[Snyk] Fix for 1 vulnerabilities

[codeno]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references ([Snyk] Fix for 1 vulnerabilities pantsel/konga#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (konga kerio ords , rewrite urls pantsel/konga#754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (JWT with HS512 algorithm pantsel/konga#704)
• 88cb9df Replace tilde-indexOf with includes (The data cannot be present in the service list, but it already exists in the kong database. pantsel/konga#647)
• a6235fa Adds not to README on decoded payload validation (SQL Server: Failed to prepare database: The hook orm is taking too long to load pantsel/konga#646)
• 5ed1f06 docs: fix tiny style change in readme (define uri for migrations, create migration job pantsel/konga#622)
• 9fb90ca style: add missing semicolon (Does this still work? pantsel/konga#641)
• a9e38b8 ci: use circleci (Getting error in KONGA UI saying 'size must be an integer between 1 and 1000' pantsel/konga#589)

See the full diff

Package name: node-sass

The new version differs by 60 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Package name: sails

The new version differs by 250 commits.

• 6e73a65 1.0.0
• 5f1d8b3 1.0.0-49
• 616e4e1 Insist on the latest sails-generate.
• 6ab0a5a 1.0.0-48
• 1e28823 Lifting with --redis now sets @ sailshq/connect-redis and @ sailshq/socket.io-redis.
• 9f29a03 Change approach from what was begun in 520a3c8cac5db1d9698c50efff82e476ec64fca8 so that we maintain the correct package name for the purpose of require().
• 520a3c8 Tolerate '@ sailshq/connect-redis' as session adapter.
• e2813f5 1.0.0-47
• 6768743 Tweak warning message.
• ce95c84 Update comments to reflect that req.setLocale() is fully supported as of Sails v1.0 and beyond.
• 0753a99 Trivial
• 3bdd786 Tweak troubleshooting tips.
• e8f9bee Check dev-dependencies for sails-hook-grunt
• e8493a6 1.0.0-46
• d1b6061 run tests on Node 9
• b3afed7 Fix issue with CSRF black/whitelists and routes containing optional params when the requested URL contains a querystring but NOT the optional param (whew!)
• 663527f Fix test error output
• 69ead96 Revert 35ae3ccba472bf4a8edb8ffd7d579d18391d1ba0 in favor of clarifying some of the wording.
• 35ae3cc Experiment with customizable www path
• a89d7a4 extrapolate www path
• a2a0789 Tolerate sails-hook-grunt specified in devDependencies when running sails www
• 0b42c59 Don't attempt to create a Redis connection if "client" is provided.
• 1700788 Update LICENSE.md
• 9c532dc Merge pull request #4267 from luislobo/patch-3

See the full diff

Package name: sails-postgresql

The new version differs by 250 commits.

• e9728fe 1.0.0
• 3ee54ac 1.0.0-13
• a2b0da4 Bump mp-postgresql version
• 0266a58 Update `.exec({...})` to `.switch({...})`
• 50a8e22 Update helpers to work w/ new machine runner
• cf3a294 Bypass `bigint` validation for auto timestamps
• b9352bd If invalid model definitions are detected, just return an error message _without_ a stack trace.
• 296f538 Coerce empty string to zero when bigint column type is in use
• 6dea61c Throw an error if `type: 'number'` is used with `columnType: 'bigint'`
• 24164da Update language in config errors
• 67aa86b 1.0.0-12
• cae9019 Stringify strings before using them as values for JSON attributes
• beb7415 1.0.0-11
• 2691491 Allow `ref` type attributes to represent any object, not just Buffers.
• bdf2b7d 1.0.0-10
• 1b34e1f use column name when parsing values
• b004869 1.0.0-9
• a4c8d2c Merge pull request A help message was inverted for the cors plugin pantsel/konga#270 from balderdashy/fixes
• 8765654 bump min wl-util version
• 913cad6 key orm by identity rather than table name
• a0ae8a2 add depth validation to pre-process
• 1196975 make sure to process each record when no child statements are needed
• 2c894d2 pass true to process each record deep to show it uses column names
• 5822b3d include strategy type when building the query cache

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)