[Snyk] Fix for 19 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: noflo

The new version differs by 250 commits.

• a1187c6 Bump
• d1c13f2 Update Flowhub docs link
• 49cfb8b Update fbp-protocol link
• b25001e Update MsgFlo link
• 9757b8d Merge pull request #534 from noflo/update_copyrights
• f84ca06 Reassign copyrights
• a790ba4 Make 'grunt test' run the build task instead of duplicating
• 593a39d Bump
• 05d38ad Document WirePattern Process API changes, refs #526
• 452c57f Merge pull request #526 from noflo/process_wirepattern
• 6ceab6f Merge pull request #532 from noflo/fix_null_undefined
• efaba77 Fix ip.data turned from null to undefined
• 76d10c6 Provide postpone/resume functions that throw a more user-friendly error
• 4db7e7b Plug deprecation warnings back in
• 9d15d3c Collation support for WirePattern group and field options in Process API
• 5d322e2 Initial support for collating inputs by field
• 4d4413e More consistent wrapper naming
• 589e445 Make it possible to force WirePattern into legacy mode, either via env vars or with a config key
• 2553bcd Expose component instance
• 194ae10 Move more component initialization to proper befores
• da8a8bf Move more component initialization to proper befores
• 17ce316 With Process API the garbage collection tests don't make sense
• 36ef4b3 Better debug message for WP legacy fallback
• b3a21a4 Prevent multiple dones

See the full diff

Package name: noflo-runtime-websocket

The new version differs by 87 commits.

• 733440b Update deploy token
• cb61b1c Bump
• b96e7b0 Merge pull request Update yargs to version 4.1.0 🚀 noflo/noflo-nodejs#55 from noflo/greenkeeper/noflo-runtime-base-0.8.0
• 044aa59 Merge remote-tracking branch 'origin/greenkeeper/fbp-protocol-0.6.3' into greenkeeper/noflo-runtime-base-0.8.0
• ee085ce chore(package): update fbp-protocol to version 0.6.3
• b096869 Update noflo-runtime-base
• d45ae8b fix(package): update noflo-runtime-base to version 0.8.1
• 4561efe Merge remote-tracking branch 'origin/greenkeeper-noflo-core-0.3.1' into greenkeeper/noflo-runtime-base-0.8.0
• 4eaeef0 fix(package): update noflo-runtime-base to version 0.8.0
• c9b2826 Bump fbp-protocol
• 3321e50 Use a secret with the fbp-protocol tester
• 40a9603 chore(package): update noflo-core to version 0.3.1
• 5f64d76 Merge pull request Update noflo to version 0.5.15 🚀 noflo/noflo-nodejs#48 from noflo/update_dependencies
• 472b498 Bump fbp-protocol dep
• ec529f8 Bump deps
• 7f567f1 Use send method for better logging
• 3b3d881 Bump noflo-runtime-base
• 3a12772 Allow base runtime to log messages, refs Add debuggers for runtime messages noflo/noflo-runtime-base#81
• 6b4b055 Update fbp-protocol
• b6b08bb Update noflo-core
• 8a77b32 Merge remote-tracking branch 'origin/greenkeeper-websocket-1.0.24' into update_dependencies
• 99906ea Add keywords
• 2d3e55a Update mocha
• 678ac85 Merge remote-tracking branch 'origin/greenkeeper-coffee-script-1.12.1' into update_dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic