[Snyk] Fix for 1 vulnerabilities

[DailyDreaming]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: request-promise

The new version differs by 28 commits.

• 4bc186d Version 4.2.6
• 4c7d51d chore: bumped request-promise-core due to security vulnerability of lodash
• f364ee4 docs: reference to request deprecation and alternative libs
• 873d156 Merge pull request #341 from shisama/patch-1
• 052331d docs: deprecate this package
• b4dafe4 docs: fixed link
• fd52247 Version 4.2.5
• a27ba86 chore: updated request-promise-core that updates lodash
• 4e3b7ed Version 4.2.4
• 94be6fe fix: tough-cookie version
• 03f7030 chore: updated publish-please config
• d831905 Version 4.2.3 (now really)
• 37e8773 fix: updated indirect lodash dependency to fix security vulnerability
• 229225e Version 4.2.3
• 4f27097 chore: fix ci build for node v8+
• c535eb6 Merge pull request #299 from aomdoa/fixToughCookieDep
• 488947b Merge branch 'master' into fixToughCookieDep
• 131abd7 fix: breaking change in tough-cookie v3
• b454ddc chore: added node 8 and 10 to ci build
• 6d11ddc fix: typo
• 3a136ea Merge pull request #303 from lexjacobs/patch-1
• 5e32191 docs: mention of wrapped request errors
• 2ac4f3e Update rp.js
• 1457338 Workaround on the cookie processing test.

See the full diff

Package name: winston

The new version differs by 18 commits.

• 8be746b [dist] Version bump. 3.0.0
• ce2c0dc 3.0.0 pre-release (#1342)
• 133d0c2 [doc] Cleaned up some of the documentation on `colorize` to address c… (#1301)
• d701505 Remove paddings as we have no use for it in the current API. (#1357)
• 11283a0 Move splat functionality into logform. Fixes #1298 (#1356)
• 109031f [fix] Update level property to change transport level #1191 (#1328)
• 4c301eb [dist] Update package-lock.json
• 5fdfad8 Wrap calls to `format.transform` with try / catch. (#1347)
• 0c84f4f Implement _final from Node.js streams; misc. clean-up (#1346)
• 4089b59 [doc fix] Formatting fixes to docs.
• 189559b console transport: send all levels to stdout not stderr by default (#1332)
• 30b83f9 [fix] Follow-up to #1344 to use setMaxListeners in all relevant locations.
• 767b010 Set max listeners to 30 to silence node warnings (#1344)
• ad1e1bf [fix test] Document how to use levels. Add test to ensure it is true. (#1343)
• 0be2362 Check log.length when evaluating "legacyness" of transports (#1340)
• 35707e2 [fix dist] Missing `,`
• 9debbca [dist tiny] Add more tags for npm search.
• f28c0eb Add arguments for exceptions.(un)handle in TS defs; prefer non-deprecated syntax in readme (#1330)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution