[Snyk] Fix for 7 vulnerabilities

[enjame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 250 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request #1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request #1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request #1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request #1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: ramda

The new version differs by 250 commits.

• 1a5d40b Version 0.27.2
• 4d8e8f0 Merge pull request #3212 from ramda/davidchambers/trim
• 94d0570 Security fix for ReDoS (#3177)
• 8ae355e update test string for trim
• 6bb8eea Version 0.27.1
• ed191e6 Merge pull request #2832 from kibertoad/chore/update-dependencies-2
• 20ba763 Update dependencies
• a6620f6 Update Babel to v7 (#2829)
• 2705518 Execute tests on Node 12 (#2828)
• c45208e hasPath return false for non-object checks (#2825)
• 0baeda1 updated invoker.js documentation (#2821)
• 072d417 Including BR translation. (#2621)
• ca1e2b5 add an example which covers error and value (#2806)
• 271b044 docs: Add @ since where it is missing (#2793)
• ac58c96 Update `pathSatisfies` to handles empty `path` arguments (#2791)
• b25ac73 Fix typo in split docs (#2792)
• 7d55e91 Add R.xor (Exclusive OR) (#2646)
• efd899b feature: adding paths operator - #2740 (#2742)
• 235a370 fix: rename then to andThen (#2772)
• 8d59032 Fix broken link in readme (#2768)
• 38feed2 remove erroneous quotes in tryCatch documentation (#2765)
• ce4f936 fix `@ since` in `includes` (#2764)
• 626762b Reference to Ramda Conventions wiki page (#2718)
• 878cacd Add prebench script (#2759)

See the full diff

Package name: worker-loader

The new version differs by 20 commits.

• 77c599c chore(release): 1.1.1
• d1a7a94 fix(index): add `webpack >= v4.0.0` support (Errors are leaking zerobias/telegram-mtproto#128)
• 8905f8d docs(README): fix syntax highlighting on `webpack.js.org` (error: ETIMEDOUT during code sending zerobias/telegram-mtproto#112)
• 20af2e9 chore(release): 1.1.0
• 0994334 refactor(index): remove legacy code (`webpack =< v1.0.0`) (TypeError: MTProto is not a function zerobias/telegram-mtproto#105)
• 09705fb refactor: apply `webpack-defaults` (Telegram session termination error zerobias/telegram-mtproto#81)
• 2051a3a docs(README): fix layout, add links && anchors (How to upload profile photo for my account zerobias/telegram-mtproto#100)
• 96c6144 feat: add `publicPath` support (`options.publicPath`) (Duplication / flooding of ping messages zerobias/telegram-mtproto#31)
• a9ec386 docs(README): standardize (Error not catching zerobias/telegram-mtproto#82)
• d914288 docs(README): improve TypeScript integration example (TypeError: No method name messages.SentMessage found zerobias/telegram-mtproto#97)
• 2aa3e81 chore(release): 1.0.0
• 1b84066 chore: Adds release tooling & script
• f7e2132 chore: Allow Webpack v3.x as a peerDependency (Uncaught TypeError: Failed to execute 'postMessage' on 'Window': 2 arguments required, but only 1 present. zerobias/telegram-mtproto#85)
• 57c2846 0.8.1
• 1d8180a test: Improve named workers via options (how should use vectors? zerobias/telegram-mtproto#80)
• 5e2f5e6 feat: add `options` validation (`schema-utils`) (Error: Actions must be plain objects. Use custom middleware for async actions. zerobias/telegram-mtproto#78)
• edcda35 feat: support loading node core modules (how to use constructor? zerobias/telegram-mtproto#76)
• 13f586b docs: Added Typescript integration to the readme (avoiding send Message method each time zerobias/telegram-mtproto#79)
• 5c3003e docs: Add worker message example to README (auth.signUp problem  zerobias/telegram-mtproto#66)
• 6eb39f0 docs(README): explain what the loader does (Best way to retrieve error response zerobias/telegram-mtproto#65)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn