[Snyk] Fix for 67 vulnerabilities

[vaibhavgupta3110]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-DATEANDTIME-1054430	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450198	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450199	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGEWITH-174136	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGEWITH-174137	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYK-3038622	Yes	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Code Injection SNYK-JS-SNYK-3111871	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-UNDEFSAFE-548940	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1	Uninitialized Memory Exposure npm:base64url:20180511	Yes	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	Yes	No Known Exploit
	571/1000 Why? Mature exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:is-my-json-valid:20180214	Yes	Mature
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nano

The new version differs by 96 commits.

• 8e52b3d remove old migration guide
• 7e0d61d 9.0.0 README
• 8655d40 Replace request with axios (build(deps): bump fastify-autoload from 1.1.0 to 1.2.0 HospitalRun/hospitalrun-server#208)
• 77224eb 8.2.3
• 70cf681 8.2.2
• 386e3e3 master --> main (build(deps-dev): bump commitlint-config-cz from 0.12.1 to 0.13.0 HospitalRun/hospitalrun-server#232)
• c7751ae Merge pull request build(deps-dev): bump eslint-config-prettier from 6.9.0 to 6.10.0 HospitalRun/hospitalrun-server#226 from YC/info
• 2804eac Add nano.info()
• f04b24f improve MangoSelector TypeScript type - fixes issue build(deps-dev): bump @typescript-eslint/eslint-plugin from 2.15.0 to 2.16.0 HospitalRun/hospitalrun-server#211 (build(deps-dev): bump @typescript-eslint/parser from 2.15.0 to 2.16.0 HospitalRun/hospitalrun-server#212)
• 2699b78 8.2.1
• f4909bc do not publish tests in npm package
• 079ed5e stricter TypeScript definitions with tsc --strict, fixes issue build(deps-dev): bump ts-node from 8.5.4 to 8.6.0 HospitalRun/hospitalrun-server#209 (build(deps-dev): bump eslint-plugin-import from 2.19.1 to 2.20.0 HospitalRun/hospitalrun-server#210)
• de624b4 Fix markdown link in the menu
• 9994f85 allow fetch to return errors as well as successes - fixes issue build(deps-dev): bump @commitlint/prompt from 8.2.0 to 8.3.3 HospitalRun/hospitalrun-server#203 (build(deps-dev): bump @commitlint/cli from 8.2.0 to 8.3.3 HospitalRun/hospitalrun-server#204)
• ee50585 improve TypeScript definitions for Mango selectors - fixes issue build(deps-dev): bump @commitlint/config-conventional from 8.2.0 to 8.3.3 HospitalRun/hospitalrun-server#202 (build(deps-dev): bump @typescript-eslint/eslint-plugin from 2.14.0 to 2.15.0 HospitalRun/hospitalrun-server#205)
• 0e2b69e fixed TypeScript definitions for follow functions - fixes issue build(deps-dev): bump @typescript-eslint/eslint-plugin from 2.12.0 to 2.13.0 HospitalRun/hospitalrun-server#194 (build(deps-dev): bump @typescript-eslint/parser from 2.14.0 to 2.15.0 HospitalRun/hospitalrun-server#206)
• 530cc60 switch to CouchDB 3 for the Travis tests - no admin party in CouchDB 3 (build(deps-dev): bump husky from 3.1.0 to 4.0.0 HospitalRun/hospitalrun-server#207)
• befbcd9 compatibility with nodejs-cloudant
• 037a473 ensure TypeScript definitions are sound during testing (build(deps-dev): bump @typescript-eslint/eslint-plugin from 2.13.0 to 2.14.0 HospitalRun/hospitalrun-server#201)
• df6c040 Make sure nano works with _local docs (build(deps-dev): bump @typescript-eslint/parser from 2.13.0 to 2.14.0 HospitalRun/hospitalrun-server#200)
• 3d23bb9 Bugfix (nano.d.ts): DocumentScope.atomic method returns a customizable data structure (build(deps): bump fastify-cli from 1.2.0 to 1.3.0 HospitalRun/hospitalrun-server#187)
• ff5f425 Bugfix(README.md): Fixed typo (build(deps-dev): bump @semantic-release/github from 5.4.4 to 5.5.5 HospitalRun/hospitalrun-server#188)
• b9c5583 Fix for issue 189 (build(deps-dev): bump prettier from 1.18.2 to 1.19.1 HospitalRun/hospitalrun-server#190)
• 0aa530a typescript definition for built-in reduce function in view's document (build(deps-dev): bump semantic-release from 15.13.32 to 15.14.0 HospitalRun/hospitalrun-server#192)

See the full diff

Package name: osprey

The new version differs by 124 commits.

• cec5d1f Bump version
• 02eb401 Update dependencies
• 73c1563 Merge branch 'master' into rework_webapi_parser
• 490af1d Update deps
• 39bf095 Fix conflicts with develop
• a129aec Merge fresh develop
• be5c2e5 Merge pull request build(deps-dev): bump husky from 4.1.0 to 4.2.0 HospitalRun/hospitalrun-server#219 from mulesoft/develop
• abbdf1a Remove client-oauth
• 0ee1235 Update dependencies
• 439d41f Update deps
• 2b7c190 Merge pull request Drugs recurring history HospitalRun/hospitalrun-server#214 from mulesoft/develop
• e7f9511 Use Travis dpl v2
• a03f865 Restore npm email in travis config
• 7288dba Remove travis email conf. Bump version
• 8642356 Merge branch 'master' into develop
• 56c2eac Merge fresh master. Fix conflicts
• a8dd5d9 Update deps. Automate npm publishing. New Node versions. (build(deps-dev): bump @typescript-eslint/parser from 2.15.0 to 2.16.0 HospitalRun/hospitalrun-server#212)
• 8b24350 Update popsicle, popsicle-server, form-data, server-address
• 5cbb790 Update yargs, mocha, nyc, rewire, standard
• 34544da Automate npm publishing with travis
• ce2055b Drop node8. Support 10, 12,13, 14.
• f2dcb3c Restore addJsonSchema API
• b26d61a Fix merge conflicts
• 70dcaa8 Update deps

See the full diff

Package name: prompt

The new version differs by 33 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency Connect family member to patient HospitalRun/hospitalrun-server#213
• 33febea add eslint
• c071b85 Merge pull request build(deps-dev): bump pino-colada from 1.4.5 to 1.5.0 HospitalRun/hospitalrun-server#198 from caub/1.1
• 88c403e 1.1.0
• 756fa65 Fix inconsistent options.noHandleSIGINT for windows
• 8d5495c Merge pull request build(deps-dev): bump dotenv from 8.1.0 to 8.2.0 HospitalRun/hospitalrun-server#196 from caub/promisify
• 33ddf56 prompt.get promise: add test, update readme
• b92a9a9 promisify prompt.get
• 0ff93b6 Merge pull request build(deps): bump fastify-autoload from 1.0.0 to 1.1.0 HospitalRun/hospitalrun-server#184 from dsych/windows-sigint
• 9e80863 triggering sigint on windows
• 1c95d1d Merge pull request build(deps-dev): bump nodemon from 1.19.4 to 2.0.0 HospitalRun/hospitalrun-server#171 from blahah/master
• 65ac6e2 Merge pull request build(deps): bump fastify-cors from 2.2.0 to 3.0.0 HospitalRun/hospitalrun-server#172 from Shank09/Shank09-package.json
• d03edd0 Added missing keywords in package.json
• df42a26 Respect falsy overrides (fixes Investigating the implementation of HL7 HospitalRun/hospitalrun-server#151)
• b732102 Merge pull request build(deps-dev): bump @typescript-eslint/eslint-plugin from 2.4.0 to 2.8.0 HospitalRun/hospitalrun-server#169 from jordanyaker/master
• 6ebf54a Removed the pkginfo dependency. Updated the required version of winston.
• 7d1a28f Removed the pkginfo dependency.
• d550674 Merge pull request Bump @typescript-eslint/parser from 2.3.1 to 2.3.3 HospitalRun/hospitalrun-server#163 from Eagerod/fixer/add-properties
• 9b5f65b Added a test addProperties() with no parameters.
• fb83773 Fixed an issue where the first parameter in a callback would not be the
• e7b5449 Merge pull request missing multi-language selection. HospitalRun/hospitalrun-server#121 from rubbingalcoholic/master
• e493cb8 Merge pull request Continuous Integration HospitalRun/hospitalrun-server#153 from devrelm/devrelm.function-defaults
• 3046431 Merge pull request Add coveralls HospitalRun/hospitalrun-server#156 from littleguga/master

See the full diff

Package name: snyk

The new version differs by 110 commits.

• 933f3f1 feat: update snyk-resolve-deps to reduce size of dependencies
• 042c476 feat: remove update notifier
• 7e10aae feat: support yarn for protect scripts
• 6b6ce94 fix: dont suggest reinstallation for yarn projects
• 80e49fd fix: update test fixures expected version
• 38f993f fix: compatability with new pip version (10.0.0)
• db91114 feat: a seperate spinner for "Analyzing deps ..."
• 6a77349 fix: update snyk-go-plugin 1.4.5 -> 1.4.6
• 334f8b1 fix: remove vulns from analytics payload if present
• 58b5437 chore: adds security document
• b3d241a fix: bump snyk-python-plugin to better handle editable fragments
• 66d658a fix: analytics report includes duration of execution
• c2399ae feat: add severity-threshold flag
• 9da056d fix: add --json to help docs
• 46cb432 fix: bump sbt-plugin to 1.2.5 (better errors)
• 5bf0f83 fix: debug on requests
• 6847700 test: lock `nock` to 9.1.0
• 65c6ac1 test: new policy fixtures
• 54ffa86 fix: bump snyk-policy to allow unquoted dates
• e70618d docs: update readme
• a536ad5 fix: bump snyk-sbt-plugin to fix output format issue
• d7d3353 fix: standardise handling of errors on snyk test
• dd60fcc test: tests are not babelified, remove es6 syntax for 0.12 support
• 297b3ac fix: bump debug to a non-vulnerable minimum version

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn