[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 144 commits.

• 0f1bed0 1.17.1
• 0532096 lint: remove unreachable code branches
• b34aab5 build: eslint-config-standard@7.0.0
• 77b1ca1 build: eslint-plugin-markdown@1.0.0-beta.4
• e51dbc5 deps: qs@6.4.0
• 79bc939 1.17.0
• e6140e1 build: Node.js@7.7
• 42f467d deps: qs@6.3.1
• 4954aec build: test against Node.js 8.x nightly
• e2050df build: Node.js@7.6
• 2f941c4 build: Node.js@6.10
• 6549617 build: Node.js@4.8
• d1c2c7f deps: http-errors@~1.6.1
• e7b86ba build: eslint@3.16.1
• 7b630f7 1.16.1
• de574bf build: eslint@3.15.0
• 889bcc9 build: Node.js@7.5
• dba8ac4 deps: debug@2.6.1
• 95a3ebb docs: fix history file with incorrect qs version
• c5a73d5 1.16.0
• 9744dda deps: qs@6.3.0
• 7807757 deps: debug@2.6.0
• 0e44768 lint: use standard style in the README
• 14952be build: eslint-config-standard@6.2.1

See the full diff

Package name: express

The new version differs by 231 commits.

• d43b074 4.15.2
• 05fd1e4 deps: update example dependencies
• 85c96fd deps: qs@6.4.0
• d32ed68 4.15.1
• 57d3dfd examples: merge the jade example into ejs
• eece385 tests: use path.join instead of concatenation
• 8eb95ae examples: use path.join instead of concatenation
• 67168fe deps: serve-static@1.12.1
• c0089d9 deps: send@0.15.1
• dc8acc8 tests: use supertest expect for simple assertions
• 7027b37 lint: remove unused err argument
• b4550fb Use ejs instead of jade within engine jsdoc
• 4012846 examples: use static assets in search example
• 6d9b127 build: Node.js@7.6
• 504a51c 4.15.0
• 7f96896 deps: update example dependencies
• f59de6a build: Node.js@7.7
• 7247554 build: Node.js@6.10
• 146a13e build: Node.js@4.8
• 9722202 Add next("router") to exit from router
• 51f5290 Fix case where router.use skipped requests routes did not
• 8b6dc6c Use "%o" in path debug to tell types apart
• 081b811 perf: add fast match path for "*" route
• 1f71fae tests: add lone "*" route tests

See the full diff

Package name: request

The new version differs by 250 commits.

• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request [Snyk-dev] Security upgrade django from 1.6.1 to 2.2.27 snyk/cli#2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (refactor: pull out custom rules code snyk/cli#2751)
• 169be11 Add Node.js v8 to Travis CI
• 643c43a Fixed some text in README.md ([Snyk-dev] Security upgrade openjdk from 8-jdk-slim to 8u302-slim-buster snyk/cli#2658)
• e8fca51 chore(package): update aws-sign2 to version 0.7.0 (chore: Update Readme extension to read markdown snyk/cli#2635)
• e999203 Update README to simplify & update convenience methods (fix: add support for --API to iac test command [CFG-1513] snyk/cli#2641)
• 6f286c8 lint fix, PR from pre-standard was merged with passing tests
• a765593 Add convenience method for HTTP OPTIONS (docs: update protect.md snyk/cli#2541)
• 52d6945 Add promise support section to README ([Snyk-dev] Upgrade minimatch from 3.0.2 to 3.0.4 snyk/cli#2605)
• b12a624 refactor(lint): replace eslint with standard ([Snyk-dev] Security upgrade marked from 0.3.6 to 4.0.10 snyk/cli#2579)
• 29a0b17 Merge pull request feat: Improve npm7+ error message snyk/cli#2598 from request/greenkeeper-codecov-2.0.2
• e7b4a88 Merge pull request GH Action for syncing help files snyk/cli#2590 from nicjansma/timings-tests
• dd5c02c Updated comment
• 087de94 Merge pull request [Snyk-dev] Security upgrade alpine from 3.12.0 to 3.13.7 snyk/cli#2589 from odykyi/fix-tabulation
• 3d5e50d Merge pull request [Snyk-dev] Security upgrade node from 12 to 12.22.8-stretch snyk/cli#2594 from ahmadnassri/patch-1
• 0951f47 chore(package): update codecov to version 2.0.2
• baf9c1f chore(dependencies): har-validator -> 5.0.2
• 21b1112 chore(dependencies): har-validator -> 5.0.1
• 51806f8 chore(dependencies): har-validator to 5.x [removes babel dep]
• c57fb72 2.81.1

See the full diff

Package name: sqlite3

The new version differs by 250 commits.

• 573784b v5.0.3
• e5a24fd Deleted `examples/` folder
• b05f459 Added note about GitHub Releases to CHANGELOG.md
• 33d0656 Modernised Usage example in README
• 9d05c55 Fixed up more README nits
• 08d6319 Fixed link to API docs
• 0e2235a Altered wording in README
• 76b6c56 Altered README header
• e3df365 Updated README
• 426930f Enabled CI to run when pushing tags
• a21d41f Fixed uploading binaries to commit artifacts
• bc978c7 Fixed CI step wording
• 7f744a1 Added prebuilt binaries via GitHub Releases
• b4b3c3a Deleted `scripts/` directory
• 71bbdea Pinned dev dependencies (feat: Add impact and resolve fields in sarif output. snyk/cli#1558)
• a597383 Updated badges in README
• 0eb4a0f Deleted Travis and Appveyor configs
• b58d341 Downgraded `mocha` and `eslint`
• f39b10d Added missing Node versions to CI
• 8db96d4 Replaced Python extraction script with JS (fix: update go plugin snyk/cli#1570)
• 11c988c Fixed Windows build architecture in CI
• 8e63848 Updated Windows CI runner to `windows-latest`
• d9e7d8b Fixed building on MacOS Monterey 12.3
• 859b95b Updated `node-gyp` to v8.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.