[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @semantic-release/github

The new version differs by 62 commits.

• 0231e7b fix(package): update globby to version 10.0.0
• 3a2da7a fix(package): update dir-glob to version 3.0.0
• 30d5175 feat: GitHub Actions support
• 543e7d6 fix(package): update issue-parser to version 4.0.0
• a7eac93 style: preserve alphabetical order of properties in `package.json`
• b6f32e6 fix: dependency updates
• 1a4a1ad chore(package): update ava to version 2.0.0
• 12527bd chore(message): fix typo for missing issue message
• acda05b fix(package): update fs-extra to version 8.0.0
• 6f92175 style: exempt "issue_number" and "pull_number" from camelcase rule
• fa677fa fix: adapt for latest @ octokit/rest to remove deprecation warnings (refactor(pre): Use npm.config instead of npmconf package. semantic-release/semantic-release#177)
• d2d873c chore(package): update tempy to version 0.3.0
• 9446a30 chore(package): update nyc to version 14.0.0
• 2b5c09b fix(package): update aggregate-error to version 3.0.0
• 06f1d91 test: update tests to support draft releases
• c9c5ebf feat: Append assets before release
• bdde80f fix(package): update p-filter to version 2.0.0
• 552b131 fix(package): update p-retry to version 4.0.0
• f1fedc0 chore(package): update xo to version 0.24.0
• 7e4378d fix(package): update @ octokit/rest to version 16.13.1
• 1b7e473 fix: update globby to latest version
• 761d39e test: update ava to version 1.0.1
• d65092f fix(package): update aggregate-error to version 2.0.0
• 3b4daf9 build: remove unnecessary `docker` service in Travis

See the full diff

Package name: git-url-parse

The new version differs by 10 commits.

• c66bd99 Updated docs
• c504b8a ⬆️ 10.0.0 🎉
• 30d77e0 ⬆️ 9.0.2 🎉
• b960f1f Updated docs
• b60f0ba ⬆️ 10.0.0 🎉
• 1912236 Merge branch 'fix-source-2parts-sld' of https://github.com/pvdlg/git-url-parse into new-version
• 67ae07c ⬆️ 9.0.2 🎉
• 13dae80 Fix parsing of `source` with 2 parts SLD
• e58ee36 Revert "Fix issue Decouple version determiner from npm registry semantic-release/semantic-release#56"
• c4dfff9 Revert "Fix Write a dont-break verifyRelease plugin semantic-release/semantic-release#65. Check if the parsed resource is not null."

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (pre release version not incrementing semantic-release/semantic-release#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (semantic-release/npm plugin doesn't honor "npmPublish":false semantic-release/semantic-release#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (Provide guidance on how to use semantic-release with yarn semantic-release/semantic-release#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (pre release version not incrementing semantic-release/semantic-release#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (How do you run the integration tests locally semantic-release/semantic-release#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (Cannot run in non-javascript project semantic-release/semantic-release#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (Question: Refferencing issue keys in changelog from external issue tracker semantic-release/semantic-release#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (Question: Refferencing issue keys in changelog from external issue tracker semantic-release/semantic-release#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (Allow missing release branches if a prerelease branch exists semantic-release/semantic-release#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (feat: allow missing stable branch if other branches match the config semantic-release/semantic-release#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (If I am having two branches matching the regex in branch configuration, The pre-release branches are invalid in the branches configuration semantic-release/semantic-release#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (No release notes in tag semantic-release/semantic-release#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (promote to the latest channel semantic-release/semantic-release#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (Semantic Release dep marked has a high vulnerability in the version Semantic uses. semantic-release/semantic-release#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (Confused about beta vs next semantic-release/semantic-release#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: yargs

The new version differs by 106 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Add GitHub actions to recipes semantic-release/semantic-release#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (Can't do major release semantic-release/semantic-release#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Provide an easy way to get the next version via the CLI semantic-release/semantic-release#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (Docs: Why does semantic-release require Node version >= 8.16? semantic-release/semantic-release#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (fix: require Node.js >=8.16 semantic-release/semantic-release#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (Output of --tag-format is mangled. semantic-release/semantic-release#1330)
• c294d1b test: accept differently formatted output (Version 15.13.27 depends (indirectly) on a package that has high vulnerability issues (https-proxy-agent) semantic-release/semantic-release#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (Update execa to the latest version 🚀 semantic-release/semantic-release#1320)
• 0295132 fix: address issues with dutch translation (Dry mode is always being triggered semantic-release/semantic-release#1316)
• 9f2468e doc: clarify parserConfiguration object structure (Re-use global plugins inside shareable configurations semantic-release/semantic-release#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (An in-range update of hosted-git-info is breaking the build 🚨 semantic-release/semantic-release#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (docs: add leiningen-semantic-release to list semantic-release/semantic-release#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect