[Snyk] Fix for 4 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bassmaster

The new version differs by 55 commits.

• 6bca43a Version 3.2.0
• 1cc2a06 Merge pull request Make types with no permissions get wildcard permissions reindexio/reindex-api#101 from hapijs/npm-updates
• 629575f Update npm dependencies and lockfile
• c371d51 Merge pull request Use RethinkDB config options, add authKey reindexio/reindex-api#96 from adisingh007/hapi#bassmaster#95
• edaf353 Modified test to demonstrate that the feature works for requests with both pipelinable query and pipelinable payload objects
• baf3aaf Refactored the code. Changed naming of internal variables and internal functions
• 7ee3597 Now query parameters support pipelined requests
• 5e3063b Merge pull request Add default ordering default to connections and {schema { types }} reindexio/reindex-api#100 from adisingh007/hapi#bassmaster#99
• 8f6e352 Now even "$n" is substituted in url with pattern /some/url/path/$n/something where "n" can be any positive integer
• 031a769 Merge pull request Add wildcard permission (permission for all types) reindexio/reindex-api#98 from adisingh007/hapi#bassmaster#97
• 826e5e5 Fixed Bug where in a pipelined request, if the response of n'th request is needed by any other request where n > 9, i.e. a single digit number, it will work as expected.
• c325841 Merge pull request Add a viewer root field reindexio/reindex-api#92 from adisingh007/bug-fix-bassmaster#88
• 2794879 Merge pull request Add default ordering to connection fields reindexio/reindex-api#94 from adisingh007/contribution_link_fix
• 2740091 Removed buggy additions and test cases from previous commits
• 8f9765f Now handles , and
• 624931c Now evalResults even takes care of
• 3f1de4d Added another test case to check if it also works for
• ee56b35 Refactoring of code. Made it look cleaner
• a885996 Added working contributing.md link in CONTRIBUTING.md file.
• 0d8c108 Test case added to check the same bug fix
• fb60429 Fixed bug Fix Node interface description reindexio/reindex-api#88. internals.evalResults returned {} even when Hoek.reach evaluated to 0. The issue was fixed. Existing test cases ran perfectly.
• 43d0d59 version 3.1.1
• 2e7c51a version 3.1.0
• 76e6bb0 Merge pull request Cursor is non-null reindexio/reindex-api#83 from hapijs/refactor-regex

See the full diff

Package name: bell

The new version differs by 239 commits.

• ac4c3ee 10.0.0
• 8005df9 feat: Update LinkedIn to use new lite profile (#391)
• 5c28ac3 feat: Add support for hapi 18 (#397)
• b4fe168 9.5.0
• b7e909b fix(package): update lab version
• 77ac24a fix(schema): make isSameSite schema the same as hapi's
• 02aacee chore: ignore .vscode
• 48ac042 Merge pull request #396 from flipxfx/master
• bde4d13 Allow isSameSite customization
• cfdf1d2 Merge pull request #389 from Nargonath/changelog
• df4800e Add changelog.md
• da50e06 9.4.0
• e0bf4b7 hapi verison
• 03d326b Merge pull request #373 from sholladay/master
• 7ea0eda Cleanup. Closes #386
• 75dcb64 Update README.md
• b7bb1a9 Don’t require options in Bell.providers.stripe()
• 8035f34 Add option for Express to maintain compatibility
• 60b355a Use Stripe Express accounts
• 58f0d4a V9.3.2 add config 'fields' to vk provider (#372)
• 5a5780e Merge pull request #381 from doron2402/passing-fb-scope
• 4350d32 adding the ability the customize scope and upgrade fb version 3.1 from 2.9
• 6b22757 Merge pull request #379 from AurelienLourot/master
• 364e8b2 Merge pull request #380 from atassis/patch-1

See the full diff

Package name: good

The new version differs by 111 commits.

• 55acdc4 8.1.2
• cfe701a Cleanup. Closes #607
• fbf4b5c Update API format for hapijs.com (#601)
• 77e4fa1 Add changelog.md (#600)
• d39c594 Update README.md
• 639fbec Fix a typo in the example code
• 0e8e574 8.1.1
• 30441d3 Add error property to server logs (#585)
• 93d6ed0 v8.1.0
• 91385ff Add support for request event error field
• 4037636 Add support for logging response headers
• ff874f7 v8.0.1
• 8ebbac0 Added tests to prevent request id regression
• 699c4ea request.id is not request.info.id since Hapi 17
• fd8acbc v8.0.0
• bc26e88 version 8.0.0-rc1
• 87c2382 Cleanup from 9ec13aa8963106acca821ebf4c79889650366ba3
• ce6cc96 responeTime to use request.responded. drop tailTime. (#531)
• 9ec13aa Migrate to hapi 17, node 8 and async/await (#572)
• d490838 v7.3.0
• 549662a Fix for 557: Provide request headers in various payload events (#562)
• 301307b Fix typo in API.md (#553)
• 2c478b3 Test cleanup (#560)
• efd3755 version 7.2.0

See the full diff

Package name: good-console

The new version differs by 33 commits.

• 7c9a73d Update README.md
• 9de8c84 8.0.0
• dc7295d Update node requirements. Closes Add files created at CI to ignore reindexio/reindex-api#114
• b22bbf3 Update moment (Fix social login in prod reindexio/reindex-api#112)
• 9aca297 Add changelog.md (Require https in production reindexio/reindex-api#111)
• a69df28 Update README.md
• c996499 v7.1.0
• da92807 format as error when data.error is populated (Add changedXEdge to payload reindexio/reindex-api#104)
• 388b0fa Use SafeStringify when serializing the query
• fd44bf5 v7.0.1
• c8823c0 Revert addition of responseSentTime
• 3f07b60 v7.0.0
• 0ab557d pass event.id for every format
• eb54cd1 Add responseSentTime to response format (Make create-app script insert User type reindexio/reindex-api#95)
• 26b1fc2 v6.4.1
• f1b1a5b Upgrade Moment to 2.19.x (Add wildcard permission (permission for all types) reindexio/reindex-api#98)
• c4fb48f version 6.4.0
• 729155b separated message and stack with a comma (Add description and fix deprecation reindexio/reindex-api#85)
• e32cec6 leveraged the error formatter when data is an Error (Add permission validation reindexio/reindex-api#86)
• f0f83c9 version 6.2.0
• c8d0de9 log event.id when available (Refactor then to async functions reindexio/reindex-api#80)
• e91d381 version 6.3.1
• 95f4762 Bump moment to 2.15.x branch to resolve Regex DOS (Rewrite eslintrc reindexio/reindex-api#78)
• 9f1d35e version 6.1.2

See the full diff

Package name: hapi

The new version differs by 250 commits.

• b8e64d0 Update version
• 5ced8ae 18.1.0
• 7578f61 Expose bourne settings. Closes #3917
• 3378e78 Update dep. Closes #3922
• 4b59b3f 18.0.1
• 5f6a00b misc
• ccc538d Typo
• 1af289f Update deps. Closes #3912. Closes #3914
• aa3934f Add IDEs
• 75756f6 Fix route assert. Closes #3909
• 06a48ea 18.0.0
• 4da282e Its 2019
• 4bd7c38 Update deps. Closes #3905. Closes #3906. Closes #3907. Closes #3908
• 3350a5c Refactor cache config. Closes #3876, Closes #3904
• 03e03dc Split request.info.responded to responded and completed. Closes #3901
• 7521468 Coverage
• a3a5ca9 Fix close event handling in node 11. Closes #3898
• 7b85840 Fix test
• 17ca301 Exclude vs
• 5e91092 Fix test. For #3900
• 89604b0 Merge pull request #3900 from AdriVanHoudt/fix-test-803
• a4f9121 Merge pull request #3882 from dominykas/validate-cookies-alt
• 04758ac Update API.md
• 413290f For #3897

See the full diff

Package name: inert

The new version differs by 108 commits.

• 5f699ba 5.1.3
• 4514a5e Don't resolve against files.relativeTo multiple times. Closes Add /status endpoint reindexio/reindex-api#125
• fc143b3 Handle top level directory listing without trailing slash. Closes Remove half-implemented isRequired validation reindexio/reindex-api#119
• 8633b9f Test using hapi 18
• 4569240 Merge pull request Add error logging reindexio/reindex-api#123 from Nargonath/changelog
• b0c3901 Add changelog.md
• d8e55cc 5.1.2
• 08e2a10 Use new requirements config. Closes Add all related nodes to root of payload reindexio/reindex-api#122
• 7cc122b 5.1.1
• dc47399 Cleanup and update deps. Closes Add id to all payloads reindexio/reindex-api#121
• 84b50b4 5.1.0
• 302b1e0 Rename internal variable
• c2a2703 Add path data to error events. Closes Require https in production reindexio/reindex-api#111
• bd48207 Refactor directory file lookup
• f424ddb Add boom error type helpers
• 318f5fa Refactor path normalization
• 8745e1a Remove a closure
• bac2072 Rethrow developer errors. Closes Schema migrations reindexio/reindex-api#103
• f248b2e Update deps. Closes Better mutations reindexio/reindex-api#102
• 9f22671 Update docs
• ceadca7 Throw when registration options are passed
• aa3fe79 Move etagsCacheMaxSize to a server option. Closes Fix permissions field in type to have connection type, not just type reindexio/reindex-api#99
• 5b48693 rc8
• 988f4e4 rc7

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution