[Snyk] Fix for 13 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 65 commits.

• 7adc19a v4.7.4
• 9dd8d10 Update release notes
• 4671c4b Use tmp directory for files written during tests
• e46baa1 tasks/test-bin.js: Delete duplicate test
• c491b4e Revert "Update release-notes.md"
• 738391a Update release-notes.md
• 80c4516 chore: add unit tests for cli options (Add buffer deprecation migration guide nodejs/nodejs.org#1666)
• d79212a fix: migrate from optimist to yargs (Add buffer deprecation migration guide nodejs/nodejs.org#1666)
• b440c38 chore: ignore external @ types in tests
• 2dba7ee docs: fix comparison link
• c978969 v4.7.3
• 9278f21 Update release notes
• d78cc73 Fixes spelling and punctuation
• 4de51fe Add Type Definition for Handlebars.VERSION, Fixes Docs: Correct spelling nodejs/nodejs.org#1647
• a32d05f Include Type Definition for runtime.js in Package
• ad63f51 chore: add missing "await" in aws-s3 publishing code
• 586e672 v4.7.2
• f0c6c4c Update release notes
• a4fd391 chore: execute saucelabs-task only if access-key exists
• 9d5aa36 fix: don't wrap helpers that are not functions
• 14ba3d0 v4.7.1
• 4cddfe7 Update release notes
• f152dfc fix: fix log output in case of illegal property access
• 3c1e252 fix: log error for illegal property access only once per property

See the full diff

Package name: linkinator

The new version differs by 147 commits.

• ce88410 fix(perf): refactor to use htmlparser2 (Fixing typo nodejs/nodejs.org#335)
• 86a52fa chore(deps): update dependency ansi-regex to 5.0.1 [security] (Add guides to docs nodejs/nodejs.org#334)
• a30fe8f chore(deps): update dependency nth-check to 2.0.1 [security] (Fixes incorrect closing tag in template nodejs/nodejs.org#333)
• f906d49 build(deps): bump nth-check from 2.0.0 to 2.0.1 (4.2.2 Argon MSI for 64 bit contains faulty npm version nodejs/nodejs.org#332)
• 295617c chore(deps): update dependency semantic-release to v18 (Add weekly update 2015-11-06 nodejs/nodejs.org#331)
• 025a263 build: switch node 15 to 16 in tests (update docker WG link nodejs/nodejs.org#325)
• 395ad5b chore(deps): update dependency @ types/cheerio to v0.22.30 (Update/remove Foundation Timeline nodejs/nodejs.org#318)
• 2f1b5b1 feat: add support for url rewrites (Use * instead of _ as em tags in markdown nodejs/nodejs.org#317)
• 999fca3 fix(deps): update to the latest version of cheerio (Add Node Knockout to the events page nodejs/nodejs.org#316)
• c165d73 build(deps): bump glob-parent from 5.1.1 to 5.1.2 (New StrongLoop Logo. nodejs/nodejs.org#312)
• c06ecab build(deps): bump normalize-url from 4.5.0 to 4.5.1 (Add Node Knockout to the events page. nodejs/nodejs.org#311)
• 5d66c2e chore(deps): update dependency trim-newlines to 3.0.1 [security] (Fix 2 typos in "What You Should Know about Node.js v5 and More" blog post nodejs/nodejs.org#310)
• 39b37bb build(deps): bump lodash from 4.17.20 to 4.17.21 (Add weekly update 2015-10-30 nodejs/nodejs.org#302)
• a24d3a0 chore(deps): update dependency sinon to v11 (Display links to both Stable and LTS API on /docs nodejs/nodejs.org#307)
• 7123959 chore(deps): update dependency @ types/node to v14 (Document node v5.x exclusive ES2015 features nodejs/nodejs.org#304)
• 55d7f4c chore(deps): update dependency lodash to 4.17.21 [security] (Remove /download/ directory from robots.txt nodejs/nodejs.org#301)
• 854ca26 chore(deps): update dependency @ types/cheerio to v0.22.29 (Show both stable and LTS docs links on homepage nodejs/nodejs.org#306)
• 28cdd27 build(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (Reduce greenkeeper noise for devDependencies nodejs/nodejs.org#303)
• 61be22a chore(deps): update dependency hosted-git-info to 3.0.8 [security] (add LTS to releases table nodejs/nodejs.org#300)
• 8e3c461 chore(deps): update dependency pkg to v5 (No LTS shown on main page nodejs/nodejs.org#298)
• 9ae7afd chore(deps): update dependency @ types/sinon to v10 (Update nock to version 2.16.0 🚀 nodejs/nodejs.org#288)
• b47f295 chore(deps): update dependency @ types/cheerio to v0.22.28 (Minor bug in the example from 'Inheriting from EventEmitter' section nodejs/nodejs.org#285)
• 0451a8d chore(deps): update dependency sinon to v10 (move index page style block into stylus files nodejs/nodejs.org#286)
• ea52c0c chore(deps): update dependency @ types/cheerio to v0.22.27 (Update optional build tools instruction. nodejs/nodejs.org#284)

See the full diff

Package name: node-sass

The new version differs by 103 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (fix: remove unwanted newline which caused the paragraph to break nodejs/nodejs.org#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (build(deps): bump postcss from 7.0.30 to 7.0.31 nodejs/nodejs.org#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (style(scss): Remove outline border from button nodejs/nodejs.org#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (Fix typo Debate => Donate nodejs/nodejs.org#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (Non-translated pages in translated directories taking over search results nodejs/nodejs.org#3149)
• e80d4af chore: Drop EOL Node 15 (fix: remark-lint-table-cell-padding nodejs/nodejs.org#3122)
• d753397 feat: Add Node 17 support (blog: june-2020-security-releases pre-announcement nodejs/nodejs.org#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: remark-preset-lint-node

The new version differs by 46 commits.

• 76e7b96 1.14.0
• 6300df3 chore: udpate prohibited strings to 1.5.1 ([pull] main from nodejs:main #86)
• 0c360d7 feat: enable remark-lint-no-literal-urls ([pull] main from nodejs:main #83)
• 6a10c01 Bump prettier from 2.0.4 to 2.0.5 ([pull] main from nodejs:main #85)
• 1b31328 Bump prettier from 2.0.3 to 2.0.4 ([pull] main from nodejs:main #84)
• e20a653 build: Update remark dependencies ([pull] main from nodejs:main #82)
• 4380ba5 Bump remark-preset-lint-recommended from 3.0.4 to 4.0.0 ([Snyk] Security upgrade faucet from 0.0.1 to 0.0.2 #73)
• a2d7614 Bump remark-lint-final-definition from 1.0.4 to 2.0.0 ([pull] main from nodejs:main #78)
• b3c5e74 Bump remark-lint-fenced-code-marker from 1.0.4 to 2.0.0 ([pull] main from nodejs:main #81)
• dbffc17 Bump remark-lint-table-cell-padding from 1.0.5 to 2.0.0 ([pull] main from nodejs:main #80)
• 7f264f7 Bump remark-lint-checkbox-character-style from 1.0.4 to 2.0.0 ([pull] main from nodejs:main #79)
• 28826ad Bump remark-lint-no-heading-indent from 1.0.4 to 2.0.0 ([pull] main from nodejs:main #77)
• 9044998 Bump remark-lint-maximum-line-length from 1.2.2 to 2.0.0 ([pull] main from nodejs:main #75)
• 0c96228 Bump remark-lint-no-multiple-toplevel-headings from 1.0.5 to 2.0.0 ([pull] main from nodejs:main #74)
• 5d2d77c Bump remark-lint-fenced-code-flag from 1.0.4 to 2.0.0 ([pull] main from nodejs:main #72)
• ead4134 Bump lockfile-lint from 3.0.5 to 4.2.2 ([pull] main from nodejs:main #55)
• e4cf245 chore: Run npm upgrade
• 8bea7d5 Bump remark-lint-blockquote-indentation from 1.0.3 to 1.0.4
• 156eb21 Bump remark-lint from 6.0.5 to 6.0.6
• f1c1fd5 Bump remark-lint-unordered-list-marker-style from 1.0.3 to 1.0.4
• eeea3bf Bump remark-lint-list-item-indent from 1.0.4 to 1.0.5
• a345c7d Bump remark-lint-no-shell-dollars from 1.0.3 to 1.0.4
• c2bbf23 Bump remark-lint-table-cell-padding from 1.0.4 to 1.0.5
• 835e107 Bump remark-lint-first-heading-level from 1.1.4 to 1.1.5

See the full diff

Package name: stylelint

The new version differs by 192 commits.

• 04af9e4 13.0.0
• 704f6a2 Prepare 13.0.0
• 50ba8a9 Reorder changelog
• 1666bba Update devDependencies (build(deps-dev): bump eslint from 8.12.0 to 8.13.0 nodejs/nodejs.org#4542)
• 062d298 Reindent nodejs.yml (build(deps-dev): bump tape from 5.5.2 to 5.5.3 nodejs/nodejs.org#4541)
• a24e44a Fix atypical rule README structure (build(deps): bump marked from 4.0.12 to 4.0.14 nodejs/nodejs.org#4537)
• 616ad71 Bump husky from 4.0.3 to 4.0.6 (build(deps-dev): bump eslint-plugin-import from 2.25.4 to 2.26.0 nodejs/nodejs.org#4536)
• 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (index.md nodejs/nodejs.org#4528)
• eaee6a4 Refactor CLI options definition (Create index.md nodejs/nodejs.org#4530)
• 6a2ffbd Fix plugin path
• 644b713 Fix Windows path problem
• 1005cbd Add info about invalid syntax in FAQ (build(deps): bump moment from 2.29.1 to 2.29.2 nodejs/nodejs.org#4535)
• 18b1f99 Fix help text indentation (docs: update es/releases.md nodejs/nodejs.org#4531)
• d3c4a9f Update CHANGELOG.md
• 32f67e7 Update CHANGELOG.md
• 04ec577 Bump globby from 10.0.1 to 11.0.0
• d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (build(deps): bump minimist from 1.2.5 to 1.2.6 nodejs/nodejs.org#4513)
• 1dc203e Regenerate package-lock.json (improved grammar nodejs/nodejs.org#4517)
• 36bf292 Bump husky from 3.1.0 to 4.0.3 (Blog: v12.22.12 release post nodejs/nodejs.org#4527)
• f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (build(deps): bump sass from 1.49.9 to 1.49.11 nodejs/nodejs.org#4526)
• a254fd2 Bump got from 10.2.0 to 10.2.1 (build(deps-dev): bump prettier from 2.6.1 to 2.6.2 nodejs/nodejs.org#4525)
• f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 (Fix filter nodejs/nodejs.org#4524)
• 74d5233 Remove unneeded `@ types/meow` package (releases.md nodejs/nodejs.org#4523)
• cef0b95 Update CHANGELOG.md

See the full diff

Package name: stylelint-config-twbs-bootstrap

The new version differs by 131 commits.

• 72bcc93 3.0.0
• bdc6948 3.0.0-beta1
• 95fb9df Update dependencies
• 8628f16 Switch to stylelint-config-recess-order (Change date format on blog nodejs/nodejs.org#134)
• 70ef812 3.0.0-alpha2
• d017370 package.json: remove eslint script
• 01814ef README.md: switch to shields.io for the CI badge too
• b5b20a7 Remove a couple of unneeded disabled rules
• 96dcac0 3.0.0-alpha1
• 1d4f2b3 Update eslint to v8.x. (Removed gulp stuff #131 nodejs/nodejs.org#133)
• db7a6cd Update ESLint config (remove mailing list from discussion section in get-involved nodejs/nodejs.org#132)
• 0c724d5 Upgrade to Stylelint 14 (Remove gulp stuff nodejs/nodejs.org#131)
• cafe843 Switch to Node.js 16/npm 8
• ad67be6 Regenerate package-lock.json
• 5560d4c 2.2.4
• 5600bf0 Bump ansi-regex from 5.0.0 to 5.0.1 (Adding Interactive press release, fixing category typo. nodejs/nodejs.org#127)
• 9ee9bb9 Bump stylelint-scss from 3.20.1 to 3.21.0 (Footer: Add "Report website issue" link nodejs/nodejs.org#126)
• 3ac1706 Bump eslint from 7.31.0 to 7.32.0 (dist-files redirected to blog (was: CDN misconfigured breaking npm < 2.13.2 and < 3.1.3) nodejs/nodejs.org#124)
• e796ce3 Add verbose formatter
• 5b57939 Remove .eslintignore
• fe1077d Test our v4-dev branch too
• 2f4899d 2.2.3
• eebc801 Revert the scss/index.js change from 6ca0b2e
• 7e48bce Bump stylelint-scss from 3.19.0 to 3.20.1 (interactive.nodejs.org nodejs/nodejs.org#122)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
node-sass	4.14.1...7.0.3	network	+53/-46	8.75 MB	xzyfer
stylelint-config-twbs-bootstrap	0.9.0...3.2.1	None	+50/-127	5.91 MB	xhmikosr
linkinator	1.8.2...2.16.2	filesystem, environment	+21/-48	1.64 MB	justinbeckwith

🚮 Removed packages: stylelint@11.1.1