[Snyk] Fix for 17 vulnerabilities

[devilesk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. [Find out more](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities).

⚠️ Warning

``` Failed to update the package-lock.json, please update manually before merging. ```

#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **526/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.1 | Arbitrary Code Injection
[SNYK-JS-EJS-1049328](https://snyk.io/vuln/SNYK-JS-EJS-1049328) | Yes | Proof of Concept  | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | Yes | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit  | **454/1000**
**Why?** Has a fix available, CVSS 4.8 | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | Yes | No Known Exploit  | **791/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 9.4 | SQL Injection
[SNYK-JS-SEQUELIZE-2932027](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027) | Yes | Proof of Concept  | **564/1000**
**Why?** Has a fix available, CVSS 7 | SQL Injection
[SNYK-JS-SEQUELIZE-2959225](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225) | Yes | No Known Exploit  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | SQL Injection
[SNYK-JS-SEQUELIZE-450221](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450221) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | SQL Injection
[SNYK-JS-SEQUELIZE-459751](https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751) | No | Proof of Concept  | **389/1000**
**Why?** Has a fix available, CVSS 3.5 | Sensitive Data Exposure
[SNYK-JS-SEQUELIZECLI-174320](https://snyk.io/vuln/SNYK-JS-SEQUELIZECLI-174320) | No | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090599](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090600](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090601](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090602](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WS-1296835](https://snyk.io/vuln/SNYK-JS-WS-1296835) | No | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-YARGSPARSER-560381](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: got

The new version differs by 250 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• f896aa5 11.8.2
• 3bd245f Instantiate CacheableLookup only when needed (#1529)
• a72ed84 11.8.1
• 4c815c3 Do not throw on custom stack traces (#1491)
• e0cb820 11.8.0
• f65c9ef Upgrade dependencies
• 7acd380 Fix for sending files with size `0` on `stat` (#1488)
• 6aa86f2 Fix indentation in the readme
• 3dd2273 `beforeRetry` allows stream body if different from original (#1501)
• b1afa2b Fix readme example comment (#1505)
• 390b145 Set default value for an options object (#1495)
• 87dadd5 Fixed documentation example for `responseType` (#1494)
• 3bf3e3b Add `lookup` option documentation (#1483)
• c31366b Add a test for #1438 (#1469)
• 5d62958 11.7.0
• 88b32ea Fix a regression where body was sent after redirect

See the full diff

Package name: koa-passport

The new version differs by 13 commits.

• 0608284 upgrade to passport 0.6.0
• e2340e9 Merge pull request #159 from rkusa/dependabot/add-v2-config-file
• 0ed8a96 Update .github/dependabot.yml
• e8bcbbd Upgrade to GitHub-native Dependabot
• 2e29683 bump version to 4.1.4
• 52296ab upgrade dev dependencies
• f2d4934 Merge pull request #157 from tommoor/patch-1
• b20ee8e Move position of ip in block
• 9050920 fix: Add missing "ip" to request proxy object
• 7cc1f2c Merge pull request #131 from rkusa/dependabot/npm_and_yarn/supertest-tw-4.0.2
• 19004aa Merge pull request #130 from rkusa/dependabot/npm_and_yarn/mocha-tw-6.1.4
• 7bfa143 Update supertest requirement from ^3.3.0 to ^4.0.2
• bef1353 Update mocha requirement from ^5.2.0 to ^6.1.4

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 7bb60e3 fix: properly escaoe multiple `$` in `fn` args (#14678)
• 86d35b1 docs: added nest option inside findAll query (#14683)
• 2f3b924 fix(postgres): use schema set in sequelize config by default (#14665)
• cbdf73e feat: exports types to support typescript >= 4.5 nodenext module (#14620)
• a333862 docs(readme): update README to be more like main (#14626)
• e1a9c28 fix: kill connection on commit/rollback error (#14535)
• b37df96 feat: support cyclic foreign keys (#14499)
• e37c572 fix: accept replacements in `ARRAY[]` & followed by `;` (#14518)
• 6c5f8ec test: disable mysql/mariadb deadlock test (#14514)
• 87655eb build: fix esdoc (#14513)
• ccaa399 fix: do not replace `:replacements` inside of strings (#14472)
• 5954d2c feat(types): make `Model.init` aware of pre-configured foreign keys (#14370)
• 0d0aade fix(types): make `WhereOptions` more accurate (#14368)
• 7e8b707 docs: restore Model api reference & make fail on error (#14323)
• ca0e017 test: disable deadlock test for mariadb 10.5.15 (#14314)
• 62564f7 docs: fix dead link in API reference (#14313)
• cdc8881 build: remove v6 docs from repository (#14234)
• 730af27 docs: document scope whereMergeStrategy option (#14201)
• 8349c02 feat: add whereScopeStrategy to merge where scopes with Op.and (#14152)
• e974e20 feat(types): make `Model.getAttributes` stricter (#14017)
• 2d339d0 fix: fix typo in query-generator.js error message (#14151)
• b80aeed fix(types): update return type of `Model.update` (#14155)
• f5c06bd feat(types): infer nullable creation attributes as optional (#14147)
• af6cbe6 build(deps): move @ types/validator to prod deps (#14159)

See the full diff

Package name: sequelize-cli

The new version differs by 61 commits.

• 3d3f74a 6.3.0
• 8bfe993 Prepare v6.3.0
• eaf7216 fix: lint errors #967 (#968)
• b00fc76 Create FUNDING.yml
• be5b445 fix(migrator): do not match `.d.ts` files by default (#928)
• 7dad0d3 Fixes minor formatting typo in documentation (#916)
• 929bfdd fix(deps): update dependency fs-extra to v9 (#922)
• 34373a1 fix(deps): update dependency yargs to v15 (#923)
• 4084eee fix(deps): update dependency cli-color to v2 (#921)
• a8cd526 chore(deps): update dependency through2 to v4 (#920)
• 9a05a22 chore(deps): update dependency mocha to v8 (#919)
• 8d23192 chores: update renovate config
• 278c0f8 chore(deps): add renovate.json (#917)
• 0ed4918 6.2.0
• 88a692b docs: update CHANGELOG
• f5fdf53 feat: support migrations files with ts file extension (#915)
• 9d5882a docs: update contribution guidelines
• 3a40a19 6.1.0
• 87a0fa2 docs: v6.1
• 07caa6a fix(timestamps): support for timestamps in migration tables (#899)
• 2cba77f 6.0.0
• 51ef692 docs: for v6
• 7a25080 docs: update for v6 (#913)
• 2682bf0 chores: PR template

See the full diff

##### With a [Snyk patch](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities#patches): Severity | Priority Score (*) | Issue | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------  | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/devilesk/project/812ad627-ab2a-4566-97c8-baea299d18d5?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/devilesk/project/812ad627-ab2a-4566-97c8-baea299d18d5?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"b8d48922-83b0-4982-9932-e5e41846e610","prPublicId":"b8d48922-83b0-4982-9932-e5e41846e610","dependencies":[{"name":"discord.js","from":"11.4.2","to":"11.5.0"},{"name":"ejs","from":"2.6.1","to":"3.1.7"},{"name":"got","from":"9.6.0","to":"11.8.5"},{"name":"koa-passport","from":"4.1.3","to":"5.0.0"},{"name":"sequelize","from":"5.8.2","to":"6.21.2"},{"name":"sequelize-cli","from":"5.4.0","to":"6.3.0"}],"packageManager":"npm","projectPublicId":"812ad627-ab2a-4566-97c8-baea299d18d5","projectUrl":"https://app.snyk.io/org/devilesk/project/812ad627-ab2a-4566-97c8-baea299d18d5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["SNYK-JS-YARGSPARSER-560381","SNYK-JS-WS-1296835","SNYK-JS-VALIDATOR-1090602","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090600","SNYK-JS-VALIDATOR-1090599","SNYK-JS-SEQUELIZECLI-174320","SNYK-JS-SEQUELIZE-459751","SNYK-JS-SEQUELIZE-450221","SNYK-JS-SEQUELIZE-2959225","SNYK-JS-SEQUELIZE-2932027","SNYK-JS-PASSPORT-2840631","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-450202","SNYK-JS-GOT-2932019","SNYK-JS-EJS-2803307","SNYK-JS-EJS-1049328","SNYK-JS-ANSIREGEX-1583908"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","SNYK-JS-GOT-2932019","SNYK-JS-PASSPORT-2840631","SNYK-JS-SEQUELIZE-2932027","SNYK-JS-SEQUELIZE-2959225","SNYK-JS-SEQUELIZE-450221","SNYK-JS-SEQUELIZE-459751","SNYK-JS-SEQUELIZECLI-174320","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090600","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","SNYK-JS-WS-1296835","SNYK-JS-YARGSPARSER-560381"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[601,586,586,586,586,586,389,686,686,564,791,454,731,686,484,726,526,696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)