[Snyk] Fix for 23 vulnerabilities

[rasputtintin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIAMMO-548918	Yes	No Known Exploit
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hapi/inert

The new version differs by 14 commits.

• b3e4e44 6.0.1
• 48e3bd0 Update hapi version. Closes Issue826-IntegrateEventFrameworkIntoALS mojaloop/account-lookup-service#139. Closes Bump npm-check-updates from 3.1.25 to 3.2.1 mojaloop/account-lookup-service#140
• 5bc7ca4 Merge pull request Bump knex from 0.20.0 to 0.20.1 mojaloop/account-lookup-service#138 from mattboutet/master
• ca5b6a3 Update for hapi v19
• ca6eb11 6.0.0
• 08125b4 Node version. Closes Bump @mojaloop/central-services-shared from 8.3.4 to 8.4.2 mojaloop/account-lookup-service#137
• 609e416 Merge pull request Bump @mojaloop/central-services-shared from 8.3.4 to 8.4.1 mojaloop/account-lookup-service#136 from nwhitmont/master
• 986596c add link to changelog
• 546d56f rm changelog
• 9322023 Merge pull request Bump @mojaloop/central-services-shared from 8.3.4 to 8.4.0 mojaloop/account-lookup-service#133 from jarrodyellets/master
• ff278b8 Update README to new template
• f70b849 Merge pull request Bump commander from 3.0.2 to 4.0.0 mojaloop/account-lookup-service#132 from jarrodyellets/master
• 60bb2e8 Move Readme to API
• e1de8fe Update README.md

See the full diff

Package name: @mojaloop/central-services-error-handling

The new version differs by 7 commits.

• 3e636fd Feature/openapi backend changes (Bump npm-check-updates from 3.1.25 to 3.2.1 mojaloop/account-lookup-service#140)
• 7242737 Added error handlers to factory for bug 1314 (Issue826-IntegrateEventFrameworkIntoALS mojaloop/account-lookup-service#139)
• b1270b6 #1339: Fixes for 'cause' and '_cause' extension exclusion in error responses (Bump @mojaloop/central-services-shared from 8.3.4 to 8.4.2 mojaloop/account-lookup-service#137)
• 143c7a2 [Security] Bump acorn from 7.1.0 to 7.1.1 (Bump npm-audit-resolver from 2.0.1 to 2.1.0 mojaloop/account-lookup-service#124)
• 68dfbe7 Added updated Mojaloop license (Bump jest-junit from 8.0.0 to 9.0.0 mojaloop/account-lookup-service#118)
• 3321654 updated to latest node lts version 12.16.0 (Bump @types/jest from 24.0.18 to 24.0.19 mojaloop/account-lookup-service#112)
• 01324f6 Issue893-ValidateIncomingErrorCodesForErrorEnd-pointCallbackRequestsPerMojaloopSpec (Bump knex from 0.19.4 to 0.19.5 mojaloop/account-lookup-service#96)

See the full diff

Package name: @mojaloop/central-services-shared

The new version differs by 89 commits.

• 14f0b3e feat(2151)!: helm-release-v12.1.0 (Bump nodemon from 2.0.2 to 2.0.3 mojaloop/account-lookup-service#297)
• a5d9141 chore: fix service type typescript enum (Bump jest from 25.2.7 to 25.3.0 mojaloop/account-lookup-service#296)
• 5aaf087 fix(#2182)!: regex validations against swagger interface spec no longer working (Bump @mojaloop/central-services-logger from 9.1.0 to 9.5.1 mojaloop/account-lookup-service#295)
• 0e538d8 chore: bump package version (Bump @mojaloop/central-services-shared from 9.5.1 to 9.5.2 mojaloop/account-lookup-service#294)
• fc4fe7e chore: add 'example' as whitelisted keyword (Bump npm-check-updates from 4.1.1 to 4.1.2 mojaloop/account-lookup-service#293)
• 6f9496d chore: address vulnerabilities (Bump nyc from 15.0.0 to 15.0.1 mojaloop/account-lookup-service#291)
• 6275eb0 chore: add services endpoints (Bump @types/jest from 25.1.5 to 25.2.1 mojaloop/account-lookup-service#290)
• 5860510 feat(#2119): fixes for updated for AJV error objects change (Bump @types/jest from 25.1.4 to 25.1.5 mojaloop/account-lookup-service#289)
• b83a8bd fixed typo (Bump @mojaloop/central-services-shared from 9.4.1 to 9.5.1 mojaloop/account-lookup-service#288)
• aee59ed Feature/#2057 refactoring for cs ([Snyk] Security upgrade @now-ims/hapi-now-auth from 2.0.0 to 2.0.1 #3) (Bump @mojaloop/central-services-shared from 9.4.1 to 9.5.0 mojaloop/account-lookup-service#284)
• 082d373 chore: add PATCH consentRequests endpoint (Bump jest from 25.2.1 to 25.2.4 mojaloop/account-lookup-service#279)
• 7702879 chore: add enums to interface (Bump npm-check-updates from 4.0.5 to 4.1.0 mojaloop/account-lookup-service#278)
• 5dcbe73 chore: add consent and consent request events and patch action (Bump jest from 25.1.0 to 25.2.3 mojaloop/account-lookup-service#277)
• 9f8713f chore: add accounts callback endpoints (Bump jest from 25.1.0 to 25.2.0 mojaloop/account-lookup-service#275)
• 5e49222 chore: add enums and bump package (Bump npm-check-updates from 4.0.5 to 4.0.6 mojaloop/account-lookup-service#274)
• f6009d7 chore: 1975 update deps (updated central-services-shared and event-sdk versions to support cus… mojaloop/account-lookup-service#273)
• f678b43 [Security] Bump axios from 0.21.0 to 0.21.1 (Bump knex from 0.20.11 to 0.20.13 mojaloop/account-lookup-service#269)
• a8bfb9c Bump urijs from 1.19.2 to 1.19.5 (Bump npm-check-updates from 4.0.4 to 4.0.5 mojaloop/account-lookup-service#270)
• 7b00ed8 [Security] Bump urijs from 1.19.2 to 1.19.5 (Bump knex from 0.20.11 to 0.20.12 mojaloop/account-lookup-service#268)
• 46d88e6 #1885: Fix for "multiple servers per repo" use case (Bump @mojaloop/event-sdk from 9.3.0 to 9.4.0 mojaloop/account-lookup-service#267)
• cbd0434 Hotfix: Fix dependencies for API documentation (Bump standard from 14.3.1 to 14.3.3 mojaloop/account-lookup-service#264)
• 327a51c chore: update license file (Bump @mojaloop/central-services-shared from 9.3.0 to 9.3.2 mojaloop/account-lookup-service#265)
• df81389 #1885: Add API documentation utility, plugin, and endpoints (Bump commander from 4.1.1 to 5.0.0 mojaloop/account-lookup-service#263)
• 9c88000 Add FSPIOP headers validation for bulk transfers (Feature/check for 404 mojaloop/account-lookup-service#262)

See the full diff

Package name: blipp

The new version differs by 3 commits.

• eea0f6c 4.0.2
• f9f94ce Update dependencies (including the Joi package rename) (Bump @mojaloop/central-services-error-handling from 7.4.2 to 7.4.5 mojaloop/account-lookup-service#56)
• 86280cf Bump handlebars from 4.1.0 to 4.5.3 ([Snyk] Fix for 1 vulnerabilities #46)

See the full diff

Package name: hapi-openapi

The new version differs by 3 commits.

• a4dd048 updated changelog and version to new major (breaking changes upgrading hapi)
• d18bbb5 Upgrade dependencies to support hapi 19 (Bump knex from 0.20.3 to 0.20.4 mojaloop/account-lookup-service#173)
• 429bfbf fix(validation): respect `allowUnknown` route property (Bump @mojaloop/central-services-shared from 8.6.1 to 8.6.3 mojaloop/account-lookup-service#169)

See the full diff

Package name: hapi-swagger

The new version differs by 250 commits.

• 002a3fb 14.5.4
• ea26b62 Merge pull request #768 from hapi-swagger/swagger-parser-update
• df315ac Merge pull request #767 from hapi-swagger/fix-examples
• a3d27cb fix: issue #735 no required for arrays in swagger
• c7512f8 fix: yarn.lock without good modules
• 6427bc7 Merge pull request #765 from AndriiNyzhnyk/remove_deprecated_components
• 72ad64b fix: broken example code regression issues
• 19c91af Merge pull request #766 from hapi-swagger/update-repo-urls
• 7b2e92a chore: remove deprecated 'good' module
• 4b544e8 chore: update repo urls to hapi-swagger
• ea35827 update jsDoc
• 73f8838 remove unused variables
• 88c3316 rewrite function 'appendQueryString'
• 22b74c2 14.5.3
• e9839c4 Merge pull request #763 from AndriiNyzhnyk/fix_issue_711
• 9a01c3f Merge pull request #764 from AndriiNyzhnyk/improve_test_coverage
• bc3f65e remove not needed arguments
• f225432 add test for function 'appendQueryString'
• 393a3dc move function 'appendQueryString' to 'Utilities'
• 7358d95 simplify condition
• 2dde132 improve coverage for function 'toJoiObject'
• 3106505 simplify function 'removeTrailingSlash'
• 5c170b1 add test for function 'removeTrailingSlash'
• 84cbf5a add test for function 'getJoiLabel'

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn