[Snyk] Fix for 18 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vscode-extension-telemetry

The new version differs by 125 commits.

• 21d7c13 Missed a place bumping the version
• 41bc647 Update version for release
• c561107 Lower target to support more legacy codebases
• 4911887 Fix Bump url-parse from 1.4.7 to 1.5.7 #88
• 1551186 Update build to node LTS
• 081c624 Remove whitespace expansion due to perf reasons
• 188ee72 Merge pull request Bump xmldom from 0.1.27 to 0.6.0 #73 from radeksimko/f-collect-arch
• ddeafdb common.arch -> common.nodeArch
• 4d7a45b common: Collect architecture as a common property
• bdbab89 Remove first party explicitness from readme
• 068ddd9 Fix compilation
• 1ca205c Update level enum
• e0f1cca Bump version to prepare for a release
• 389b8b2 Fix Bump url-parse from 1.4.7 to 1.5.3 #76
• 0e1a889 Switch to npm 6
• 1099714 Update package.json with new esbuild
• 7174c44 Merge pull request [Snyk] Security upgrade axios from 0.18.1 to 0.21.3 #75 from radeksimko/f-raw-telemetry-event
• 92d1291 rename: TelemetryRawEventProperties -> RawTelemetryEventProperties
• c3ea7fc simplify object notation
• c4d17f1 Add codespaces as a remote authority
• 91e1e18 fix typo Telemtry -> Telemetry
• 7d2d3e4 Introduce 'sendRawTelemetryEvent'
• bb8286d Run on macos latest
• 7bf72ee Update ansi regex

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@xmldom/xmldom@0.8.10	None	0	182 kB	karfau
npm/azure-arm-resource@7.4.0	Transitive: environment, eval, filesystem, network	+68	17.2 MB	windowsazure
npm/ms-rest-azure@2.6.1	environment, filesystem Transitive: eval, network	+67	13.8 MB	windowsazure
npm/vscode-extension-telemetry@0.4.5	environment, eval, filesystem, network, shell, unsafe	0	482 kB	lramos15

🚮 Removed packages: npm/applicationinsights@1.0.1, npm/azure-arm-resource@2.0.0-preview, npm/diagnostic-channel-publishers@0.2.1, npm/diagnostic-channel@0.2.0, npm/ms-rest-azure@2.6.0, npm/vscode-extension-telemetry@0.0.18, npm/zone.js@0.7.6

View full report↗︎