[Snyk] Fix for 30 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/har-validator/package.json
  • test/fixtures/qs-package/node_modules/har-validator/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: echint

The new version differs by 97 commits.

• 7f95cd5 build(cricle): remove node7
• aa279e8 build(scripts): fix npm scripts
• 56fe10c build(scripts): update npm scripts
• cb3e093 build(circle): correct test requirements
• ed2b729 docs(readme): update badges
• cc52dcd build(circle): switch to circle ci
• d922484 fix(dependencies): update dependencies
• 8d3ad9c chore(deps): update dependency tap to v12.6.0 ([Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #108)
• cd40b85 fix(deps): update dependency dotenv to v7 ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #109)
• a44731e fix(deps): update dependency lintspaces to v0.6.3 ([Snyk] Security upgrade django from 1.6.1 to 1.8.16 #100)
• b67e145 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #107 from ahmadnassri/renovate/tap-12.x
• b536e52 chore(deps): update dependency tap to v12.5.3
• 73f1d00 Merge pull request [Snyk] Security upgrade snyk-docker-plugin from 4.21.3 to 4.25.1 #103 from ahmadnassri/renovate/dotenv-6.x
• e7b40c4 fix(deps): update dependency dotenv to v6
• f1fc3c8 Merge pull request [Snyk] Security upgrade bl from 0.9.5 to 1.2.3 #101 from ahmadnassri/renovate/tap-12.x
• 2a18afd chore(deps): update dependency tap to v12
• 329106f Merge pull request [Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #106 from LinusU/prefer-const
• 9cabe96 Prefer const over let
• 5398f97 build(renovate): replace dependencies.io with Renovate app
• 6c99cd6 Merge pull request [Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #95 from ahmadnassri/tap-11.1.3-33.0.0
• f2dfaca Update tap from 11.1.1 to 11.1.3
• 5cf03f7 Merge pull request [Snyk] Security upgrade yargs from 11.1.0 to 15.0.1 #87 from ahmadnassri/lintspaces-0.6.0-1.0.0
• 547c589 Merge pull request [Snyk] Security upgrade yargs from 11.1.0 to 15.0.1 #90 from ahmadnassri/tap-11.1.1-4.0.0
• efa830a Update tap from 10.7.3 to 11.1.1

See the full diff

Package name: istanbul

The new version differs by 72 commits.

• 89e338f 0.4.5
• 7efe4dc update changelog, contributors
• da79378 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #673 from popomore/swap-fileset-for-glob
• 58f4c90 swap fileset for glob
• fef889b Merge pull request [Snyk] Security upgrade qs from 0.6.6 to 6.0.4 #657 from djorg83/master
• 91bb666 log filename when file fails to parse using esprima
• 5dbd62c 0.4.4
• 5642fb4 Update changelog, contributors
• f4195bb Merge pull request [Snyk] Fix for 13 vulnerabilities #507 from Victorystick/es-modules-support
• c521035 Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 #628 from inversion/use-tmp-dir
• 66fffdc Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 7.21.0 #597 from JamesMGreene/patch-1
• dfcab10 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #627 from a0viedo/patch-1
• abec3ae Merge pull request [Snyk] Security upgrade @google-cloud/profiler from 2.0.2 to 4.1.3 #625 from ChALkeR/tmpdir
• a9aaf53 tmp dir setting was being ignored in TmpStore
• 522f465 link build badge to master branch
• 0b5e80d use os.tmpdir() instead of os.tmpDir()
• 5069661 Set "medium" coverage CSS color scheme to yellow
• 0e8c350 Merge pull request [Snyk] Fix for 10 vulnerabilities #587 from clickthisnick/chore-remove-trailing-spaces
• fc3ba35 0.4.3
• b3de106 Update changelog, contributors
• bb5b6e1 Merge pull request [Snyk] Fix for 4 vulnerabilities #579 from jtangelder/fix-colors
• 0411600 return plain string when an invalid clazz is given
• a556a5e Merge pull request [Snyk] Fix for 10 vulnerabilities #552 from abejfehr/patch-1
• 369ed49 Merge pull request [Snyk] Security upgrade rack-protection from 1.5.3 to 1.5.3 #545 from pra85/patch-1

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (fix: bump nodejs-parser to 1.52.4 attempt 2 snyk/cli#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons (Synchronizing CLI help from user-docs snyk/cli#4912)
• 41567df Support prefers-color-scheme: dark (chore: apply refactorings from a previous PR snyk/cli#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (feat: build windows and linux binaries with fips enabled Microsoft Go Fork snyk/cli#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (fix: update snyk-iac-capture now allowing to upload valid empty states snyk/cli#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (chore: remove smoke-tests.yml from github actions snyk/cli#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (Synchronizing CLI help from user-docs snyk/cli#4878)
• 2b98521 docs: replace 'git.io' short links (feat: add options for snyk sbom snyk/cli#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix (Synchronizing CLI help from user-docs snyk/cli#4876)
• f6695f0 chore(esm): remove code for Node v12 (chore: asset classification snyk/cli#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (feat: renew windows code signing certificate snyk/cli#4872)
• b863359 docs: fix 'fgrep' url (chore: update Go version to 1.21.1 snyk/cli#4873)
• baaa41a chore(ci): ignore changes to docs files (Feat: improved oauth support snyk/cli#4871)
• ac81cc5 refactor!: drop support of 'growl' notification (chore: set Node compatibility version to >=16 snyk/cli#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (fix: fix wrong project name change snyk/cli#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' (chore: remove unnecessary install snyk/cli#4863)
• b7b849b refactor!: remove deprecated Runner signature (chore: Make license script used in build more portable snyk/cli#4861)
• 0608fa3 chore(site): fix supporters' download (fix: updated snyk-python-plugin package version snyk/cli#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (feat: use gw routing for code snyk/cli#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (feat: updated integrated iac naming snyk/cli#4856)

See the full diff

Package name: standard

The new version differs by 232 commits.

• 39a54d3 6.0.0
• 3afcc2c CHANGELOG.md for 6.0.0
• 0b71b07 eslint-plugin-promise@1.0.8
• 4b725bd lock to latest deps
• 0a9a77b eslint-config-standard@5.0.0
• 48fb60c add eslint-config-standard-jsx
• 8802ea7 run standard on ourselves
• 6fbd66d test: add --disabled flag to run disabled tests
• 910eaa5 depend on eslint-plugin-promise
• f0d1983 Remove React-specific rules (fixes [Snyk] Security upgrade cookie-session from 1.1.0 to 1.3.0 #351)
• 8a095f1 readme: add one more gotcha
• fbb66c4 package.json
• 44b551a remove one more usage of `win-spawn`
• f1ad085 eslint@^2.0.0-rc.0
• 1cdd9f5 clone test: ignore git output
• 22971ce use cross-spawn-async
• 3e2001d add standard-format instructions to --format
• 60d4a87 install babel in dev-deps for test repos that need it
• 134de73 use standard-packages@3
• f149307 cleanup
• 3c86923 remove standard-format. fixes [Snyk] Fix for 1 vulnerabilities #340
• 9b3a14d test: add --quiet option
• c59a55c test: test 500+ standard packages
• cb625b4 test: add command line --help test

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn