[Snyk] Fix for 17 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/signal-exit/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	574/1000 Why? Has a fix available, CVSS 7.2	Command Injection SNYK-JS-STANDARDVERSION-575708	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coveralls

The new version differs by 3 commits.

• 2ed4d09 major version bump for node > 4.x
• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions ([Snyk] Fix for 5 vulnerabilities #172)

See the full diff

Package name: nyc

The new version differs by 250 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies ([Snyk] Security upgrade tap from 2.3.4 to 5.4.3 #1245)
• d44ff19 chore: Update node-preload and use process-on-spawn ([Snyk] Fix for 1 vulnerabilities #1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports ([Snyk] Security upgrade eslint from 3.19.0 to 6.0.0 #1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases ([Snyk] Security upgrade nyc from 14.1.1 to 15.0.0 #1240)
• f3c9e6c chore: Temporarily pin test-exclude ([Snyk] Fix for 1 vulnerabilities #1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([Snyk] Fix for 4 vulnerabilities #1232)
• 7307626 chore: Remove cp-file module ([Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #1230)
• dfd629d fix: Better error handling for main execution, reporting ([Snyk] Security upgrade aud from 1.1.5 to 2.0.0 #1229)
• 549c953 chore: Update dependencies, pin find-cache-dir ([Snyk] Fix for 1 vulnerabilities #1228)
• a1dee03 chore: Update yargs ([Snyk] Fix for 1 vulnerabilities #1224)
• 8078a79 chore: Fix 404 in README.md. ([Snyk] Fix for 1 vulnerabilities #1220)
• 7a02cb7 chore: Add enterprise language ([Snyk] Fix for 2 vulnerabilities #1217)
• ea94c7f chore: Remove unused functions ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README ([Snyk] Fix for 1 vulnerabilities #1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files ([Snyk] Fix for 1 vulnerabilities #1216)
• f890360 docs: Fix URL to default excludes in README.md ([Snyk] Security upgrade tsd from 0.7.4 to 0.12.0 #1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps ([Snyk] Fix for 1 vulnerabilities #1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers ([Snyk] Fix for 1 vulnerabilities #1198)
• cc77e13 chore: Add `use strict` to all except fixtures ([Snyk] Fix for 1 vulnerabilities #1197)
• bcbe1df chore: Update dependencies ([Snyk] Security upgrade xo from 0.11.2 to 0.42.0 #1196)
• 2735ee2 chore: 100% coverage ([Snyk] Fix for 1 vulnerabilities #1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup ([Snyk] Fix for 1 vulnerabilities #1194)

See the full diff

Package name: standard

The new version differs by 250 commits.

• a599426 authors
• 4b7fac5 11.0.0
• 76bf851 standard-packages@3.4.0
• 22673fc test: add --fix flag to attempt fixing packages before failing
• 50c466c remove hardcoded npm run test scripts
• cc79290 .npmignore
• 7b5e482 .npmignore
• 538f087 standard-engine@8.0
• 0147989 eslint-config-standard-jsx@5.0.0
• 7ff022f eslint-config-standard@11.0.0
• c9e8503 changelog
• a5333eb changelog
• 98f513c test style
• 8376af6 don't peg CPU when running tests
• 47489da update changelog
• 4ff2152 eslint-plugin-node@6
• 78be324 eslint@4.18
• c2bd85c Merge pull request [Snyk] Fix for 1 vulnerabilities #1054 from standard/greenkeeper/initial
• 5edd7c3 chore: adapt code to updated dependencies
• aef406a copy
• ff379a0 add stdlib sponsor logo
• c1770a9 readme tweaks
• 4acfb74 Merge pull request [Snyk] Fix for 2 vulnerabilities #1057 from sonicdoe/patch-1
• e1c58fb Fix typo

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution