[Snyk] Fix for 19 vulnerabilities

[kumpulanremaja]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: instagram-private-api

The new version differs by 247 commits.

• 48230a2 0.10.1
• 4747bcd Temporary fix build issue by removing Request.send type
• 03efa8f Update typescript to 3.4.1
• e0ef830 0.10.0
• b39ab29 Merge pull request #691 from zzarcon/convert_all_typescript
• 80b8b3e (Request) specify send method returns Bluebird<any>
• ec3620c Merge branch 'master' into pull/691
• 404b720 (Prettier) add pre-commit hook
• 86ef2a3 (Prettier) add script to package.json
• ba56dd4 (Prettier) reformat /src folder
• c14ad5d Fix 'redundant character escape' warning using inspection
• af8b735 (Media) specify Session type for arguments to remove `unused value` warning for `device.payload`
• 809eea6 Remove default exports
• 16138d0 0.9.2
• 1a17299 (Request) fix bigint-detection regexp to consider negative values
• e95b747 Remove not used variables
• 85ebc45 Migrate to es6 modules
• b759053 Fix Travis
• a1e73df Fix missing TS issues
• 2d8a4d1 0.9.1
• c8026df Remove image-diff library and test on uploading profile picture
• 599badb Merge remote-tracking branch 'origin/master' into rxjs-integration
• 1b69078 (tsconfig) target es2017
• 1c80237 (tsconfig) lib: es7, esModuleInterop: false

See the full diff

Package name: request-promise

The new version differs by 28 commits.

• 4bc186d Version 4.2.6
• 4c7d51d chore: bumped request-promise-core due to security vulnerability of lodash
• f364ee4 docs: reference to request deprecation and alternative libs
• 873d156 Merge pull request #341 from shisama/patch-1
• 052331d docs: deprecate this package
• b4dafe4 docs: fixed link
• fd52247 Version 4.2.5
• a27ba86 chore: updated request-promise-core that updates lodash
• 4e3b7ed Version 4.2.4
• 94be6fe fix: tough-cookie version
• 03f7030 chore: updated publish-please config
• d831905 Version 4.2.3 (now really)
• 37e8773 fix: updated indirect lodash dependency to fix security vulnerability
• 229225e Version 4.2.3
• 4f27097 chore: fix ci build for node v8+
• c535eb6 Merge pull request #299 from aomdoa/fixToughCookieDep
• 488947b Merge branch 'master' into fixToughCookieDep
• 131abd7 fix: breaking change in tough-cookie v3
• b454ddc chore: added node 8 and 10 to ci build
• 6d11ddc fix: typo
• 3a136ea Merge pull request #303 from lexjacobs/patch-1
• 5e32191 docs: mention of wrapped request errors
• 2ac4f3e Update rp.js
• 1457338 Workaround on the cookie processing test.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn