[Snyk] Fix for 14 vulnerabilities

[pantsel]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:bson:20180225	Yes	Proof of Concept
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-sass

The new version differs by 93 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: nodemailer-mailgun-transport

The new version differs by 28 commits.

• fc80bec Merge pull request ReferenceError: _ is not defined at patch (/konga/node_modules/sails-hook-validation/index.js:34:10) #104 from Tol1/replace-mailgun-module
• 9c6596a Replace mailgun-js with official mailgun.js
• be34bb4 Fix the vuln by forcing netmask ver 2.0.2
• f6e30b5 Merge pull request Add kong v0.11 compatiblity #102 from kentcdodds/patch-1
• 5f02165 docs: update domain link
• 36f36e8 release new version that add support for apiKey alias
• 97731b4 Merge pull request Many notices in docker logs #99 from captaincaius/feature-mailgun-templates-2
• 95aec61 add test and document using mailgun templates
• d7b1374 Merge pull request Update dashboard charts for more visibility #98 from zgid123/master
• ba1a3da bumping semver
• 1553978 fixing vulns
• 4c3fb96 support option auth.apiKey as alias of auth.api_key
• d8de62f Merge pull request Konga unable to start on fresh installation using packer and terraform #87 from EmilienD/allow-custom-message-id
• ba13216 allow custom message-id
• eebbfb3 Merge pull request "angular is not defined" error #84 from framp/master
• 87204df Small refactoring
• 7c861c3 Merge pull request Kong loopback API configuration : strip_request_path no longer works #78 from strix/es6-syntax
• 79f5eb8 Fixed reference to
• 5af88a4 Changed self to simply this.
• fdc108b linting cleanup
• 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
• 4d50b02 Fixed path the handlebars template
• d2352c1 Updated syntax to es6
• 285e420 Merge pull request bootstrap.js error : EACCES: permission denied, mkdir '/kongadata/' #77 from perzanko/master

See the full diff

Package name: sails

The new version differs by 250 commits.

• 6e73a65 1.0.0
• 5f1d8b3 1.0.0-49
• 616e4e1 Insist on the latest sails-generate.
• 6ab0a5a 1.0.0-48
• 1e28823 Lifting with --redis now sets @ sailshq/connect-redis and @ sailshq/socket.io-redis.
• 9f29a03 Change approach from what was begun in 520a3c8cac5db1d9698c50efff82e476ec64fca8 so that we maintain the correct package name for the purpose of require().
• 520a3c8 Tolerate '@ sailshq/connect-redis' as session adapter.
• e2813f5 1.0.0-47
• 6768743 Tweak warning message.
• ce95c84 Update comments to reflect that req.setLocale() is fully supported as of Sails v1.0 and beyond.
• 0753a99 Trivial
• 3bdd786 Tweak troubleshooting tips.
• e8f9bee Check dev-dependencies for sails-hook-grunt
• e8493a6 1.0.0-46
• d1b6061 run tests on Node 9
• b3afed7 Fix issue with CSRF black/whitelists and routes containing optional params when the requested URL contains a querystring but NOT the optional param (whew!)
• 663527f Fix test error output
• 69ead96 Revert 35ae3ccba472bf4a8edb8ffd7d579d18391d1ba0 in favor of clarifying some of the wording.
• 35ae3cc Experiment with customizable www path
• a89d7a4 extrapolate www path
• a2a0789 Tolerate sails-hook-grunt specified in devDependencies when running sails www
• 0b42c59 Don't attempt to create a Redis connection if "client" is provided.
• 1700788 Update LICENSE.md
• 9c532dc Merge pull request #4267 from luislobo/patch-3

See the full diff

Package name: sails-mongo

The new version differs by 250 commits.

• 995c476 2.0.0
• 54f03b2 Merge pull request connect kong error #491 from balderdashy/pr/483
• 5fce6ff Revert "Remove .jshint"
• 72b38d1 Revert a change to a comment
• 82e1fa7 Remove links from "license" section (moved to sails docs)
• a9177b0 Remove documentation from README and link to relevant doc pages (made a separate PR to the docs adding that content)
• a9c5b35 Remove `Roadmap` section from README and move configuration options into `Compatibility` section
• 045b092 Revert "Revert "Merge pull request Update helm chart pod annotations and job for migration #489 from luislobo/patch-2""
• 6f02ce2 Revert "Temporarily revert merged PR cannot edit route! #483"
• 4d0d2bb Merge branch 'master' into pr/483
• 384758b Temporarily revert merged PR cannot edit route! #483
• 88b3f78 Revert "Merge pull request Update helm chart pod annotations and job for migration #489 from luislobo/patch-2"
• f2aad81 Merge pull request Update helm chart pod annotations and job for migration #489 from luislobo/patch-2
• 8c74bc1 Update CHANGELOG version
• 2b3eb9e 2.0.0-0
• d6ea6cd Merge pull request cannot edit route! #483 from Josebaseba/master
• 6c7189d 2.0.0-0
• f78f9fc Remove comment that seems out-of-date now
• 5c06944 Merge branch 'master' into master
• 69d0cdf Update config-whitelist.constant.js
• 0df9191 Merge pull request ACL plugin validation bug #486 from luislobo/fix-changelog-author-links
• 7d2c991 Merge pull request backendURL in frontend config incorrect #1 from luislobo/upgrade-mongodb-drivers
• 2a638df Updates changelog and readme
• d0b14f6 Updates mongodb version, and makes version 1.3.0 for more safety

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn