[Snyk] Fix for 1 vulnerabilities

[marchfederico]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: captains-log

The new version differs by 12 commits.

• 6e14204 1.0.2
• 6f528e9 Update boilerplate.
• 56ea7f4 Better error msg for 'Unsupported logger override' (custom logger) -- and also upgrade Lodash dep to 3.10.2.
• dd400a9 Add boilerplate.
• ee75b69 Add experimental _dontAccessErrorStacks option (refs https://github.com/balderdashy/captains-log/issues/17)
• e3cdc89 1.0.1
• 277cc49 travis.yml
• d9f4a59 Switch from 'colors' to chalk, with handrolled rainbows derived from Marak's (https://snyk.io/redirect/github/Marak/colors.js/blob/dfb15b55382772ba4fd34fc21922a2d83e9d34d3/lib/maps/rainbow.js).
• 40b1758 Trivial.
• 607fb91 A few minor normalizations.
• 8017c80 Bump rc dep and mocha devDep
• b30c915 Add more details about what custom loggers are useful for

See the full diff

Package name: machinepack-process

The new version differs by 60 commits.

• 5eb4a21 4.0.1
• a234b99 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #7 from sailshq/fix-vulnerabilities-from-machinepack-json
• 398a8cb Remove now-unused machinepack-json dependency
• 9204fb5 Revert "Fix expected output for escape-as-command-line-opt"
• 8ec6279 Fix expected output for escape-as-command-line-opt
• 84a1b8a Remove unused require
• a1be5a6 Bring stringify safe code inline (instead of using machinepack-json) to resolve vulnerability w/ that machinepack's lodash version
• 9b63a42 Update open-browser.js
• 60fc4bd 4.0.0
• 3af4f81 Remove unused dep
• f8b8947 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #6 from Peter-Barrett/remove-open
• 7b38467 pin opn version number and move back to json5
• a7e0bd0 swap open with opn to remove critical error on audit
• 75c3685 Trivial
• 1b5092e 4.0.0-3
• ddc1130 Revert "Experimental new method"
• d1e90f2 Experimental new method
• 2a7e0ad Fix typo
• 99c87eb 4.0.0-2
• 9c2c11c Adjust machine dep SVR to ensure proper behavior with .execSync(), and tweak a couple of tests.
• 71308c2 Trivial
• 5911473 Lint against ecmascript 5 for maximum compat. (for now)
• 1a570b0 Update boilerplate, eslint dep, and apply one lint fix
• 40fdb92 4.0.0-1

See the full diff

Package name: machinepack-redis

The new version differs by 8 commits.

• f0892e5 2.0.0
• c9a7f8f Drop node 4 support
• 8844340 Use latest machine runner
• fb5e02d Lint fixes
• f449ecd don't test node 4
• 3d2b5b4 Cleanup, sails generate etc
• 1997755 Merge pull request [Snyk] Fix for 3 vulnerable dependencies #13 from jpventura/fix-readme
• cf2cb8e 📚 Gitter join chat icon

See the full diff

Package name: skipper

The new version differs by 33 commits.

• 554db19 0.9.0
• 6d728f8 Change heading in README to use markdown instead of html, in case it fixes the weird double-logo situation on npm
• e201b3e 0.9.0-4
• 9fbd622 Improve resilience versus friendly, down-home text parameter names like 'constructor' and '__proto__'
• c366671 0.9.0-3
• 4e1f770 Add support for 'X-JSON-MPU-Params' request header
• caa3706 Prepare to absorb the X-JSON-MPU-Params implementation in Skipper (instead of in machine-as-action)
• 513777a Add note about MPU text params and JSON encoding.
• e08e0a1 0.9.0-2
• c8d8915 Use skipperFd if available - this is related to https://github.com/balderdashy/skipper-disk/commit/579a0e7516d9b106343a7e0c04902075918e61d6
• 81539e9 0.9.0-1
• 2cb22ef update comments
• cc6773f clean up old TODOs
• 8a6f9b4 latest SVR for skipper-adapter-tests
• 6c963cb update docs about other adapter methods
• cc5b996 Remove standalone/ alias
• dbc938e 0.9.0-0
• 1a8d07d finish restructuring things to match latest conventions in parley, etc. Leave standalone/ alias for backwards-compatibility
• 4037e7c move index.js to lib/skipper.js
• 62ccd8c conslidate into lib/ (part 1)
• 5d9c1da typo fix in comment
• 653e074 documentation
• 3a7b91e Remove old logger in favor of consistently using 'debug'
• 441dca4 consolidate contributor info

See the full diff

Package name: sort-route-addresses

The new version differs by 11 commits.

• 3c46279 0.0.3
• 81f6642 fix version
• 6451427 0.0.3
• 6b44a08 Add respository to package.json
• 4fdc99d Revert "0.0.3"
• f1c4951 0.0.3
• 4960caf Use @ sailshq/lodash to resolve vulnerabilities
• 75d93a5 add boilerplate sections to readme
• 84a3bb6 Fix typo in README.md
• aed9e26 0.0.2
• 9ce4d87 Leave Sails regex routes in place.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution