[Snyk] Fix for 7 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 15 commits.

• 6aa8b6f 9.0.0
• c7ee9ae Bump to babel@7.0.0 🎉 (feat: handle auction bid success event decentraland/marketplace-legacy#676)
• 3ece549 Docs: Make the default parserOptions more explicit (feat: find available parcel decentraland/marketplace-legacy#673)
• 0b36951 Add logical assignment plugin (Use gas price on transaction decentraland/marketplace-legacy#674)
• 5856ff5 Bump some devDeps
• 45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (Add a feature to deselect and center parcels from the selected list decentraland/marketplace-legacy#668)
• bc97875 9.0.0-beta.3
• 74c5d62 update lock
• 6a45632 chore - fixing eslint-scope to a safe version; resolves fix: edit parcel page decentraland/marketplace-legacy#656. (chore: update min LAND price for publications decentraland/marketplace-legacy#657)
• e0119e0 9.0.0-beta.2
• 198964b Merge pull request fix: show cli events correctly decentraland/marketplace-legacy#645 from rubennorte/support-new-flow-syntax-in-scope-analysis
• 9b06e1f Added failing test for variables used in type parameters
• 8948d83 Upgrade Babel to v7.0.0-beta.52 (feat: show new events and fetch correctly decentraland/marketplace-legacy#650)
• 4882b29 9.0.0-beta.1
• 15e8d6f Breaking: Upgraded Babel to 7.0.0-beta.51 (CN translation: Minor changes decentraland/marketplace-legacy#642)

See the full diff

Package name: canvas

The new version differs by 85 commits.

• 8707f3d v2.8.0
• 5b5140e Add Node.js 16 to CI, remove 15
• 2bf76b5 export type NodeCanvasRenderingContext2D
• 0b49442 Update changelog to reflect previous commit
• c166443 Add ctx2d.setTransform(mat) overload
• 2f84eee Add ctx2d.getTransform() function
• d107c04 Update changelog to reflect previous commit
• 234e659 Fix text actualBoundingBoxLeft and actualBoundingBoxRight measures by using ink_rect instead of logical_rect
• e4f901c Loosen text measurement expectation.
• 12e671d Fix crash if exception thrown from onload/onerror
• 8cd191c Update changelog
• 6fae569 Use node pre gyp v1
• 7a84fc5 Fix always-false comparison warning in Canvas.cc in Node 15+
• 646b605 Update changelog
• b549ab6 Fix Windows CI build, add Node.js v15
• f8305fb Fix dtslint failing in CI
• 547b050 Fix dangling reference in BackendOperationNotAvailable exception.
• beaee39 add Dockerfile for linux prebuild image
• e476656 Added stride to the Typescript typings
• 41d1c99 Fix PNG stream method name in benchmark (fixes #1672)
• 595d559 Add invertSelf to the DOMMatrix object (#1649)
• 5054b7b translate "sans-serif" to "sans" for Pango
• 58bc728 v2.7.0
• e8ad788 Switch prebuild trigger to manual

See the full diff

Package name: decentraland-server

The new version differs by 28 commits.

• 0f44158 BREAKING CHANGE: Update dependencies ([Snyk] Security upgrade decentraland-dapps from 4.0.0 to 5.0.0 #20)
• b289041 chore: update ci config again
• 9f33b8d chore: update ci config
• 81fba50 feat: deps
• c3cdf1d fix: typings
• db8ec0a feat: update rollbar
• 9c30d2c feat: update mocha. force deploy
• 4e1fe36 chore: more dep updates
• 96b525f fix: save npx to dev
• a9a9f21 fix: vulns
• b6c7fc8 fix: be extra careful when checking for request data
• 0c054b8 fix: export types alongside dependencies
• c01fc76 fix: some more bumps to dependencies
• 9b98849 fix: revert some changes introduced on 2.5.0 to avoid vulnerabilities
• 50a2365 feat: export commander type ([Snyk] Upgrade mocha from 4.1.0 to 6.2.1 #5)
• 37e7919 feat: support sending status codes using errors
• 3eaa444 feat: export missing db types
• d24d405 feat: expose an API to set type parsers
• 4a01d9b feat: export server send functions
• 5924905 feat: more specific typings
• a83d6a5 feat: fix vulnerabilities ([Snyk] Upgrade node-pg-migrate from 2.26.3 to 3.23.3 #2)
• 12d686f fix: leave JSON parsing to express
• 63f3515 feat: specify findOne types ([Snyk] Upgrade sinon from 5.1.1 to 7.5.0 #3)
• a70b6fe Merge pull request [Snyk] Upgrade eslint from 4.10.0 to 6.5.1 #1 from decentraland/feat/allow-sync-server-responses

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (#10756)
• f3d8454 Update: Improve no-extra-parens error message (#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
• 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution