[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 53 commits.

• f691db5 v4.1.1
• 25b2e11 Update release notes
• e5c3937 Update release notes
• aef7287 Merge pull request #1511 from wycats/saucelabs
• 684f103 chore: reactivate saucelabs-tests
• 7840ab6 test: make security testcase internet explorer compatible
• 4108b83 Merge pull request #1504 from liqiang372/deprecate-substr-method
• 445ae12 deprecate substr method and use existing strip function in grammar
• 5cedd62 fix: add "runtime.d.ts" to allow "require('handlebars/runtime')"
• 40fb115 Revert "chore: re-activate saucelabs"
• b2e2cfe chore: re-activate saucelabs
• 037bfbf Merge pull request #1500 from wycats/neo-async
• 048f2ce refactor: replace "async" with "neo-async"
• b92589a test: add test for NodeJS compatibility
• 1c62d4c Merge branch 'issue-1495' into 4.x
• 7caca94 v4.1.0
• 7bd34fb Update release notes
• b02e9a2 test: run appveyor tests in Node 10
• f1c8b2e chore: disable sauce-labs
• dbc50ac chore: bump version of grunt-saucelabs
• c6a8fc1 chore: add .idea and yarn-error.log to .gitignore
• 42841c4 fix: disallow access to the constructor in templates to prevent RCE
• 56fc676 test: run appveyor tests in Node 10
• ee30222 chore: disable sauce-labs

See the full diff

Package name: winston

The new version differs by 120 commits.

• b47d5d5 3.3.0
• b6bc918 Prepare for v3.3.0
• 9354721 doc: fix whitespace and trailing comma. (#1778)
• 3d07a80 docs: add example of uncaughtRejections logging (#1780)
• df25fa2 fix: change property of handleRejections (#1779)
• 950cbcd Add options to request (#1777)
• 1c75292 Update package-lock.json (#1772)
• e7d13d5 Exclude unnecessary files from npm package (#1768)
• 75f7edf Fix removes a logger when pass undefined transport (#1785)
• 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
• 73ae01f Update Sentry transport `require` change (#1754)
• 7b67eb0 Fix typo (#1750)
• 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
• 0e0cf14 Fix #1690 (#1691)
• 85a250a Node 12 is LTS now
• bea9c34 Update README.md (#1743)
• 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
• c719706 (typo) Missing label import in example (#1733)
• 8944598 Update index.d.ts (#1729)
• 7bb258c Fix `npm` logging levels on README.md (#1737)
• 64744d7 #1567: document common transport options (#1723)
• ae2335b Add Humio transport link to docs (#1705)
• 785bd9e UPDATE levels on readme (http added) (#1650)
• 4f44acb Add PostgresQL transport to list of community transports (#1697)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution