[Snyk] Fix for 15 vulnerabilities

[Aquadita]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: i18next-node-fs-backend

The new version differs by 33 commits.

• 41d4166 update changelog
• ccffd22 Merge pull request updating documents to execute the knex for mysql Midburn/spark#238 from ceastman-ibm/patch-1
• 67ee4c2 Update js-yaml to a non vulnerable version
• 26e20ac rebuild
• 13157e2 Merge pull request Asi fixes for join flow done Midburn/spark#237 from felixmosh/fix-236
• 229a7f1 Bump dep versions due to DOS vulnerability
• 0056a49 Merge pull request Asi iron source updates Midburn/spark#233 from ffflorian/patch-1
• 714e078 Add repository to package.json
• 7e946e7 rebuild
• 1122cb7 Merge pull request knex migrate:latest fails in PROD Midburn/spark#230 from jonathanz/patch-1
• 14844ac fix [ReferenceError: language is not defined]
• 6135a7f update version
• 07ac0af rebuild
• 7952dec Merge pull request Make running tests work locally on Windows (was broken) Midburn/spark#226 from lovro-bikic/master
• 6854cc4 update addPath to support functions and paths
• f061442 change `var` to `let` in src
• 19b5b0d fix dependencies
• cfdc02c transpile to ES5
• ca9f110 run build script
• 4e1afb2 update loadPath to support functions as parameters
• 479ac5f update travis target
• 97d8d7a remove dep
• bd52d90 remove cson parser, adds option.parse for custom parsing
• 209127a Update README.md

See the full diff

Package name: mocker-data-generator

The new version differs by 102 commits.

• ccecb97 chore(release): 3.0.1
• 4d0fcea updated changelog
• 98a4b97 chore(release): 3.0.0
• 7d2e1d7 add new version without generators
• 9ab21ef New version without generators in coming
• ec4b1d9 Update README.md
• 9216120 Add CodeSee architecture diagram workflow to repository
• 87cfd44 Merge pull request [Snyk] Security upgrade express from 4.16.2 to 4.20.0 #109 from blestab/master
• eff35b0 Merge pull request [Snyk] Security upgrade snyk from 1.120.1 to 1.1064.0 #75 from sobolevn/patch-1
• 53a3b48 Merge branch 'master' into patch-1
• dcdb9f5 Merge pull request Documentation for Camps API Midburn/spark#117 from MilosPaunovic/patch-1
• 982397a Minor typo in README.md fixed
• c043d33 fix appveyor versions
• a1eaab2 fixes
• 357540c chore(release): 2.12.0
• 32bf7b7 chore(release): 2.11.0
• 540ee29 Update CHANGELOG.md
• c12578a chore(release): 2.10.0
• 77a066b Merge pull request [Snyk] Security upgrade snyk from 1.120.1 to 1.996.0 #102 from terrance00/master
• e1f4946 Merge pull request Insert data (staging/production) Midburn/spark#114 from CarlosBalladares/master
• 153f162 Implement generic type variables for Generator class object attribute
• b5e92ca updates
• 84f2f6b chore(release): 2.9.0
• 043b0a3 chore(packages): all deps updated

See the full diff

Package name: opbeat

The new version differs by 28 commits.

• d926277 4.17.0
• 074a236 feat(mongodb): add support for mongodb-core 3.x
• 50f8c9c refactor(transaction): fix typo
• 39c1244 chore(*): update code comment to reflect reality
• ee6cd48 chore(*): bump copyright year
• 6b676db feat(ws): add support for ws@4.x
• e4734fb chore(*): fix typos in supported-module-version debug messages
• 7d5c58b test(*): upgrade devDependency https-pem to v2.x
• 965e1bf test(ci): add knex@^0.14.0 to tav matrix
• 4cc4cb3 fix(graphql): support sync execute
• fab6017 test(hapi): fix hapi tests
• baf9c84 test(travis): fix wrong TAV environment variable
• 245bf54 test(ci): don't test GraphQL >=0.12.0
• 86fb050 test(transaction): reduce risk of race condition
• 85b787c test(*): add tests to test async await instrumentation
• 73d853c test(*): add test to check the dependency list is up to date
• 1eb6f27 fix(*): move https-pem to list of devDependencies
• f5b6214 refactor(*): rename async-hooks.js to patch-async.js
• 8b62b87 refactor(*): update patches to async code
• 5cc4537 feat(queue): add fuzziness to flushInterval
• c783580 fix(https): instrument https.request in Node.js v9
• 71e84f7 test(ci): add Node.js v9 to CI build matrices
• 3593f95 test(travis): downgrading npm is no longer needed
• ed14752 refactor(debug): always log OPBEAT_DEBUG_PAYLOAD info to STDOUT

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn