[Snyk] Fix for 14 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	Prototype Pollution npm:lodash:20180130	No	No Known Exploit

Commit messages

Package name: request

The new version differs by 71 commits.

• 6420240 2.88.0
• bd22e21 fix: massive dependency upgrade, fixes all production vulnerabilities
• 925849a Merge pull request #2996 from kwonoj/fix-uuid
• 7b68551 fix(uuid): import versioned uuid
• 5797963 Merge pull request #2994 from dlecocq/oauth-sign-0.9.0
• 628ff5e Update to oauth-sign 0.9.0
• 10987ef Merge pull request #2993 from simov/fix-header-tests
• cd848af These are not going to fail if there is a server listening on those ports
• a92e138 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904)
• 45ffc4b Improve AWS SigV4 support. (#2791)
• a121270 Merge pull request #2977 from simov/update-cert
• bd16414 Update test certificates
• 536f0e7 2.87.1
• 02fc5b1 Update changelog
• de1ed5a 2.87.0
• a6741d4 Replace hawk dependency with a local implemenation (#2943)
• a7f0a36 2.86.1
• 8f2fd4d Update changelog
• 386c7d8 2.86.0
• 76a6e5b Merge pull request #2885 from ChALkeR/patch-1
• db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
• fb7aeb3 Merge pull request #2942 from simov/fix-tests
• e47ce95 Add Node v10 build target explicitly
• 0c5db42 Skip status code 105 on Node > v10

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution npm:extend:20180424	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic