[Snyk] Fix for 20 vulnerabilities #67

Nishkalkashyap · 2023-12-19T15:32:44Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chokidar

The new version differs by 113 commits.

7b8e02a Release 3.0.0.
e7bfe2f Move stuff.
df7f22e Remove changelog from npm, move to hidden dir.
3df7692 Improve naming.
6e94ca2 Clean-up.
2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (#833)
9e0965a Fix Windows tests in Travis CI (#832)
c95a98f Update stuff.
187ff2b test: Trying to fix blinked tests for Travis CI. (#825)
db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (#824)
41f8782 fix(FsEvents): Remove situation with NaN depth. (#823)
7cf3f7e Update readdirp to stable.
0927a62 Bump packages.
11cd857 Update nyc.
99c14d7 Uncomment fsevents.
cf330a5 Update fsevents.
0e4fca5 Fix deps.
9c575d4 Fix Windows version (#821)
3323d59 fix(Linux): Make event loop hack for keep testing valid. (#820)
06214c5 Update to latest readdirp.
793639f Rename osxfswatch.
078bc2d Refactor and fix freaking tests.
2b9bb41 Try node 11.
3fe3d4e Test travis.

See the full diff

Package name: npm

The new version differs by 250 commits.

3b4ba65 7.0.0
bbfc75d chore: fix weird .gitignore thing that happened somehow
8a2d375 docs: changelog for v7.0.0
365f2e7 [email protected]
fafb348 [email protected]
9306c68 [email protected]
569cd64 [email protected]
ac9fde7 Integration code for @ npmcli/[email protected]
704b9cd @ npmcli/[email protected]
3955bb9 [email protected]
da240ef fix: patch config.js to remove duplicate values
9ae45a8 [email protected]
41ab36d [email protected]
c474a15 [email protected]
efc6786 fix: make sure publishConfig is passed through
1e4e6e9 docs: v7 using npm config refresh
5c1c2da fix: init config aliases
5bc7eb2 docs: v7 npm-install refresh
1a35d87 7.0.0-rc.4
7a5a557 docs: changelog for v7.0.0-rc.4
f0cf859 chore: dedupe deps
0273745 [email protected]
7bd47ca @ npmcli/[email protected]
9320b8e only escape arguments, not the command name

See the full diff

Package name: stylus

The new version differs by 56 commits.

9cb7635 chore: add new npm ugnore config (#2631)
dde9868 0.55.0 (#2630)
fe5bde1 Replace dependency css-parse with css (#2554)
7334567 Add deg and fr as exceptions for 0 value unit omission (#2578)
57480a4 chore: update history.md and readme.md (#2628)
f5a02e8 chore: add macos platform test (#2624)
1f7f419 fix yaml front matter (#2617)
6a96c0f [skip ci]chore: update reademe.md content (#2602)
99b05a9 chore: add issue and pull request template (#2606)
ae9d267 chore: add github actions ci and improve test (#2601)
11a0735 Bump lodash from 4.17.19 to 4.17.21 (#2589)
7a8e777 Bump glob-parent from 5.1.1 to 5.1.2 (#2592)
23d3295 Merge pull request #2571 from dthadi3/ppc64le
f546669 Travis-ci: Updated nodejs versions 10, 12, 14
5b90e45 Travis-ci: added support for ppc64le
59bc665 Merge pull request #2549 from mockee/dev
96c02de Bug fixes of encoding png image in `url` lib function.
8f42760 Merge pull request #2186 from royels/1567
775537b Create SECURITY.md
169c337 Up mocha
1406479 Merge pull request #2506 from F4-Group/2485-fix-property-lookup-negation
4387374 Merge pull request #2519 from LanetheGreat/dev
518afa8 Merge pull request #2520 from Subash/patch-1
9539c53 Merge pull request #2523 from midnightcoder-pro/dev

See the full diff

Package name: ts-loader

The new version differs by 3 commits.

218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (#930)
9946fbc v5.4.6
e13bee2 Update dependencies (#928)

See the full diff

Package name: webpack

The new version differs by 250 commits.

610f368 5.0.0
5ce65c1 update examples
bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
75ecff2 5.0.0-rc.6
bfc35d6 Merge pull request #11603 from MayaWolf/master
76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
36bcfaa Merge pull request #11621 from webpack/bugfix/11619
9130d10 fix called variables with ProvidePlugin
3e42105 Merge pull request #11620 from webpack/bugfix/11617
4709719 skip connections copied to concatenated module
57b493f 5.0.0-rc.5
1658e2f Merge pull request #11618 from webpack/bugfix/11615
a8fb45d fixes crash in SideEffectsFlagPlugin
84b196d emit error instead of crashing when unexpected problem occurs
5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
9b5cce9 Merge pull request #11609 from snitin315/export-types
37c495c export type RuleSetUseItem
39faf34 export type RuleSetUse
e5fd246 export type RuleSetConditionAbsolute
660baad export RuleSetCondition types
13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4