[Snyk] Fix for 20 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/har-schema/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	486/1000 Why? Mature exploit, Has a fix available, CVSS 2	Prototype Pollution SNYK-JS-MERGE-72553	Yes	Mature
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: codeclimate-test-reporter

The new version differs by 8 commits.

• 1ad7ea8 Bump to 0.5.1
• 5e4b10e chore: update dependencies with security issues fixes [Snyk] Security upgrade ansi-regex from 2.1.1 to 3.0.1 #70
• c4b55e1 README: update deprecation notice
• 7a8c75f Update README.md
• c37a8da Update README.md (build(deps): bump ansi-regex from 5.0.0 to 5.0.1 in /tools/node-lint-md-cli-rollup #63)
• 9fc86ba Release v0.5.0
• d936a62 Update engines depedency to node >= 4
• 97f1ff2 Upgrade request package

See the full diff

Package name: echint

The new version differs by 39 commits.

• 7f95cd5 build(cricle): remove node7
• aa279e8 build(scripts): fix npm scripts
• 56fe10c build(scripts): update npm scripts
• cb3e093 build(circle): correct test requirements
• ed2b729 docs(readme): update badges
• cc52dcd build(circle): switch to circle ci
• d922484 fix(dependencies): update dependencies
• 8d3ad9c chore(deps): update dependency tap to v12.6.0 ([Snyk] Security upgrade tap from 1.4.1 to 12.6.2 #108)
• cd40b85 fix(deps): update dependency dotenv to v7 ([Snyk] Fix for 19 vulnerabilities #109)
• a44731e fix(deps): update dependency lintspaces to v0.6.3 ([Snyk] Fix for 4 vulnerabilities #100)
• b67e145 Merge pull request [Snyk] Security upgrade mocha from 5.2.0 to 10.1.0 #107 from ahmadnassri/renovate/tap-12.x
• b536e52 chore(deps): update dependency tap to v12.5.3
• 73f1d00 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #103 from ahmadnassri/renovate/dotenv-6.x
• e7b40c4 fix(deps): update dependency dotenv to v6
• f1fc3c8 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #101 from ahmadnassri/renovate/tap-12.x
• 2a18afd chore(deps): update dependency tap to v12
• 329106f Merge pull request [Snyk] Security upgrade tap from 2.3.4 to 14.6.8 #106 from LinusU/prefer-const
• 9cabe96 Prefer const over let
• 5398f97 build(renovate): replace dependencies.io with Renovate app
• 6c99cd6 Merge pull request [Snyk] Security upgrade jest from 24.9.0 to 25.0.0 #95 from ahmadnassri/tap-11.1.3-33.0.0
• f2dfaca Update tap from 11.1.1 to 11.1.3
• 5cf03f7 Merge pull request build(deps): bump minimist from 1.2.5 to 1.2.8 in /tools/node-lint-md-cli-rollup #87 from ahmadnassri/lintspaces-0.6.0-1.0.0
• 547c589 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #90 from ahmadnassri/tap-11.1.1-4.0.0
• efa830a Update tap from 10.7.3 to 11.1.1

See the full diff

Package name: semantic-release

The new version differs by 60 commits.

• d548edc feat: Extract npm and github publish to plugins
• 991a7b5 refactor: Simplify file tree
• 3326083 docs(README) fix plugin anchor links ([Snyk] Fix for 1 vulnerabilities #504)
• 018835f docs(README): typo ([Snyk] Fix for 1 vulnerabilities #516)
• c8748ad chore(package): update dependencies
• a4951b7 fix(docs): remove unnecessary backticks in readme
• 17a6006 style: Update style for Prettier 1.8.0
• 470697c chore(package): update prettier to version 1.8.0
• 94b00e2 chore(airtable-crm): initial configuration
• d0180c4 feat: Additional commit information
• 186950a fix(package): update @ semantic-release/commit-analyzer to version 4.0.0
• c90765e fix: Include Error properties in logs
• ad2e1d7 test: Fix typos: only in tests and useless console.log()
• 65d344b fix: Check SemanticReleaseError by error.semanticRelease property
• 8a1dd7b fix(package): update @ semantic-release/release-notes-generator to version 5.0.0
• e2a8a5c feat: Refactor CLI to run with one command, improve logs, modularize, add tests
• 1bd095d chore(CODE_OF_CONDUCT): Contributor Covenant
• 16a02e5 fix(package): update github to version 12.0.0
• 51e7579 chore(package): update ava to version 0.23.0
• acddd5a chore(package): update codecov to version 3.0.0
• f6aacd2 fix: Log error messages on reject
• b0bc490 fix: handle errors when verifyConditions and verifyRelease are a pipeline
• 580ad9c feat: Allow to recover from ENOTINHISTORY with a tag and handle detached head repo
• 8e9d9f7 fix: Always pass pluginConfig to plugins as a defined object

See the full diff

Package name: snazzy

The new version differs by 16 commits.

• 01bcc8e 7.1.0
• 595dea4 Merge pull request [Snyk] Security upgrade string-width from 4.2.2 to 5.0.0 #19 from standard/greenkeeper/initial
• e550806 Update README.md
• 803f52d docs(readme): add Greenkeeper badge
• 608d394 chore(package): update dependencies
• f466ed1 Update README.md
• 6877619 7.0.0
• 296f03c Merge pull request [Snyk] Security upgrade strip-ansi from 4.0.0 to 7.0.0 #17 from feross/remove-standard
• ffa91cc cleanup
• 2b1febe travis: test on latest node
• b460ea4 BREAKING: Remove built-in copy of `standard`
• f2172ff standard
• 4d1412a 6.0.0
• e04483d Use the same exit code as standard (1)
• 4fe43e7 Document proess.on('exit') behavior
• 216d064 use canonical windows detection

See the full diff

Package name: tap

The new version differs by 250 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 tap-parser@11.0.1
• f576a60 docs: setting t.snapshotFile
• d9fa241 libtap@1.3.0
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)