[Snyk] Fix for 3 vulnerabilities

[bojidaryovchev]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nestjs/graphql

The new version differs by 15 commits.

• afb4d93 bugfix(): inconsistent interfaces (schemaDirectives)
• 6f039c0 chore() publish 5.5.1 release
• 14f6e01 bugfix() cast to any to preserve compatibility
• bb4184d bugfix() fix incorrect settings
• db6a067 chore() update dependencies
• fbe573b Merge pull request #101 from nestjs/5.5.0
• 895972f refactor() code style update
• edc15bc Merge branch '5.5.0' of https://github.com/nestjs/graphql into 5.5.0
• 35ba7a3 Merge pull request #81 from soroushj/fix-unnecessary-overwrite
• 0717113 Merge pull request #86 from jbpionnier/patch-1
• 74f5665 Merge pull request #88 from Simskii/schemadirectives
• 8070493 chore() bump version to 5.5.0
• c0bcdd9 Added directiveresolvers to module
• 8da56f6 feature: disable tslint for definition file
• d25c532 fix(GraphQLFactory): avoid unnecessary overwrites

See the full diff

Package name: apollo-server-express

The new version differs by 250 commits.

• 3545c32 Publish
• 522cd6b Update CHANGELOG.md for 2.3.0 release.
• ad42402 Merge branch 'release-vNEXT'
• 5e09e8a Revert "chore(deps): update dependency ws to v6.1.2 (#1992)"
• 36ac4e4 chore(deps): update dependency ws to v6.1.2 (#1992)
• d7e7834 Publish
• 458b4f1 Merge branch 'release-2.2.7'
• b9f01c4 Update CHANGELOG.md for 2.2.7 release.
• 44aebe4 chore(deps): update dependency @ types/node to v10.12.14 (#2091)
• 2b67ae8 chore(deps): update dependency lerna to v3.6.0 (#2076)
• 1a796c3 chore(deps): update dependency typescript to v3.2.2 (#2073)
• cfd531c chore(deps): update dependency redis-mock to v0.41.0 (#2072)
• 3e64994 chore(deps): update dependency meteor-promise to v0.8.7 (#2071)
• 4b1894c Update renovate.json
• d6fcaed chore(deps): update dependency @ types/lodash to v4.14.119 (#2066)
• ef31818 Publish
• b5c516c Merge pull request #2054 from apollographql/abernix/throw-when-uploads-on-pre-node-8.5
• abb8dc5 Merge branch 'release-vNEXT' into abernix/throw-when-uploads-on-pre-node-8.5
• 3e64438 Merge branch 'release-2.2.7' into release-vNEXT
• ccf0aa5 Publish
• 820b3bd Update CHANGELOG.md for 2.2.7-alpha.0.
• 5497fb2 Merge branch 'abernix/prepare-2-2-6'
• 1e5cdc6 Publish
• 7468f4f Prepare CHANGELOG.md for v2.2.6.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution