[Snyk] Fix for 19 vulnerabilities

[arealmaas]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Command Injection SNYK-JS-NODEIDEVICE-609343	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: appium-android-driver

The new version differs by 250 commits.

• f6aac65 5.0.0
• 3ebf3b5 fix: yaml linting
• 35a649d fix: Add index
• e18495b refactor!: Switch the driver to use Appium2 modules (displayed? always returns true on iOS, Ruby. appium/appium#725)
• a864fa8 4.54.0
• 9e8c327 feat: Add mobile extension to refresh the GPS cache (Appium Android crashing on startup appium/appium#721)
• 3576bea 4.53.0
• 8717234 feat: Change media scan logic for Android API above 28 (navigate to url fix which speeds up execution on real devices appium/appium#720)
• f62fbe8 4.52.1
• ce4078c 4.52.0
• ab52a03 fix: Update parse memory data for Android 11(API 30) (Quote binary location to fix space in path appium/appium#719)
• dcf8c6a feat: allow support of appium 2 plugin plus proxy interaction
• 0bfcebc chore(deps-dev): bump sinon from 11.1.2 to 12.0.0 (Wait for activity takes an array appium/appium#714)
• 90f09bf chore: Bump xmldom dependency version (reset.sh script is failing to build ApiDemos appium/appium#713)
• 4bb5d76 4.51.0
• 4ec9994 refactor: Add chromeLoggingPrefs to the list of desired capabilities (Change which allows multiple selendroid servers to run on one MAC/PC appium/appium#710)
• 853c19d 4.50.0
• e5bba2e feat: Make unlocking strategy configurable (Session terminated on device running Android 2.2 appium/appium#709)
• 12537c0 feat: Implement fast unlock screen dismissal (ScreenShot Android without screenshooter appium/appium#708)
• f02240f 4.49.0
• c2f8c80 feat: Add a mobile extension to clear an app data (android build exit status and noReset fixes appium/appium#707)
• 05ef12a 4.48.2
• 7ab057e feat: Add package option to the broadcast extension (fix source crash appium/appium#706)
• 1d9b762 4.48.1

See the full diff

Package name: appium-base-driver

The new version differs by 249 commits.

• a367856 6.0.0
• aeffcd4 refactor: Use axios for the actual proxy implementation instead of the deprecated request module (Check that clean apk is signed appium/appium#409)
• 57ef9bc chore: Replace request usage with axios in tests (mobile: find tests fail appium/appium#408)
• ef73cee 5.8.1
• 4b73599 chore: Switch to axios in App download (Can not open/run tests on real device on iPad appium/appium#407)
• 5d36756 chore: Define options for for doubleClick, buttonUp\Down routes (fix misc android issues raised by testsuite appium/appium#406)
• ef9c110 5.8.0
• d22c01f feat: add calling chrome devtools endpoint for chromium (fix invalid apk error appium/appium#405)
• 9f667ef chore: move to dependabot (de-flakify appium/appium#404)
• c5d5fe6 5.7.1
• 84922ef fix: Avoid ERR_STREAM_WRITE_AFTER_END error (better /sessions appium/appium#401)
• d396dbf chore: fix linting issues (fix empty selector crash appium/appium#403)
• be7762b fix: put full date on the static guinea pig pages (Updated and fixed support for flick using touch actions. appium/appium#402)
• 2faf4a8 5.7.0
• 0cee519 feat: Add requests idempotency verification on the server side (Calling wd/hub/sessions always returns atleast one session appium/appium#400)
• 217c5c7 chore(deps): bump webdriverio from 5.22.4 to 6.0.2 (.Net now uses NuGet appium/appium#399)
• 39fec80 5.6.0
• c7e3a4b feat: Consider the content of Cache-Control header for application caching (add sauce connect example appium/appium#397)
• 5a60675 5.5.0
• d8f3c83 feat: add score attribute for image element (Make Appium Windows Friendly appium/appium#396)
• a399aaa 5.4.3
• 9c6f9b6 chore: Use file name sanitizer imported from appium-support (Added support for element based swiping. appium/appium#394)
• 6e3b87a fix: Add button to actions payload (Alert cannot be found on an implicit wait appium/appium#395)
• 5b72ccd 5.4.2

See the full diff

Package name: appium-fake-driver

The new version differs by 48 commits.

• e4a935c 0.10.0
• 3ed585d Bump appium-base-driver from 5.8.1 to 6.0.1 (Location header thingie appium/appium#60)
• 643057f chore: Delete the redundant request-promise import (JSONWP compatibility fixes appium/appium#59)
• 9e0a50e fix(package): update xmldom to version 0.3.0 (Fix for the one remaining functional UICatalog test appium/appium#58)
• ea0cbc7 chore(package): update sinon to version 9.0.0 (fail gracefully on bad http requests appium/appium#57)
• 39ee265 chore(package): update appium-gulp-plugins to version 5.0.0 (Fixes for context sensitive lookup; doesn't fix the UICatalog tests yet appium/appium#56)
• cd3f0ad chore(package): update sinon to version 8.0.0 (Major refactoring and made element lookup by name available appium/appium#55)
• f424140 fix(package): update xmldom to version 0.2.0 (small fixes appium/appium#54)
• b530e8f 0.9.0
• 977a2b4 fix(package): update appium-base-driver to version 5.0.0 (use github to serve static test zip appium/appium#53)
• 2fede14 chore: update yargs to version 15.0.1 (Adding some downloadable assets appium/appium#52)
• 651c971 0.8.0
• 74a9957 Merge pull request docs and examples update appium/appium#51 from appium/appium-2.0-compat
• a3b2771 make compatible with appium 2
• 3be231a 0.7.0
• dae00ea chore: update appium-base-driver to 4.0.0 (Let's catch up with communication protocol changes. appium/appium#48)
• 8967168 fix(package): update yargs to version 14.0.0 (update page source schema/tests appium/appium#47)
• af24cd2 Fix the build
• cbb8c73 Update appium-gulp-plugins to the latest version 🚀 ([Snyk] Fix for 2 vulnerabilities #41)
• 20348aa Add function names
• 5af2bc8 fix(package): update yargs to version 13.1.0 ([Snyk] Security upgrade appium-xcuitest-driver from 2.133.1 to 3.44.0 #40)
• 6267efd Update eslint-config-appium to the latest version 🚀 ([Snyk] Security upgrade request-promise from 1.0.2 to 4.2.6 #39)
• 48ddbf7 Update sudo/dist in travis ([Snyk] Fix for 1 vulnerabilities #38)
• 4a506f3 Add missing peer dev dep

See the full diff

Package name: appium-ios-driver

The new version differs by 132 commits.

• 712e450 4.7.0
• dd85abe Bump appium-base-driver from 5.8.1 to 6.0.1 (XPath //* for iOS appium/appium#430)
• 672a30a 4.6.3
• 6f44bad chore: Use axios instead of the deprecated request module (beefify installAndroidApp appium/appium#428)
• 04caae0 chore: fix linting issues (mobile: currentActivity appium/appium#426)
• dc1652e chore: remove greenkeeper artifacts (android getCurrentActivity appium/appium#427)
• 6cfcbc9 chore: Get rid of node-simctl dependency (allow reset.sh to be called with --android or --ios if you only care about that platform appium/appium#425)
• dd0590f 4.6.2
• 3412842 chore: move uuid to appium-support (grunt installAndroidApp should not fail if app already installed appium/appium#424)
• 802eafd chore: move from greenkeeper to dependabot (reset.sh should be able to be run for android only or ios only appium/appium#423)
• 222a0bc 4.6.1
• 60d8043 fix(package): update xmldom to version 0.3.0 (Updating reset.sh to fix #417 appium/appium#418)
• f397935 chore(package): update uuid to version 7.0.0 (Reset.sh not able to find ANDROID_HOME, however command echo $ANDROID_HOME works appium/appium#417)
• 9489f8c chore(package): update sinon to version 9.0.0 (Android orientation fixes appium/appium#416)
• bdaef27 4.6.0
• 33e6f16 fix: Remove iwd4 to avoid macOS notarization error for AppiumDesktop (reset.sh fails on default node pkg appium/appium#415)
• 0ac106d fix: turn off greenkeeper for node-simctl (grunt android fails appium/appium#414)
• 4f9f565 chore(package): update mocha to version 7.0.1 (fix mobile: find tests appium/appium#411)
• c2aaac9 chore(package): update appium-gulp-plugins to version 5.0.0 (appium doesn't fail when bad apk path is used appium/appium#410)
• 08da371 chore(package): update sinon to version 8.0.0 (Check that clean apk is signed appium/appium#409)
• b05b0ce fix(package): update xmldom to version 0.2.0 (Can not open/run tests on real device on iPad appium/appium#407)
• 0d0e68a 4.5.0
• 868f37f fix(package): update appium-base-driver to version 5.0.0 (fix invalid apk error appium/appium#405)
• d38d46f fix(package): update yargs to version 15.0.1 (de-flakify appium/appium#404)

See the full diff

Package name: appium-windows-driver

The new version differs by 124 commits.

• 823c7de chore(release): 2.0.0 [skip ci]
• 50ec0ca feat: Update dependencies for Appium 2
• 1114303 refactor!(breaking-change): bump dependencies to appium2 (Handle global npm install properly appium/appium#121)
• c376660 chore(release): 1.21.1 [skip ci]
• ac38697 fix: dummy commit to test the release action
• 0470b7b docs: add badges
• 62842bc chore: add github release action
• 6c21cd4 chore(deps-dev): bump sinon from 12.0.1 to 13.0.0 (hybrid examples and webview app appium/appium#120)
• a18632a 1.21.0
• 4cc702f feat: Make it possible to request element size (readme update appium/appium#118)
• b60de66 feat: Bump WAD installer version to 1.2.99 (Check ENV for Appium.app appium/appium#114)
• dfc9874 docs: Tune environment variables description
• 1116663 feat: Enable setting WAD local path (more hybrid commands appium/appium#116)
• bea6270 chore(deps-dev): bump sinon from 11.1.2 to 12.0.0 (Be less cryptic in case Appium couldn't start up. appium/appium#115)
• c046199 1.20.0
• fc16e20 chore: Add workarounds for get and set window size W3C commands (Added more info to exception. appium/appium#113)
• 0513ef0 1.19.1
• 410f294 refactor: Tune the procedure of WAD install path lookup (Support for more hybrid commands appium/appium#111)
• 29f618f chore(deps-dev): bump sinon from 10.0.1 to 11.0.0 (hey pull this appium/appium#109)
• 73e10ad 1.19.0
• c518dd7 feat: File movement API commands (Show the actual version number from the cmd line appium/appium#107)
• 80d84ec 1.18.3
• 126b25d fix: Change parameter name for Set-ExecutionPolicy cmdlet (nav to url for webview appium/appium#106)
• 1d0821b 1.18.2

See the full diff

Package name: appium-xcuitest-driver

The new version differs by 250 commits.

• 4bf432f 4.0.0
• a94c202 refactor!: Switch the package to use Appium2 modules (refactor ios startup cascade appium/appium#1383)
• cfb3b93 docs: Update certificate install
• d1a72ca chore: Bump sinon from 12.0.1 to 13.0.0 (fail with an error message if user is on xcode 5.0.1 (address #1377) appium/appium#1379)
• 9d64fe5 chore: iOS 15.2 PR validation (drop iOS 13) (update ios auth logic (fix #1373) appium/appium#1374)
• cfaf3dc chore(release): 3.62.0 [skip ci]
• af3a1e3 feat: Add mobile extensions to capture mobile network traffic (grunt authorize broken on OS X 10.9 appium/appium#1373)
• a766b01 chore(release): 3.61.0 [skip ci]
• 6bdfa6c feat: Use py-ios-device to gather crash reports from the device (fix for #1040 appium/appium#1371)
• a9aba25 chore(release): 3.60.1 [skip ci]
• f2db5ae fix(driver): correct logic in assignment from cli args
• 6c058cd chore(release): 3.60.0 [skip ci]
• de7ab1e feat: Add support of py-ios-device for certificate install on real devices (Appium build 10.4 is not reaping forked process appium/appium#1369)
• 6614d50 chore(release): 3.59.2 [skip ci]
• eac16c2 fix: Fix top folder path calculation in pullFolder (Is it possible to get element source? appium/appium#1367)
• c25f5cc chore: Be more forgivable while pulling multiple items from the device (iOS 7 Test Failures appium/appium#1366)
• e89ce57 docs: update readme (Translate Appium Docs to Chinese appium/appium#1365)
• fd8150d chore(release): 3.59.1 [skip ci]
• 2ad808c fix: Add ffmpeg options to reconnect automatically if the MJPEG server stops responding (Unable to build unlock apk on Windows appium/appium#1364)
• 87bd380 chore(release): 3.59.0 [skip ci]
• e845528 feat: make IPHONE_TOP_BAR_HEIGHT configurable with `safariTabBarPosition` (Selendroid Automation will not work on 0.11 appium/appium#1361)
• 68767fa docs: typo in readme (Expanded Android docs appium/appium#1360)
• 6138590 chore(release): 3.58.2 [skip ci]
• 4c4510a fix: update the alias for the install method (Appium pauses for a long time trying to find node appium/appium#1359)

See the full diff

Package name: request-promise

The new version differs by 45 commits.

• 9b533b0 Version 4.0.0
• 796b317 docs: updated for v4 release
• 6833954 chore: updated promise-core
• 8aa5d1a docs: updated instructions for running request tests
• e791f17 feat: better error message for missing peer dependency
• 8c42fda feat: inform about dropped CLS support
• 82ed81d docs: added change for the upcoming v4 release
• 510e272 docs: listed changes for the upcoming v4 release
• b963290 docs: grammar
• 1cc3202 feat: full reimplementation using (at)request/promise-core
• 56a6fa1 Merge pull request readme update appium/appium#118 from jmm/api-opt-defaults
• 2b1c11b Add default opt values to API docs
• 061a6ae chore: node v6 support
• 364ec40 chore: improved formatting
• 7a5522f fix: typo
• ee171f9 Merge pull request Be less cryptic in case Appium couldn't start up. appium/appium#115 from EvanCarroll/master
• c3bb0dc updated to better differentiate json/html forms because underlying request.pm is really bad at giving a sane error here.
• 2854e04 Version 3.0.0
• 32d988a fix: TransformError for transform that returns rejected Promise
• 296b08d feat: apply transform to non-200 responses also in simple mode (issue Fixing merge conflicts of another pull request appium/appium#86)
• 0cfa8f2 feat: introduced TransformError for failed transforms
• d678f35 refactor: error attribute assignment
• 2ad8792 feat: better StatusCodeError.message
• dcd18ad v3 not yet released

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn