[Snyk] Fix for 31 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • todoapp/nodejs_api/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSVPARSE-467403	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Hash Injection SNYK-JS-SEQUELIZE-174147	Yes	Proof of Concept
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	SQL Injection SNYK-JS-SEQUELIZE-2932027	Yes	Proof of Concept
	564/1000 Why? Has a fix available, CVSS 7	SQL Injection SNYK-JS-SEQUELIZE-2959225	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	SQL Injection SNYK-JS-SEQUELIZE-450221	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	SQL Injection SNYK-JS-SEQUELIZE-450222	No	Proof of Concept
	550/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-SEQUELIZE-543029	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	496/1000 Why? Mature exploit, Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:mysql:20170317	No	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:restify:20160225	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Memory Exposure npm:sequelize:20160115	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	SQL Injection npm:sequelize:20160329	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	SQL Injection npm:sequelize:20160718	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mysql

The new version differs by 214 commits.

• 21a7031 2.14.0
• acb3fbf Add new Amazon RDS ap-south-1 certificate CA to Amazon RDS SSL profile
• fcb8688 Add new Amazon RDS eu-west-2 certificate CA to Amazon RDS SSL profile
• e6c87d7 build: eslint@4.2.0
• 3132612 lint: ignore coverage artifacts
• 1685ebd Update safe-buffer to 5.1.1
• aa08925 build: timezone-mock@0.0.5
• f11ccb3 Fix the MySQL 5.7.17 error codes
• 0cf2107 Update readable-stream to 2.3.3
• 88bade0 Support Node.js 8.x
• 3f4ee77 build: Node.js@6.11
• a2c0dff build: timezone-mock@0.0.4
• 6a8d9f1 build: Node.js@7.10
• 6c6d712 lint: fix keyword spacing
• d4ad69e build: nyc@10.3.2
• 149130d build: use gcc 4.6 for Node.js 0.6
• 5c60778 Add sqlMessage property to Error objects
• 5c53e3b Update bignumber.js to 4.0.2
• e8b8b89 build: nyc@10.3.0
• 3f28291 Update readable-stream to 2.2.9
• 35bcdb1 build: Node.js@7.9
• d950995 docs: add Ping to table of contents
• f98d2fa build: use nyc for test coverage
• bfcac0b build: seedrandom@2.4.3

See the full diff

Package name: restify

The new version differs by 250 commits.

• 6259b24 chore(release): release 8.1.0
• 6baeafd docs(CHANGELOG): Update changelog
• 3b71229 fix(dev): upgrading modules including restify-errors (#1755)
• a67b25f feat(plugin): plugin to serve static files (#1753)
• 0700cfd feat: add router.render() back to support hypermedia usecase (#1752)
• d901e43 docs(CHANGELOG): Update changelog (#1751)
• 5051f41 chore(release): release 8.0.0
• f070751 docs(CHANGELOG): Update changelog
• a05a090 BREAKING CHANGE: restify drops Node v4.x and v6.x (#1750)
• 23c80b8 chore(release): release 7.7.0
• 09f3560 docs(CHANGELOG): Update changelog
• 6231acd feat(audit): Add the ability to specify a custom audit log serializer (for err, req and res) (#1746)
• 1dc34b4 fix(dev): remove nsp since the project merged with npm
• 3740a6b fix(dev): pin to exact versions of linting tools and fix lint errors
• bb97ac0 chore(release): release 7.6.0
• aea15ee docs(CHANGELOG): Update changelog
• 4900d6b feat(req): add restifyDone event (#1740)
• 9552755 Add missing , to Versioned Routes docs (#1705)
• 0c36c9b update dedupeSlashes() invocation in docs (#1736)
• 4e03a83 chore(release): release 7.5.0
• fdac11e docs(CHANGELOG): Update changelog
• 6e35e01 feat(plugins): context, req.get() returns the whole context (#1739)
• 7a1378b fix: emit after event with proper error param for node versions >= 11.4.0 (#1732)
• df3b5b0 chore(release): release 7.4.0

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 7bb60e3 fix: properly escaoe multiple `$` in `fn` args (#14678)
• 86d35b1 docs: added nest option inside findAll query (#14683)
• 2f3b924 fix(postgres): use schema set in sequelize config by default (#14665)
• cbdf73e feat: exports types to support typescript >= 4.5 nodenext module (#14620)
• a333862 docs(readme): update README to be more like main (#14626)
• e1a9c28 fix: kill connection on commit/rollback error (#14535)
• b37df96 feat: support cyclic foreign keys (#14499)
• e37c572 fix: accept replacements in `ARRAY[]` & followed by `;` (#14518)
• 6c5f8ec test: disable mysql/mariadb deadlock test (#14514)
• 87655eb build: fix esdoc (#14513)
• ccaa399 fix: do not replace `:replacements` inside of strings (#14472)
• 5954d2c feat(types): make `Model.init` aware of pre-configured foreign keys (#14370)
• 0d0aade fix(types): make `WhereOptions` more accurate (#14368)
• 7e8b707 docs: restore Model api reference & make fail on error (#14323)
• ca0e017 test: disable deadlock test for mariadb 10.5.15 (#14314)
• 62564f7 docs: fix dead link in API reference (#14313)
• cdc8881 build: remove v6 docs from repository (#14234)
• 730af27 docs: document scope whereMergeStrategy option (#14201)
• 8349c02 feat: add whereScopeStrategy to merge where scopes with Op.and (#14152)
• e974e20 feat(types): make `Model.getAttributes` stricter (#14017)
• 2d339d0 fix: fix typo in query-generator.js error message (#14151)
• b80aeed fix(types): update return type of `Model.update` (#14155)
• f5c06bd feat(types): infer nullable creation attributes as optional (#14147)
• af6cbe6 build(deps): move @ types/validator to prod deps (#14159)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Buffer Overflow 🦉 More lessons are available in Snyk Learn