[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: noflo

The new version differs by 250 commits.

• a1187c6 Bump
• d1c13f2 Update Flowhub docs link
• 49cfb8b Update fbp-protocol link
• b25001e Update MsgFlo link
• 9757b8d Merge pull request #534 from noflo/update_copyrights
• f84ca06 Reassign copyrights
• a790ba4 Make 'grunt test' run the build task instead of duplicating
• 593a39d Bump
• 05d38ad Document WirePattern Process API changes, refs #526
• 452c57f Merge pull request #526 from noflo/process_wirepattern
• 6ceab6f Merge pull request #532 from noflo/fix_null_undefined
• efaba77 Fix ip.data turned from null to undefined
• 76d10c6 Provide postpone/resume functions that throw a more user-friendly error
• 4db7e7b Plug deprecation warnings back in
• 9d15d3c Collation support for WirePattern group and field options in Process API
• 5d322e2 Initial support for collating inputs by field
• 4d4413e More consistent wrapper naming
• 589e445 Make it possible to force WirePattern into legacy mode, either via env vars or with a config key
• 2553bcd Expose component instance
• 194ae10 Move more component initialization to proper befores
• da8a8bf Move more component initialization to proper befores
• 17ce316 With Process API the garbage collection tests don't make sense
• 36ef4b3 Better debug message for WP legacy fallback
• b3a21a4 Prevent multiple dones

See the full diff

Package name: noflo-flow

The new version differs by 53 commits.

• 3edfa58 Bump
• 7a1ca17 Merge pull request #90 from noflo/process_api
• 65249f6 Port Collate to Process API
• ba5c436 Remove legacy graph
• 062b40d Remove unused dependencies
• f026ae6 Port Throttle to Process API
• 810acae Port Stop to Process API
• c6b7434 Port ReverseSplit to Process API
• 5da7836 Port Reorder to Process API
• 6c1d84e Port HasGroup to Process API
• abbf3e8 Port Gate to Process API
• e214267 Port Fork to Process API
• 0a38447 Port Deny to Process API
• e7de993 Port CountedMerge to Process API
• 38b8b0c Port CountDown to Process API
• b085aaa Port Concat to Process API
• ec2ade7 Port CollectUntilIdle to Process API
• fa08d7f Port CleanSplit to Process API
• fec3254 Port CleanDisconnect to Process API
• 8775f94 Port Accept to Process API
• cab587a Depend on NoFlo 0.8
• d60fdd6 Remove obsolete grunt-noflo-manifest
• fc3bfc0 Remove obsolete component.io manifest
• a6d779f Merge pull request #87 from noflo/greenkeeper/chai-4.0.0

See the full diff

Package name: noflo-nodejs

The new version differs by 155 commits.

• 0862625 Update deploy token
• 68acfa5 Bump
• bb0febb Merge pull request #108 from noflo/greenkeeper/noflo-0.8.0
• a53b838 Update noflo-runtime-websocket
• daba6d3 fix(package): update noflo-runtime-websocket to version 0.8.0
• bc980e8 Update fbp-protocol
• 466f815 Update noflo-runtime-base
• 28958a2 fix(package): update noflo-runtime-base to version 0.8.1
• 0b3d74c Update noflo-core
• a267845 Merge remote-tracking branch 'origin/greenkeeper/noflo-runtime-base-0.8.0' into greenkeeper/noflo-0.8.0
• b07d13f fix(package): update noflo-runtime-base to version 0.8.0
• b94f99f fix(package): update noflo to version 0.8.0
• 9959355 Merge pull request #104 from noflo/greenkeeper-flowhub-registry-0.1.0
• 7dc1480 chore(package): update flowhub-registry to version 0.1.0
• 2aed272 Merge pull request #84 from noflo/greenkeeper-password-maker-1.1.3
• 0dea76d chore(package): update password-maker to version 1.1.3
• 7a67f5d Merge pull request #103 from noflo/update_dependencies
• 07e76bf Update yargs
• 5856f71 Merge remote-tracking branch 'origin/greenkeeper-coffee-script-1.12.1' into update_dependencies
• 7d579fa Merge remote-tracking branch 'origin/greenkeeper-uuid-3.0.1' into update_dependencies
• 387380b Use fbp-protocol to increase test coverage
• dd26982 Start preparing fbp-protocol tests
• 39ffa21 chore(package): update yargs to version 6.6.0
• 3b76503 chore(package): update coffee-script to version 1.12.1

See the full diff

Package name: noflo-strings

The new version differs by 126 commits.

• f7cb77c Release 0.5.0
• b49e711 Bump karma from 4.4.1 to 5.2.3
• 0c43efd Bump mocha from 6.2.3 to 8.2.1
• 6ea145c Bump webpack-cli from 3.3.12 to 4.3.0
• 6d543b6 Bump underscore from 1.9.2 to 1.12.0
• 6e0f2c5 Bump ridedott/merge-me-action from v1.8.102 to v1.8.106
• 5320071 Merge pull request #116 from noflo/gh_actions
• 3a98527 Ignore dist folder too
• ae340c7 Ignore build artefacts
• 91ebe03 Use a different lib
• a16970e Make linter happy
• 20d07b7 Initial decaf
• fb5cf98 Initial: decaffeinate
• f0ebb89 Initial: decaffeinate
• 86e2bff We need CoffeeScript as dep for now
• 39a45fe Port to GitHub Actions
• 44c9073 Merge pull request #108 from noflo/greenkeeper/mocha-6.0.0
• 1890b53 chore(package): update mocha to version 6.0.0
• 729fdd7 Merge pull request #107 from noflo/greenkeeper/karma-4.0.0
• 3878805 chore(package): update karma to version 4.0.0
• b38f192 Merge pull request #106 from noflo/modernize_build
• 0cef176 Modernize build and test setup
• 50f999b Merge pull request #105 from noflo/greenkeeper/underscore-1.9.0
• c30008c fix(package): update underscore to version 1.9.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)