[Snyk] Fix for 6 vulnerabilities

[sirinartk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cheerio

The new version differs by 18 commits.

• 35c4917 Release 0.21.0
• 1d2e8a7 Return undefined in .prop if given an invalid element or tag (Occasional error that causes "disconnect" ether/etherpad-lite#880)
• df55c93 Merge pull request Allow the word 'Pad' to be customized / configurable / abstracted ether/etherpad-lite#884 from cheeriojs/readme-cleanup
• bbceb09 readme updates
• 010b718 Merge pull request Add userJoinOrUpdate hook ether/etherpad-lite#881 from piamancini/patch-1
• 4997e70 Added backers and sponsors from OpenCollective
• 4ccb41b Use jQuery from the jquery module in benchmarks (Use Tinycon to display chat mentions in favicon. ether/etherpad-lite#871)
• 54359c9 Document, test, and extend static `$.text` method (toolbars overlaping if you have small size of browser window ether/etherpad-lite#855)
• c6612f3 Fix typo on calling _.extend (API method setText crashes the server ether/etherpad-lite#861)
• ed60b34 0.21.0
• 79d4e5e Update versions (Do we really need post/pre and splitting plugins into multiple parts ether/etherpad-lite#870)
• e7d18af Use individual lodash functions (Merge bugfixes ether/etherpad-lite#864)
• e65ad72 Added `.serialize()` support. Fixes npm install requires generateJsDoc.sh ether/etherpad-lite#69 (Add in padUsersCount method and API call ether/etherpad-lite#827)
• df39f33 Update Readme.md (Config section for plugins in settings.json ether/etherpad-lite#857)
• 7b59afb add extension for JSON require call
• d0551dc remove gittask badge
• f500197 Merge pull request Drop require authorization setting ether/etherpad-lite#672 from underdogio/dev/checkbox.radio.values.sqwished
• 046071a Added default value for checkboxes/radios

See the full diff

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 [email protected]
• fafb348 [email protected]
• 9306c68 [email protected]
• 569cd64 [email protected]
• ac9fde7 Integration code for @ npmcli/[email protected]
• 704b9cd @ npmcli/[email protected]
• 3955bb9 [email protected]
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 [email protected]
• 41ab36d [email protected]
• c474a15 [email protected]
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 [email protected]
• 7bd47ca @ npmcli/[email protected]
• 9320b8e only escape arguments, not the command name

See the full diff

Package name: ueberdb2

The new version differs by 250 commits.

• 756b29d 3.0.0
• d9af0b4 elasticsearch: Switch to supported client library
• a282660 tests: Include elasticsearch in tests
• e9ef2e9 elasticsearch: Complete rewrite to fix bugs
• 3df7115 elasticsearch: Simplify response handling
• 0a65d6b elasticsearch: Move client into instance object
• ae0f1bb elasticsearch: Move settings into instance object
• 239a752 elasticsearch: Remove console logging
• 1766f4f elasticsearch: Promisify
• 92cd33d Evict old cache entries after every write
• 6b86065 tests: Increase speed test timeout
• 20b5bf0 build(deps-dev): bump mocha from 9.2.2 to 10.0.0
• 29721ff lint: Update ESLint dependencies and config
• 5bbe3f0 Bump minimum required Node.js to v14.15.0
• adc150f Mention database dependency updates
• a4cca58 build(deps): bump simple-git from 3.7.0 to 3.7.1
• d85ad1a build(deps): bump sqlite3 from 5.0.4 to 5.0.6
• 6521701 build(deps): bump elasticsearch from 16.7.2 to 16.7.3
• 6f58073 build(deps): bump simple-git from 3.6.0 to 3.7.0
• 0392047 build(deps): bump pg from 8.7.1 to 8.7.3
• 6a27ce5 build(deps-dev): bump cli-table from 0.3.8 to 0.3.11
• 57dc964 build(deps): bump nano from 9.0.5 to 10.0.0
• 2aca88f build(deps): bump async from 3.2.2 to 3.2.3
• 49ce914 build(deps): bump sqlite3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn