[Snyk] Fix for 71 vulnerabilities

[shubhamagiwal]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • carpool-backend/package.json
  • carpool-backend/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	Yes	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SAILSHOOKSOCKETS-589929	Yes	Proof of Concept
	/1000 Why?	Hash Injection SNYK-JS-SEQUELIZE-174147	Yes	Proof of Concept
	/1000 Why?	SQL Injection SNYK-JS-SEQUELIZE-2932027	Yes	Proof of Concept
	/1000 Why?	SQL Injection SNYK-JS-SEQUELIZE-2959225	Yes	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SEQUELIZE-543029	Yes	No Known Exploit
	/1000 Why?	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	/1000 Why?	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	816/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Uninitialized Memory Exposure npm:base64-url:20180512	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	496/1000 Why? Mature exploit, Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:mysql:20170317	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:sails:20150604	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Broken CORS npm:sails:20161013	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20160624	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 122 commits.

• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request #1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• ad22608 Merge pull request #1742 from gruntjs/update-symlink-test
• 0652305 Fix symlink test
• a7ab0a8 1.5.0
• b2b2c2b Updated changelog
• 3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
• 47d32de Update testing matrix
• 2e9161c More updates
• 04b960e Remove console log
• aad3d45 Update dependencies, tests...
• fdc7056 Merge pull request #1736 from justlep/main
• e35fe54 support .cjs extension
• ee722d1 1.4.1
• e7625e5 Update Changelog
• 5d67e34 Merge pull request #1731 from gruntjs/update-options

See the full diff

Package name: rc

The new version differs by 64 commits.

• 9d21a3f 1.2.7
• b633779 update deep-extend
• 4c5afda 1.2.6
• 3e1a5c6 Merge pull request [Snyk] Security upgrade sails from 0.11.5 to 0.12.4 #109 from anselanza/master
• a8ee451 docs: string representations
• 6c0e1aa note on using parse-strings-in-object
• 5cac462 1.2.5
• 4d03c13 example of nested command line arguments
• 383266e 1.2.4
• 1742d0c clear example of usage and notice about file extensions, in README
• c5345c1 1.2.3
• 1037247 Merge pull request [Snyk] Security upgrade grunt from 1.0.0 to 1.0.3 #94 from tommytroylin/seperateCLIAndNodeAPI
• acc9203 1.2.2
• 00a6776 Uses the standard browser field instead of the browserify field.
• 035462d feat: separate cli and nodeAPI
• 41251ff 1.2.1
• 5619b62 ignore case in prefix
• 71d7d15 1.2.0
• b6c3d22 do not trust regexp, if possible
• 874c2e3 Merge branch 'feature/env-uppercase' of https://github.com/nw/rc
• 13bca12 1.1.7
• eb6666d Merge pull request [Snyk] Security upgrade sails from 0.11.5 to 1.0.0 #89 from ysangkok/patch-1
• fa24f2a Update strip-json-comments dependency
• c4d83bf added test for ignore case of env key prefix

See the full diff

Package name: sails

The new version differs by 250 commits.

• bdd7a1c 1.5.3
• 6f875c0 upgrade ejs to 3.1.7 (#7243)
• e4184a5 Add heading about the __Host- prefix (#7245)
• d666ada bump async to 2.6.4 (#7244)
• 555f51f upgrade minimist to v1.2.6 (#7242)
• 21b874b Documentation: add .populate() note
• c408c31 Update Travis CI config: node -> 16 (#7226)
• fc8d79b Merge pull request #7219 from pbkompasz/patch-1
• dfa9351 Remove sailsjs.com repo link from Sails readme
• 8ce1682 Update Permissions.md
• 1869f47 add notes about file uploads
• 7c5379a closes https://github.com/Prototype pollution in LoadActionModules() CVE-2021-44908 balderdashy/sails#7209
• 06ce9cf 1.5.2
• c5e98c2 Merge pull request #7203 from balderdashy/upgrade-sort-route-addresses-dependency
• ccd6d57 [email protected]
• e46c83b 1.5.1
• 023319e Update version of prompt to 1.2.1 (#7202)
• ed349a1 Add note about supported versions of Postgres
• 15b43ff Merge pull request #7181 from balderdashy/update-upgrading-to-1.0-docs
• 39e34cd Update To1.0.md
• 9c821ec Add note about undefined attributes
• 799f2c0 Update README.md
• 2533f67 Fix broken link in docs
• ead0403 1.5.0

See the full diff

Package name: sails-disk

The new version differs by 85 commits.

• 15faa44 1.0.0
• a2b7ee6 1.0.0-12
• 9d7118c Only set footprint keys for uniqueness violations.
• a2c2261 Add some assertions.
• a222824 Update gitignore and scripts
• 3b3c334 1.0.0-11
• cef95b4 Support updating the primary key value, as long as it's not using _id as the column.
• aad2a15 Set _id column to value of primary key when creating records.
• 333e2d1 1.0.0-10
• c8a26c5 Add shim to replicate MongoDB's behavior w/ `{ $ne: null }` and empty arrays.
• bf92cb8 1.0.0-9
• af97943 Workaround issue with projections including only `_id`
• b5b985b Relax restrictions on using `_id` column in sails disk.
• f4adfd7 Add an entry in the `refCols` dictionary for every model, so we don't have to short-circuit checks for it later
• b494fd9 In `find`, deserialize Buffer objects into `ref` attributes where possible.
• 7aaaaa4 Merge pull request [Snyk] Fix for 3 vulnerable dependencies #58 from balderdashy/expose-lib
• 70ead96 (whoops) Add back 0.10 and 0.12 in appveyor.yml
• beabe7a Merge pull request [Snyk] Fix for 3 vulnerable dependencies #57 from balderdashy/expose-lib
• 9c80187 1.0.0-8
• f7a349d Actually, don't expose the static lib. (No reason to do so, and better to not introduce something experimental if there's any chance it could make an app dependent on random stuff in a dev-only adapter)
• 2d4d97e 1.0.0-7
• f2dd761 Rename afterwards function to avoid perceived scope conflict (whether or not it'd ever actually be a big deal, this avoids any potential future scope issues from refactoring, etc).
• 4051e5e 1.0.0-6
• 250c32e Handle stray error (and a couple of other trivial changes just from when I was reading through the code)

See the full diff

Package name: sails-hook-sequelize

The new version differs by 35 commits.

• fa2e93c Updated pkg version
• c49af1b Npm up sequelize↑
• 8ed4f30 Npm up eslint↑
• ab56fa2 Npm up supertest↑
• 2e64953 Trying to update and setup mocha v10
• d4828a9 Npm up mocha↑
• 6816455 Npm up minimatch↑
• 5b4fee0 Dropper node.js v10 version
• 84f9b4c Npm up sqlite3↑
• 0396c48 Npm up sails-hook-orm↑
• d92ca06 Added sails schema creation
• 3fecb8c Added sails schema creation
• c44f858 Revert "Revert "Npm up↑""
• 27185c2 Added sails schema creation
• 200f5b3 Revert "Npm up↑"
• 26f2ae7 Npm up↑
• 4c5784e Npm up↑
• bddd854 Merge pull request [Snyk] Security upgrade sails from 0.11.5 to 1.0.0 #77 from KSDaemon/dependabot/npm_and_yarn/tar-4.4.19
• 2e0c2a8 Npm audit fix
• fdee466 WIP: trying to setup github actions
• 56fe409 WIP: trying to setup github actions
• 4264921 WIP: trying to setup github actions
• 6eecd76 WIP: trying to setup github actions
• 90b0a12 Switching from travis to github actions

See the full diff

Package name: sails-mysql

The new version differs by 202 commits.

• e9ca5d0 1.0.0
• 1c8eba9 1.0.0-17
• 2384285 Same as 2cc4850eb0fc3ff58eeaef044c2b14379af1be32 but for 2 other occurrences.
• 2cc4850 Apply fix from eslint to properly pass through compileStatement() errors
• ba40d9a Update eslint
• ed86ee1 1.0.0-16
• 227e9ba Bump versions of mariadb tests-- and explicitly test node 8
• 917db33 Use mp-mysql@3 (see https://github.com/Memory leak balderdashy/sails#4264#issuecomment-353152823)
• 5e8ed7e Follow-up to 075d7590dfb5fc51ee7c3084df87261b46ea5356
• 075d759 Update machine runner to v15. (refs https://github.com/Memory leak balderdashy/sails#4264)
• 0d0503c Even better
• 6186297 Update language in config errors
• d1f0791 1.0.0-15
• d511f24 Allow `ref` type attributes to represent any object, not just Buffers.
• 3a62cf5 1.0.0-14
• b8c74aa Merge pull request #349 from balderdashy/revert-utf8mb4-default
• b98a2f0 Revert code that defaults to the `utf8mb4` character set.
• 987f467 Merge pull request #346 from balderdashy/support-emojis
• 3adc445 1.0.0-13
• 65aa28f lint fix
• 9fd09c9 1.0.0-12
• e9cbd78 Change default charset to support emojis. This also adds some comments and notes for the future.
• 6efdddc 1.0.0-11
• 056b12b use LONGTEXT by default because mysql truncates data silently

See the full diff

Package name: sails-sqlserver

The new version differs by 21 commits.

• 5815e09 chore: version bump 2.0.1
• 2f5fd9d fix: add machinepack-mssql dependency
• 5bec31a Merge pull request Merge pull request #2 from shubhamagiwal/feature/Login-Screen #4 from intel/sails-v1
• e0c4b0b refactor: use WATERLINE_ADAPTER_TESTS_URL
• d72e2d7 refactor: unused/unneeded references
• 36747d6 feat: support for sails-v1
• 726ecdf chore: add .npmrc to .gitignore
• 0cc307f major version update
• 655da19 feat: update dependencies and improve join performance
• 71a6291 Merge pull request Initial Commit #1 from jkeczan/master
• a94851c Merge pull request Added the all the models for the project #3 from peoplewareDo/master
• c2a8582 Merge pull request Initial Commit #2 from kdelmonte/master
• dbc4d96 fixed insert returning wrong id
• f693b74 update mssql v4.0.1 dependency
• 789d1de Fix issue were insert would break if the PK was a GUID due to the adapter adding an SET IDENTITY_INSERT clause which should only be used with integer PKs
• f764cfb Merge pull request Signup Process completed #21 from RubiconInternational/master
• 5068798 Merge pull request Completed Points Update API #28 from keeganmccallum/master
• 5587101 Allow using the meta "schemaName" property to override schema
• b420eee Merge pull request Feature completed #23 from some-say/master
• d120f0b issue orm fail when kill sails.js
• 53bdeaa fix issue with string literal values not prepended with 'N' before the delimeter, which is imperative for unicode values

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 7bb60e3 fix: properly escaoe multiple `$` in `fn` args (#14678)
• 86d35b1 docs: added nest option inside findAll query (#14683)
• 2f3b924 fix(postgres): use schema set in sequelize config by default (#14665)
• cbdf73e feat: exports types to support typescript >= 4.5 nodenext module (#14620)
• a333862 docs(readme): update README to be more like main (#14626)
• e1a9c28 fix: kill connection on commit/rollback error (#14535)
• b37df96 feat: support cyclic foreign keys (#14499)
• e37c572 fix: accept replacements in `ARRAY[]` & followed by `;` (#14518)
• 6c5f8ec test: disable mysql/mariadb deadlock test (#14514)
• 87655eb build: fix esdoc (#14513)
• ccaa399 fix: do not replace `:replacements` inside of strings (#14472)
• 5954d2c feat(types): make `Model.init` aware of pre-configured foreign keys (#14370)
• 0d0aade fix(types): make `WhereOptions` more accurate (#14368)
• 7e8b707 docs: restore Model api reference & make fail on error (#14323)
• ca0e017 test: disable deadlock test for mariadb 10.5.15 (#14314)
• 62564f7 docs: fix dead link in API reference (#14313)
• cdc8881 build: remove v6 docs from repository (#14234)
• 730af27 docs: document scope whereMergeStrategy option (#14201)
• 8349c02 feat: add whereScopeStrategy to merge where scopes with Op.and (#14152)
• e974e20 feat(types): make `Model.getAttributes` stricter (#14017)
• 2d339d0 fix: fix typo in query-generator.js error message (#14151)
• b80aeed fix(types): update return type of `Model.update` (#14155)
• f5c06bd feat(types): infer nullable creation attributes as optional (#14147)
• af6cbe6 build(deps): move @ types/validator to prod deps (#14159)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"9c2e7895-48ba-462c-bb00-517a3eb93c20","prPublicId":"9c2e7895-48ba-462c-bb00-517a3eb93c20","dependencies":[{"name":"ejs","from":"0.8.8","to":"3.1.7"},{"name":"grunt","from":"1.0.0","to":"1.5.3"},{"name":"rc","from":"0.5.5","to":"1.2.7"},{"name":"sails","from":"0.11.5","to":"1.5.3"},{"name":"sails-disk","from":"0.10.10","to":"1.0.0"},{"name":"sails-hook-sequelize","from":"1.2.2","to":"2.0.0"},{"name":"sails-mysql","from":"0.11.5","to":"1.0.0"},{"name":"sails-sqlserver","from":"0.10.8","to":"2.0.1"},{"name":"sequelize","from":"3.35.1","to":"6.21.2"}],"packageManager":"npm","projectPublicId":"3fc381c4-7190-4054-b975-57c49d20901f","projectUrl":"https://app.snyk.io/org/shubhamagiwal/project/3fc381c4-7190-4054-b975-57c49d20901f?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["npm:debug:20170905","npm:lodash:20180130","npm:mime:20170907","npm:ms:20170412","npm:negotiator:20160616","npm:qs:20140806-1"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","npm:ejs:20161128","npm:ejs:20161130","npm:ejs:20161130-1","SNYK-JS-GETOBJECT-1054932","SNYK-JS-GRUNT-2635969","SNYK-JS-GRUNT-2813632","SNYK-JS-GRUNT-597546","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HANDLEBARS-173692","SNYK-JS-HANDLEBARS-567742","npm:handlebars:20151207","SNYK-JS-HAWK-2808852","npm:hawk:20160119","SNYK-JS-INI-1048974","SNYK-JS-JSYAML-173999","SNYK-JS-JSYAML-174129","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","npm:lodash:20180130","SNYK-JS-MINIMATCH-1019388","npm:minimatch:20160620","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-MORGAN-72579","npm:sails:20150604","npm:sails:20161013","SNYK-JS-SAILSHOOKSOCKETS-589929","SNYK-JS-SEQUELIZE-174147","SNYK-JS-SEQUELIZE-2932027","SNYK-JS-SEQUELIZE-2959225","SNYK-JS-SEQUELIZE-543029","SNYK-JS-SOCKETIO-1024859","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-UGLIFYJS-1727251","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090600","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","npm:validator:20160218","npm:validator:20180218","SNYK-JS-WS-1296835","npm:ws:20160624","npm:ws:20160920","npm:ws:20171108","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-XMLHTTPREQUESTSSL-1255647","npm:base64-url:20180512","npm:clean-css:20180306","npm:debug:20170905","npm:deep-extend:20180409","npm:fresh:20170908","npm:hoek:20180212","npm:http-signature:20150122","npm:mime:20170907","npm:ms:20170412","npm:mysql:20170317","npm:negotiator:20160616","npm:qs:20140806","npm:qs:20140806-1","npm:qs:20170213","npm:request:20160119","npm:tunnel-agent:20170305","npm:underscore.string:20170908"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","SNYK-JS-GETOBJECT-1054932","SNYK-JS-GRUNT-2635969","SNYK-JS-GRUNT-2813632","SNYK-JS-GRUNT-597546","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HANDLEBARS-173692","SNYK-JS-HANDLEBARS-567742","SNYK-JS-...