[Snyk] Fix for 29 vulnerabilities

[timtheguy]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	No	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/storage

The new version differs by 67 commits.

• f1ef9c6 Release v2.4.3 (App links on login page (and...) RocketChat/Rocket.Chat#628)
• b80ee22 fix(deps): update dependency @ google-cloud/pubsub to ^0.28.0
• 813ecca tests: fix assertion syntax (Support end to end encryption RocketChat/Rocket.Chat#629)
• e24f2d1 fix(deps): update dependency @ google-cloud/paginator to ^0.2.0
• 72a57ab build: Add docuploader credentials to node publish jobs (Test issue for @marcel.rocket.team RocketChat/Rocket.Chat#624)
• 58d4ea5 fix(deps): update dependency gcs-resumable-upload to v1 (Update README.md RocketChat/Rocket.Chat#619)
• 23a3cf0 build: use node10 to run samples-test, system-test etc (Canonical link is hard-coded to https://demo.rocket.chat/ RocketChat/Rocket.Chat#623)
• a5ea8ab fix(deps): update dependency @ google-cloud/pubsub to ^0.27.0 (Update README.md RocketChat/Rocket.Chat#620)
• 0a6c134 build: update release configuration
• 5dcb36c fix(deps): update dependency @ google-cloud/pubsub to ^0.26.0 (Initial implementation of search in channel RocketChat/Rocket.Chat#618)
• c09f7c2 fix: handle errors from file#createReadStream (Admins should be able to delete (and/or) edit other users' mesages RocketChat/Rocket.Chat#615)
• d10c120 fix(deps): update dependency @ google-cloud/pubsub to ^0.25.0 (Multiline code block has extra two lines RocketChat/Rocket.Chat#616)
• 1c3bd03 fix: getSigned(Policy|Url) throws if expiration is invalid Date (How to remove social media links in the chat sidebar? RocketChat/Rocket.Chat#614)
• f6acc87 chore(deps): update dependency mocha to v6 (If social media accounts integration is disabled, there are still shown around RocketChat/Rocket.Chat#611)
• c3f3a8e build: use linkinator for docs test (Configure list of channels a new user is automatically added  RocketChat/Rocket.Chat#607)
• 86246f9 docs: update links in contrib guide (Remove need for name when registering? RocketChat/Rocket.Chat#610)
• e29512f fix(deps): update dependency @ google-cloud/promisify to ^0.4.0 (Way to configure login/registration page footer RocketChat/Rocket.Chat#609)
• e229d60 chore(deps): update dependency @ types/tmp to v0.0.34 (Way to configure login/registration page header RocketChat/Rocket.Chat#608)
• 30a2c5d fix(deps): update dependency yargs to v13 (Allow to disable notifications sounds RocketChat/Rocket.Chat#606)
• 7e32925 build: create docs test npm scripts (Allow post to join the channel RocketChat/Rocket.Chat#605)
• 4cfa23c build: test using @ grpc/grpc-js in CI (Allow anonymous use of the chat [$250] RocketChat/Rocket.Chat#604)
• 7526624 docs: update contributing path in README (Pressing ESC to cancel previous post editing mode doesn't work RocketChat/Rocket.Chat#603)
• c3e1da2 chore: move CONTRIBUTING.md to root (Federation Protocol RocketChat/Rocket.Chat#601)
• 1f8bacf chore: remove console.log in system test (Starting a codeblock and pressing enter should not send a message RocketChat/Rocket.Chat#599)

See the full diff

Package name: @slack/client

The new version differs by 250 commits.

• 891307e Publish
• 55624fd lerna generated SHAs
• a76b3ee Merge pull request Set Max upload size in Settings under Administrator Account RocketChat/Rocket.Chat#756 from slackapi/dev-v5
• 09d6d6f fix a typescript issue from changing from type aliases to interfaces
• 4d3133c remove package locks from examples
• c3e5c8b update examples for testing
• d40c883 remove file accidentally added in merge
• 0d1cd79 Merge branch 'master' into dev-v5
• b6dc555 Merge pull request Allowing the rejecting/allowing of ssl certs to be configurable by the admin RocketChat/Rocket.Chat#755 from aoberoi/find-and-replace
• 65788d2 Merge pull request Add Admin Option to Enable/Disable Trusting Self Signed SSL Certs RocketChat/Rocket.Chat#754 from shanedewael/local-development-tutorial
• 81be95b its amazing what you can find with a little find and replace
• 8c98232 Consolidate cta
• 53861c9 Update docs/_tutorials/local_development.md
• 74b8e77 Update docs/_tutorials/local_development.md
• 200a430 Update docs/_tutorials/local_development.md
• 95cd749 Changes
• 2ee0224 Merge pull request Archive + Freeze Channel RocketChat/Rocket.Chat#752 from aoberoi/scheduled-messages-v5
• 695984a Merge pull request Admin can delete messages (Issue #739) RocketChat/Rocket.Chat#753 from aoberoi/issue-templates-v5
• aa126f0 Merge pull request Server crashes in development mode when statistics cron job fails RocketChat/Rocket.Chat#751 from aoberoi/reference-examples
• 5f7a654 Add table of contents
• e73ad7d Fix links on READMEs
• d1eb873 Local development tutorial
• 17318b2 add warning to maintainers guide
• dd84a72 update issue template to ask for relevant packages

See the full diff

Package name: bcrypt

The new version differs by 129 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request joinRoom returns if room is already added RocketChat/Rocket.Chat#856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request Meteor 1.2 (HELP TO TEST) RocketChat/Rocket.Chat#852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request Image autoloading does not work behind proxy RocketChat/Rocket.Chat#851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request Create room permissions for read-only / speak RocketChat/Rocket.Chat#825 from dogon11/patch-1
• 2821c03 Merge pull request number of unread messages indicator misbehavior RocketChat/Rocket.Chat#811 from techhead/use_buffers
• 63c8403 Merge pull request Create Channel button hidden RocketChat/Rocket.Chat#838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: Create a cog or other icon for dropdown actions on message RocketChat/Rocket.Chat#828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag
• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request Don't Make Hashtags Which Aren't Channels Clickable RocketChat/Rocket.Chat#807 from techhead/known_length
• f28e916 Reword comment

See the full diff

Package name: blockstack

The new version differs by 250 commits.

• c21cae1 release: v21.0.0
• 2a34a2d Merge pull request Adding support for private groups reopening and fixing room subscription state RocketChat/Rocket.Chat#765 from blockstack/develop
• 3e5a317 remove beta and add date
• 8cd8e83 add version to changelog
• 52420a4 Merge pull request Route follow through on login / register RocketChat/Rocket.Chat#764 from blockstack/develop
• c7b1704 Merge branch 'release/v21.0.0-beta.1' into develop
• fbe0b24 v21.0.0 beta release
• 4a04177 Merge pull request Auto Load Images is no longer working RocketChat/Rocket.Chat#763 from blockstack/changelog
• dd1c803 fix
• 7513ae4 elaborate on putFile changes
• 767405c update changelog for concurrency changes
• 30dc53d Merge pull request Merge pull request #1 from RocketChat/master RocketChat/Rocket.Chat#743 from blockstack/etags
• 0728e0f Merge pull request Admin can delete messages (Issue #739) RocketChat/Rocket.Chat#753 from blockstack/feature/bn-fixes
• 6e79a13 file creation test
• b095f09 attempt to create new file if client doesn't have etag
• b274f2a add flag for creating new file to `uploadToGaiaHub` method and set If-None-Match header
• b4524d1 add error test and refactor etag test
• 71243ff etag unit test
• af54f80 Merge pull request Archive + Freeze Channel RocketChat/Rocket.Chat#752 from blockstack/dependabot/npm_and_yarn/handlebars-4.5.3
• cefff5c Add encryption files to prettierignore.
• 56951a3 Merge branch 'master' into develop
• 14422c7 Merge branch 'develop' into etags
• 7a1c537 Merge pull request Protect Uploads - download should not be possible without logging in RocketChat/Rocket.Chat#724 from blockstack/feature/content-length-checking
• 376e320 fix tests that mock uploadToGaiaHub method

See the full diff

Package name: googleapis

The new version differs by 250 commits.

• 7e3d978 Release v37.0.0 (favico.js update RocketChat/Rocket.Chat#1568)
• ecb2c28 build: check for 404s in the docs (Distinguish Deployment from Development Install RocketChat/Rocket.Chat#1562)
• d49aa49 docs: run the docs command (Unicode regex support RocketChat/Rocket.Chat#1566)
• d1af168 feat: run the generator (Added toAll mentions for yall, everyone, channel, and here RocketChat/Rocket.Chat#1564)
• 9ccda50 chore(deps): update dependency eslint-config-prettier to v4 (Functions rate limiter RocketChat/Rocket.Chat#1565)
• 73f8f9c docs: specify gaxios over axios (Rocket Chat fails to load channels in IE10 RocketChat/Rocket.Chat#1558)
• 7f7f3cf fix(deps): update dependency googleapis-common to ^0.7.0 (Many fixes for RTL RocketChat/Rocket.Chat#1560)
• c62efb1 docs(samples): add people samples for get & create contacts (Too easy to accidentally leave channels RocketChat/Rocket.Chat#1543)
• 2ad63f6 feat: webpack support for all APIs (When User Joins a Call, Mark Them as Busy RocketChat/Rocket.Chat#1554)
• d8ba2ac fix(deps): update googleapis-common and google-auth-library (Add hubot config to docker-compose.yml RocketChat/Rocket.Chat#1556)
• 9742db3 feat: generating webpackable packages (Reset avatar before uploading to prevent caching issues RocketChat/Rocket.Chat#1547)
• e70272c fix(generator): convert method names to camelCase (rocketchat_1 | private group user statistic not found RocketChat/Rocket.Chat#1552)
• 8d9c5d9 docs: fix typo in README.md (Mentioned non-English user names do not get linked RocketChat/Rocket.Chat#1549)
• de464c0 feat: run the generator (Unified channel creation? RocketChat/Rocket.Chat#1541)
• 7e07d11 docs: improve the compute sample in the README (Improvements/performance RocketChat/Rocket.Chat#1537)
• 47056e9 docs(samples): rework the compute list vms sample (Permissions renaming RocketChat/Rocket.Chat#1534)
• 3b612fc fix(test): fix the revoke token test (Secret URL registration. Closes #1507 RocketChat/Rocket.Chat#1532)
• 4115c0f chore(deps): update dependency typedoc to ^0.14.0 ([sandstorm] Cull administrator options RocketChat/Rocket.Chat#1527)
• c61e14d docs: correct the README (FileReader function ignores orientation of images uploaded from mobile. RocketChat/Rocket.Chat#1522)
• 438979a docs: use blogger to demonstrate key authentication (File upload too slow / eating too much resources RocketChat/Rocket.Chat#1519)
• f6edb8e chore: update license file and metadata (Account box customizable items RocketChat/Rocket.Chat#1504)
• 230bb64 chore(build): inject yoshi automation key (Multiple file upload support RocketChat/Rocket.Chat#1503)
• 443662e chore: update nyc and eslint configs (Password reset / recovery is broken RocketChat/Rocket.Chat#1502)
• 413d9ca chore: fix publish.sh permission +x (Update README.md RocketChat/Rocket.Chat#1499)

See the full diff

Package name: juice

The new version differs by 54 commits.

• a628051 v7.0.0
• 5d89c6e Merge pull request Migrating flow-router into 2.0 RocketChat/Rocket.Chat#368 from TrySound/upgrade-web-resource-inliner
• ef3a266 Merge pull request Scalable File Sharing RocketChat/Rocket.Chat#369 from TrySound/published-files
• 335ed19 Publish only necessary files in package
• 3ec34d3 Upgrade web-resource-inliner
• 56e8fbc Merge pull request Images are not showing in lan RocketChat/Rocket.Chat#367 from TrySound/upgrade-commander
• 1dac1f4 Upgrade commander
• 1f82379 Merge pull request Latest code is not working with IE 11 RocketChat/Rocket.Chat#366 from TrySound/upgrade-cheerio
• 4178da6 Upgrade typescript
• 0ea9842 Upgrade to cheerio v1
• ec41c65 Merge pull request Verify Account with phone number RocketChat/Rocket.Chat#352 from hansottowirtz/support-htmlparser2
• f55f820 Merge pull request Sort of users in view RocketChat/Rocket.Chat#364 from TrySound/drop-deep-extend
• 7116879 Replace deep-extend with nested Object.assign
• 879e34c Merge pull request Add External Chat Window RocketChat/Rocket.Chat#363 from TrySound/unused-inliner-options
• 8899cd7 Merge pull request Allow to paste images from clipboard RocketChat/Rocket.Chat#365 from TrySound/object-assign
• 0765875 Merge pull request Upload RocketChat/Rocket.Chat#362 from TrySound/cross-spawn-dev
• d08b1ed Replace custom extend utility with native Object.assign
• fb22fc0 Drop unused cssmin and uglify options from cli
• f3307de Move cross-spawn to dev dependencies
• 49b5412 Merge pull request Implement REST-full API RocketChat/Rocket.Chat#349 from ArsenyYankovsky/master
• 0ce3da7 Merge pull request fix prob when room id is not valid RocketChat/Rocket.Chat#360 from nekocode/fix-empty-tag
• 990f0dd Merge pull request Room isolation RocketChat/Rocket.Chat#353 from asztal/patch-1
• 35d9a9d fix Fix message deletion and fix render of previous message RocketChat/Rocket.Chat#359
• 6963fe6 Add changelog entry for v6.0.0

See the full diff

Package name: mailparser

The new version differs by 12 commits.

• 7cba5bc v2.7.0
• 4e367f7 fix: capture decoder end event to use on cleanup
• c4b4d7d Move eslint into devDependencies
• 403176f fixed invalid license file
• 92ad01d v2.6.0
• 4af69d9 v2.5.0
• 53216af bumped deps
• 0dba5fc Properly propagate errors for simpleParser
• 7706160 Skip decoding for UTF-8
• 543460f Add partId attribute on attachment
• b261a26 Added option for setting restrictions for how long html content to parse
• f681f8d Test case for attachment as base64 encoded root node

See the full diff

Package name: turndown

The new version differs by 23 commits.

• 4e36b45 6.0.0
• 9026414 5.1.0
• bc23db7 Update acorn for https://npmjs.com/advisories/1488
• b9898b7 Update travis node version
• 1559f32 Update to latest rollup (+ plugins) versions
• 73a7539 Target new versions of node
• 166a41a Update jsdom to v16 to fix potential security vulnerabilities
• 0b5d4d5 Merge pull request Fix minor bugs in irc plugin. RocketChat/Rocket.Chat#302 from fredck/t/domchristie/turndown/300
• e5bd9f8 Use the repeat utility function for consistency.
• d1ee0ac Simplified the fence character sniffing.
• 99b0516 Minor stylistic fixes.
• 8e072d2 Fixed the wrong trimming of line break at at the start of code blocks.
• a24c58b Fixed multiple ticks/tildes inside code blocks.
• cae7098 Merge pull request add Video Chat HD and fullscreen modes for web-rtc #115 RocketChat/Rocket.Chat#281 from kevindew/vanishing-or-duplicating-spacing
• b73068c Consistently handle inline elements with spaces
• 80297ce 5.0.3
• 50d3444 Update browserify for security vulnerability
• 6cc551e 5.0.2
• 99aa4c4 Update dependencies for security vulnerability
• e2c64f1 Format options example
• 7c5bc0e Merge pull request Error on meteor run RocketChat/Rocket.Chat#257 from dace/update-documentation-with-options-example
• 7783add Comply with WCAG contrast guidelines in demo.
• 4925169 add example

See the full diff

Package name: twilio

The new version differs by 160 commits.

• 07891d5 Release 3.41.0
• 3120c68 [Librarian] Regenerated @ b99d9f1d3667442d965805ac71bf6185ee04b82c
• c76264e fix: remove the lock file since this is a library
• d073d8c fix: Page JSON parsing and integration tests (Add Google Play button for app RocketChat/Rocket.Chat#546)
• ef0d339 fix: add overloaded TS definitions for non-required params (Fix search not coming up RocketChat/Rocket.Chat#545)
• 465d158 fix: Add method overload to VoiceResponse.prototype.play (Fix image stretching RocketChat/Rocket.Chat#544)
• 747a091 fix: don't re-parse parsed JSON (Images Stretched RocketChat/Rocket.Chat#543)
• 6266910 feat: migrate from deprecated request module to axios (Support audio only calls RocketChat/Rocket.Chat#542)
• 5249e3b [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
• ad2e98b Release 3.40.0
• ec54ee2 [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
• 5a65128 docs: add url parameter documentation in twilio.webhook() (Document VPS deployment for non-docker users RocketChat/Rocket.Chat#541)
• 6d96611 fix: proper indentation (Images not shown in dev RocketChat/Rocket.Chat#534)
• 3b07aca docs: guide for enabling lazy loading (Is schema doc anywhere? RocketChat/Rocket.Chat#532)
• 25ec77d feat: Faster requiring using optional lazy loading (Pinned Messages Per Channel RocketChat/Rocket.Chat#526)
• deca8ff Release 3.39.5
• f8f368c [Librarian] Regenerated @ 59055a0e4517ecbe8ab584e0f9b38f2a70cd94a8
• 3d0e4a1 Release 3.39.4
• 2d7f7fa [Librarian] Regenerated @ 0d359fdcea150a7f3ec36771ffeb0bd2bf34ea1d
• 412b484 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 1294266 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 0d96c5b [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 1286866 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 548eed3 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9

See the full diff

Package name: webdav

The new version differs by 209 commits.

• 2416073 3.5.0
• a245cfd Prepare 3.5.0
• 5323aeb Merge pull request Allow disabling Google Analytics RocketChat/Rocket.Chat#217 from perry-mitchell/dep_upgrade
• 5e9dbc3 Audit deps
• 46cf493 Upgrade dependencies (majors)
• fedb507 3.4.0
• 4a326ff Prepare 3.4.0
• 9f8d409 Update docs
• 8a04ddb Format files
• 142f9a7 Merge pull request IRC prototype. RocketChat/Rocket.Chat#215 from christiaan/master_disable-redirect-memory-usage
• 340eb96 Fix unnecessary excessive memory usage when uploading big files
• 9de2da4 Merge pull request WANTED: Anyone deploying Rocket.Chat on Aliyun, NTT's Cloud(n), or Naver's NCloud RocketChat/Rocket.Chat#213 from christiaan/master_path-with-html-entities
• dc05d69 Merge pull request Ability to mute user for set period of time  RocketChat/Rocket.Chat#214 from christiaan/master_add-missing-maxContentLength-documentation
• d072f24 Fix getDirectoryContents for directories with & in their name
• 4fe4d98 Add failing test for directory with `&` in name
• c3569ae Add missing documentation for maxContentLength option
• 54d79d9 3.3.0
• c4bb826 Fix formatting
• 6bb8825 Prepare 3.3.0
• b9a0a3f Merge pull request Slack Compatible API for external integration RocketChat/Rocket.Chat#202 from perry-mitchell/bugfix/encoded_paths
• 8d6537a Use node 10 for babel (node)
• 9930a13 Fix missing ref
• 2e6c3f8 Highlight min node version
• 7fef287 Update tests for path decoding

See the full diff

Package name: xml-crypto

The new version differs by 51 commits.

• 62fb8fa 1.5.6
• 69abad6 Update xmldom to 0.7.0 (Fix! RocketChat/Rocket.Chat#236)
• 6f63436 1.5.5
• 6af1bc5 1.5.4
• 06831c5 build(deps): update xmldom
• d295ecc 1.5.3
• 79fc2ac Merge pull request New day and system messages RocketChat/Rocket.Chat#209 from troyfactor4/master
• f982b0c return response as well even if async
• 4ffe0aa Async response for built in algo sign/verify
• 713f3d8 1.5.2
• 638ab6c Lock ejs to 2.6.1
• 2730604 1.5.1
• 07e2320 Merge pull request Cannot read property 't' of undefined RocketChat/Rocket.Chat#207 from troyfactor4/master
• 234bc0b enable more use cases by returning the xml object in callback
• 01d462d Test suites of other projects (mocha) that include v1.5.0 fail with error: "Error: global leak detected: existingPrefixes"
• 0157f26 1.5.0
• e9942f3 Merge pull request Create Admin User RocketChat/Rocket.Chat#206 from troyfactor4/master
• ddc17c9 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #1 from LoneRifle/master
• 3d14db0 Lock ejs to 2.5.5
• e2609c1 Convert arrow func for backcompat
• 96c1fcd Adjust whitespace
• c140018 bug: missing return
• 3e1c2f9 -convert promises to callback for backwards compatibility
• 17bbd13 Add callback options to sign/verify asynchronously

See the full diff

Package name: xml-encryption

The new version differs by 49 commits.

• f5f6532 Merge pull request [Snyk] Security upgrade pdfjs-dist from 2.0.943 to 4.2.67 #89 from auth0/1.3.0
• 3c742bf release 1.3.0
• 7b360cd Update xmldom to 0.7.0 ([Snyk] Security upgrade xml-encryption from 0.11.2 to 1.0.0 #88)
• e89e7fc Merge pull request [Snyk] Fix for 1 vulnerabilities #85 from gkwang/1.2.4
• 93937fd release 1.2.4
• 1688a90 Update xpath, xmldom, y18n, lodash ([Snyk] Fix for 1 vulnerabilities #84)
• ca3796b chore: Release version 1.2.3 ([Snyk] Security upgrade archiver from 3.0.0 to 7.0.0 #83)
• 1996dd7 fix: package.json & package-lock.json to reduce vulnerabilities ([Snyk] Security upgrade mailparser from 2.4.3 to 3.6.7 #81)
• 435b1d0 dont pull in tests ([Snyk] Fix for 1 vulnerabilities #80)
• 4fa183c chore: remove codeql analysis ([Snyk] Fix for 44 vulnerabilities #78)
• f412aac Merge pull request [Snyk] Fix for 1 vulnerabilities #76 from auth0/update_forge
• 9b6df94 Bumps a new patch version
• cd9c41d Update node-forge to the latest version
• 52183cb Merge pull request [Snyk] Security upgrade google-translate from 1.0.9 to 2.2.0 #73 from auth0/esarafianou-codeql-scan
• 62abb0f Create codeql-analysis.yml to trigger scans
• 1f013c5 release 1.2.0 ([Snyk] Security upgrade xml-encryption from 0.11.2 to 1.0.0 #72)
• b5a912b feat: sinon is a dev dependency ([Snyk] Fix for 1 vulnerabilities #71)
• 30edc80 fix(utils): fix accidental duplicate export. ([Snyk] Security upgrade async from 2.6.3 to 3.2.2 #70)
• 77efd10 chore: release 1.1.0 ([Snyk] Fix for 1 vulnerabilities #69)
• 25d22fd feat: Add warning when insecure algorithm is used. ([Snyk] Security upgrade mkdirp from 0.5.1 to 0.5.2 #68)
• f5651cc feat: Add support for AES-GCM family ([Snyk] Fix for 3 vulnerabilities #67)
• e711f7b v1.0.0 release ([Snyk] Security upgrade xml-encryption from 0.11.2 to 2.0.0 #65)
• 9459c5a Fix a missing check in encryption for encrypt call ([Snyk] Security upgrade marked from 0.5.2 to 4.0.10 #64)
• 4625cc3 Merge pull request [Snyk] Security upgrade object-path from 0.11.4 to 0.11.8 #62 from auth0/jenkins

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 [Adjust project settings](https://app.snyk.io/org/timtheguy/project/9cb78fbe-fe81-45b9-b3fb-2cef4036aa85?utm_source=github&am...