[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	475/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-HAPIHOEK-548452	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hapi/hoek

The new version differs by 108 commits.

• 5bd73f6 8.5.1
• 4d0804b Backport #352. Closes #353
• 4ae5f53 8.5.0
• 83019b8 Add isPromise(). Closes #346
• b9aa286 Add declaration
• 5dcbb9c 8.4.0
• d898b06 Add TS utils. Closes #345
• ea1741d 8.3.2
• f6eb28d Improve clone() performance. Closes #344
• 8fa5664 8.3.1
• c2d748a Fix contain(). Closes #342
• ec88426 8.3.0
• 980cc9c Fix types. Skip captureStackTrace when not available. Closes #340. Closes #341
• e6950f2 Closes #339
• 474f2f4 8.2.5
• 1ec3490 Export type interfaces. CLoses #338
• 5ac20bc Fix deepEqual() skip. Closes #337
• 17c85a0 Update README.md
• fe6a6e5 Merge pull request #335 from jarrodyellets/master
• 73dc111 Remove TOC from API
• 994e9cc Update README.md
• 0e66780 Merge pull request #331 from jarrodyellets/master
• 8f78622 Update API.md
• e8fa92d 8.2.4

See the full diff

Package name: @hapi/joi

The new version differs by 6 commits.

• b604775 15.1.1
• da4774f Replace v16 compatibility interface. Closes #2047
• e14321f 15.1.0
• 5d4c0c9 Legacy api. Closes #1926
• 3108872 15.0.3
• 4e4c6c9 Add bool to binds. Fixes #1808.

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: qrcode

The new version differs by 64 commits.

• 557e0d8 1.5.0
• 9aeacd8 fix: ficing double call for callbacks on error saving png to file
• 3d9f9ec chore: update non breaking security notices.
• f08fd57 Merge pull request #233 from bambooCZ/renderer-terminal-small
• d359773 Merge pull request #244 from Alanscut/opts-type
• db49e41 fix undefined error when opts is undefined
• 346fa1a Imperfections in README.md
• 77ec831 Smaller terminal QR codes
• f829dd2 Merge pull request #226 from LinusU/uint8array
• df2ba5a Bump deep dependencies
• 83fa639 Simplify Travis CI setup
• 9e702a1 Bundle using Rollup + Babel + Terser
• cb7865b Use builtin Array.isArray
• 20492aa Add myself as a contributor
• 9cc0e3b Use const/let instead of var
• a5a8563 Drop support for Node.js < 10.13.0
• 48b4cdc Upgrade to Standard v14
• 94009ab Avoid dependency on Buffer
• eb2d499 fix: making require for buffer module explicit fixes #217
• 6aaae01 Merge pull request #216 from AlphaWong/patch-1
• 65fa203 FIX: wrong link for #gs1-qr-codes
• cc2a41f fix: buffer class for browsers
• 56ef8d5 1.4.4
• 6058f49 fix: undefined variable Buffer in reed

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic