[Snyk] Fix for 11 vulnerabilities

[eriestrisnadi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bcrypt

The new version differs by 186 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request #856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request #852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request #851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request #825 from dogon11/patch-1
• 2821c03 Merge pull request #811 from techhead/use_buffers
• 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: #828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag
• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment

See the full diff

Package name: knex

The new version differs by 83 commits.

• ca702cf Updated changelog and bumped version up
• 44ccb33 Fixes #1303 (#2458)
• 8771bd4 Use tarn as pool (#2450)
• 053736f Added info about new dialect and about minimal test cases
• 5f81e8a Add redshift support without changing cli or package.json (#2233)
• bf1fa63 Add queryContext to schema and query builders (#2314)
• 09eb126 Update dependencies and fix ESLint warnings accordingly (#2433)
• c1997e9 Fixing issue with add columns on tables failing if using both after and collate (#2432)
• 15706c0 2351 CLI sets exit-code 1 if the command supplied was not parseable (#2358)
• 9f8d2ed Update dependencies (#2422)
• 59f6cba Set toNative() to be not enumerable (#2388)
• 45f5ffb Use wrapIdentifier in columnInfo. fixes #2402 (#2405)
• 82bfdba Disable oracledb tests from non LTS nodes (#2407)
• 3f89701 Shifted returning before joins for updates (MSSQL) (#2399)
• 6ffcaed fixes #2373 (#2374)
• 5e12b23 Incorrectly set UV_THREADPOOL_SIZE (#2372)
• fbf371f Added decimal variable precision / scale support (#2353)
• aac0565 Updated change log + version for 0.14.2
• b5ba51a Fix truncate() on sqlite3 dialect (#2348)
• aeec0a2 Updated package version and changelog
• c0ac107 More pool tests and test on borrow default (#2341)
• 95e5cf8 Support multiple searchPaths while preserving case-sensitive feature … (#2340)
• e405d66 Fixed passing connection errors directly to the query (#2336)
• 211a611 Fixed typo in issue template

See the full diff

Package name: node-sass-middleware

The new version differs by 64 commits.

• 6140544 Rev version to 1.1.0
• 0dfea81 Bump node-sass version to v9.0.0 (#161)
• 6c28214 chore: fix badges and markdownlint
• 59091f0 Update to 1.0.1 (#152)
• ef36324 fix: update license property
• ccb8d99 Bump node-sass version to v7.0.1 (#149)
• 6edba5f Replace `var` keywords with `const` (#150)
• b6a78e0 Merge pull request #147 from nschonni/remove-lock
• 85de4cf chore: Ad NPM publish Action
• d35f1db chore: Replace Travis-CI with GitHub Actions
• 8253c24 feat: v1.0.0 release
• 67d90fa feat: Set minimum support Node at 12
• 9bc529f typo: supportend -> supported
• 6b9f668 chore: Drop EOL Node versions from CI
• f5ab63b feat: Use node-sass v6
• f956e4b chore: Upgrade supertest to latest
• ec2b4f4 feat: Drop mkdirp for native fs.mkdir
• 4c49ee0 chore: Upgrade Mocha to latest
• e9f06f3 chore: update ESLint to latest
• 7d9cebb chore: Remove package-lock.json
• 6f12a45 Node v14 compatibility (#136)
• 0d29f1c Merge pull request #135 from sass/dependabot/npm_and_yarn/lodash-4.17.19
• 08e09ff Bump lodash from 4.17.15 to 4.17.19
• cfabcff Merge pull request #133 from sass/dependabot/npm_and_yarn/acorn-7.1.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Arbitrary File Overwrite
🦉 More lessons are available in Snyk Learn