[Snyk] Fix for 19 vulnerabilities

[terrorizer1980]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/isomorphic-core/package.json
  • packages/isomorphic-core/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: libhoney

The new version differs by 43 commits.

• 4cceb33 1.1.2
• a05bd46 test on moar nodes and mention node >= 4 in README
• a63ecef Upgrade superagent to remove vulnerability ([Snyk] Security upgrade electron from 1.4.15 to 16.0.10 #26)
• 7636bba 1.1.1
• 9d05866 Update README.md ([Snyk] Security upgrade googleapis from 9.0.0 to 49.0.0 #24)
• 94e4449 skip_cleanup: true
• 244e4e3 1.1.0
• 8f07497 additional transmission types ([Snyk] Security upgrade googleapis from 9.0.0 to 49.0.0 #23)
• 84ffd0a don't stringify objects in builder.addField ([Snyk] Security upgrade electron from 1.4.15 to 12.2.1 #21)
• d303950 Add support for User-Agent additions ([Snyk] Security upgrade signalfx from 3.0.1 to 6.0.1 #19)
• c6fd5dc Move `addDynamicField` in `express-dynamic-fields` example out of per-request middleware ([Snyk] Security upgrade less-cache from 0.21.0 to 0.24.0 #18)
• f90a4a6 1.0.0-beta.10
• 07ab2ff use /1/batch/<dataset> endpoint ([Snyk] Fix for 1 vulnerabilities #16)
• 9c06dd5 1.0.0-beta.9
• fdf579f Stop `stringify`ing JS objects now that we can unroll on the server ([Snyk] Fix for 13 vulnerabilities #15)
• b7f48c2 Add jsdoc about `.timestamp` on JS docs, factor out validation step ([Snyk] Security upgrade sqlite3 from 3.1.8 to 4.0.0 #13)
• bab3837 Add npm publish step to .travis.yml
• d7fb07e Tweak .esdoc.json to turn on esdoc experimental
• dcb42d5 Update jsdoc on Libhoney constructor, add esdoc generation to .travis ([Snyk] Security upgrade atom-package-manager from 1.1.1 to 2.5.0 #12)
• 7ab9b80 README tweak: link to npm repo, not fury SVG
• c1dd672 Add .esdoc.json
• 1f714c0 Tweak Libhoney config comments
• f3ee3e2 Update README per Honeycomb docs URL refactor
• cf7461e 1.0.0-beta.8

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 9f47e94 fix(dependencies): update validator dependency to latest version (#13802)
• 71c9130 ci: trigger action rerun
• aca4fbc build: update uuid (#13124)
• 32d1e9e ci: enable semantic-release for v5
• db6d5ec fix(types): allow transaction to be `null` (#13093) (#13101)
• d89dede ci(mssql): fix mssql tests
• d608bc0 ci(typings): fix tests for TS typings in TS 4.0
• a914a47 ci: fix ci
• 4b54342 test: fix 6f74bf62 for Node.js 6
• f42d5f3 ci: move to GitHub Actions
• 5fd55c3 test: add missing dev-dependency
• 6f74bf6 test: improve 'running queries' detection
• 3d2df28 fix(sqlite): describeTable now returns unique and references (#12440)
• 56d07c6 fix(mssql): insert/upsert operations do not return all fields (#12434)
• ad1c153 fix(mssql): bulkUpdate returning values (#12410)
• 26fcbce fix(tests): correct spelling mistakes (#12422)
• 2391d08 feat(sequelize): allow passing dialectOptions.options from url (#12412)
• 8477b07 build: changes for v6 release (#12417)
• 834b9f0 fix(postgres): parse enums correctly when describing a table (#12409) (#12411)
• 7fba668 fix(types): specified 'this' for getters and setters in fields (#12370)
• 41237ae fix(mssql): set correct scale for float (#12340)
• 5c733ef fix(include): check if attributes specified for included through model (#12020)
• 7fdc2dc fix(mssql): tedious connect deprecation (#12275)
• 8a3827d fix(mssql): use uppercase for engine table and columns (#12253)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution