[Snyk] Fix for 1 vulnerabilities

[freezy]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: elastic-apm-node

The new version differs by 250 commits.

• dcc85f3 fix: build of Lambda layer broke in CI (#2724)
• fe303b6 3.34.0 (#2723)
• 54d89ca fix: get context back for composite spans (#2716)
• d919faf chore(deps-dev): bump koa-bodyparser from 3.2.0 to 4.3.0 (#2717)
• 4abdd30 chore(deps-dev): bump @ babel/core from 7.17.10 to 7.18.0 (#2719)
• dabdf58 chore: enable dependabot version updates (#2710)
• e8ab8c6 synchronize json schema specs (#2713)
• 10c287a feat: add span links to AWS SQS ReceiveMessage spans for messages with a traceparent (#2706)
• 101f905 chore: deprecate 'jade' package instrumentation (#2711)
• 2e076a4 feat: Add support for tedious v10 to v14 (#2705)
• 3c4e18d feat: span statistics -- ensure dropped span objects are still created (#2694)
• 4019c99 fix: span compression handling could crash on a span without a set parent span (#2701)
• 07b30a9 chore: update wait-on dev dep to reduce deprecation warnings on install (#2700)
• cdb988d synchronize json schema specs (#2704)
• 27588b7 chore(deps-dev): bump pug from 2.0.4 to 3.0.1 (#2690)
• 99c12e8 chore: deprecate 'hapi' package instrumentation (#2698)
• 9f380d0 refactor: RunContext.exitSpan() -> .leaveSpan() (#2703)
• 558dae3 synchronize json schema specs (#2702)
• 7cd1b90 feat: add "nodejs16.x" lambda runtime to our compatible runtimes (#2697)
• 01154f3 add traceContinuationStrategy config option; add Span Links API (#2692)
• 5b6b8a9 test: skip mysql2@2.2.3 in TAV tests to workaround npm v6 install issue with github deps (#2696)
• 112a13c test: fix running benchmarks (#2693)
• 8b6c11a feat: setRecorded for traceparent/tracecontext (#2687)
• a289d44 chore: start using package-lock.json for repeatable Lambda Layer builds (#2627)

See the full diff

Package name: raygun

The new version differs by 25 commits.

• 531e5e0 Merge pull request #82 from MindscapeHQ/sh/bump-version
• 1ce045c Bump version to 0.10.2
• 022706d Merge pull request Add mod preferences #81 from MindscapeHQ/sh/update-changelog
• 5232075 Update changelog for v0.10.2
• 9bc5a2b Merge pull request Add events logs to write operations #76 from MindscapeHQ/aj/bug-fix-error-opening-files/cr-75
• 0a14321 Remove yarn.lock, add yarn.lock to gitignore, remove version 0 of nodejs from yml
• ac5c91c Add version 0 of node
• 6f0a774 Revert "Remove yarn.lock file"
• a40d1af Remove yarn.lock file
• d147f90 Change before_install to before_script, trial npm instead of yarn
• eaaf3dd Re-order travis.yml
• cc8e361 Change yarn version back to 1.12.3
• c9ece8b Whoops - revert back to 1.94 first
• 79b5326 Update yarn version to 1.12.3-1
• eedb880 Update version of node to latest
• f665bac Change version to yarn 1.9.4
• 0afd405 Add before install commands
• 247bf10 Add latest version of node to travis.yml
• 842120e Remove locked package.json file
• d8a984e Rebase branch
• a4e69e2 Merge branch 'master' of https://github.com/MindscapeHQ/raygun4node into aj/bug-fix-error-opening-files/cr-75
• b0acfd1 Merge pull request Add mod relations #75 from Liath/issue72
• f715b1e Change jshint to working syntax and add file to ignore node_modules and examples
• b99e21a Bump ejs to 2.5.5 in express sample to fix security issue

See the full diff

Package name: sharp

The new version differs by 229 commits.

• 1ff84b2 Release v0.29.3
• 97655d2 Bump deps
• d10d7b0 Docs: remove duplicate entry for mbklein (#2971)
• 2ffdae2 Docs: changelog and credit for #2952
• 342de36 Impute TIFF xres/yres from withMetadata({density})
• b33231d Ensure correct dimensions when contain 1px image #2951
• 319db21 Release v0.29.2
• d359331 Remove animation props from single page images #2890
• 7ae1513 Bump devDeps
• 648a1e0 Throw error rather than exit for invalid binaries #2931
• b9f211f Docs: changelog for #2918
• e475d9e Improve error message on Windows for version conflict (#2918)
• f37ca82 Bump deps
• 1dd4be6 Add timeout function to limit processing time
• 197d4cf Docs: changelog and credit for #2893
• 83eed86 Docs: clarify prebuilt libc support on ARMv6/v7
• bbf612c Replace use of deprecated util.inherits
• 2679bb5 Allow use of 'tif' to select TIFF output (#2893)
• 481e350 Ensure 'versions' is populated from vendored libvips
• 50c7a08 Release v0.29.1
• 9a0bb60 Bump deps
• deb5d81 Docs: changelog entries for #2878 #2879
• 916b04d Allow using speed 9 for AVIF/HEIC encoding (#2879)
• 52307fa Resolve paths before comparing input/output destination (#2878)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
• 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request #2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)