[Snyk] Fix for 1 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/type-detect/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cross-env

The new version differs by 1 commits.

• 61ebf59 fix: bumped cross-spawn to version 7.0.0 ([Snyk] Fix for 4 vulnerabilities #211)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: karma

The new version differs by 195 commits.

• a4d5bdc chore: release v3.0.0
• 75f466d chore: release v2.0.6
• 5db9399 chore: update contributors
• eb3b1b4 chore(deps): update mime -> 2.3.1 (#3107)
• 732396a fix(travis): Up the socket timeout 2->20s. (#3103)
• 173848e Remove erroneous change log entries for 2.0.3
• 1002569 chore(ci): drop node 9 from travis tests (#3100)
• 02f54c6 fix(server): Exit clean on unhandledRejections. (#3092)
• 0fdd8f9 chore(deps): update socket.io -> 2.1.1 (#3099)
• 90f5546 fix(travis): use the value not the key name. (#3097)
• fba5d36 fix(travis): validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. (#3094)
• 56fda53 fix(init): add "ChromeHeadless" to the browsers' options (#3096)
• f6d2f0e fix(config): Wait 30s for browser activity per Travis. (#3091)
• a58fa45 fix(travis): Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. (#3093)
• 88b977f fix(config): wait 20s for browser activity. (#3087)
• 94a6728 chore: remove support for node 4, update log4js (#3082)
• c5dc62d docs: better clarity for API usage
• 0018947 chore: release v2.0.5
• 02dc1f4 chore: update contributors
• dc7265b fix(browser): ensure browser state is EXECUTING when tests start (#3074)
• 7617279 refactor(filelist): rename promise -> lastCompletedRefresh and remove unused promise (#3060)
• a701732 fix(doc): Document release steps for admins (#3063)
• 93ba05a fix(middleware): Obey the Promise API.
• 518cb11 fix: remove circular reference in Browser

See the full diff

Package name: karma-coverage

The new version differs by 36 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix [Snyk] Fix for 34 vulnerabilities #408 ([Snyk] Fix for 4 vulnerabilities #413)
• 9c37de6 chore: add check commit message ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint ([Snyk] Fix for 3 vulnerabilities #410)
• 1adb27a ci: drop node 8, adopt node 12 ([Snyk] Fix for 12 vulnerabilities #409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix [Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #398 ([Snyk] Fix for 17 vulnerabilities #403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute ([Snyk] Fix for 4 vulnerabilities #405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul ([Snyk] Security upgrade semantic-release from 17.4.7 to 19.0.3 #406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks ([Snyk] Security upgrade mocha from 5.2.0 to 10.1.0 #387)
• 5cf931a fix: remove information about old istanbul lib ([Snyk] Fix for 13 vulnerabilities #404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 ([Snyk] Fix for 12 vulnerabilities #399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 ([Snyk] Fix for 8 vulnerabilities #397)
• 55aeead Update Source Map Handling ([Snyk] Security upgrade semantic-release from 15.14.0 to 20.0.1 #394)
• b23664e Added debug msg whether coverage is in reporters ([Snyk] Fix for 18 vulnerabilities #396)
• d3f53e3 chore(all): Migrate to ES6 ([Snyk] Fix for 4 vulnerabilities #385)
• 9c8a222 Make travis file simpler ([Snyk] Fix for 3 vulnerabilities #386)
• b76db9e Remove unused dateformat dependency ([Snyk] Fix for 25 vulnerabilities #384)
• 075ece0 Remove unused istanbul dependency ([Snyk] Fix for 8 vulnerabilities #382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Package name: nyc

The new version differs by 173 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies ([Snyk] Security upgrade tap from 2.3.4 to 5.4.3 #1245)
• d44ff19 chore: Update node-preload and use process-on-spawn ([Snyk] Fix for 1 vulnerabilities #1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports ([Snyk] Security upgrade eslint from 3.19.0 to 6.0.0 #1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases ([Snyk] Security upgrade nyc from 14.1.1 to 15.0.0 #1240)
• f3c9e6c chore: Temporarily pin test-exclude ([Snyk] Fix for 1 vulnerabilities #1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([Snyk] Fix for 4 vulnerabilities #1232)
• 7307626 chore: Remove cp-file module ([Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #1230)
• dfd629d fix: Better error handling for main execution, reporting ([Snyk] Security upgrade aud from 1.1.5 to 2.0.0 #1229)
• 549c953 chore: Update dependencies, pin find-cache-dir ([Snyk] Fix for 1 vulnerabilities #1228)
• a1dee03 chore: Update yargs ([Snyk] Fix for 1 vulnerabilities #1224)
• 8078a79 chore: Fix 404 in README.md. ([Snyk] Fix for 1 vulnerabilities #1220)
• 7a02cb7 chore: Add enterprise language ([Snyk] Fix for 2 vulnerabilities #1217)
• ea94c7f chore: Remove unused functions ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README ([Snyk] Fix for 1 vulnerabilities #1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files ([Snyk] Fix for 1 vulnerabilities #1216)
• f890360 docs: Fix URL to default excludes in README.md ([Snyk] Security upgrade tsd from 0.7.4 to 0.12.0 #1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps ([Snyk] Fix for 1 vulnerabilities #1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers ([Snyk] Fix for 1 vulnerabilities #1198)
• cc77e13 chore: Add `use strict` to all except fixtures ([Snyk] Fix for 1 vulnerabilities #1197)
• bcbe1df chore: Update dependencies ([Snyk] Security upgrade xo from 0.11.2 to 0.42.0 #1196)
• 2735ee2 chore: 100% coverage ([Snyk] Fix for 1 vulnerabilities #1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup ([Snyk] Fix for 1 vulnerabilities #1194)

See the full diff

Package name: semantic-release

The new version differs by 250 commits.

• 3739ab5 fix(package): update env-ci to version 5.0.0
• 11665b2 chore(package): update dependencies
• 0785a84 fix: update plugin versions
• 152bf45 Merge remote-tracking branch 'origin/beta'
• 3ba8f2a Merge remote-tracking branch 'origin/master' into beta
• a8c747d feat: pass `envi-ci` values to plugins context
• fc70726 chore: add Mockserver generated file to gitignore
• fc7205d fix: correctly display command that errored out in logs
• 9772563 fix: look also for previous prerelease versions to determine the next one
• 61665be fix: correct log when adding channel to tag
• a8747c4 fix: verify is branch is up to date by comparing remote and local HEAD
• 9a1af4d fix: remove unnecessary `await`
• 9ecc7a3 fix: increase next version on prerelease branch based on highest commit type
• c16fcc9 Merge branch 'master' into beta
• a373f8b ci: use Travis import to share config across organization
• 0716a45 feat: require Node.js >=10.13
• 916c268 feat: allow to release any version on a branch if up to date with next branch
• 534c0db Merge branch 'master' into beta
• ec54c0b test: fix calls to `fetch` in tests
• cbef9d1 fix: modify fetch function to handle CircleCI specifics
• ecc4e66 docs: clarify GitLab CI/CD protected variable usage
• b2c1b2c feat: use Git notes to store the channels on which a version has been released
• 29d6b5d build: remove `.github/airtable-crm.yml`
• 2caafba fix: add a flag indicate which branch is the main one

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)