[Snyk] Fix for 10 vulnerabilities

[silver-xu]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-APOLLOSERVER-1912891	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-APOLLOSERVERCORE-2928764	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-APOLLOSERVERCORE-571663	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Command Injection SNYK-JS-AWSLAMBDA-540839	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Arbitrary File Read SNYK-JS-HTMLPDF-467248	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: apollo-server

The new version differs by 250 commits.

• bcfd36c Release
• a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
• 81ae16f Update header comment to say @ 3.x instead of @ rc
• 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
• 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
• 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
• 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
• c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
• 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
• 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
• 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
• 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
• d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
• d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
• 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
• 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
• 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
• 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
• e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
• e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
• f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
• b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
• fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
• ad2cdb5 Release

See the full diff

Package name: apollo-server-express

The new version differs by 250 commits.

• bcfd36c Release
• a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
• 81ae16f Update header comment to say @ 3.x instead of @ rc
• 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
• 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
• 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
• 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
• c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
• 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
• 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
• 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
• 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
• d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
• d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
• 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
• 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
• 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
• 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
• e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
• e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
• f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
• b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
• fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
• ad2cdb5 Release

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: html-pdf

The new version differs by 12 commits.

• 13b438c 3.0.0
• 296313e chore: Update circleci config
• 236a297 fix: Prevent local file access by default using the `localUrlAccess: false` option
• 85e2470 chore: Add package-lock.json
• 36a551c Fixed error handling
• 4e15719 Satisfying test for TravisCI
• 9349b6f Added null checker
• a0f4500 A better way for handling PhantomJS exits
• 9e14ef5 Fix issue with last header appearing on all pages
• 89a41e3 Extract business card test into separate file
• 63ba98f Re-add business card example pdf
• b0018c4 Fix two of three broken links

See the full diff

Package name: markdown-it

The new version differs by 157 commits.

• d72c68b 12.3.2 released
• aca3396 dist rebuild
• ffc49ab Fix possible ReDOS in newline rule.
• 76469e8 12.3.1 released
• ae5a243 dist rebuild
• 1cd8a51 Fix tab preventing paragraph continuation in lists
• 830757c Fix spelling error in question Github Template (#835)
• 2e31d34 12.3.0 released
• 393354c Dist rebuild
• 8564eed Dev deps bump
• 24abaa5 Improve emphasis algorithm
• e07a9dd typo fix
• 6e2de08 12.2.0 released
• 08827d6 dist rebuild
• 8bcc82a Parser: Set ordered list_item_open token info to input marker.
• 77fb937 Add pathological test from cmark
• e5986bb Always suffix indented code block with a newline
• 13cdeb9 12.1.0 released
• 13d8335 Dist rebuild
• eed156e Fix emphasis algorithm as per 0.30 spec
• 0b14fa0 Update CommonMark spec to 0.30
• 064d602 Updated highlight.js usage info
• df4607f 12.0.6 released
• e5b0eb3 dist rebuild

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn