[Snyk] Fix for 11 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-DOTTIE-3332763	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: newrelic

The new version differs by 250 commits.

• f35a229 release: 6.5.0 (2020-03-19)
• 5779e3c Updated release notes
• 435d053 Merge pull request NONE: fetch builds in parallel atlassian/github-for-jira#1969 from NodeJS-agent/ntzaperas/attribute-rename
• 3d0dbd2 Rename span error attribute
• a01821f Fix span error attributes appearing on span intrinsics
• 76e0572 Updated changelog for v6.5.0.
• cd9406c Merge pull request [EAZY KARMA] NONE: add some more logging around builds atlassian/github-for-jira#1966 from NodeJS-agent/ntzaperas/lasp-span-errors
• bfb2e70 Remove span_error_attributes feature flag
• 613a285 Test span error attributes and HSM/ignore
• a4ac95b Merge pull request Send feature requests to JAC atlassian/github-for-jira#1964 from NodeJS-agent/mgoin/ConvertAgentAggregatorsUnitTests
• 2de8843 Merge pull request [IZI KARMA] NONE: add more safe headers from GitHub atlassian/github-for-jira#1959 from NodeJS-agent/mgoin/ConvertAgentsUnitTestFullyTap
• 3f53da6 Converts event-aggregator.test.js to fully use tap API.
• e339089 Use the same attributes on spans as on TransactionErrors
• 0166c8a Span error attributes should adhere to security policy
• de2658d Converts base-aggregator.test.js to fully use tap API.
• 1e036e5 Converts synthetics.test.js to fully use tap API.
• 6d75845 Converts intrinsics.test.js to fully use tap API.
• 8c43fc6 Converts agent.test.js to fully use tap API.
• ade4dc3 Merge pull request NONE: add reset failed task endpoint atlassian/github-for-jira#1957 from NodeJS-agent/ntzaperas/NODE-2307-error-attrs-on-spans
• 2ce89a6 Put span error attributes behind a feature flag
• 9013e0f Tests for span error attributes
• 64c6d47 Update tests to match new error interface
• ecae7a2 Add error info to span and link to TransactionError events
• 233e48e Merge pull request Testing, please ignore. olpqsy atlassian/github-for-jira#1956 from NodeJS-agent/mgoin/NODE-2314-EventHandlersNotCleaningUp

See the full diff

Package name: probot

The new version differs by 24 commits.

• 84d4371 fix: throttleOption defaults and REDIS_URL configuration (ARC-1463 update class names to match file rename atlassian/github-for-jira#1313)
• 310dd3e test(deprecation): `octokit.repos.createStatus()`
• 76b1f8f v10.0.0
• 589f891 chore: Update README.md (DO_NOT_MERGE! Arc 925 wrapper express for push atlassian/github-for-jira#1284)
• 2714ebd ci(release): support next, beta, and maintenance releases
• ac86ffb feat: `throttleOptions` for Probot constructor (ARC-1428: Assert optional when getting PR review status atlassian/github-for-jira#1272)
• 1c31415 feat: `GET /probot/stats` is deprecated and will be removed in v10 (ARC-1429: Return 404 if Jira has been renamed. atlassian/github-for-jira#1268)
• 7d1abaf build(deps): bump lodash from 4.17.15 to 4.17.19
• 1445abe fix: handle "port in use" (PCS-87130 fixing cursor issue that would save NaN to DB atlassian/github-for-jira#1260)
• 8f62659 fix(TypeScript): context.config() type (ARC-916 - GHE UI: Connect GitHub Enterprise Server page atlassian/github-for-jira#1252)
• 3f0d529 build(deps): bump npm from 6.13.7 to 6.14.6
• 48a5b08 fix: add runtime types as dependencies (Don't see anything under deployments in my project. atlassian/github-for-jira#1241)
• f603499 build(deps): update @ types/node to version 14.0.6 (Adding data model description atlassian/github-for-jira#1238)
• a1aa894 Update ts-jest to the latest version 🚀 (ARC-1390 manual vs auto app creation atlassian/github-for-jira#1239)
• e2a87f8 fix(package): npm audit
• a95f0ef ci: updates docs push action by fetching tags & setting the correct tag (Hash secret example atlassian/github-for-jira#1236)
• 8a057d2 ci: fixes docs publishing by upgrading typescript dependency (Bump node-fetch from 2.6.1 to 2.6.7 atlassian/github-for-jira#1235)
• 69d5cf6 docs: remove Vercel Now (ARC-1355 add jwt cookie atlassian/github-for-jira#1234)
• 948670f ci: bump actions/checkout from v1 to v2 (Integrated Jira with Github repos, but it is not reflecting in the Apps dashboard.  atlassian/github-for-jira#1230)
• 3dc2e34 docs(configuration): Remove periods (HOT-98735: make the Admin API less susceptible to human error atlassian/github-for-jira#1157)
• 5100488 docs: Correct URL (Detecting commits atlassian/github-for-jira#1204)
• 3647867 docs: Add documentation for including branch/fork context into configuration (ARC-999 ghclient get repo atlassian/github-for-jira#1188)
• 87163de docs: switch zeit now to Vercel Now for gridsome deployment (ARC-920 Add githubAppId to Installations table atlassian/github-for-jira#1189)
• b838b26 ci: run codecov only on `ubuntu-latest` and node 12.x (ARC-964 create githubapps table atlassian/github-for-jira#1185)

See the full diff

Package name: sequelize

The new version differs by 213 commits.

• 901bceb 6.1.0
• 6b32821 6.0.0-beta.7
• 0ca8d72 docs: prepare for v6 release (#12416)
• 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
• c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
• e33d2bd fix(reload): include default scope (#12399)
• 5611ef0 build: update dependencies (#12395)
• e80501d fix(types): transactionType in Options (#12377)
• 4914367 fix(types): add clientMinMessages to Options interface (#12375)
• b71cd05 fix(query): preserve cls context for logger (#12328)
• 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
• ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
• 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
• f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
• 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
• f9e660f docs: update feature request template
• 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
• 65a9e1e fix(types): add Association into OrderItem type (#12332)
• 1b86729 docs: responsive (#12308)
• 59b8a7b fix(include): check if attributes specified for included through model (#12316)
• 6d87cc5 docs(associations): belongs to many create with through table
• a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
• 0769aea refactor: cleanup query generators (#12304)
• 4d9165b feat(postgres): native upsert (#12301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Directory Traversal