[Snyk] Fix for 1 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: os-name

The new version differs by 14 commits.

• 238cb59 3.0.0
• 41930d4 Meta tweaks
• c716329 Require Node.js 6 and upgrade dependencies ([Snyk] Upgrade @typescript-eslint/eslint-plugin from 2.18.0 to 2.34.0 #5)
• c4903a3 2.0.1
• b1467b0 fix typo ([Snyk] Upgrade @types/jest from 26.0.20 to 26.0.23 #4)
• 3f689ba 2.0.0
• bddafa5 extract the CLI into a separate module
• 7d4fb7c add support for macOS Sierra
• 312164f meta tweaks
• 4832474 tweaks
• e7e609b simplify cli help creation
• ebf5f7b use `meow` in the CLI
• d429a84 minor package.json tweaks
• c46ff52 Update .travis.yml

See the full diff

Package name: restify

The new version differs by 250 commits.

• 2053ef6 chore(master): release 10.0.0
• 3f94e4f chore: upgrade release-please (please work)
• c21f6a8 chore: remove wrong link from CHANGELOG.md
• 5795223 feat!: support v18.x
• f384900 chore: Update example to allow downgrading to http1
• fa52f60 feat: bump dtrace-provider version to avoid MacOS errors
• e911d17 chore: upgrade send@^0.18.0
• c9e5dfd chore: upgrade mime@^3.0.0
• 15b8458 chore: upgrade semver@^7.0.0
• 1e25d31 chore: upgrade pidusage@^3.0.0
• 70370d9 chore: upgrade pino@^8.0.0
• de36103 chore: upgrade lru-cache@^7.0.0
• c944080 chore: upgrade uuid@^9.0.0
• 50bfac7 chore: upgrade csv@^6.0.0
• 638930c chore(examples): delete bench example in favor of the benchmark script
• a70880e chore(examples): update socket.io
• 23a80ae chore(examples): update todoapp
• 7228b94 chore: bump find-my-way to ^7.2.0
• caba351 updated package.json [ci skip]
• bf2e42a updated CHANGELOG.md [ci skip]
• c15111f chore: drop support for EOL Node.js versions
• d052b7c feat: deprecate req.closed
• 839fb4a chore: bump version of http-signature to ^1.3.6 ([Snyk] Security upgrade django from 1.6.1 to 1.6.3 #1889)
• cc483e0 chore: remove travis and update github ci ([Snyk] Security upgrade node-uuid from 1.4.0 to 1.4.8 #1878)

See the full diff

Package name: semantic-release

The new version differs by 250 commits.

• 3739ab5 fix(package): update env-ci to version 5.0.0
• 11665b2 chore(package): update dependencies
• 0785a84 fix: update plugin versions
• 152bf45 Merge remote-tracking branch 'origin/beta'
• 3ba8f2a Merge remote-tracking branch 'origin/master' into beta
• a8c747d feat: pass `envi-ci` values to plugins context
• fc70726 chore: add Mockserver generated file to gitignore
• fc7205d fix: correctly display command that errored out in logs
• 9772563 fix: look also for previous prerelease versions to determine the next one
• 61665be fix: correct log when adding channel to tag
• a8747c4 fix: verify is branch is up to date by comparing remote and local HEAD
• 9a1af4d fix: remove unnecessary `await`
• 9ecc7a3 fix: increase next version on prerelease branch based on highest commit type
• c16fcc9 Merge branch 'master' into beta
• a373f8b ci: use Travis import to share config across organization
• 0716a45 feat: require Node.js >=10.13
• 916c268 feat: allow to release any version on a branch if up to date with next branch
• 534c0db Merge branch 'master' into beta
• ec54c0b test: fix calls to `fetch` in tests
• cbef9d1 fix: modify fetch function to handle CircleCI specifics
• ecc4e66 docs: clarify GitLab CI/CD protected variable usage
• b2c1b2c feat: use Git notes to store the channels on which a version has been released
• 29d6b5d build: remove `.github/airtable-crm.yml`
• 2caafba fix: add a flag indicate which branch is the main one

See the full diff

Package name: semver

The new version differs by 168 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease ([Snyk] Security upgrade minimatch from 3.0.0 to 3.0.2 #566)
• 5c8efbc fix: preserve build in raw after inc ([Snyk] Security upgrade jsonpointer from 2.0.0 to 5.0.0 #565)
• 717534e fix: better handling of whitespace ([Snyk] Security upgrade minimist from 0.0.8 to 1.2.6 #564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 ([Snyk] Security upgrade django from 2.0.1 to 3.2.15 #558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error ([Snyk] Security upgrade aiohttp from 2.2.2 to 3.8.0 #559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([Snyk] Fix for 10 vulnerabilities #555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message ([Snyk] Fix for 10 vulnerabilities #552)
• 503a4e5 feat: allow identifierBase to be false ([Snyk] Fix for 61 vulnerabilities #548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions ([Snyk] Fix for 3 vulnerabilities #546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare ([Snyk] Fix for 10 vulnerabilities #547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD ([Snyk] Security upgrade rack-protection from 1.5.3 to 1.5.3 #545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 ([Snyk] Fix for 5 vulnerabilities #538)
• aa516b5 fix: faster parse options ([Snyk] Fix for 1 vulnerabilities #535)
• 61e6ea1 fix: faster cache key factory for range ([Snyk] Security upgrade marked from 0.3.6 to 4.0.10 #536)
• f8b8b61 fix: optimistic parse ([Snyk] Fix for 5 vulnerabilities #541)
• 796cbe2 fix: semver.diff prerelease to release recognition ([Snyk] Fix for 1 vulnerabilities #533)
• 3f222b1 fix: reuse comparators on subset ([Snyk] Security upgrade debug from 2.2.0 to 2.6.9 #537)
• 113f513 feat: identifierBase parameter for .inc ([Snyk] Fix for 1 vulnerabilities #532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: snyk-policy

The new version differs by 73 commits.

• cc835cc Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.18 #48 from snyk/feat/semver-7
• 5a70662 feat: upgrade semver to 7
• 76b7ffc Merge pull request [Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #44 from snyk/feat/drop-then-fs-2
• 74df76d feat: bump snyk deps to pick up then-fs drops
• 14b204a Merge pull request [Snyk] Security upgrade node from 12 to 16.6.0 #45 from snyk/feat/update_node+_version
• 3303d2a feat: move policy to node 8
• a4aead4 Merge pull request [Snyk] Security upgrade sqlite3 from 3.0.8 to 4.0.0 #43 from snyk/feat/drop-then-fs
• 43d6ec1 feat: swap out then-fs for promise-fs
• dec6970 Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 7.0.0 #41 from snyk/feat/prettier-dev
• 371ffc4 feat: prettier is a dev dependency
• 5a50d0e Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 5.6.0 #40 from snyk/feat/module
• 290a166 feat: bump snyk-module (no more node 6)
• 19ec76a Merge pull request [Snyk] Security upgrade knex from 0.7.3 to 0.19.5 #37 from snyk/chore/prettier
• 1e7f331 chore: prettier
• 997351c chore: intellij's var2const
• b143a76 Merge pull request [Snyk] Security upgrade open from 0.0.5 to 6.0.0 #36 from snyk/chore/update_patch_fixture_urls
• eef4096 chore: Update fixtures to correct patch urls
• 8ca0f2f Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.2 #35 from snyk/chore/debug
• 1ee77b9 fix: upgrade debug and skip some logging
• d261c06 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.1 #34 from snyk/feat/upgrade-module
• b5c1020 feat: remove @* logic so we hit the fast path
• f1bd932 feat: upgrade snyk-module
• 6f3b8ff Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 4.2.5 #32 from snyk/chore/add-codeowners
• 286c556 chore: add codeowners file

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: update-notifier

The new version differs by 102 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version ([Snyk] Security upgrade django from 2.0.1 to 2.2.27 #192)
• 132b7ce Remove a project from "Users" section ([Snyk] Security upgrade django from 1.6.1 to 2.2.27 #191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output ([Snyk] Security upgrade python from 3.6-slim to 3.7.12-slim #183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option ([Snyk] Security upgrade marked from 0.3.6 to 4.0.10 #175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option ([Snyk] Security upgrade django from 1.6.1 to 2.2.26 #158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest ([Snyk] Security upgrade marked from 0.3.5 to 4.0.10 #174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)