[Snyk] Fix for 47 vulnerabilities

[zuohuadong]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	Yes	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-UNDERSCOREDEEP-2936792	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Uninitialized Memory Exposure npm:atob:20180429	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nestjs/graphql

The new version differs by 250 commits.

• ea47d75 chore(): release v7.4.0
• 20a7c3f Merge branch 'parkerself22-code-first-federation-unions'
• af6edc0 feat(): override the resolve type of interfaces
• f4e99d5 Merge branch 'code-first-federation-unions' of https://github.com/parkerself22/nestjs-graphql into parkerself22-code-first-federation-unions
• 0e6b9cf fix(): fix merge conflicts
• 0bc3daa feat(): migrate to graphql tools (remove merge-graphql-schemas)
• ec5865d chore(deps): update dependency lint-staged to v10.2.7
• 2d297c7 chore(deps): update dependency ts-node to v8.10.2
• 503b81c chore(deps): update apollo graphql packages to v2.14.1
• 1e60e01 chore(deps): update nest monorepo to v7.1.1
• 3c8e1c6 fix(federation): Update overrideOrExtendResolvers for federated unions
• ec8a7bc chore(deps): update typescript-eslint monorepo to v3.0.2
• e939211 chore(deps): update apollo graphql packages to v2.14.0
• 447f62e chore(deps): update dependency graphql-tools to v6.0.3
• 0cfae7a Merge pull request #899 from nestjs/renovate/typescript-eslint-monorepo
• 71d7a52 chore(deps): update typescript-eslint monorepo to v3.0.1
• 6257cf0 fix(federation): Remove unused import
• f5a4f9e refactor(federation): Update optionResolvers type to match master
• 70548f0 refactor(federation): Merge master and refactor union type resolver fix
• 5431211 fix(code-first-federation): Add union type resolvers to generateSchema
• 14d9416 chore(deps): update dependency graphql-tools to v6.0.1
• 3eb0698 chore(): release v7.3.11
• 555c3f4 fix(federation): merge or override auto generated resolvers
• 900f1e5 chore(): release v7.3.10

See the full diff

Package name: apollo-server-express

The new version differs by 250 commits.

• f93284e Release
• 02d882c update doc entry
• 4745ebe Rename option from disableValidation to dangerouslyDisableValidation
• 11f5981 Add disableValidation option to apollo-server-core
• ea2e2c3 Release
• 1dd45b8 get CI passing
• d38b43b Merge pull request from GHSA-j5g3-5c8r-7qfx
• 590ca13 Update v3 docs with new EOL
• 71b2c8a Apollo Server 3 docs typo: ctx.connectionParams not just connectionParams (#7503)
• fac578a Release
• 19f5167 Update changelog
• 8554050 Update protobuf (version-3) (#7412)
• 5352a9f Docs: fix previous-versions link
• ef4f430 Add AS3 deprecation notices (#7152)
• 6247d96 Release
• e366a58 Make newly-added GraphQLRequestContext.requestIsBatched field optional (#7119)
• b5a8de6 update package-lock
• eac82dc Revert "update package-lock"
• 160be7e update package-lock
• 538151b Release
• 3e840fa update package-lock
• 69be2f7 Merge pull request from GHSA-8r69-3cvp-wxc3
• 40fcd3d Backport #7107 (docs: document new usage reporting option)
• f519e1d Release

See the full diff

Package name: email-templates

The new version differs by 139 commits.

• e8b8cfc 11.1.1
• 44940e2 chore: added note to README
• e03100c 11.1.0
• 45bb875 feat: upgrade to @ ladjs/consolidate (modern fork of consolidate)
• 871a2e8 11.0.5
• d4b46fa chore: bump deps (enhanced preview-email <https://github.com/forwardemail/preview-email\#browser>)
• b5e3c81 11.0.4
• 36789d2 chore: bump deps
• cfc2d41 11.0.3
• 2576f25 fix: fixed xo rule from warn > off
• 11c5c6e fix: switch off node: specific modules (per https://github.com/[fix] preview-email is failing due to require('node:child_process') is not getting processed on mac intel forwardemail/test-preview-emails-cross-browsers-ios-simulator-nodejs-javascript#35)
• 2acb1c3 11.0.2
• ecf5a72 chore: bump deps
• f1f19dc 11.0.1
• 800cec4 docs: updated inline CSS example
• a18debc 11.0.0
• 9c26e5e feat: breaking - drop CSS inlining and `<style>` tag removal by default
• 85b8129 10.0.1
• f9bf71a feat: added iOS Simulator support 🎉
• edac7f4 10.0.0
• 1b0ecdc feat: modernize, require node >= 14, bump deps
• 8a73adc v9.0.0
• 3cd75b4 chore: upgrade web-resource-inliner, support node v10+
• 6ba0098 v8.1.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn