[Snyk] Fix for 24 vulnerabilities

[nawazdhandala]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • data-service/package.json
  • data-service/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: googleapis

The new version differs by 171 commits.

• 8669d9a run npm install before npm publish (#944)
• d571e5d release 25.0.0 (#932)
• 2722f1f update package-lock.json (#942)
• 515fa50 chore: asyncify generator (#926)
• 0c306e5 chore: update source-map-support to 0.5.2 (#941)
• 9cdb096 chore: remove node 7 from CI (#940)
• eb86822 Update README.md (#928)
• 658c7cb Update mocha to the latest version 🚀 (#935)
• 8654a48 chore(package): update source-map-support to version 0.5.1 (#931)
• 640c621 chore(package): update opn to version 5.2.0 (#925)
• 573d96e Update js-green-licenses to the latest version 🚀 (#933)
• e734909 Circleci tests (#937)
• 474bed7 chore: Upgrade to the latest google-auth-library (#891)
• efd4af5 chore(package): update semistandard to version 12.0.0 (#910)
• 70a2ec0 fix: cleanup and fix samples (#916)
• dfcae5a chore(package): update js-green-licenses to version 0.3.1 (#919)
• 6a9b578 publishing 24.0.0 (#922)
• cdf72a2 reverting breaking change (#921)
• 8135ce0 updating googleapis (#920)
• 4c4cf53 Revert "updating googleapis"
• 2ffccde Revert "bump version, fix formatting"
• a408328 bump version, fix formatting
• c0a06ba updating googleapis
• 6ab07d9 chore(package): update nock to version 9.1.5 (#902)

See the full diff

Package name: jimp

The new version differs by 206 commits.

• d64200c bump version number
• 8405867 include types in package
• a00b5e5 longer timeout needed
• ba15d12 accept height and width as strings ([Snyk] Security upgrade axios from 0.15.3 to 1.6.0 #500)
• b976b68 add getHeight and getWidth functions ([Snyk] Security upgrade axios from 0.14.0 to 1.6.0 #504)
• f321190 handle windows env vars ([Snyk] Security upgrade axios from 0.15.3 to 1.6.0 #502)
• 80d2001 closes Zapier Update #224
• 020acbc Update CONTRIBUTING.md
• 08dbab0 use default param. fixes calling with threshold 0 ([Snyk] Security upgrade css-loader from 0.23.1 to 5.0.0 #498)
• cc96e11 fix a bunch of spelling mistakes ([Snyk] Security upgrade axios from 0.14.0 to 1.6.0 #499)
• d907c03 Update README.md
• 7c608e8 Add module build ([Snyk] Security upgrade snyk from 1.290.1 to 1.685.0 #492)
• f19e77f Promisify Functions ([Snyk] Security upgrade snyk from 1.290.1 to 1.685.0 #486)
• 69de0fc remove only
• c488bff Switch away from BigNumber.js ([Snyk] Security upgrade css-loader from 0.26.4 to 5.0.0 #497)
• fb87f39 Mime ([Snyk] Security upgrade css-loader from 0.23.1 to 5.0.0 #496)
• da3ae0e Merge pull request [Snyk] Security upgrade css-loader from 0.26.4 to 5.0.0 #495 from hipstersmoothie/bundle-wins
• 262df3e saves a few kB
• 7c21e7b switch to bignumber module
• ed69e9b Merge pull request Bugs in negated instanceof expressions #494 from hipstersmoothie/update-deps
• 81d1c42 update deps
• b86d323 Merge pull request [Snyk] Security upgrade jsdom from 9.12.0 to 16.5.0 #491 from hipstersmoothie/fix-build
• ec7a37c have to babel es6 modules because babelify wont. tfilter targets the specific file
• 17de0cc Merge pull request [Snyk] Security upgrade husky from 1.3.1 to 4.0.0 #490 from hipstersmoothie/readme

See the full diff

Package name: jsdom

The new version differs by 250 commits.

• 74a8d1e Version 16.6.0
• f51f2ec Remove the dependency on request
• 2b6d5ae Update dependencies
• b72b33b Disable now-crashing canvas test
• 39b7972 Handle null and undefined thrown as exceptions
• 04f6c13 Add ParentNode.replaceChildren() (#3176)
• e4c4004 Version 16.5.3
• 2f41466 Fix MutationObserver infinite loop bugs (#3173)
• b232f2a Run partially-failing WPTs in the custom-elements directory
• 35e103e Run partially-failing WPTs in the cors directory
• 77b660a Run partially-failing WPTs in the FileAPI directory
• d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
• bd50bbe Version 16.5.2
• d5cfd69 Fix event handler ObjectEnvironment instantiation
• 93e3d4a Remove vestigial concurrentNodeIterators option-passing
• c92f9c1 Check all associated elements for form validity
• 2202703 Fix failing WPTs calculation
• 21c7671 Upgrade dependencies
• c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
• a13d854 Use WeakRefs for NodeIterator tracking when supported
• fdf97d8 Fix radio/checkbox to not fire events when disconnected
• 761d8cc Refactor <output>
• b36d418 Make customElements.whenDefined() resolve with the constructor
• c5d13bb Remove a variety of redundant to-port tests

See the full diff

Package name: node-gcm

The new version differs by 39 commits.

• c6b9eab Restore old dependency versions in package-lock.json (Use alpine Docker Node image #373)
• 42afc1b Replace request with axios ([Snyk] Fix for 1 vulnerable dependencies #372) (thanks @ pmb-cl)
• d5cfe6a README: Update instructions on obtaining FCM Server Key (Add license scan report and status #368)
• e034e7d ci: improve node job names (Letsencrypt standalone cert not working #363)
• 46f03d7 ci: add CI tests (Fixed app recreate issue #359 #361)
• 924a4f8 API to display the app list #360: Improve code sample for unregistered device token detection
• a4df9a3 Fix [Snyk] Fix for 2 vulnerable dependencies #358: rectify coding mistake in failedTokens snippets
• 345392c 1.0.5
• f268b8b Fix stackoverflow and email link #353: npm audit: update vulnerable dependencies
• 31e89bd 1.0.4
• 72a883f Merge pull request [Snyk] Fix for 1 vulnerable dependencies #349 from marneborn/upgrade-request
• dc80fc5 Merge pull request MongoDB & Mongoose Updated #337 from yog27ray/internalServer
• 29bb027 upgrade lodash
• 2b82cac use [email protected]
• 4bec224 1.0.3
• cbb1115 1.0.2
• 6d0bcc6 Merge pull request moved ACL into Acl table  #345 from pertu/allow-uri-override
• fcb8d8c Move options.uri to overridable section
• 6c77b95 Add unit tests for uri override
• 2390554 Fix package.json: remove trailing comma in contributor list
• 456b0de README: Fix formatting of `fcm_options` param doc
• db66259 Merge pull request Bug fixes and Deployment Improvement #342 from SpellChucker/add-fcm-options-message
• e435347 Fix syntax of link
• 859625a Update README with usage

See the full diff

Package name: nodemailer-mailgun-transport

The new version differs by 28 commits.

• fc80bec Merge pull request Rename Columns  #104 from Tol1/replace-mailgun-module
• 9c6596a Replace mailgun-js with official mailgun.js
• be34bb4 Fix the vuln by forcing netmask ver 2.0.2
• f6e30b5 Merge pull request Cloudboost SDK supported browser #102 from kentcdodds/patch-1
• 5f02165 docs: update domain link
• 36f36e8 release new version that add support for apiKey alias
• 97731b4 Merge pull request changed mongo search indexing from strict text to wildcards #99 from captaincaius/feature-mailgun-templates-2
• 95aec61 add test and document using mailgun templates
• d7b1374 Merge pull request search issue patch #98 from zgid123/master
• ba1a3da bumping semver
• 1553978 fixing vulns
• 4c3fb96 support option auth.apiKey as alias of auth.api_key
• d8de62f Merge pull request ACL is not working  #87 from EmilienD/allow-custom-message-id
• ba13216 allow custom message-id
• eebbfb3 Merge pull request File upload compatibility fixes #84 from framp/master
• 87204df Small refactoring
• 7c861c3 Merge pull request Full push dictionary in send push Create Push Campaign panel #78 from strix/es6-syntax
• 79f5eb8 Fixed reference to
• 5af88a4 Changed self to simply this.
• fdc108b linting cleanup
• 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
• 4d50b02 Fixed path the handlebars template
• d2352c1 Updated syntax to es6
• 285e420 Merge pull request Unable to send Push campaign #77 from perzanko/master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn