[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Signature Validation Bypass SNYK-JS-XMLCRYPTO-1023301	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: googleapis

The new version differs by 250 commits.

• 20409df chore: release 49.0.0 (#2022)
• 7de4e78 chore(deps): update dependency null-loader to v4 (#2044)
• 340f78d chore(deps): update dependency ts-loader to v7 (#2043)
• 254f878 chore: remove unused dev packages (#2042)
• f4eb6e0 chore: update lint ignore files (#2040)
• 0110f3e docs: update readme for drive readme (#2039)
• 73d284b fix(deps): update common and auth (#2038)
• 476b71e test: use discovery docs from fixture (#2037)
• 3a3b61d build: remove unused codecov config (#2034)
• fea414a feat!: regenerate the API (#2028)
• 48a4f05 chore(dep)!: deprecate node 8 (#2021)
• 99ebacf test: the kitchen sink system test sometimes times out (#2020)
• 05090da fix: apache license URL (#468) (#2017)
• d15c656 chore: remove duplicate mocha config (#2016)
• 874edc3 build: update templates (#2013)
• dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (#2012)
• 741c58b chore: update github actions configuration (#1999)
• 1fe744b chore(deps): update dependency @ types/rimraf to v3 (#1995)
• 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (#1993)
• 0a4db38 chore: release 48.0.0 (#1979)
• 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (#1988)
• 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (#1989)
• 8677588 build(tests): fix coveralls and enable build cop (#1982)
• 0679c78 build: update linkinator config (#1981)

See the full diff

Package name: soap

The new version differs by 125 commits.

• daea0b0 Release v0.35.0
• 2fef944 upgraded xml-crypto to latest version (#1131)
• 9be0b74 Release v0.34.0
• d1790b5 fix non lower case ?wsdl handling (#1129)
• ec53c51 Fixing bug: if options.signatureAlgorithm = ..sha256 => will be generated two Reference to Body. (#1128)
• ac6db98 Remove constructor overload (#1127)
• 5fc0710 Drop bluebird (#1125)
• 4fc5b05 Upgrade uuid (#1124)
• 2120a1a Avoid lodash where possible (#1122)
• 3e49710 Move static-serve to dev dependencies (#1121)
• 471073b Replace concat-stream with get-stream (#1123)
• 8884a96 Release v0.33.0
• 1f58e6e Added an option to directly return the underlying sax stream (#1120)
• ee59f86 Convert decimals (#1118)
• 069276b bump lodash to 14.17.19 (#1117)
• 11bcc3e Release v0.32.0
• 5c3c810 Bug where no prototypical inheritence chain exists (#1110)
• 55e51fb replace === with startsWith (#1116)
• 7f5cf4c Add overrideImportLocation option (#1114)
• 1a8bcb7 Move @ types/requests dependency into devDependencies (#1111)
• 699b984 Clear http client header (#1103)
• cd8a852 Escape username and password in wss (#1107)
• e2b69b1 Release v0.31.0
• 5356c94 Fixes bug when envelopeKey is changed and WSSecurityCert is set (#1106)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn