoogleCloudPlatform/microservices-demo#739)
• e5b8626 chore(deps): update dependency @ types/node to v14 (The doc of GCP Instrumentation is out of date GoogleCloudPlatform/microservices-demo#738)
• 776916e chore: migrate to owl bot (chore(deps): update dependency msgpack to v1.0.3 GoogleCloudPlatform/microservices-demo#737)
• df22483 chore: release 4.1.2 (chore(deps): update dependency google-api-python-client to v1.12.10 GoogleCloudPlatform/microservices-demo#734)
• 33abbeb fix(deps): update dependency protobufjs to ~6.11.0 (chore(deps): update dependency golang to v1.17.7 GoogleCloudPlatform/microservices-demo#733)
• bb51a1a chore: add SECURITY.md (chore(deps): update dependency cachetools to v4.2.4 pt2 GoogleCloudPlatform/microservices-demo#730)
• ba96e49 fix(deps): update dependency pprof to v3.1.0 (chore(deps): update dependency charset-normalizer to v2.0.12 GoogleCloudPlatform/microservices-demo#731)
• 1086dd5 build: warn uses when they edit auto-generated files (chore(deps): update dependency flask to v1.1.4 GoogleCloudPlatform/microservices-demo#732)
• aaf1e6c chore: regenerate common templates (Dependency Dashboard GoogleCloudPlatform/microservices-demo#728)
• d372427 chore(deps): update dependency sinon to v10 (chore(deps): pin dependency semistandard to 16.0.1 GoogleCloudPlatform/microservices-demo#726)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution