[Snyk] Fix for 18 vulnerabilities

[ebullient]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nano

The new version differs by 51 commits.

• 8e52b3d remove old migration guide
• 7e0d61d 9.0.0 README
• 8655d40 Replace request with axios (#208)
• 77224eb 8.2.3
• 70cf681 8.2.2
• 386e3e3 master --> main (#232)
• c7751ae Merge pull request #226 from YC/info
• 2804eac Add nano.info()
• f04b24f improve MangoSelector TypeScript type - fixes issue #211 (#212)
• 2699b78 8.2.1
• f4909bc do not publish tests in npm package
• 079ed5e stricter TypeScript definitions with tsc --strict, fixes issue #209 (#210)
• de624b4 Fix markdown link in the menu
• 9994f85 allow fetch to return errors as well as successes - fixes issue #203 (#204)
• ee50585 improve TypeScript definitions for Mango selectors - fixes issue #202 (#205)
• 0e2b69e fixed TypeScript definitions for follow functions - fixes issue #194 (#206)
• 530cc60 switch to CouchDB 3 for the Travis tests - no admin party in CouchDB 3 (#207)
• befbcd9 compatibility with nodejs-cloudant
• 037a473 ensure TypeScript definitions are sound during testing (#201)
• df6c040 Make sure nano works with _local docs (#200)
• 3d23bb9 Bugfix (nano.d.ts): DocumentScope.atomic method returns a customizable data structure (#187)
• ff5f425 Bugfix(README.md): Fixed typo (#188)
• b9c5583 Fix for issue 189 (#190)
• 0aa530a typescript definition for built-in reduce function in view's document (#192)

See the full diff

Package name: openwhisk

The new version differs by 13 commits.

• d312b7c bump package.json to 3.10.0 (#87)
• 7046c09 Add new features to routes methods. (#85)
• 268c0b6 Add support for FQN entity names with leading forward slash (#83)
• 19fdd98 travis npm publish (#84)
• 784df05 Support retrieving status and configuration of feed triggers (#80)
• 537b547 Add type support for annotations and limits (#76)
• 8f0e241 switch from request-promise to needle (#78)
• 244d2b0 Adding support for responsetype parameter during route create. (#74)
• 401fdc5 Adding type definitions for typescript (#72)
• 47a7ab5 Add support for action limits and annotations (#73)
• 961968f feat: Support version when create / update action (#65)
• c1f3a23 Remove "experimental" API Gateway support. (#67)
• 6f4a9fd remove test dependency on resource created before script run (#68)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn