[Snyk] Fix for 6 vulnerabilities

[claytonbrown]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: knex

The new version differs by 250 commits.

• ed0e8a5 Fix SQLite not doing rollback when altering columns fails (#4336)
• 3c70dca Prepare 0.95.0 for release
• c1ab23c Await asynchronous expect assertions (#4334)
• 3e6176a SQLite parser improvements (#4333)
• a98614d Made the constraint detection case-insensitive (#4330)
• 5d2db21 Fix ArrayIfAlready type (#4331)
• 887a4f6 Improve join and conflict types v2 (#4318)
• 29b8a36 Adjust generateDdlCommands return type (#4326)
• d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (#4321)
• c0d8c5c mssql: schema builder - add predictable constraint names for default values (#4319)
• 5ec76f5 Convert produced statements to objects before querying (#4323)
• 9e28a72 Add support for altering columns to SQLite (#4322)
• 7db2d18 fix mssql alter column must have its own query (#4317)
• 371864d Bump typescript from 4.1.5 to 4.2.2 (#4312)
• 6c3e7b5 mssql: don't raise query-error twice (#4314)
• 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (#4315)
• 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (#4313)
• c58794b Prepare to release 0.95.0-next3
• 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (#4302)
• 8c73417 events: introduce queryContext on query-error (#4301)
• b6fd941 Include 'name' property in MigratorConfig (#4300)
• 9581100 Prepare to release 0.95.0-next2
• 5614c18 Timestamp UTC Standardization for Migrations (#4245)
• 4899346 Fix for ES Module detection using npm@7 (#4295) (#4296)

See the full diff

Package name: lint-staged

The new version differs by 146 commits.

• 885a644 Merge pull request #852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request #837 from okonet/serial-git-add

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution