[Snyk] Fix for 9 vulnerabilities

[thiagobustamante]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2	Prototype Pollution SNYK-JS-IOREDIS-1567196	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: amqplib

The new version differs by 45 commits.

• 32aa202 Merge pull request #609 from squaremo/release-0.7.1
• 0f5fc24 Bump version and changelog for v0.7.1
• f729616 Merge pull request #607 from ThomasGawlitza/updateDeps2
• 3de36fa update uglify-js from 2.6.x to 2.8.x
• 20ead0d update bluebird from 3.5.2 to 3.7.3
• 8763e30 update safe-buffer from 5.1.2 to 5.2.1
• 630b06f using latest npm
• 3f30ab2 update url-parse from ~1.4.3 to ~1.5.1
• d84bf6d Include Node.js v14, v15 in CI
• 99a854f Bump package version to 0.7.0
• 19fb6cb Merge pull request #605 from squaremo/allow-node-15
• 836cbc9 Fix use of stream.write(data, encoding) in tests
• 28cd533 Bump NPM packages and Node version allowed
• e3e1016 Bump package version number to 0.6.0
• b13e98f Merge pull request #579 from squaremo/update-node-versions
• 21b3f92 Update README and Makefile with supported Node
• db6e6fa Merge pull request #570 from fretlink/allow-newer-node
• 5ae49c0 Update changelog with v0.5.6
• 6c266c8 Merge pull request #572 from squaremo/release-0.5.6
• d87d619 Bump package-lock to 0.5.6
• 2e813c6 Bump to v0.5.6
• 1b11f0c Run travis tests on Node 12, 13 and 14
• 1dc9470 Allow NodeJS engines up to version 14
• cd616b5 Merge pull request #528 from StrayBird-ATSH/master

See the full diff

Package name: ioredis

The new version differs by 209 commits.

• 0587353 chore(release): 4.27.8 [skip ci]
• 7d73b9d fix: handle malicious keys for hgetall (#1416)
• 17c7595 chore: fix potential security vulnerabilities [skip ci]
• a13eddc chore(release): 4.27.7 [skip ci]
• d7477aa fix(cluster): fix autopipeline with keyPrefix or arg array (#1391)
• beefcc1 docs(README): fix docs typo (#1385)
• cae7fc5 chore(release): 4.27.6 [skip ci]
• 42f1ee1 fix: fixed autopipeline performances. (#1226)
• 71f2994 chore(release): 4.27.5 [skip ci]
• f02e383 fix(SENTINEL): actively failover detection under an option (#1363)
• c87ea2a chore(release): 4.27.4 [skip ci]
• 62b6a64 perf: Serialize error stack only when needed (#1359)
• d4a55b5 chore(release): 4.27.3 [skip ci]
• abd9a82 fix: autopipeling for buffer function (#1231)
• e0cfea1 chore(release): 4.27.2 [skip ci]
• aa9c5b1 fix(cluster): avoid ClusterAllFailedError in certain cases
• aafc349 chore(release): 4.27.1 [skip ci]
• d65f8b2 fix: clears commandTimeout timer as each respective command gets fulfilled (#1336)
• 9e140f0 chore(release): 4.27.0 [skip ci]
• a464151 feat(sentinel): detect failover from +switch-master messages (#1328)
• 6b821af docs: add CONTRIBUTING note
• dac428d chore(release): 4.26.0 [skip ci]
• 2e388db feat(cluster): apply provided connection name to internal connections
• 81b9be0 fix(cluster): subscriber connection leaks

See the full diff

Package name: lodash

The new version differs by 1 commits.

• c6e281b Bump to v4.17.21

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution