[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 65 commits.

• ce06b1e Merge pull request error when registering a new user on local #473 from slackapi/dev-v4
• cbd9d21 Merge branch 'master' into dev-v4
• 8fac7d5 v4.0.0
• b4f4f8b generate documentation
• fa70a8d IncomingWebhook implementation
• d621134 remove examples dir, export declaration files
• 81d9b04 updates readme and guides for new API
• 8db2e2c updates documentation generation instructions
• fdf7b51 update finity, remove superfluous comments from jsdoc
• 45cf343 basic doc generation is working
• 8e4ae7e Merge branch 'dev-v4' into ts2jsdoc
• 4ae19d5 adds TLSOptions, new RTMClient events for parity
• cae00fa POC
• abe015b adds migration guide content for WebClient
• b8b4c63 code organization and pulling out comments to build the migration guide
• f25a6a8 implements loglevel plugin API to prefix messages with log level and logger name
• 0a325ee rename keep-alive.ts -> KeepAlive.ts
• 4e16be2 implement configurable replyAckOnReconnectTimeout in RTMClient
• 5185e5e rtm message sending based on a queue for outgoing messages and cancelable promises for replies
• 662a577 a basic echo program using rtm works! tweaked keepalive and integrated into rtmclient
• dc59265 RTMClient connects! implemented connecting state in statemachine with substate transitions. commented out KeepAlive for simplicity while refactoring, but will re-enable soon.
• f28d69d adds stronger definition for errors from WebClient and uses this information in RTMClient
• ec91168 simplify statemachine config functions by removing RTMClientStateMachine interface extension
• cbaf7a1 an early state machine implementation for the RTM client

See the full diff

Package name: grunt

The new version differs by 32 commits.

• 6f49017 1.3.0
• faab6be Merge pull request #1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request #1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request #1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log
• 3b75085 1.2.1
• ae11839 Changelog update
• 9d23cb6 Merge pull request #1715 from sibiraj-s/remove-path-is-absolute
• e789b1f Remove path-is-absolute dependency
• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link

See the full diff

Package name: sails

The new version differs by 250 commits.

• 6e73a65 1.0.0
• 5f1d8b3 1.0.0-49
• 616e4e1 Insist on the latest sails-generate.
• 6ab0a5a 1.0.0-48
• 1e28823 Lifting with --redis now sets @ sailshq/connect-redis and @ sailshq/socket.io-redis.
• 9f29a03 Change approach from what was begun in 520a3c8cac5db1d9698c50efff82e476ec64fca8 so that we maintain the correct package name for the purpose of require().
• 520a3c8 Tolerate '@ sailshq/connect-redis' as session adapter.
• e2813f5 1.0.0-47
• 6768743 Tweak warning message.
• ce95c84 Update comments to reflect that req.setLocale() is fully supported as of Sails v1.0 and beyond.
• 0753a99 Trivial
• 3bdd786 Tweak troubleshooting tips.
• e8f9bee Check dev-dependencies for sails-hook-grunt
• e8493a6 1.0.0-46
• d1b6061 run tests on Node 9
• b3afed7 Fix issue with CSRF black/whitelists and routes containing optional params when the requested URL contains a querystring but NOT the optional param (whew!)
• 663527f Fix test error output
• 69ead96 Revert 35ae3ccba472bf4a8edb8ffd7d579d18391d1ba0 in favor of clarifying some of the wording.
• 35ae3cc Experiment with customizable www path
• a89d7a4 extrapolate www path
• a2a0789 Tolerate sails-hook-grunt specified in devDependencies when running sails www
• 0b42c59 Don't attempt to create a Redis connection if "client" is provided.
• 1700788 Update LICENSE.md
• 9c532dc Merge pull request #4267 from luislobo/patch-3

See the full diff

Package name: socket.io-redis

The new version differs by 62 commits.

• 5f475fb [chore] Release 5.0.0
• f42e26d [perf] Use notepack instead of msgpack-lite (feature request: ability to specify a schema for DB #218)
• 05f926e [perf] Use pattern matching at the namespace level (Delete api should drop the alert automatically. #217)
• d3d000b [chore] Release 4.0.1
• a33499d [docs] Add link to Go implementation of socket.io-emitter (DB Server Connection Other than localhost #199)
• bceab01 [fix] Fix duplicate identifier declaration (Is there a way to custom users privildege hide/show connections or api #213)
• 2354068 [chore] Release 4.0.0 (upstreams health checks config update failed #202)
• 7ae896a [fix] Fix remoteJoin/remoteLeave methods (Docker image - error A hook (orm) failed to load! #201)
• 1dc1a9b [docs] Update code examples in the Readme (Fix Created_at for Certificates Panel. Fix format too #194)
• 38b8a2b [docs] Update History.md regarding the `return_buffers` option (Konga plugin config removes newline from config values #189)
• 01028d0 [feature] Make customHook async ([UI Bug]ACL Group For API incorrect size #181)
• 2e0ca4e [chore] Release 3.1.0 (Fix GET targets AND Add possibility to select Hash_on for Upstreams for Kong 0.12.X #180)
• 8876d54 [docs] Document remoteDisconnect method (UI presentation allow for large number of requests in shorter width screen #179)
• 11ab62b [feature] Implement remoteDisconnect method (#170 Defaulting signup enabled to false for new databases #177)
• df7cc77 [fix] Subscribe only once per room (Healthcheck still active on deleted API #175)
• a1861cb [test] Fix 'Connection is closed' errors when cleaning up tests (callback bug #178)
• 598583c [test] Use quit() instead of end() to close Redis connection (Timeline for a new release? #176)
• ddd6906 [chore] Release 3.0.0 (Konga defaults to signup enabled #170)
• 1d32abc [feature] Add some helper methods (Feature to change Konga default users #168)
• e26590c [test] Add newer nodejs versions in Travis (Konga dashboard will not load if konga installed on seperate machine other than kong machine #167)
• a01262d [test] simplify tests by using beforeEach/afterEach methods (Kong 0.12 support #166)
• 0a5bd4c [perf] Micro-optimisations (UPDATED: Replaced relative image URLs with absolute. #163)
• 83fc741 [feature] Forward errors from pub/sub clients to the adapter (feat(docker): Format Dockerfile #160)
• cdddf36 [chore] Replace msgpack with msgpack-lite (Feature Request: Ability to run migrations outside of development mode #156)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution