[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/eslint-config-prettier/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: doctoc

The new version differs by 31 commits.

• 68f070c 2.2.0
• 459856c fix: upgrade deps ([Snyk] Fix for 16 vulnerabilities #225)
• ffbb04f 2.1.0
• 095cbbc Bump path-parse from 1.0.6 to 1.0.7 ([Snyk] Fix for 3 vulnerabilities #212)
• dcbdb1c Add unit test for skip function ([Snyk] Fix for 11 vulnerabilities #206)
• 5258371 chore: removing patreon badge
• 9f675d5 Bump glob-parent from 5.1.1 to 5.1.2 ([Snyk] Fix for 17 vulnerabilities #207)
• b115924 Handle file skipping internally ([Snyk] Fix for 3 vulnerabilities #143)
• bc62221 2.0.1
• 41033dc Bump lodash from 4.17.20 to 4.17.21
• d631fa9 Bump hosted-git-info from 2.8.8 to 2.8.9
• 3dddb16 security: CVE-2021-23358 in underscore
• f98b159 Bump y18n from 4.0.0 to 4.0.1
• 2faf563 2.0.0
• 68af396 Bump lodash from 4.17.15 to 4.17.20 ([Snyk] Fix for 7 vulnerabilities #187)
• 9bc2c83 Update dependencies to fix deprecation warnings ([Snyk] Fix for 4 vulnerabilities #179)
• d38d04b pre-commit docs: update sha -> rev ([Snyk] Fix for 4 vulnerabilities #178)
• bf7896b collapse consecutive blank lines if there's no title (closes [Snyk] Fix for 9 vulnerabilities #101) ([Snyk] Fix for 4 vulnerabilities #145)
• 88ec7cd Merge pull request [Snyk] Fix for 5 vulnerabilities #181 from uetchy/preserve
• f07f3aa fix: update notice text
• 88e4c56 docs: add help text for --update-only
• 04ffd96 feat: add notice for --update-only
• 2be533d chore: rename --preserve to --update-only
• 617c7c5 feat: flag to keep file without toc untouched

See the full diff

Package name: eslint-find-rules

The new version differs by 35 commits.

• bc5a855 v4.0.0
• 33bf07a breaking: add "exports"
• 0ed735f docs: document that the main export returns a Promise
• 18248f6 refactor: remove unneeded fallback code
• e95f4ad deps: update `glob`
• 1e940a9 deps: update `yargs`
• c3576b5 refactor: remove unnecessary `path-is-absolute`
• 7fec811 breaking: drop eslint < 7
• 617afcc breaking: support ESLint 8.x
• 6ec8b07 meta: improve commit types
• 6b4b5a0 chore: update babel and eslint to support es2017
• bc91e07 test: on node <= 10, use a much higher timeout
• 595d319 fix: remove `@ eslint/eslintrc` as an explicit dep; it comes from eslint when needed
• 2b65377 test: rely on codecov to check coverage
• 563399d test: migrate travis-ci to Github Actions
• 4b6e9df [actions] add the Automatic Rebase action
• cdc3bab test: eslint v7.12 broke our tests’ proxyquire
• c8a71a1 v3.6.1
• 67d38fe chore(devDeps): update deps:
• 57c66ee chore(deps): update:
• bde54d6 fix: ESLint 7.8.0 removes normalization function
• 8aaac5b test: add tests on eslint v7.7, and v7.8+
• b8a7207 v3.6.0
• 1433cce Merge pull request [Snyk] Fix for 4 vulnerabilities #325 from nicolashenry/fix2

See the full diff

Package name: replace

The new version differs by 19 commits.

• 36c4b4a 1.2.2
• a046749 update deps
• cb12028 Merge pull request [Snyk] Security upgrade requests from 1.2.3 to 2.20 #33 from LosManos/patch-1
• 9f623be Merge pull request [Snyk] Security upgrade supertap from 1.0.0 to 2.0.0 #31 from ALMaclaine/dependabot/npm_and_yarn/y18n-4.0.3
• d216b15 Merge pull request [Snyk] Security upgrade table from 5.4.6 to 6.0.0 #30 from ALMaclaine/dependabot/npm_and_yarn/ansi-regex-5.0.1
• ce858c4 Merge pull request [Snyk] Security upgrade strip-ansi from 5.2.0 to 7.0.0 #29 from ALMaclaine/dependabot/npm_and_yarn/path-parse-1.0.7
• 3829e55 Merge pull request [Snyk] Security upgrade ansi-regex from 3.0.0 to 6.0.1 #28 from ALMaclaine/dependabot/npm_and_yarn/minimist-1.2.6
• be094f0 Update minimatch dependency to no vulnerability
• 47e2ad0 Bump y18n from 4.0.0 to 4.0.3
• ff64bc0 Bump ansi-regex from 5.0.0 to 5.0.1
• cc3b612 Bump path-parse from 1.0.6 to 1.0.7
• c528bab Bump minimist from 1.2.5 to 1.2.6
• f93d87d Update package.json
• d15e2b1 Merge pull request [Snyk] Security upgrade ansi-regex from 4.1.0 to 6.0.1 #24 from Dwarfess/patch-4
• 27b87e2 Update replace.js
• 38c0f16 Merge pull request [Snyk] Fix for 1 vulnerabilities #20 from drveresh/patch-1
• 94a1725 Set safe side options
• 7526dbe v1.2.0
• d0ef483 update yargs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Prototype Pollution