[Snyk] Fix for 8 vulnerabilities

[JEStaubach]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	No	Mature
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: apollo

The new version differs by 250 commits.

• 78c9c03 Release
• 457452e Changelog updates pre-release
• 9907758 fix(apollo-tools): add undeclared peer dependency graphql (#2049)
• 0ebcebb Update jest dependencies (#2583)
• c87ae48 chore(deps): update dependency @ oclif/config to v1.18.3 (#2557)
• 761911c chore(deps): update dependency ajv to 6.12.3 [security] (#2571)
• f0e8a2a chore(deps): update dependency ws to 5.2.3 [security] (#2568)
• 8db848b Renovate config updates
• f547f4a chore(deps): update dependency cimg/go to v1.17.8 (#2539)
• d66d98a chore(deps): update dependency table to v6.8.0 (#2540)
• 6297858 chore(deps): update dependency @ types/node-fetch to v2.6.1 (#2573)
• fec9113 chore(deps): update dependency @ types/lodash to v4.14.180 (#2577)
• 8e63f3e chore(deps): update dependency yarn to v1.22.18 (#2578)
• a7f9123 chore(deps): update dependency hosted-git-info to 2.8.9 [security] (#2559)
• 6d0c2bb chore(deps): update dependency json-schema to 0.4.0 [security] (#2560)
• 2eda662 chore(deps): update dependency nth-check to 2.0.1 [security] (#2563)
• d819667 chore(deps): update dependency path-parse to 1.0.7 [security] (#2564)
• b978978 chore(deps): update dependency tar to 6.1.9 [security] (#2565)
• 64e6c84 chore(deps): update dependency tmpl to 1.0.5 [security] (#2566)
• 387a542 chore(deps): update dependency y18n to 4.0.1 [security] (#2569)
• 4dcd8db chore(deps): update dependency pathval to 1.1.1 [security] (#2570)
• 8f502ca chore(deps): update dependency trim-newlines to 3.0.1 [security] (#2567)
• 0657aef Update generated graphql types (#2581)
• 6f67fa2 Typo

See the full diff

Package name: apollo-server

The new version differs by 250 commits.

• 92ea402 Publish
• 8b21f83 Stop using the `--exact` flag when publishing packages with Lerna.
• 9a31275 Update CHANGELOG.md in preparation for v2.9.2.
• 2dd0592 Update koa-bodyparser to ^4.2.1 (Fixes content-length mismatch) (#3229)
• c758ebd types: Use explicit return type of `express.Router` on `getMidd… (#3230)
• c9aa70b Publish
• c4d59b6 Add missing graphql-extensions dependency to @ apollo/gateway (#3226)
• 434309c Update changelogs after publish
• 029c8dc Publish
• 9b980e6 Backfill references to publish commits for federation and gateway changelogs
• abdec21 Update Playground to fix #2529. (#3224)
• f39fde9 chore(deps): update dependency gatsby-theme-apollo-docs to v2.0.2 (#3221)
• 4c658c0 Update changelog with missing entry
• 1852033 Fix value type behavior within composition and execution (#3182)
• 1edfa2c Make service definition cache local to ApolloGateway object (#3191)
• cca7433 chore(deps): pin dependencies (#3220)
• e151191 Validate variables at the gateway level (#3213)
• a0290c2 Merge pull request #3219 from apollographql/theme-v2
• 554c017 Update theme to v2
• fe6865e Merge pull request #3193 from apollographql/renovate/documentation-theme
• 514182d Update link to react getting started
• e12ccdd Merge branch 'master' into renovate/documentation-theme
• 11d2c56 Also add trailing slash.
• 4675c67 apollo-engine-reporting: fix maxAttempts parameter, log 5xx body (#3218)

See the full diff

Package name: apollo-server-testing

The new version differs by 250 commits.

• 92ea402 Publish
• 8b21f83 Stop using the `--exact` flag when publishing packages with Lerna.
• 9a31275 Update CHANGELOG.md in preparation for v2.9.2.
• 2dd0592 Update koa-bodyparser to ^4.2.1 (Fixes content-length mismatch) (#3229)
• c758ebd types: Use explicit return type of `express.Router` on `getMidd… (#3230)
• c9aa70b Publish
• c4d59b6 Add missing graphql-extensions dependency to @ apollo/gateway (#3226)
• 434309c Update changelogs after publish
• 029c8dc Publish
• 9b980e6 Backfill references to publish commits for federation and gateway changelogs
• abdec21 Update Playground to fix #2529. (#3224)
• f39fde9 chore(deps): update dependency gatsby-theme-apollo-docs to v2.0.2 (#3221)
• 4c658c0 Update changelog with missing entry
• 1852033 Fix value type behavior within composition and execution (#3182)
• 1edfa2c Make service definition cache local to ApolloGateway object (#3191)
• cca7433 chore(deps): pin dependencies (#3220)
• e151191 Validate variables at the gateway level (#3213)
• a0290c2 Merge pull request #3219 from apollographql/theme-v2
• 554c017 Update theme to v2
• fe6865e Merge pull request #3193 from apollographql/renovate/documentation-theme
• 514182d Update link to react getting started
• e12ccdd Merge branch 'master' into renovate/documentation-theme
• 11d2c56 Also add trailing slash.
• 4675c67 apollo-engine-reporting: fix maxAttempts parameter, log 5xx body (#3218)

See the full diff

Package name: knex

The new version differs by 250 commits.

• ed0e8a5 Fix SQLite not doing rollback when altering columns fails (#4336)
• 3c70dca Prepare 0.95.0 for release
• c1ab23c Await asynchronous expect assertions (#4334)
• 3e6176a SQLite parser improvements (#4333)
• a98614d Made the constraint detection case-insensitive (#4330)
• 5d2db21 Fix ArrayIfAlready type (#4331)
• 887a4f6 Improve join and conflict types v2 (#4318)
• 29b8a36 Adjust generateDdlCommands return type (#4326)
• d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (#4321)
• c0d8c5c mssql: schema builder - add predictable constraint names for default values (#4319)
• 5ec76f5 Convert produced statements to objects before querying (#4323)
• 9e28a72 Add support for altering columns to SQLite (#4322)
• 7db2d18 fix mssql alter column must have its own query (#4317)
• 371864d Bump typescript from 4.1.5 to 4.2.2 (#4312)
• 6c3e7b5 mssql: don't raise query-error twice (#4314)
• 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (#4315)
• 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (#4313)
• c58794b Prepare to release 0.95.0-next3
• 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (#4302)
• 8c73417 events: introduce queryContext on query-error (#4301)
• b6fd941 Include 'name' property in MigratorConfig (#4300)
• 9581100 Prepare to release 0.95.0-next2
• 5614c18 Timestamp UTC Standardization for Migrations (#4245)
• 4899346 Fix for ES Module detection using npm@7 (#4295) (#4296)

See the full diff

Package name: nodemon

The new version differs by 24 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of [email protected]

See the full diff

Package name: sqlite3

The new version differs by 177 commits.

• 573784b v5.0.3
• e5a24fd Deleted `examples/` folder
• b05f459 Added note about GitHub Releases to CHANGELOG.md
• 33d0656 Modernised Usage example in README
• 9d05c55 Fixed up more README nits
• 08d6319 Fixed link to API docs
• 0e2235a Altered wording in README
• 76b6c56 Altered README header
• e3df365 Updated README
• 426930f Enabled CI to run when pushing tags
• a21d41f Fixed uploading binaries to commit artifacts
• bc978c7 Fixed CI step wording
• 7f744a1 Added prebuilt binaries via GitHub Releases
• b4b3c3a Deleted `scripts/` directory
• 71bbdea Pinned dev dependencies (#1558)
• a597383 Updated badges in README
• 0eb4a0f Deleted Travis and Appveyor configs
• b58d341 Downgraded `mocha` and `eslint`
• f39b10d Added missing Node versions to CI
• 8db96d4 Replaced Python extraction script with JS (#1570)
• 11c988c Fixed Windows build architecture in CI
• 8e63848 Updated Windows CI runner to `windows-latest`
• d9e7d8b Fixed building on MacOS Monterey 12.3
• 859b95b Updated `node-gyp` to v8.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn