[Snyk] Fix for 28 vulnerabilities

[qmutz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/storage

The new version differs by 250 commits.

• 6161c63 chore: release 5.17.0 (Improvements/outgoing hooks RocketChat/Rocket.Chat#1744)
• 97edb9a sample: add turbo replication samples (RocketChat.Info is not available on local dev build RocketChat/Rocket.Chat#1618)
• 809bf11 fix: remove compodoc dev dependency (Suggestion: Allow screen sharing, even when camera/mic not available RocketChat/Rocket.Chat#1745)
• 291e6ef feat: add support for rpo (turbo replication) metadata field when cre… (first user was not made admin RocketChat/Rocket.Chat#1648)
• 437d400 chore(deps): gcs-resumable-upload migration (Can't connect to custom deployed using Desktop or mobile apps RocketChat/Rocket.Chat#1736)
• 00392a4 chore: add api_shortname and library_type to repo metadata (rocket.chat-v.latest.tgz: 404 Not Found  RocketChat/Rocket.Chat#1737)
• 9758632 docs(badges): tweak badge to use new preview/stable language (How can i help with translate? RocketChat/Rocket.Chat#1314) (adjust tgz filename RocketChat/Rocket.Chat#1739)
• 552ebef docs(node): support "stable"/"preview" release level (Channel protected by password? RocketChat/Rocket.Chat#1312) (adjust tgz filename RocketChat/Rocket.Chat#1738)
• 42f4207 chore(deps): update dependency @ types/tmp to v0.2.3 (Livechat department improvements and queue RocketChat/Rocket.Chat#1734)
• 2aad922 samples: Delete setPublicAccessPreventionUnspecified.js (Mail messages RocketChat/Rocket.Chat#1733)
• 257f771 samples: download byte range (#1732)
• 29f91cb samples: added samples for upload from / download into memory (Sensitive server data exposed for non logged in users. RocketChat/Rocket.Chat#1731)
• 8ecb70e build: add generated samples to .eslintignore (Crash when pasting an "empty" clipboard RocketChat/Rocket.Chat#1730)
• 1457404 chore: create interfaces for conformance test API results (#1728)
• 09af838 chore: release 5.16.1 (fix URL RocketChat/Rocket.Chat#1717)
• 2c2510a chore: address lint issues (Attachment View in Browser RocketChat/Rocket.Chat#1726)
• 6490abf Revert "fix: revert skip validation (Multi-level messaging RocketChat/Rocket.Chat#1718)" (Searching for an invalid RegExp shows UNDEFINED RocketChat/Rocket.Chat#1721)
• db4e2df samples: upload without authentication (Option to switch menu's position RocketChat/Rocket.Chat#1711)
• d77979b fix: stop File.download from truncating output file on failure (Created and pushed by LingoHub. RocketChat/Rocket.Chat#1720)
• 0c75e33 fix: revert skip validation (Multi-level messaging RocketChat/Rocket.Chat#1718)
• c365254 fix: change properties with function value to methods (update RocketChat/Rocket.Chat#1715)
• 669a34d chore(deps): update gcs-resumable-upload to ^3.6.0 (Maybe use control-mergebox instead of meteor-streams RocketChat/Rocket.Chat#1710)
• 9018e17 chore: release 5.16.0 (Duplicate mentions. RocketChat/Rocket.Chat#1709)
• 50cdbb6 feat: improved error messages for resumable uploads (Settings for server default language  RocketChat/Rocket.Chat#1708)

See the full diff

Package name: bcrypt

The new version differs by 19 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request joinRoom returns if room is already added RocketChat/Rocket.Chat#856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request Meteor 1.2 (HELP TO TEST) RocketChat/Rocket.Chat#852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request Image autoloading does not work behind proxy RocketChat/Rocket.Chat#851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request Create room permissions for read-only / speak RocketChat/Rocket.Chat#825 from dogon11/patch-1
• 2821c03 Merge pull request number of unread messages indicator misbehavior RocketChat/Rocket.Chat#811 from techhead/use_buffers
• 63c8403 Merge pull request Create Channel button hidden RocketChat/Rocket.Chat#838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: Create a cog or other icon for dropdown actions on message RocketChat/Rocket.Chat#828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag

See the full diff

Package name: googleapis

The new version differs by 250 commits.

• 7e3d978 Release v37.0.0 (favico.js update RocketChat/Rocket.Chat#1568)
• ecb2c28 build: check for 404s in the docs (Distinguish Deployment from Development Install RocketChat/Rocket.Chat#1562)
• d49aa49 docs: run the docs command (Unicode regex support RocketChat/Rocket.Chat#1566)
• d1af168 feat: run the generator (Added toAll mentions for yall, everyone, channel, and here RocketChat/Rocket.Chat#1564)
• 9ccda50 chore(deps): update dependency eslint-config-prettier to v4 (Functions rate limiter RocketChat/Rocket.Chat#1565)
• 73f8f9c docs: specify gaxios over axios (Rocket Chat fails to load channels in IE10 RocketChat/Rocket.Chat#1558)
• 7f7f3cf fix(deps): update dependency googleapis-common to ^0.7.0 (Many fixes for RTL RocketChat/Rocket.Chat#1560)
• c62efb1 docs(samples): add people samples for get & create contacts (Too easy to accidentally leave channels RocketChat/Rocket.Chat#1543)
• 2ad63f6 feat: webpack support for all APIs (When User Joins a Call, Mark Them as Busy RocketChat/Rocket.Chat#1554)
• d8ba2ac fix(deps): update googleapis-common and google-auth-library (Add hubot config to docker-compose.yml RocketChat/Rocket.Chat#1556)
• 9742db3 feat: generating webpackable packages (Reset avatar before uploading to prevent caching issues RocketChat/Rocket.Chat#1547)
• e70272c fix(generator): convert method names to camelCase (rocketchat_1 | private group user statistic not found RocketChat/Rocket.Chat#1552)
• 8d9c5d9 docs: fix typo in README.md (Mentioned non-English user names do not get linked RocketChat/Rocket.Chat#1549)
• de464c0 feat: run the generator (Unified channel creation? RocketChat/Rocket.Chat#1541)
• 7e07d11 docs: improve the compute sample in the README (Improvements/performance RocketChat/Rocket.Chat#1537)
• 47056e9 docs(samples): rework the compute list vms sample (Permissions renaming RocketChat/Rocket.Chat#1534)
• 3b612fc fix(test): fix the revoke token test (Secret URL registration. Closes #1507 RocketChat/Rocket.Chat#1532)
• 4115c0f chore(deps): update dependency typedoc to ^0.14.0 ([sandstorm] Cull administrator options RocketChat/Rocket.Chat#1527)
• c61e14d docs: correct the README (FileReader function ignores orientation of images uploaded from mobile. RocketChat/Rocket.Chat#1522)
• 438979a docs: use blogger to demonstrate key authentication (File upload too slow / eating too much resources RocketChat/Rocket.Chat#1519)
• f6edb8e chore: update license file and metadata (Account box customizable items RocketChat/Rocket.Chat#1504)
• 230bb64 chore(build): inject yoshi automation key (Multiple file upload support RocketChat/Rocket.Chat#1503)
• 443662e chore: update nyc and eslint configs (Password reset / recovery is broken RocketChat/Rocket.Chat#1502)
• 413d9ca chore: fix publish.sh permission +x (Update README.md RocketChat/Rocket.Chat#1499)

See the full diff

Package name: juice

The new version differs by 37 commits.

• a628051 v7.0.0
• 5d89c6e Merge pull request Migrating flow-router into 2.0 RocketChat/Rocket.Chat#368 from TrySound/upgrade-web-resource-inliner
• ef3a266 Merge pull request Scalable File Sharing RocketChat/Rocket.Chat#369 from TrySound/published-files
• 335ed19 Publish only necessary files in package
• 3ec34d3 Upgrade web-resource-inliner
• 56e8fbc Merge pull request Images are not showing in lan RocketChat/Rocket.Chat#367 from TrySound/upgrade-commander
• 1dac1f4 Upgrade commander
• 1f82379 Merge pull request Latest code is not working with IE 11 RocketChat/Rocket.Chat#366 from TrySound/upgrade-cheerio
• 4178da6 Upgrade typescript
• 0ea9842 Upgrade to cheerio v1
• ec41c65 Merge pull request Verify Account with phone number RocketChat/Rocket.Chat#352 from hansottowirtz/support-htmlparser2
• f55f820 Merge pull request Sort of users in view RocketChat/Rocket.Chat#364 from TrySound/drop-deep-extend
• 7116879 Replace deep-extend with nested Object.assign
• 879e34c Merge pull request Add External Chat Window RocketChat/Rocket.Chat#363 from TrySound/unused-inliner-options
• 8899cd7 Merge pull request Allow to paste images from clipboard RocketChat/Rocket.Chat#365 from TrySound/object-assign
• 0765875 Merge pull request Upload RocketChat/Rocket.Chat#362 from TrySound/cross-spawn-dev
• d08b1ed Replace custom extend utility with native Object.assign
• fb22fc0 Drop unused cssmin and uglify options from cli
• f3307de Move cross-spawn to dev dependencies
• 49b5412 Merge pull request Implement REST-full API RocketChat/Rocket.Chat#349 from ArsenyYankovsky/master
• 0ce3da7 Merge pull request fix prob when room id is not valid RocketChat/Rocket.Chat#360 from nekocode/fix-empty-tag
• 990f0dd Merge pull request Room isolation RocketChat/Rocket.Chat#353 from asztal/patch-1
• 35d9a9d fix Fix message deletion and fix render of previous message RocketChat/Rocket.Chat#359
• 6963fe6 Add changelog entry for v6.0.0

See the full diff

Package name: turndown

The new version differs by 15 commits.

• 4e36b45 6.0.0
• 9026414 5.1.0
• bc23db7 Update acorn for https://npmjs.com/advisories/1488
• b9898b7 Update travis node version
• 1559f32 Update to latest rollup (+ plugins) versions
• 73a7539 Target new versions of node
• 166a41a Update jsdom to v16 to fix potential security vulnerabilities
• 0b5d4d5 Merge pull request Fix minor bugs in irc plugin. RocketChat/Rocket.Chat#302 from fredck/t/domchristie/turndown/300
• e5bd9f8 Use the repeat utility function for consistency.
• d1ee0ac Simplified the fence character sniffing.
• 99b0516 Minor stylistic fixes.
• 8e072d2 Fixed the wrong trimming of line break at at the start of code blocks.
• a24c58b Fixed multiple ticks/tildes inside code blocks.
• cae7098 Merge pull request add Video Chat HD and fullscreen modes for web-rtc #115 RocketChat/Rocket.Chat#281 from kevindew/vanishing-or-duplicating-spacing
• b73068c Consistently handle inline elements with spaces

See the full diff

Package name: webdav

The new version differs by 152 commits.

• 30850ad 4.0.0
• b262b2c Prepare v4.0.0
• 480dfff Audit dependencies
• 98f2af5 4.0.0-r01
• 6d47049 Merge pull request Cleanup in master RocketChat/Rocket.Chat#234 from perry-mitchell/typescript
• 85e9fae Update other dependencies
• 5188ad4 Update deps, format files
• bb6cc02 Merge branch 'typescript' of github.com:perry-mitchell/webdav-client into typescript
• a6a7c16 Update fast-xml-parser
• 862543d Document client options
• 6205d19 Merge branch 'master' into typescript
• 655032a Update readme docs
• 3673df7 Rebuild documentation
• e62706f Remove old source, move typescript to ./source
• 0cbd5d0 Remove old tests
• 347b4a4 Add auth tests
• bb75105 Add digest auth test
• f6fe032 Configure Chrome for Travis
• f1dbeca Add more web tests
• b25ed53 Add exists tests for web
• 9ec69e4 Setup web tests
• b5f15a8 Add getFileUploadLink
• 66892ce Add putFileContents tests
• 7dff381 Add putFileContents

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn