[Snyk] Fix for 23 vulnerabilities

[rasputtintin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HAPIAMMO-548918	Yes	No Known Exploit
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hapi/inert

The new version differs by 14 commits.

• b3e4e44 6.0.1
• 48e3bd0 Update hapi version. Closes #139. Closes #140
• 5bc7ca4 Merge pull request #138 from mattboutet/master
• ca5b6a3 Update for hapi v19
• ca6eb11 6.0.0
• 08125b4 Node version. Closes #137
• 609e416 Merge pull request #136 from nwhitmont/master
• 986596c add link to changelog
• 546d56f rm changelog
• 9322023 Merge pull request #133 from jarrodyellets/master
• ff278b8 Update README to new template
• f70b849 Merge pull request #132 from jarrodyellets/master
• 60bb2e8 Move Readme to API
• e1de8fe Update README.md

See the full diff

Package name: @hapi/vision

The new version differs by 12 commits.

• d14be33 6.0.0
• a574db5 Update deps. Closes #190. Closes #191. Closes #192
• a74c49d Merge pull request #189 from emrealparslan93/master
• 150beec Delete CHANGELOG.md AND Update README.md
• 53d4414 Merge pull request #188 from jarrodyellets/master
• fc58c37 Move usage into example
• 86134c6 Fix typo
• e3eeb98 Update API.md
• 1119fe2 Update README to new template
• 97b20fe Merge pull request #187 from jarrodyellets/master
• 6412bf1 Remove TOC from API
• d8ad156 Update README.md

See the full diff

Package name: @mojaloop/central-services-stream

The new version differs by 7 commits.

• 65913b6 Updated dependencies (#106)
• d64d4b2 make audit resolver run on production only by default, bump package to 10.2.0 (#100)
• b1c5d75 #1289 Log optimisation (#91)
• 398c429 Update version to v9.2.0 (#81)
• be4acac Added updated Mojaloop license (#78)
• 1c70e43 Added updated Mojaloop license (#77)
• 0f2dfc1 updated dependencies and node version to latest LTS version (#75)

See the full diff

Package name: @mojaloop/event-sdk

The new version differs by 31 commits.

• e90cdda chore(release): 12.0.0 [skip ci]
• 52f81db chore(mojaloop/#3455): nodejs upgrade (#73)
• 2aa1caf chore(release): 11.0.2 [skip ci]
• f57c3b3 fix: moved logger dependency as a peerDependency to be consistent with other mojaloop repos
• c7c7714 chore(release): 11.0.1 [skip ci]
• 0fab3e9 fix: postchangelog now will correctly work
• 28ce298 chore(release): 11.0.0 [skip ci]
• 6fa9f74 feat(mojaloop/#2092): upgrade nodeJS version for core services (#67)
• f5d863a chore: add tsconfig option to build declaration file (#64)
• 085a6ae feat(2151): helm release v12.1.0 (fix(mojaloop/#3615): update dependencies mojaloop/event-sidecar#56)
• 4eea6cd feat(2151): helm-release-v12.1.0 (chore(mojaloop/#3533): update dependencies mojaloop/event-sidecar#55)
• 86d4c3d feat(ci/cd): add pr title check (Bump minimist from 1.2.5 to 1.2.6 mojaloop/event-sidecar#47)
• 8eec478 chore: update license file (Bump tar from 6.1.0 to 6.1.11 mojaloop/event-sidecar#45)
• fa0d1ff Bump ini from 1.3.5 to 1.3.7 (Bump ajv from 6.12.0 to 6.12.6 mojaloop/event-sidecar#46)
• 5aef313 Bump highlight.js from 10.1.1 to 10.4.1 (Bump path-parse from 1.0.6 to 1.0.7 mojaloop/event-sidecar#44)
• e6597ac update dependencies to remove vulnerabilities (Bump lodash from 4.17.20 to 4.17.21 mojaloop/event-sidecar#42)
• 45ca858 updated link (Bump normalize-url from 4.5.0 to 4.5.1 mojaloop/event-sidecar#40)
• bd02ba9 Resolve some of the audit issues (Bump glob-parent from 5.1.1 to 5.1.2 mojaloop/event-sidecar#39)
• ea95367 Feature/#1383 doc update (Bump hosted-git-info from 2.8.8 to 2.8.9 mojaloop/event-sidecar#38)
• 726108f Fix/#1263 tracetags refresh (Bump handlebars from 4.7.6 to 4.7.7 mojaloop/event-sidecar#37)
• 678319f Fix/#1263 encode tracestate missing tracestates on new (Bump djv from 2.1.2 to 2.1.4 mojaloop/event-sidecar#36)
• 53735fe Feature/#1263 encode tracestate (Bump y18n from 3.2.1 to 3.2.2 mojaloop/event-sidecar#35)
• 1e3a873 Fix/other tracestate missing 2 (Bump ssri from 8.0.0 to 8.0.1 mojaloop/event-sidecar#34)
• 063e50d Fix/other tracestate missing (fix: refactored dockerfile to follow builder and not use root mojaloop/event-sidecar#33)

See the full diff

Package name: blipp

The new version differs by 3 commits.

• eea0f6c 4.0.2
• f9f94ce Update dependencies (including the Joi package rename) (fix(mojaloop/#3615): update dependencies mojaloop/event-sidecar#56)
• 86280cf Bump handlebars from 4.1.0 to 4.5.3 (Bump ajv from 6.12.0 to 6.12.6 mojaloop/event-sidecar#46)

See the full diff

Package name: hapi-swagger

The new version differs by 8 commits.

• ab15800 12.0.0
• db153ec docs: update compatibility chart
• 55f0a00 build: add @ hapi/hapi v19 as peer dep
• 70de0e2 Merge pull request #642 from mattboutet/master
• d987066 Pick up latest version of inert
• a803725 Merge pull request [Snyk] Security upgrade hapi-openapi from 1.2.6 to 2.0.2 #2 from mattboutet/hapi-v19
• 45b58fa Update for hapi 19, can't land until after https://github.com/Update deps for hapi v19 hapijs/inert#138 or similar is published to move inert to a scoped name
• cbda74f Remove dupe hapi in dependencies list.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn