[Snyk] Fix for 1 vulnerabilities

[dennishenry]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-sdk

The new version differs by 250 commits.

• 2e6d8bc Updates SDK to v2.38.0
• 1f1fb17 Update dependencies to versions that use lodash 4 and are still compatible with node 0.8
• 1e8c777 Fix doc example gen (#1445)
• 05b12ab Add a note on limitations of AWS.S3.getSignedUrl. Resolves #1105
• cc6f219 Improve documentation of AWS.Credentials.expiryWindow. Resolves #1068
• 69c0a3a Correct documentation of request retry event. Fixes #1110
• 1afa824 Updates SDK to v2.37.0
• 42b7eea Updates SDK to v2.36.0
• c5c0a61 Updates SDK to v2.35.0
• 3982b97 adds AWS.ResourceGroupsTaggingAPI
• ebbe731 Add a documentation directive for strings with jsonvalue traits
• 81c17f8 Correct link target in AWS.CognitoIdentityCredentials.refresh documentation
• 1c6135e Updates SDK to v2.34.0
• 1552e1b Updates SDK to v2.33.0
• 8ae28a6 Ensure MultipartUpload locations returned by the managed uploader are URI-decoded to match single part upload locations (#1420)
• 6295d62 Adds support for additional authtraits (#1408)
• 78b8b18 Updates SDK to v2.32.0
• e6671c4 Add a means of specifying tags for s3.upload that applies to both single part and multipart uploads (#1425)
• 1a46ee6 Updates SDK to v2.31.0
• 8fe0e0a Updates smoke tests to work with temporary credentials (#1421)
• 73d1c78 Adds jitter to DynamoDB retries and allows custom retry logic (#1418)
• eea53f5 Merge pull request #1405 from jeskew/wjordan-waitFor-custom
• e15c01f Merge pull request #1419 from jeskew/chore/codecov-yml-fix
• 10d7b17 Ensure waiter configuration does not collide with arguments passed to underlying operation

See the full diff

Package name: lru-memoizer

The new version differs by 11 commits.

• 188771d 1.11.2
• 54c5074 Merge pull request Is there API support for this extension? #4 from coreylight/master
• e559da5 use most recent non-breaking 4.X lodash
• b068d9a 1.11.1
• 93916f8 avoid deoptimization converting args to array
• 0e46f30 1.11.0
• cb77088 add an option for cloning the object
• f447a3c 1.10.1
• 369d4f8 Merge branch 'elbuo8-own-freeze'
• 7f4545c improve test
• 277694d Bring freeze to lib

See the full diff

Package name: request-promise

The new version differs by 98 commits.

• 4bc186d Version 4.2.6
• 4c7d51d chore: bumped request-promise-core due to security vulnerability of lodash
• f364ee4 docs: reference to request deprecation and alternative libs
• 873d156 Merge pull request [Snyk] Fix for 55 vulnerabilities #341 from shisama/patch-1
• 052331d docs: deprecate this package
• b4dafe4 docs: fixed link
• fd52247 Version 4.2.5
• a27ba86 chore: updated request-promise-core that updates lodash
• 4e3b7ed Version 4.2.4
• 94be6fe fix: tough-cookie version
• 03f7030 chore: updated publish-please config
• d831905 Version 4.2.3 (now really)
• 37e8773 fix: updated indirect lodash dependency to fix security vulnerability
• 229225e Version 4.2.3
• 4f27097 chore: fix ci build for node v8+
• c535eb6 Merge pull request AUTHZ-2608 - Use Argo Tunnel instead of ngrok #299 from aomdoa/fixToughCookieDep
• 488947b Merge branch 'master' into fixToughCookieDep
• 131abd7 fix: breaking change in tough-cookie v3
• b454ddc chore: added node 8 and 10 to ci build
• 6d11ddc fix: typo
• 3a136ea Merge pull request Bump sockjs from 0.3.19 to 0.3.21 #303 from lexjacobs/patch-1
• 5e32191 docs: mention of wrapped request errors
• 2ac4f3e Update rp.js
• 1457338 Workaround on the cookie processing test.

See the full diff

Package name: webtask-tools

The new version differs by 2 commits.

• 4806a34 Version bump package-lock.json
• e79adb1 Bump pug (You cannot edit permissions when adding/updating a Role #34)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution