[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/nodejs-runtime-agent

The new version differs by 28 commits.

• ade9436 Merge pull request Cross-site Scripting (XSS)(package.json) #111 from snyk/snyk-fix-93368b07b9de27f1dbf0560f8ba14c21
• 4b5269a test: update test fixture to match [email protected]
• 919477e fix: package.json & package-lock.json to reduce vulnerabilities
• a502cbb Merge pull request Information Exposure(package.json) #107 from snyk/docs/readme
• dde1526 docs: describe supported Node versions on our README.md
• 83fe936 Merge pull request Regular Expression Denial of Service (ReDoS)(package.json) #103 from snyk/chore/codeowners
• 4b0109f chore: codeowners
• 435f878 Merge pull request Regular Expression Denial of Service (ReDoS)(package.json) #99 from snyk/chore/bumps
• 8ef98c8 test: limit concurrency to 1
• c53384a chore: upgrade tap; js-yaml is no longer
• 50a0844 chore: bump semver
• 391a2c5 chore: low-risk bumps
• 800766c chore: run tests on random port
• 3d90fb9 test: try and close the demo server cleanly
• 4b9407e Merge pull request Cross-site Scripting (XSS)(package.json) #95 from snyk/snyk-upgrade-a55862565132729ebb483a4754f7857d
• cb5af6b chore: upgrade needle from 2.2.1 to 2.4.0
• b8fde78 Merge pull request Cross-site Scripting (XSS)(package.json) #94 from snyk/feat/lazy-class
• f58306c feat: allow lazy || wrapper classes
• 626c3b7 Merge pull request Regular Expression Denial of Service (ReDoS)(package.json) #91 from snyk/chore/bump-travis
• eee4a01 Merge pull request Regular Expression Denial of Service (ReDoS)(package.json) #92 from snyk/chore/update_func_snapshot
• 5c6e90c fix: de/normalise all file separators in a string
• 8129211 chore: update repo functions snapshot
• 5d8f892 chore: removing unused clone_depth from appveyor.yaml
• d577eac chore: bump travis to xenial

See the full diff

Package name: errorhandler

The new version differs by 85 commits.

• c41e9aa 1.4.3
• ffce329 build: [email protected]
• 90a8777 build: [email protected]
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: [email protected]
• fdeb13c build: [email protected]
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: [email protected]
• 5ee62b7 deps: [email protected]
• 1e89ae7 build: [email protected]
• ef1e8f1 build: [email protected]
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: [email protected]
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: express

The new version differs by 151 commits.

• 9375a9a 4.14.0
• 14cf9c5 deps: update example dependencies
• 605983f build: [email protected]
• e06766c deps: [email protected]
• 76eaa32 Encode URL in res.location/res.redirect if not already encoded
• c12cc88 build: support Node.js 6.x
• 23c22ce build: support Node.js 5.x
• 791cabf deps: serve-static@~1.11.1
• fc40702 deps: [email protected]
• c762b16 Improve error with invalid arguments to req.get()
• 5d642af Add "options" argument to req.range
• 7fcf1d7 docs: update the req.range jsdoc comment
• 7ee41cc deps: range-parser@~1.2.0
• 8ddab69 build: [email protected]
• d038689 build: [email protected]
• c9531ac build: [email protected]
• 98224d2 build: [email protected]
• 2e1284b Fix Windows absolute path check using forward slashes
• 999546d deps: [email protected]
• cc25a04 deps: type-is@~1.6.13
• f90f9dd Improve performance for res.json/res.jsonp in most cases
• b69b760 perf: use strict equality when possible
• c6039af deps: proxy-addr@~1.1.2
• bdf604a deps: [email protected]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)