[Snyk] Fix for 13 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-AMMO-548920	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 250 commits.

• 7adc19a v4.7.4
• 9dd8d10 Update release notes
• 4671c4b Use tmp directory for files written during tests
• e46baa1 tasks/test-bin.js: Delete duplicate test
• c491b4e Revert "Update release-notes.md"
• 738391a Update release-notes.md
• 80c4516 chore: add unit tests for cli options (#1666)
• d79212a fix: migrate from optimist to yargs (#1666)
• b440c38 chore: ignore external @ types in tests
• 2dba7ee docs: fix comparison link
• c978969 v4.7.3
• 9278f21 Update release notes
• d78cc73 Fixes spelling and punctuation
• 4de51fe Add Type Definition for Handlebars.VERSION, Fixes #1647
• a32d05f Include Type Definition for runtime.js in Package
• ad63f51 chore: add missing "await" in aws-s3 publishing code
• 586e672 v4.7.2
• f0c6c4c Update release notes
• a4fd391 chore: execute saucelabs-task only if access-key exists
• 9d5aa36 fix: don't wrap helpers that are not functions
• 14ba3d0 v4.7.1
• 4cddfe7 Update release notes
• f152dfc fix: fix log output in case of illegal property access
• 3c1e252 fix: log error for illegal property access only once per property

See the full diff

Package name: hapi

The new version differs by 236 commits.

• c4593b6 deps. Closes #2897. Closes #2898. Closes #2899. Closes #2900. Closes #2901. Closes #2902. Closes #2903. Closes #2904. Closes #2905. Closes #2906. Closes #2907. Closes #2908. Closes #2909. Closes #2910. Closes #2911. Closes #2912. Closes #2913. Closes #2914. Closes #2915. Closes #2916. Closes #2917. Closes #2918. Closes #2919. Closes #2920. Closes #2921. Closes #2922. Closes #2923
• ca4320e Merge pull request #2891 from nlindley/payload-test-typo
• 02b6ac7 Fix typo in payload test
• e5da51c Merge branch 'master' of github.com:hapijs/hapi
• 5a0dc49 Remove compount assignments
• 375fe30 Merge pull request #2888 from cjihrig/master
• 05f6a26 style fixes
• 635089b Merge pull request #2887 from gergoerdosi/node-5
• 86102c7 Test on node v5
• fc503f8 lab 7
• fdf7ed3 Merge pull request #2885 from gergoerdosi/subtext
• 0cb9143 Update hapijs/subtext to 2.0.2 from 2.0.1
• d3a6cf8 typo
• 47373dd Remove bluebird. Closes #2881
• 98d3404 Skip most lifecycle on not found and bad path. Closes #2867
• 7041325 CORS error cases. Closes #2868
• 1696838 Replace function with arrow. Closes #2877
• 2aedf38 Merge branch 'master' of github.com:hapijs/hapi
• ca3ee7e Additional => conversions. For #2877
• 1ef09e8 Merge pull request #2876 from sfabriece/patch-1
• a7b3ad7 Initial transition to arrow functions. For #2877
• 7ec0ae3 Update API.md
• 32cf03c for style change. Closes #2875
• 38f90bb Replace var with let. Closes #2874

See the full diff

Package name: moonboots_hapi

The new version differs by 11 commits.

• a9d1e70 7.0.0
• 3cc0305 wait for moonboots ready before testing
• bc1691d Merge pull request Missing functionality - update app refs in the web interface tableflip/guvnor#45 from gdibble/master
• f4d915f moonboots v5 upgrade
• 7f62b4d 6.0.0
• f15c095 Merge pull request [Snyk] Security upgrade prompt from 0.2.14 to 1.2.0 #44 from caagency/master
• 6976146 update tests
• 952dd02 add last-modified header
• 06bb815 5.0.0
• a773598 Merge pull request [Snyk] Fix for 1 vulnerabilities #43 from gdibble/moonboots_update
• 8a89f85 moonboots dependency update

See the full diff

Package name: prompt

The new version differs by 79 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency #213
• 33febea add eslint
• c071b85 Merge pull request #198 from caub/1.1
• 88c403e 1.1.0
• 756fa65 Fix inconsistent options.noHandleSIGINT for windows
• 8d5495c Merge pull request #196 from caub/promisify
• 33ddf56 prompt.get promise: add test, update readme
• b92a9a9 promisify prompt.get
• 0ff93b6 Merge pull request #184 from dsych/windows-sigint
• 9e80863 triggering sigint on windows
• 1c95d1d Merge pull request #171 from blahah/master
• 65ac6e2 Merge pull request #172 from Shank09/Shank09-package.json
• d03edd0 Added missing keywords in package.json
• df42a26 Respect falsy overrides (fixes #151)
• b732102 Merge pull request #169 from jordanyaker/master
• 6ebf54a Removed the pkginfo dependency. Updated the required version of winston.
• 7d1a28f Removed the pkginfo dependency.
• d550674 Merge pull request #163 from Eagerod/fixer/add-properties
• 9b5f65b Added a test addProperties() with no parameters.
• fb83773 Fixed an issue where the first parameter in a callback would not be the
• e7b5449 Merge pull request #121 from rubbingalcoholic/master
• e493cb8 Merge pull request #153 from devrelm/devrelm.function-defaults
• 3046431 Merge pull request #156 from littleguga/master

See the full diff

Package name: socket.io

The new version differs by 42 commits.

• 3367eaa [chore] Release 2.0.0
• 6c0705f [docs] Add an example of custom parser (#2929)
• 1980fb4 [chore] Merge history of 1.7.x and 0.9.x branches (#2930)
• 0d07c47 [chore] Added backers and sponsors on the README (#2933)
• a086588 [chore] Bump dependencies (#2926)
• 87b06ad [feat] Move binary detection to the parser (#2923)
• 199eec6 [docs] Replace non-breaking space with proper whitespace (#2913)
• f1b39a6 [docs] Update emit cheatsheet (#2906)
• 240b154 [docs] Explicitly document that Server extends EventEmitter (#2874)
• c5b7738 [docs] Add server.engine.generateId attribute (#2880)
• 03f3bc9 [docs] Fix wrong space character in README (#2900)
• e40accf [docs] Fix documentation for 'connect' event (#2898)
• 01a4623 [feat] Allow to join several rooms at once (#2879)
• 2d5b002 [docs] Add webpack build example (#2828)
• 5ae06e6 [chore] Bump socket.io-adapter to version 1.0.0 (#2867)
• 4d8f68c [chore] Bump engine.io to version 2.0.2 (#2864)
• 5b79ab1 [docs] Update the wording to match the code example (#2853)
• 54ff591 [feature] Merge Engine.IO and Socket.IO handshake packets (#2833)
• e1facd5 [docs] Small addition to the Express Readme Part (#2846)
• 3b92cc2 [feature] Allow the use of custom parsers (#2829)
• 3d695c6 [chore] Bump engine.io to version 2.0.0 (#2832)
• 3b5f433 [fix] Use path.resolve by default and require.resolve as a fallback (#2797)
• 23c9dd3 [docs] Add a 'Features' section in the README (#2824)
• e28b475 [docs] Add httpd cluster example (#2819)

See the full diff

Package name: socket.io-client

The new version differs by 24 commits.

• d30914d [chore] Release 2.0.0
• 9e7b543 [chore] Bump engine.io to version 3.1.0 (#1109)
• 442587e [chore] Bump dev dependencies (#1108)
• ff4cb3e [feat] Move binary detection to the parser (#1103)
• b4c7e49 [chore] Bump debug to version 2.6.4 (#1101)
• 3f19445 Merge pull request #1096 from satya164/patch-1
• 628eb3b Fix dependencies
• d32bc5b [docs] Fix messed events documentation (#1089)
• 2135ed8 [docs] Fix Manager constructor documentation (#1093)
• 25321d1 [docs] Fix format in API.md (#1090)
• 9064608 [docs] Add note regarding the Emitter class (#1079)
• 49fb3e0 [fix] Run tests on the minified files (#1042)
• 4af8fd3 [docs] Add missing path option in the documentation (#1078)
• 2dcc794 [feature] Allow the use of a custom parser (#1075)
• 4322cf2 [docs] Fix typo (#1076)
• 1ac8374 [chore] Bump engine.io-client to version 2.0.2 (#1074)
• 3d63875 [chore] Bump socket.io-parser to version 2.3.2 (#1071)
• 8fc4b44 [docs] Fix typo (#1066)
• a98f94d [chore] Bump engine.io-client to version 2.0.0 (#1062)
• fcb5c43 [fix] Add nsp prefix to socket.id (#1058)
• ba5dca3 [test] Update browsers matrix (#1059)
• 7a533cd [chore] Update issue template with fiddle (#1057)
• 55411df [docs] Add `connect_error` and `connect_timeout` events (#1051)
• 558163d [docs] API documentation (#1049)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn