[Snyk] Fix for 2 vulnerabilities

[ebullient]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nano

The new version differs by 51 commits.

• 8e52b3d remove old migration guide
• 7e0d61d 9.0.0 README
• 8655d40 Replace request with axios (#208)
• 77224eb 8.2.3
• 70cf681 8.2.2
• 386e3e3 master --> main (#232)
• c7751ae Merge pull request #226 from YC/info
• 2804eac Add nano.info()
• f04b24f improve MangoSelector TypeScript type - fixes issue #211 (#212)
• 2699b78 8.2.1
• f4909bc do not publish tests in npm package
• 079ed5e stricter TypeScript definitions with tsc --strict, fixes issue #209 (#210)
• de624b4 Fix markdown link in the menu
• 9994f85 allow fetch to return errors as well as successes - fixes issue #203 (#204)
• ee50585 improve TypeScript definitions for Mango selectors - fixes issue #202 (#205)
• 0e2b69e fixed TypeScript definitions for follow functions - fixes issue #194 (#206)
• 530cc60 switch to CouchDB 3 for the Travis tests - no admin party in CouchDB 3 (#207)
• befbcd9 compatibility with nodejs-cloudant
• 037a473 ensure TypeScript definitions are sound during testing (#201)
• df6c040 Make sure nano works with _local docs (#200)
• 3d23bb9 Bugfix (nano.d.ts): DocumentScope.atomic method returns a customizable data structure (#187)
• ff5f425 Bugfix(README.md): Fixed typo (#188)
• b9c5583 Fix for issue 189 (#190)
• 0aa530a typescript definition for built-in reduce function in view's document (#192)

See the full diff

Package name: openwhisk

The new version differs by 13 commits.

• d312b7c bump package.json to 3.10.0 (#87)
• 7046c09 Add new features to routes methods. (#85)
• 268c0b6 Add support for FQN entity names with leading forward slash (#83)
• 19fdd98 travis npm publish (#84)
• 784df05 Support retrieving status and configuration of feed triggers (#80)
• 537b547 Add type support for annotations and limits (#76)
• 8f0e241 switch from request-promise to needle (#78)
• 244d2b0 Adding support for responsetype parameter during route create. (#74)
• 401fdc5 Adding type definitions for typescript (#72)
• 47a7ab5 Add support for action limits and annotations (#73)
• 961968f feat: Support version when create / update action (#65)
• c1f3a23 Remove "experimental" API Gateway support. (#67)
• 6f4a9fd remove test dependency on resource created before script run (#68)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution