[Snyk] Fix for 9 vulnerabilities #96

mtdev2 · 2024-05-20T22:42:37Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: init-package-json

The new version differs by 118 commits.

9d12b13 chore: release 6.0.0
9eccb04 deps: bump read-package-json from 6.0.4 to 7.0.0
3024040 deps: bump npm-package-arg from 10.1.0 to 11.0.0
97b1efe fix: drop node14 support
02495f1 chore: turn on autopublish
f07f272 chore: bump @ npmcli/config from 6.2.1 to 7.0.0
9180984 chore: postinstall for dependabot template-oss PR
2e2eb32 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
8d5957a chore: postinstall for dependabot template-oss PR
60b55b8 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
977dfe0 chore: postinstall for dependabot template-oss PR
f51906b chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
1f2070b chore: bump @ npmcli/template-oss from 4.12.1 to 4.14.1 (Building any npm package in OE/Yocto env run into error: npm/cli#222)
ef2b008 chore: bump @ npmcli/template-oss from 4.12.0 to 4.12.1 (Support listing out npm cache npm/cli#194)
7328f8a chore: postinstall for dependabot template-oss PR
e2443b8 chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0
3bd6ebd chore: postinstall for dependabot template-oss PR
c711ff7 chore: bump @ npmcli/template-oss from 4.11.3 to 4.11.4
a7baf44 chore: release 5.0.0 (Replaced var with const for adduser.js npm/cli#190)
8f61147 chore: sequential tests
dfd3abd chore: fix race condition in test inputs
8b919b7 feat!: refactor
a3643d4 chore: postinstall for dependabot template-oss PR
4a4808a chore: bump @ npmcli/template-oss from 4.11.0 to 4.11.3

See the full diff

Package name: libnpx

The new version differs by 3 commits.

84eeb54 chore(release): 10.2.4
7a03da5 test: patch child.js test
122ed5c deps: update yargs

See the full diff

Package name: lock-verify

The new version differs by 5 commits.

b232554 2.2.2
5f9c66b update repo references
0b908c2 update deps
a6d8081 2.2.1
cd660d6 chore: add deprecation notice

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

9acb4c7 chore: release 10.0.0
3032e10 chore: run tests after release please PR
864a979 feat!: use .npmignore file to limit which files are published ([BUG] Dev dependency should not throw “unsupported platform” error when using --production flag on npm install npm/cli#2921)
4e493d4 chore: misc testing fixes (fix(uninstall): use correct local prefix npm/cli#2930)
d52997e feat: convert internal classes from util.inherits to classes
355622f feat: convert all internal functions to async/await
1b3bd34 feat!: drop node 14 support (fix(install): ignore auditLevel npm/cli#2929)
e388255 deps: which@4.0.0 ([BUG] EACCES error with npm remove on npm@7.7.0 npm/cli#2928)
059bb6f deps: make-fetch-happen@13.0.0 ([BUG] npm uninstall doesn't work in 7.7.0 npm/cli#2927)
4bef1ec deps: glob@10.3.10 ([BUG] npm 7.7.0 lost progress bar on npm install npm/cli#2926)
21a7249 chore: add check engines script to CI (Release/v7.7.0 npm/cli#2922)
707927c feat(gyp): update gyp to v0.16.1 (fix(audit-level): add info audit level npm/cli#2923)
d644ce4 docs: update applicable GitHub links from master to main ([BUG] "ERR! must provide string spec" when running "npm install" npm/cli#2843)
4a50fe3 chore: empty commit to add changelog entries from package-lock changes depending upon name of project folder npm/cli#2770
26683e9 chore: GitHub Workflows security hardening ([BUG] NPM 7.x broke the "--json" CLI parameter npm/cli#2740)
91fd8ff Python lint: ruff --format is now --output-format
b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 ([BUG] workspace packages using different major versions of the same package causes issues npm/cli#2783)
5746691 test: update expired certs (fix(usage): tie usage to config npm/cli#2908)
d3615c6 Fix incorrect Xcode casing in README ([BUG] Fix ERESOLVE error output npm/cli#2896)
bb93b94 docs: README.md Do not hardcode the supported versions of Python ([BUG] npm on windows can't run scripts with ".", relative paths "../" npm/cli#2880)
0f1f667 fix: create Python symlink only during builds, and clean it up after ([BUG] cannot read property 'length' of undefined with npm npm/cli#2721)
445c28f test: increase mocha timeout ([BUG] sudo prompt is not shown in scripts, causing install and tests to hang npm/cli#2887)
1bfb083 Fix Python lint error by using an f-string (feat: add exec workspaces npm/cli#2886)
c9caa2e docs: Update windows installation instructions in README.md ([DOC] Wiki has broken link npm/cli#2882)

See the full diff

Package name: npmlog

The new version differs by 51 commits.

ae1f107 chore: release 7.0.1 (docs: scoped names can begin with '.' & '_' npm/cli#134)
add709d fix: do not enable progress while paused
35651cf chore: postinstall for dependabot template-oss PR
40ea375 chore: bump @ npmcli/template-oss from 4.5.1 to 4.6.1
040c663 chore: release 7.0.0 (Handle git branch references correctly npm/cli#123)
47f4fb1 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0
01dd16e deps: bump gauge from 4.0.4 to 5.0.0
f896c8e deps: bump are-we-there-yet from 3.0.1 to 4.0.0
92546b8 chore: postinstall for dependabot template-oss PR
33b83ef chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
d4820b9 chore: postinstall for dependabot template-oss PR
ed07d95 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
b7d204d feat!: postinstall for dependabot template-oss PR
bd3c67b chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
36e8210 chore: postinstall for dependabot template-oss PR
fb96681 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
4b021c3 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Update npm audit 401 error message npm/cli#112)
6eeb7df chore: postinstall for dependabot template-oss PR
c0e798d chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
87e9ff0 chore(main): release 6.0.2 (dist-tag: make 'ls' the default action npm/cli#106)
ca78ea6 chore: bump @ npmcli/template-oss from 3.2.0 to 3.4.1 (Replace hardcoded URL to advisory with a URL from audit response npm/cli#110)
2ee3207 chore: bump tap from 15.2.3 to 16.0.1 (Fix inline code in npm-scripts npm/cli#107)
ab9b134 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (Release: npm@6.5.0 npm/cli#105)
929686c deps: update gauge requirement from ^4.0.2 to ^4.0.3 ([Snyk] Fix for 1 vulnerabilities #101)

See the full diff

Package name: read-package-json

The new version differs by 109 commits.

eec43b7 chore: release 7.0.1 (Implements peerDependenciesMeta npm/cli#224)
bfaffbf fix(linting): no-unused-vars
153cfda chore: postinstall for dependabot template-oss PR
fae3210 chore: bump @ npmcli/template-oss to 4.22.0
70ebc23 chore: postinstall for dependabot template-oss PR
cd2962f chore: bump @ npmcli/template-oss from 4.21.3 to 4.21.4
a8d949f chore: postinstall for dependabot template-oss PR
1302bc7 chore: bump @ npmcli/template-oss from 4.21.1 to 4.21.3
653fefe chore: postinstall for dependabot template-oss PR
396504e chore: bump @ npmcli/template-oss from 4.19.0 to 4.21.1
cf2a925 chore: postinstall for dependabot template-oss PR
82a7788 chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
9815e70 chore: postinstall for dependabot template-oss PR
46c9b90 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
c73cf0d chore: use npm 9 for CI (Replaced var with const for adduser.js npm/cli#190)
1f477a8 chore: Fix out-of-order ChangeLog entry (Use Installer when packaging git dependencies npm/cli#189)
eca41e5 chore: release 7.0.0
3c10858 deps: bump normalize-package-data from 5.0.0 to 6.0.0
2845aa5 fix: drop node14 support
beb1b31 chore: postinstall for dependabot template-oss PR
04c63d8 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
8f64487 chore: postinstall for dependabot template-oss PR
7a1f544 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
191c78e chore: release 6.0.4