[Snyk] Fix for 53 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • badges-board-app/package.json
  • badges-board-app/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	Yes	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SAILSHOOKSOCKETS-589929	Yes	Proof of Concept
	/1000 Why?	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	/1000 Why?	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:method-override:20170927	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	496/1000 Why? Mature exploit, Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:mysql:20170317	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	Yes	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-coffee

The new version differs by 38 commits.

• 40bfa6b add back internal ci (#198)
• f9eec6e updating to coffeescript 2 (#196)
• 72e1818 Merge pull request #193 from Florian-R/coffee-1.11.1
• 634e41f Bump coffee-script to 1.11.1
• c643075 Remove trailing spaces.
• 9bcddc1 Update grunt-contrib-internal to v1.1.0.
• bdc062c Update grunt to 1.0.0
• dbb494f Update CHANGELOG.
• bd39fc5 Update dependencies.
• 1651944 v1.0.0
• 854b051 Update docs message to be Grunt >= 0.4
• b0a355a Update travis and appveyor for supported node versions
• 01e92e7 Add grunt >= 0.4.5 peerDep
• 5e75633 Updating dependencies
• 5d2b2c0 Merge pull request #183 from aleclarson/master
• f2341cb Merge pull request #192 from sodle/patch-1
• 3d47cf8 Point main to task
• 11bcc13 Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• 2fa7ca1 Update copyright to 2016
• 2b7fc62 CI: Remove node.js '0.12' and add '5'.
• ce0b9a9 Compilation loop is skipped if no files matched.
• 8e8dd94 Update docs.
• cb02b25 Update coffee-options.md
• 3a1110c Update test files.

See the full diff

Package name: grunt-contrib-less

The new version differs by 24 commits.

• e6e4c29 Merge pull request #308 from gruntjs/deps
• 30f5d4b v1.3.0.
• c116cc0 Update CI configs from the latest grunt-contrib-internal.
• 6ecb76e Update lodash.
• c8506f1 Ignore latedef for now as it is used in this task
• 6065301 Update grunt and devDeps to 1.0
• 3e26653 Update docs.
• 27eea93 Update CHANGELOG.
• 2e7ea1e Merge pull request #297 from adjohnson916/patch-2
• 4df7f08 Merge pull request #298 from adjohnson916/patch-1
• 57e25ff Fix tests inconsistency.
• 6debbb4 v1.2.0 bump
• c3168e6 v1.2.0
• 43610ab Merge pull request #302 from plesiecki/patch-1
• a2db4bd update less
• 33ad236 Merge branch 'master' of github.com:gruntjs/grunt-contrib-less
• 5d5b5d6 Point main to task
• 6b5ac2d Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• e5faef8 Merge pull request #301 from ktkaushik/master
• 14a1582 adding register task name issue on README for better clarity
• 28f23e7 Update copyright to 2016
• 44b4073 Add period to plugins option in README.
• 69f153a README consistent LESS, data URI, code blocks.
• 5dab417 CI: Remove node.js '0.12' and add '5'.

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 142 commits.

• f65dbb9 v4.0.1. (#535)
• b33a071 upgrade devDependencies (#536)
• 1e40037 upgrade to uglify-js 3.5.0 (#534)
• 33724cd update links to uglifyJS documentation (#530)
• 5cdebda v4.0.0. (#527)
• 7b4ecb5 v3.4.0.
• f6f834b v3.4.0.
• e7915ce v3.3.0.
• bf23f0b Lock grunt-contrib-internal to v1.3.0.
• 6db68bd upgrade to uglify-js 3.3.0
• 04494d9 Update docs/uglify-options.md.
• 263196c Add a Git .mailmap with my new name (#497)
• 3105f8d v3.2.1.
• 602ced4 Update uglify-js to v3.2.0
• 5251b6f decouple `sourceMapIn` from `sourceMap.url`
• 2edfe0b Update uglify-js to v3.1.0.
• 2773e7e v3.0.1.
• 85a1ac3 fix typo
• 755360b Move `require()` up
• 0f45e4e v3.0.0.
• ccd7ad0 Upgrade to uglify-js 3.0.4. (#472)
• f3086c1 v2.3.0.
• 7dc5e1d Log fixes. (#454) r=vladikoff
• 48fab36 v2.2.1.

See the full diff

Package name: grunt-sync

The new version differs by 17 commits.

• ca10eb6 Bumping deps
• ab914cb Merge pull request [Snyk] Fix for 53 vulnerabilities #46 from tomusdrw/fix-28
• 1152ae9 Bumping version. Fixing convert when string given
• 3be053b Merge branch 'master' of github.com:victoriauniversity/grunt-sync into fix-28
• ca3cb3f [HOTFIX] Adds missing callback function 'return'.
• 9ea3b7f Converts destination paths in expanded mode safely and independently on user's OS.
• 9ec3d10 Bumping grunt-sync version
• 72862aa Bumping lodash to newest version
• 845643c Merge pull request [Snyk] Fix for 53 vulnerabilities #43 from tomusdrw/rmdir-sync
• 1e979b3 Synchronous removal of directories. Fixes [Snyk] Fix for 53 vulnerabilities #41
• 79415ee Fixing issue with system specific path starting with /
• 4b3f9b6 Adding better support for ignoreInDest patterns.
• b80ffe9 Updating readme for newest version. Added contributors
• eb6d407 Merge pull request [Snyk] Fix for 8 vulnerabilities #34 from janeklb/compareUsing-md5
• 5e90d32 Can compare using md5 hash instead, via compareUsing option
• 7606c38 Fixing readme. Closes [Snyk] Security upgrade ejs from 2.3.4 to 3.1.7 #30
• 65782f8 Convert expanded desination path to system specific. [Snyk] Fix for 1 vulnerabilities #28

See the full diff

Package name: rc

The new version differs by 56 commits.

• 9d21a3f 1.2.7
• b633779 update deep-extend
• 4c5afda 1.2.6
• 3e1a5c6 Merge pull request #109 from anselanza/master
• a8ee451 docs: string representations
• 6c0e1aa note on using parse-strings-in-object
• 5cac462 1.2.5
• 4d03c13 example of nested command line arguments
• 383266e 1.2.4
• 1742d0c clear example of usage and notice about file extensions, in README
• c5345c1 1.2.3
• 1037247 Merge pull request #94 from tommytroylin/seperateCLIAndNodeAPI
• acc9203 1.2.2
• 00a6776 Uses the standard browser field instead of the browserify field.
• 035462d feat: separate cli and nodeAPI
• 41251ff 1.2.1
• 5619b62 ignore case in prefix
• 71d7d15 1.2.0
• b6c3d22 do not trust regexp, if possible
• 874c2e3 Merge branch 'feature/env-uppercase' of https://github.com/nw/rc
• 13bca12 1.1.7
• eb6666d Merge pull request #89 from ysangkok/patch-1
• fa24f2a Update strip-json-comments dependency
• c4d83bf added test for ignore case of env key prefix

See the full diff

Package name: sails

The new version differs by 250 commits.

• bdd7a1c 1.5.3
• 6f875c0 upgrade ejs to 3.1.7 (#7243)
• e4184a5 Add heading about the __Host- prefix (#7245)
• d666ada bump async to 2.6.4 (#7244)
• 555f51f upgrade minimist to v1.2.6 (#7242)
• 21b874b Documentation: add .populate() note
• c408c31 Update Travis CI config: node -> 16 (#7226)
• fc8d79b Merge pull request #7219 from pbkompasz/patch-1
• dfa9351 Remove sailsjs.com repo link from Sails readme
• 8ce1682 Update Permissions.md
• 1869f47 add notes about file uploads
• 7c5379a closes https://github.com/Prototype pollution in LoadActionModules() CVE-2021-44908 balderdashy/sails#7209
• 06ce9cf 1.5.2
• c5e98c2 Merge pull request #7203 from balderdashy/upgrade-sort-route-addresses-dependency
• ccd6d57 sort-route-addresses@0.0.4
• e46c83b 1.5.1
• 023319e Update version of prompt to 1.2.1 (#7202)
• ed349a1 Add note about supported versions of Postgres
• 15b43ff Merge pull request #7181 from balderdashy/update-upgrading-to-1.0-docs
• 39e34cd Update To1.0.md
• 9c821ec Add note about undefined attributes
• 799f2c0 Update README.md
• 2533f67 Fix broken link in docs
• ead0403 1.5.0

See the full diff

Package name: sails-disk

The new version differs by 85 commits.

• 15faa44 1.0.0
• a2b7ee6 1.0.0-12
• 9d7118c Only set footprint keys for uniqueness violations.
• a2c2261 Add some assertions.
• a222824 Update gitignore and scripts
• 3b3c334 1.0.0-11
• cef95b4 Support updating the primary key value, as long as it's not using _id as the column.
• aad2a15 Set _id column to value of primary key when creating records.
• 333e2d1 1.0.0-10
• c8a26c5 Add shim to replicate MongoDB's behavior w/ `{ $ne: null }` and empty arrays.
• bf92cb8 1.0.0-9
• af97943 Workaround issue with projections including only `_id`
• b5b985b Relax restrictions on using `_id` column in sails disk.
• f4adfd7 Add an entry in the `refCols` dictionary for every model, so we don't have to short-circuit checks for it later
• b494fd9 In `find`, deserialize Buffer objects into `ref` attributes where possible.
• 7aaaaa4 Merge pull request [Snyk] Security upgrade sails from 0.12.14 to 1.5.7 #58 from balderdashy/expose-lib
• 70ead96 (whoops) Add back 0.10 and 0.12 in appveyor.yml
• beabe7a Merge pull request [Snyk] Security upgrade sails from 0.12.14 to 1.0.0 #57 from balderdashy/expose-lib
• 9c80187 1.0.0-8
• f7a349d Actually, don't expose the static lib. (No reason to do so, and better to not introduce something experimental if there's any chance it could make an app dependent on random stuff in a dev-only adapter)
• 2d4d97e 1.0.0-7
• f2dd761 Rename afterwards function to avoid perceived scope conflict (whether or not it'd ever actually be a big deal, this avoids any potential future scope issues from refactoring, etc).
• 4051e5e 1.0.0-6
• 250c32e Handle stray error (and a couple of other trivial changes just from when I was reading through the code)

See the full diff

Package name: sails-mysql

The new version differs by 202 commits.

• e9ca5d0 1.0.0
• 1c8eba9 1.0.0-17
• 2384285 Same as 2cc4850eb0fc3ff58eeaef044c2b14379af1be32 but for 2 other occurrences.
• 2cc4850 Apply fix from eslint to properly pass through compileStatement() errors
• ba40d9a Update eslint
• ed86ee1 1.0.0-16
• 227e9ba Bump versions of mariadb tests-- and explicitly test node 8
• 917db33 Use mp-mysql@3 (see https://github.com/Memory leak balderdashy/sails#4264#issuecomment-353152823)
• 5e8ed7e Follow-up to 075d7590dfb5fc51ee7c3084df87261b46ea5356
• 075d759 Update machine runner to v15. (refs https://github.com/Memory leak balderdashy/sails#4264)
• 0d0503c Even better
• 6186297 Update language in config errors
• d1f0791 1.0.0-15
• d511f24 Allow `ref` type attributes to represent any object, not just Buffers.
• 3a62cf5 1.0.0-14
• b8c74aa Merge pull request #349 from balderdashy/revert-utf8mb4-default
• b98a2f0 Revert code that defaults to the `utf8mb4` character set.
• 987f467 Merge pull request #346 from balderdashy/support-emojis
• 3adc445 1.0.0-13
• 65aa28f lint fix
• 9fd09c9 1.0.0-12
• e9cbd78 Change default charset to support emojis. This also adds some comments and notes for the future.
• 6efdddc 1.0.0-11
• 056b12b use LONGTEXT by default because mysql truncates data silently

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn