[Snyk] Fix for 1 vulnerabilities

[abhijitkane]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-QS-3153490	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sails

The new version differs by 250 commits.

• 6d775fc 0.12.12
• b21974a 0.12.12-3
• b3d8fd8 Ditch Lodash chaining in blueprints hook.
• 18fb8a0 0.12.12-2
• bdcce2f Update changelog
• b13c078 Crank up that saltiness -- thanks @ Plazmaz! (Note: This only affects apps which explicitly do not provide their own session secret. In production, this is always accompanied by a warning message regardless.)
• 8c7234d Use @ sailshq/express
• 29f983d Bump skipper version
• 0d0f58f Remove Waterline dependency, and set sails-hook-orm dep back to 1.0.9.
• db68dd6 prerelease with waterline update
• 0ce0d86 0.12.11
• 0f938d8 Update CHANGELOG.md.
• 0cf841a 0.12.11-1
• 5232d6a Merge pull request #3902 from Hiro-Nakamura/0.12
• 7129304 fix mis typed variable names in badLocalDependency()
• 31da115 Add 0.12.11 to changelog
• 6e029ed 0.12.11-0
• 4bfa025 pesky little bugger
• ea842a3 lodash->sailshq/lodash to pick up the _.isFunction() I backported from JDs patch in Lodash 4. (see https://github.com/isFunction() fails on async function lodash/lodash#2768)
• e5ae9ba Bump lodash version in package.json.
• d37ee13 Remove individual per-method lodash deps (this is already done on v1.0, just backportin')
• 223567c rebase https://github.com/balderdashy/sails/commit/aa4594fa21259b3a7482ae85ef5358c724c41b95
• ec6be74 0.12.10
• c97014f Bump s-h-sockets SVR to avoid relying on a prerelease build

See the full diff

Package name: supertest

The new version differs by 33 commits.

• 054ad57 Prepare for 2.0.0 release.
• 7ca0574 Upgrade superagent to 2.x (#347)
• 7d35f22 Change 'super-agent' to 'superagent' in Readme. (#343)
• d0c1457 Fix eslint checks .pem (#331)
• 076ce21 Fix typo on line 74 (#330)
• a920af5 MISC Update dev deps, small updates to README.
• 25665c0 Fix readme for .expect(fn), fixes #253 (#262)
• 480b9bb Merge pull request #324 from visionmedia/eslint-refactor
• af3c013 Slight cleanup to esline rules. Remove some overrides, refactor logic in _assertHeader function.
• 1849094 Refactor source code to use eslint with airbnb legacy rules.
• ecced93 Merge pull request #318 from oskarcieslik/patch-1
• a1533e5 Changed example with cookie-parser
• f4efb75 Prepare release 1.2.0
• bea0c80 Merge pull request #286 from alekbarszczewski/redirects-fix
• 96abafa Merge pull request #223 from dougwilson/Windows_tests
• c56f1ca Merge pull request #313 from visionmedia/issue_312
• 0583e3b Merge pull request #302 from andyburke/update_superagent
• 088a26d Update to latest superagent
• d72e47f #312 Update engines field in package.json
• f510f27 Fix #312 Update Travis config.
• 1a301b5 Fix typo in README example
• 386cf31 Merge pull request #292 from morganherlocker/express4-docs
• acf3c42 Update to latest superagent which has a fixed cookiejar.
• b011791 update README to express@4.x.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution