[Snyk] Fix for 42 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/node_modules/async/package.json
  • test/fixtures/qs-package/node_modules/snyk/node_modules/async/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Command Injection npm:shell-quote:20160621	Yes	Proof of Concept
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coveralls

The new version differs by 3 commits.

• 2ed4d09 major version bump for node > 4.x
• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #172)

See the full diff

Package name: jscs

The new version differs by 250 commits.

• 7a85716 2.5.0
• 0eaaf8f Prepare for version 2.5.0
• 214cf9f Misc: update dependencies
• cdb0af4 Misc: fix code style violations
• 2481d63 Configuration: allow default preset override
• 5047150 Preset: use wikimedia preset as dependency
• cf60723 Fix: Sparse arrays in rules with spacing and commas
• 1788d59 Update: `requireCurlyBraces`: make rule more flexible
• 9469688 Misc: fix code style issues
• 706495b Update: `{ allExcept: ['trailing'] }` for "requireSpaceAfterComma"
• 8eb92b6 Configuration: correct config dir detection
• 5eb8fbd Docs: Fixed missing markdown codeblock closing
• ec55656 Docs: fixed CHANGELOG.md links to some rules
• f418a5c Misc: `requireSpacesInGenerator` refactor
• ad82a43 New Rule: requireSpacesInGenerator
• 3d0ae58 Docs: Added hzoo and chat room
• 37fc3fe Misc: optimize lint execution in package.scripts
• 8eb05e2 Misc: update 2.4.0 changelog with bug fix
• 65f6df1 2.4.0
• 9ef33c3 Misc: Prepare for version 2.4.0
• 98812c4 Fix: block statements rules - account for bare blocks
• 2c8d58e New rule: requireAlignedMultilineParams:
• 077c2f6 Fix: rename "requireCapitalizedComments" option
• 5ee3120 Tests: fix merge artefact

See the full diff

Package name: jshint

The new version differs by 250 commits.

• 61c868c v2.13.4
• eb4609a [[FIX]] Remove shelljs
• b23e125 [[CHORE]] Remove shelljs from internal tooling
• 56d4a47 [[CHORE]] Use consistent interface for fs ops
• 33cfc87 [[CHORE]] Migrate from TravisCI to CircleCI
• a53cc95 [[CHORE]] Update version of package manifest (Feat: pass ignores to snyk iac test [cfg-2088] snyk/cli#3602)
• 2a842ac v2.13.3
• 06accfa [[CHORE]] Correct annotation for globals
• b1426f1 [[FIX]] Recognize ES2020 globals
• be94b1d [[DOCS]] Remove david-dm badges (feat: stop using cached rules bundle snyk/cli#3596)
• 5608b03 v2.13.2
• 043f98a [[CHORE]] Add package-lock.json
• cc1adf6 [[FIX]] Add missing well-known globals ([Snyk-dev] Security upgrade tap from 11.1.3 to 14.6.8 snyk/cli#3582)
• 057b1c6 [[FIX]] Tolerate keyword in object shorthand
• ecae54a [[FIX]] Tolerate unterminated nullish coalescing
• ca06e6a [[FIX]] add URL for node in src/vars.js (chore: change project name source snyk/cli#3570)
• 75e48b7 [[FIX]] change escape-sequence handler for double quotes (\") (fix: Ensure the test spinner stops snyk/cli#3566)
• 4a681b9 [[FIX]] Limit "Too many Errors" (E043) to errors only (fix: missing release in package version string snyk/cli#3562)
• fddcd02 v2.13.1
• 11dc0a6 [[FIX]] Allow optional chaining call as satement
• 7c890aa [[FIX]] Tolerate dangling NewExpression
• 71ec395 [[FIX]] Allow invoking result of optional chaining
• 7bae44b v2.13.0
• 7c36c81 Merge pull request Implement AnyAuth Proxy Authentication support snyk/cli#3486 from jshint/v2.12.0

See the full diff

Package name: karma

The new version differs by 250 commits.

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
• 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
• db53785 chore(release): 6.3.13 [skip ci]
• 5bf2df3 fix(deps): bump log4js to resolve security issue
• 36ad678 chore(release): 6.3.12 [skip ci]
• 41bed33 fix: remove depreciation warning from log4js
• c985155 docs: create security.md
• c96f0c5 chore(release): 6.3.11 [skip ci]
• a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
• de0df2f test: fix version regex in the CLI test case
• eddb2e8 chore(release): 6.3.10 [skip ci]
• 0d24bd9 fix(logger): create parent folders if they are missing
• b8eafe9 chore(release): 6.3.9 [skip ci]
• cf318e5 test: add test case for restarting test run on file change
• 92ffe60 fix: restartOnFileChange option not restarting the test run
• b153355 style: fix grammar error in browser capture log message
• 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: karma-browserify

The new version differs by 45 commits.

• 1f03ab2 5.3.0
• 3d1ae96 chore(package): bump dev dependencies
• 1796716 chore(project): bump lodash dependency
• adce20f 5.2.0
• 2a60185 chore(project): support browserify @ 16
• cba9ba9 chore(lint): ignore example/node_modules
• 72af250 chore(example): bump browserify + watchify versions
• 573db5b 5.1.3
• ff944e7 chore(package): allow browserify@15
• 6e0fcce 5.1.2
• 88673c4 chore(npmignore): ignore dev configuration(s)
• 0fed147 chore(project): remove grunt + jshint
• 08141de chore(ci): test against node {4,6,8}
• 21bd468 chore(project): bump dev dependencies
• e42a5be chore(project): release v5.1.1
• dba0a80 chore(package): allow browserify@14
• a87c211 chore(project): release v5.1.0
• dc49a26 feat(bro): respect externalRequireName
• b963ae9 chore(project): add all task
• e1f85e0 test(bro): verify TypeScript compile error behavior
• 866680d chore(project): release v5.0.5
• b613c00 fix(project): add missing comma to pkg
• ae3d09f chore(project): remove node 0.10 / npm 1 support via pkg.engines / travis
• 1ea06cb chore(project): use broader semver ranges for peer deps

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (fix: bump nodejs-parser to 1.52.4 attempt 2 snyk/cli#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons (Synchronizing CLI help from user-docs snyk/cli#4912)
• 41567df Support prefers-color-scheme: dark (chore: apply refactorings from a previous PR snyk/cli#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (feat: build windows and linux binaries with fips enabled Microsoft Go Fork snyk/cli#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (fix: update snyk-iac-capture now allowing to upload valid empty states snyk/cli#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (chore: remove smoke-tests.yml from github actions snyk/cli#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (Synchronizing CLI help from user-docs snyk/cli#4878)
• 2b98521 docs: replace 'git.io' short links (feat: add options for snyk sbom snyk/cli#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix (Synchronizing CLI help from user-docs snyk/cli#4876)
• f6695f0 chore(esm): remove code for Node v12 (chore: asset classification snyk/cli#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (feat: renew windows code signing certificate snyk/cli#4872)
• b863359 docs: fix 'fgrep' url (chore: update Go version to 1.21.1 snyk/cli#4873)
• baaa41a chore(ci): ignore changes to docs files (Feat: improved oauth support snyk/cli#4871)
• ac81cc5 refactor!: drop support of 'growl' notification (chore: set Node compatibility version to >=16 snyk/cli#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (fix: fix wrong project name change snyk/cli#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' (chore: remove unnecessary install snyk/cli#4863)
• b7b849b refactor!: remove deprecated Runner signature (chore: Make license script used in build more portable snyk/cli#4861)
• 0608fa3 chore(site): fix supporters' download (fix: updated snyk-python-plugin package version snyk/cli#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (feat: use gw routing for code snyk/cli#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (feat: updated integrated iac naming snyk/cli#4856)

See the full diff

Package name: nyc

The new version differs by 250 commits.

• e21721a chore(release): 14.0.0
• 8cf8a89 docs: update issue template [skip ci] ([Snyk] Fix for 20 vulnerabilities #1008)
• d7a9d6a chore: Update package-lock.json
• 189bae8 chore: Update dependencies for 14.0.0-rc.1
• 2eb13c6 feat: instrument `--complete-copy` implementation ([Snyk] Security upgrade lab from 5.18.1 to 14.3.4 #1056)
• c88a852 docs: `nyc instrument` and `--exclude-node-modules` ([Snyk] Security upgrade tape from 2.14.1 to 4.0.0 #1039)
• c213469 feat: always build the processinfo temp dir ([Snyk] Fix for 18 vulnerabilities #1061)
• e597c46 feat: Add support for --exclude-node-modules to subcommands. ([Snyk] Fix for 25 vulnerabilities #1053)
• 8dcf180 feat: add processinfo index, add externalId ([Snyk] Fix for 14 vulnerabilities #1055)
• 32f75b0 fix: set processinfo pid/ppid to actual numbers ([Snyk] Security upgrade tap from 2.3.4 to 14.6.8 #1057)
• 16d4315 chore: Stop excluding `bin` from coverage results. ([Snyk] Fix for 26 vulnerabilities #1060)
• b909575 fix: Use a single instance of nyc for all actions of main command. ([Snyk] Security upgrade standard from 6.0.8 to 11.0.0 #1059)
• 997ed29 chore: Remove arrify dependency. ([Snyk] Security upgrade uglify-js from 2.3.6 to 3.14.3 #1058)
• 68d6333 docs: move setup docs out of the readme [skip ci] ([Snyk] Security upgrade django from 1.6.1 to 3.2.14 #1052)
• 8da097e feat: add `include` and `exclude` options to instrument command ([Snyk] Fix for 1 vulnerabilities #1007)
• 31817de chore: Update dependencies ([Snyk] Security upgrade tap from 2.3.4 to 14.6.8 #1050)
• 18e04ba fix: make --all work for transpiled code ([Snyk] Fix for 6 vulnerabilities #1047)
• b7e16cd feat: Support turning off node_modules default exclude via flag ([Snyk] Security upgrade django from 1.6.1 to 1.11.29 #912)
• 3eb0e37 docs: A bunch of docs fix-ups ([Snyk] Security upgrade faucet from 0.0.1 to 0.0.2 #1038)
• 5c1eb38 test(instrument): should return unmodified source if no transform found ([Snyk] Security upgrade tape from 2.12.3 to 4.0.0 #1036)
• 1f6c3d4 docs: project root directory and `--cwd` doc ([Snyk] Fix for 13 vulnerabilities #1032)
• 051d95a fix: Add `cwd` option to instrument command ([Snyk] Fix for 9 vulnerabilities #1024)
• 91e02c6 chore: A few code cleanups ([Snyk] Security upgrade nodeunit from 0.9.5 to 0.11.3 #1033)
• 2867538 feat: Rename `plugins` option to `parser-plugins`. ([Snyk] Fix for 17 vulnerabilities #1031)

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (chore: ignore go sum snyk/cli#5160)
• eb93d92 fix corner case in `awaits` (docs: mention how to test against a binary snyk/cli#5158)
• a0250ec fix corner case in `dead_code` (docs: add hotfix release guide snyk/cli#5154)
• 2580162 parse `let` as symbol names correctly (fix: add --experimental flag for snyk code test snyk/cli#5151)
• 32ae994 fix issues in tests flagged by LGTM (chore: migrate upgrade snyk go dependencies to go snyk/cli#5150)
• 03aec89 fix corner cases in `strings` & `templates` (fix: avoid outputting potentially very large JSON objects snyk/cli#5147)
• faf0190 document ECMAScript quirks ([Snyk-dev] Security upgrade tar from 6.1.11 to 6.2.1 snyk/cli#5148)
• c8b0f68 fix corner case in `merge_vars` (chore: ignore tap files when formatting snyk/cli#5143)
• 87b9916 fix corner case in `inline` (chore: upgrade linters to latest version snyk/cli#5141)
• 940887f fix corner case in `evaluate` (test: migrate code tests to acceptance snyk/cli#5139)
• 0b2573c fix corner case in `templates` (test: refactor tests to introduce helper to determine port  snyk/cli#5137)
• 1575210 avoid potential RegExp denial-of-service (docs: Synchronizing CLI help from user-docs snyk/cli#5135)
• f766bab enhance `templates` ([Snyk] Security upgrade tar from 6.1.11 to 6.2.1 snyk/cli#5131)
• 436a293 enhance `dead_code` (fix: enhance sbt output width, fixing false positives vulns snyk/cli#5130)
• 55418fd fix corner case in `rests` (fix(ci): cli/iac alerts snyk/cli#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (feat: support cyclonedx 1.5 snyk/cli#5123)
• c3aef23 fix corner case in `reduce_vars` (chore: add go entry point for snyk code test snyk/cli#5121)
• db94d21 fix corner case in `side_effects` (docs: synchronizing README from GitBook snyk/cli#5118)
• 9634a9d fix corner cases in `optional_chains` (chore(ci): introduce caching around npm install step snyk/cli#5110)
• befb99b fix corner case in `inline` (fix(ci): End to end test by updating to a newer test image snyk/cli#5115)
• 02eb8ba fix corner case in `collapse_vars` (refactor: rename variable for improved readability snyk/cli#5113)
• c09f63a fix corner case in `rests` (fix: language server, provide lessons for all ecosystems [IDE-203] snyk/cli#5109)

See the full diff

Package name: xyz

The new version differs by 19 commits.

• d35f713 Version 2.0.0
• b885137 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 4.2.5 #32 from davidchambers/semver
• f4e2cd1 semver@5.3.x
• 5344c36 Merge pull request [Snyk] Security upgrade nodemailer from 0.7.1 to 6.6.1 #31 from davidchambers/integration
• a28e027 readme: document npm-scripts integration
• 8f117da remove support for Component
• 5136f3d Version 1.1.0
• 81be66c Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #27 from Avaq/av-edit-flag
• bd72e9d Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #29 from Avaq/av-private-package-support
• c1c37e7 Add detection of private packages and don't publish them to NPM
• 2ca217b Add an --edit flag to allow editing commit messages
• d0c6f1b Version 1.0.1
• 76e7beb Merge pull request [Snyk] Security upgrade jsonpointer from 2.0.0 to 4.1.0 #24 from buzzdecafe/untput
• 133ad41 guard against minimal environments
• 693060a Version 1.0.0
• ef82335 Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 6.13.4 #22 from LinusU/patch-1
• 839d8af Add --atomic flag to git push
• b5ffe2b Merge pull request [Snyk] Security upgrade handlebars from 2.0.0 to 3.0.8 #19 from kkirsche/patch-1
• d33dbdb Don't touch bower version

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn