[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • server/package.json
  • server/package-lock.json
  • server/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Command Injection SNYK-JS-AWSLAMBDA-540839	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775	Yes	Mature
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: graphql-yoga

The new version differs by 24 commits.

• 844bdfd fix: AWS dependencies
• d4b532b Fix AWS dependencies
• 2e174cb feat(deps): Migrate to graphql-upload
• c38f4ac fix(deps): migrate from apollo-upload-server to graphql-upload
• 854e774 Merge pull request #489 from prisma/renovate/graphql-playground-middleware-lambda-1.x
• af39ec1 fix(deps): update dependency graphql-playground-middleware-lambda to v1.7.12
• 9a32068 Merge pull request #488 from prisma/renovate/graphql-playground-middleware-express-1.x
• b77b070 fix(deps): update dependency graphql-playground-middleware-express to v1.7.11
• bd0ecf5 Merge pull request #528 from prisma/renovate/graphql-middleware-3.x
• 268df28 fix(deps): update dependency graphql-middleware to v3.0.2
• 33987a0 Merge pull request #518 from prisma/renovate/graphql-middleware-3.x
• 051a501 fix(deps): update dependency graphql-middleware to v3.0.1
• 24ade17 Merge pull request #514 from prisma/nikolasburk-patch-1
• b06acd1 Update README.md
• 29a5d22 Update README.md
• c9f10c4 feat: Add support for defaultPlaygroundQuery
• 33bed88 Merge pull request #431 from prisma/renovate/apollo-upload-server-7.x
• 94e393a Merge pull request #506 from prisma/renovate/graphql-middleware-3.x
• 774021e Update stale.yml
• 364c941 fix(deps): update dependency graphql-middleware to v3
• b387380 add stale bot
• eda9ec3 Merge pull request #491 from coreyward/patch-1
• ad5ff2e Correct plural form of “middleware”
• 3993cbf fix(deps): update dependency apollo-upload-server to v7

See the full diff

Package name: nodemailer

The new version differs by 93 commits.

• 7e02648 v6.6.1
• 1750c0f v6.6.0
• 0636d58 Merge branch 'master' of github.com:nodemailer/nodemailer
• 058d414 v6.6.0
• fcb0d1f test: 💍 aws ses SDK v3 support
• 2ef39e3 test: 💍 aws ses connection verification
• 6107585 fix: 🐛 ses verify, add support for v3 API
• bf57cf5 Fixes resolveContent with streams overriding data
• 91108d7 v6.5.0
• 87d9b25 Pass through textEncoding to subnodes.
• 271f91b Update index.js
• 9b5fb94 v6.4.18
• 625a9ed Update README.md
• 1d24d8b docs: added rudimentary sponsor quote block
• a455716 Added OhMySMTP to services
• 6e045d1 v6.4.17
• ba31c64 v6.4.16
• 7e7b2b2 v6.4.15
• fca2041 Update CHANGELOG.md
• b4ccfa3 Oups
• 24b93bf Add ethereal.email to well-known/services.json
• 0f132fa doc: make the code a little more accessible with some code comments.
• 1815bad v6.4.14
• dd26ddd v6.4.13

See the full diff

Package name: nodemon

The new version differs by 50 commits.

• ee92ee4 test: split require tests
• 33ae6da test: fix failing test when required
• a4490e2 fix: package.json & package-lock.json to reduce vulnerabilities
• 9bd07eb docs: changed verbose logging and CLI documentation to reflect support single file watch functionality
• c279760 test: make sigint test to actually check child pid (#1656)
• cd45d74 test: fix fork test
• 496c335 chore: undo change to spawn code
• 47dfb8b fix: pipe stderr correctly
• ed91703 fix: ubuntu loop waiting for sub processes
• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic