[Snyk] Fix for 6 vulnerabilities

[Itchibon777]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIACCEPT-548917	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIAMMO-548918	Yes	No Known Exploit
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HAPISUBTEXT-548912	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPISUBTEXT-548916	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hapi/hapi

The new version differs by 102 commits.

• d5c665a v20.0.0
• b3f2eb5 remove route timeout assertions (#4123)
• 501a264 update to teamwork@5.x.x (#4130)
• 783aa8a add isInjected property to request object (#4117)
• c31bd6d update to travis templates
• 815c854 update most out of date dependencies
• f46f864 Replace joi with validate
• f7e9193 headers: avoid sending null content-type
• 5c08509 Merge pull request #4132 from lloydbenson/master
• 3f25515 README needs this change to parse the slogan for site
• dc48d06 19.2.0
• 23abbfe Update README.md
• b2aa822 Merge pull request #4101 from dkozma/patch-1
• 5360d6d H3->H4 heading for `server.options.info.remote`
• 8f24209 Merge pull request #4094 from jonathansamines/feature/server-validator-docs
• efc9afe Update API.md
• 05109d7 Merge pull request #4087 from jonathansamines/feature/update-routes-config
• faab7a2 Closes #4079
• 6f3e08d Support node v14
• a8f5688 [server-validator-docs] Update server.validator() documentation to detail child plugins usage
• 07c95da [server-validator-docs] Improve server.validator() documentation to clarify it's usage inside plugins
• fa76016 Merge pull request #4090 from Yahkob/patch-2
• 3c3fc29 Update LICENSE.md
• cb96e07 [update-routes-config] Update API reference to use route.options instead of route.config

See the full diff

Package name: @hapi/inert

The new version differs by 14 commits.

• b3e4e44 6.0.1
• 48e3bd0 Update hapi version. Closes Enable handler mocks dherault/serverless-offline#139. Closes cannot get raw body in json request dherault/serverless-offline#140
• 5bc7ca4 Merge pull request Simple Token Authentication dherault/serverless-offline#138 from mattboutet/master
• ca5b6a3 Update for hapi v19
• ca6eb11 6.0.0
• 08125b4 Node version. Closes fix(event): Event properties don't match v1.0.3 dherault/serverless-offline#137
• 609e416 Merge pull request parseJson & escapeJavaScript: discrepancy between plugin and aws dherault/serverless-offline#136 from nwhitmont/master
• 986596c add link to changelog
• 546d56f rm changelog
• 9322023 Merge pull request Parsing [XXX] in error messages, to match serverless 1.0 dherault/serverless-offline#133 from jarrodyellets/master
• ff278b8 Update README to new template
• f70b849 Merge pull request What can the Serverless Framework do to support you? dherault/serverless-offline#132 from jarrodyellets/master
• 60bb2e8 Move Readme to API
• e1de8fe Update README.md

See the full diff

Package name: @hapi/vision

The new version differs by 12 commits.

• d14be33 6.0.0
• a574db5 Update deps. Closes Dynamodb local development and resource provisioning dherault/serverless-offline#190. Closes Expose serverless-webpack build errors dherault/serverless-offline#191. Closes Lambda event.body object from browser POST response is of different type dherault/serverless-offline#192
• a74c49d Merge pull request Failure: Missing region in config dherault/serverless-offline#189 from emrealparslan93/master
• 150beec Delete CHANGELOG.md AND Update README.md
• 53d4414 Merge pull request stageVariables per http event dherault/serverless-offline#188 from jarrodyellets/master
• fc58c37 Move usage into example
• 86134c6 Fix typo
• e3eeb98 Update API.md
• 1119fe2 Update README to new template
• 97b20fe Merge pull request Request Template - Post JSON Body With Single Quote dherault/serverless-offline#187 from jarrodyellets/master
• 6412bf1 Remove TOC from API
• d8ad156 Update README.md

See the full diff

Package name: hapi-swagger

The new version differs by 228 commits.

• 002a3fb 14.5.4
• ea26b62 Merge pull request "serverless-offline" v6 alpha feedback dherault/serverless-offline#768 from hapi-swagger/swagger-parser-update
• df315ac Merge pull request Do not remove unhandledRejection listeners as it breaks Serverless dherault/serverless-offline#767 from hapi-swagger/fix-examples
• a3d27cb fix: issue fix: missing base in URL() constructor dherault/serverless-offline#735 no required for arrays in swagger
• c7512f8 fix: yarn.lock without good modules
• 6427bc7 Merge pull request Testing API Gateway ONLY dherault/serverless-offline#765 from AndriiNyzhnyk/remove_deprecated_components
• 72ad64b fix: broken example code regression issues
• 19c91af Merge pull request Websocket Handler Creation Timing dherault/serverless-offline#766 from hapi-swagger/update-repo-urls
• 7b2e92a chore: remove deprecated 'good' module
• 4b544e8 chore: update repo urls to hapi-swagger
• ea35827 update jsDoc
• 73f8838 remove unused variables
• 88c3316 rewrite function 'appendQueryString'
• 22b74c2 14.5.3
• e9839c4 Merge pull request Websocket + Webpack Fixes dherault/serverless-offline#763 from AndriiNyzhnyk/fix_issue_711
• 9a01c3f Merge pull request Websockets and Webpack dherault/serverless-offline#764 from AndriiNyzhnyk/improve_test_coverage
• bc3f65e remove not needed arguments
• f225432 add test for function 'appendQueryString'
• 393a3dc move function 'appendQueryString' to 'Utilities'
• 7358d95 simplify condition
• 2dde132 improve coverage for function 'toJoiObject'
• 3106505 simplify function 'removeTrailingSlash'
• 5c170b1 add test for function 'removeTrailingSlash'
• 84cbf5a add test for function 'getJoiLabel'

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution