[Snyk] Fix for 2 vulnerabilities

[Franckapik]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	SQL Injection SNYK-JS-KNEX-3175610	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request #496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: jwks-rsa

The new version differs by 11 commits.

• 58dccc5 Release 1.6.1 (#117)
• 43a1d20 Merge pull request #113 from ecasilla/master
• f63c29b Merge branch 'master' into master
• 2c90cfe npm dependencies update #112
• f301e1d Setup the .github/stale.yml for Probot:Stale
• cf6a7fe Setup the CODEOWNERS for pull request reviews
• ca1ade2 Setup the CODEOWNERS for pull request reviews
• 1afe7ca Merge pull request #109 from nickcox/patch-1
• 7d9c09a Fix typo
• b0bce42 Merge pull request #106 from sobil/update-lru-memoizer
• 4405927 Update lru-memoizer to 2.0.1

See the full diff

Package name: knex

The new version differs by 250 commits.

• 3475d81 Prepare to release 2.4.0
• e97f922 Bump tsd from 0.24.1 to 0.25.0 (#5396)
• e145322 1227: add assertion for basic where clause values (#5417)
• 962bb0a Bump sinon from 14.0.2 to 15.0.1 (#5413)
• ab45314 Add JSDoc (TS Flavour) to mjs stub file (#5390)
• 72bd1f7 Fix: orWhereJson (#5361)
• 4fc939a Fixes unexpected max acquire-timeout (#5377)
• 5c4837c Fix lib/.gitignore path separator on Windows. (#5325)
• 7dbbd00 Bump actions/setup-node from 3.4.1 to 3.5.1 (#5356)
• d39051f fix: add missing type for 'expirationChecker' on PgConnectionConfig (#5334)
• f7ccde8 Make compiling SQL in error message optional (#5282)
• 82610ca Bump tsd from 0.23.0 to 0.24.1 (#5329)
• cb5be88 Bump typescript from 4.8.2 to 4.8.3 (#5324)
• dc6dbbf fix: insert array into json column (#5321)
• 864530c feat: support partial unique indexes (#5316)
• 6bed5e9 Fix changing the default value of a boolean column in SQLite (#5319)
• f52b2c5 Merge remote-tracking branch 'origin/master'
• 05c4707 Prepare to release 2.3.0
• 13b61c0 Update dependencies (#5317)
• 97fccdf Explicit jsonb support for custom pg clients (#5201)
• 1cc1df9 chore: remove bindingHolder for proper scoping (#5235)
• e0c0fa9 Implement mapBinding mssql dialect option (#5292)
• 29283a1 Bump tsd from 0.22.0 to 0.23.0 (#5314)
• 57692d3 Infer specific column value type in aggregations (#5297)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
• eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
• 8045ceb test: update proxy tests for the new proxy global-agent
• 0d0c76a feat: support lowercase http_proxy envvars
• e597846 test(proxy): acceptance test for Proxy envvar settings
• 6d67579 fix: replace vulnerable proxy dependency
• 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
• 3d872fb test: assert exact errors for unsupported
• 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
• 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
• fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
• 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
• 77e6665 chore: lerna release with exact version
• f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
• b286418 feat: v1 support for previously fixed reqs.txt
• 0384020 feat: basic pip fix -r support
• f94c558 feat: include pins optionally
• 66ca77a feat: do not skip files with -r directive
• bc44f9a refactor: fix individual reqs manifest
• 6e84322 feat: fix individual file with provenance
• 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
• c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
• ca508ac test: smoke test for `snyk fix`
• c68c7da feat: add @ snyk/fix as a dep

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 SQL Injection