[Snyk] Security upgrade sails from 1.0.2 to 1.1.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sails

The new version differs by 54 commits.

• 3bda9ca 1.1.0
• a127401 Fix typo
• adf3bab 1.1.0-3
• fb6cc8f Use PassThrough stream for file downloads in actions2 (brings in MaA prerelease)
• f709b1e Merge pull request #4486 from oaksofmamre/master
• 9ad1de3 Link names to repos
• ad0b7c4 Update changelog (thanks @ oaksofmamre!)
• 661dfac Fix one more test related to c694f2d2b1db4b9f397c52f540b19d7d4a4125f4
• 8868300 Fix expectations of test to match correct child process output (follow up to c694f2d2b1db4b9f397c52f540b19d7d4a4125f4)
• c694f2d Fix test now that async is no longer included as a dep. in newly generated sails apps (thanks to await and sails.helpers.flow via organics)
• 6e0d30e Pin merge-dictionaries
• f72f5f3 1.1.0-2
• 043623d Fix sails-generate SVR
• 73d1aa9 1.1.0-1
• 8d17695 use prerelease of sails-generate
• 13eb858 Update MODULES.md
• 2b5f6e4 Update MODULES.md
• ef8e98f 2nd follow up to 97082b8e067a490531758f6bcbc471e08874c209 to allow for "$" in route bindings
• a5dedce 1.1.0-0
• 100e4b5 Update error messages for bootstrap/initialize to reflect new reality.
• c66468b Clarify optional-ness of bootstrap callback in comment.
• eaafcc1 1.0.3-4
• 6447a4b Bump skipper dep
• 2eec58d minor clarification

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic