[Snyk] Fix for 12 vulnerabilities

[bduff9]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JS-BCRYPT-572911	Yes	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Cryptographic Issues SNYK-JS-BCRYPT-575033	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-PROPERTYEXPR-598800	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YUP-2420835	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bcrypt

The new version differs by 167 commits.

• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment
• ca1e43b Add test for embedded NULs
• 1a81858 Pass key_len to bcrypt(). Fix for issues #774, #776
• cf4efd9 Merge pull request #647 from ilatypov/master
• 15febd1 Allow using an enterprise artifactory.
• 96c41e2 Mark z/OS compatibility code as such
• dd32df1 Add z/OS support
• ac14738 Update CHANGELOG.md
• d9e54b4 Merge pull request #806 from techhead/2b_overflow
• 9548df5 Fix overflow bug. See issue #776
• 4c38d38 Merge pull request #804 from jokester/add-arm64-build
• 41d9ba2 add linux-arm64 to build matrix
• bc114fb Update node-addon-api to v3.0.0
• 61f6308 Use travis to deploy future releases
• 87c214f v4.0.1
• 9758e68 Prepare for uploading releases from inside docker
• 1511821 Define _GNU_SOURCE while compiling for MUSL
• e01e78a Add alpine-linux to CI
• bbb6b2d Readme: fix node version for v4.0.0
• 738e4e2 Update CHANGELOG.md

See the full diff

Package name: yup

The new version differs by 169 commits.

• 31bbfc3 Publish v0.30.0
• d225b5d chore: fix lockfile
• f08d507 fix: defined() so it doesn't mark a schema as nullable
• 57d42a8 fix: uuid's regexp (#1112)
• 15a0f43 fix: security Fix for Prototype Pollution - huntr.dev (#1088)
• 040c40d docs: Clarify return value of mixed.test (#1089)
• e616039 chore(deps): update all non-major dependencies (#1087)
• 7fd80aa fix: IE11 clone() (#1029)
• 7459544 chore: bump lodash (#1071)
• 66bb500 chore(deps): update all non-major dependencies (#1069)
• 6096064 feat: exposes context on mixed.test function and add originalValue to context (#1021)
• a56655d chore(deps): update all non-major dependencies (#1058)
• 0dcfa21 chore(deps): update all non-major dependencies (#1049)
• 7573a1a chore: upgrades property-expr dependency to 2.0.4 (#1048)
• a3f94b0 chore(deps): update all non-major dependencies (#1044)
• ed49b9e chore(deps): update all non-major dependencies (#1037)
• 02f59ad chore(deps): update dependency eslint-plugin-jest to v24 (#1030)
• a5f55a4 chore(deps): update all non-major dependencies (#1031)
• ce83c0b chore(deps): update all non-major dependencies (#1025)
• 01da7e1 perf: reduce function calls for shallower stacks (#1022)
• dcae108 feat!: remove sync promise implementation and use callbacks internally (#1019)
• 70e39ef Update issue templates
• f8d5189 chore(deps): update all non-major dependencies (#1014)
• 234b296 chore(deps): update all non-major dependencies (#1011)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn