[Snyk] Fix for 1 vulnerabilities

[toopay]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/package.json
  • src/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 [email protected]
• fafb348 [email protected]
• 9306c68 [email protected]
• 569cd64 [email protected]
• ac9fde7 Integration code for @ npmcli/[email protected]
• 704b9cd @ npmcli/[email protected]
• 3955bb9 [email protected]
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 [email protected]
• 41ab36d [email protected]
• c474a15 [email protected]
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 [email protected]
• 7bd47ca @ npmcli/[email protected]
• 9320b8e only escape arguments, not the command name

See the full diff

Package name: ueberdb2

The new version differs by 73 commits.

• 756b29d 3.0.0
• d9af0b4 elasticsearch: Switch to supported client library
• a282660 tests: Include elasticsearch in tests
• e9ef2e9 elasticsearch: Complete rewrite to fix bugs
• 3df7115 elasticsearch: Simplify response handling
• 0a65d6b elasticsearch: Move client into instance object
• ae0f1bb elasticsearch: Move settings into instance object
• 239a752 elasticsearch: Remove console logging
• 1766f4f elasticsearch: Promisify
• 92cd33d Evict old cache entries after every write
• 6b86065 tests: Increase speed test timeout
• 20b5bf0 build(deps-dev): bump mocha from 9.2.2 to 10.0.0
• 29721ff lint: Update ESLint dependencies and config
• 5bbe3f0 Bump minimum required Node.js to v14.15.0
• adc150f Mention database dependency updates
• a4cca58 build(deps): bump simple-git from 3.7.0 to 3.7.1
• d85ad1a build(deps): bump sqlite3 from 5.0.4 to 5.0.6
• 6521701 build(deps): bump elasticsearch from 16.7.2 to 16.7.3
• 6f58073 build(deps): bump simple-git from 3.6.0 to 3.7.0
• 0392047 build(deps): bump pg from 8.7.1 to 8.7.3
• 6a27ce5 build(deps-dev): bump cli-table from 0.3.8 to 0.3.11
• 57dc964 build(deps): bump nano from 9.0.5 to 10.0.0
• 2aca88f build(deps): bump async from 3.2.2 to 3.2.3
• 49ce914 build(deps): bump sqlite3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')