[Snyk] Fix for 7 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/pkg-SC-1472/node_modules/debug/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma

The new version differs by 105 commits.

• 1b48637 chore(release): 5.0.0 [skip ci]
• a5dbe89 Update issue templates (test: fix broken test after security URL change snyk/cli#3460)
• 1074f38 chore(ci): rely on karma-runnre/integration-tests for saucelabs config ([Snyk-dev] Security upgrade got from 3.3.1 to 11.8.5 snyk/cli#3462)
• 4d45cf0 chore(ci): remove more old connection security stuffs (fix: fix broken test after security URL change snyk/cli#3459)
• be76fcc chore(ci): use travis UI for sauce config (#3458)
• a04a542 chore(ci): remove secure encryption var ([Snyk] Security upgrade python from 3.8-slim to 3.9-slim snyk/cli#3457)
• 1eaf35e fix: install semantic-release as a regular dev dependency (#3455)
• 0647109 docs: Fix simple typo, overriden -> overridden (feat: add --remote-repo-url to "iac test" snyk/cli#3453)
• ec1e69a fix(server): replace optimist on yargs lib (feat: Add support for severity threshold [CFG-1991] snyk/cli#3451)
• ffad7fa refactor(launcher): use class syntax (feat: OS CLI output part I - update severity headline +test snyk/cli#3437)
• 7166ce2 fix(server): detection new MS Edge Chromium (feat: bump snyk-iac-test version snyk/cli#3440)
• b8b2ed8 fix(ci): echo travis env that gates release after_success (fix: bump snyk docker plugin version golang fixes snyk/cli#3446)
• 33a069f refactor: use native Promise instead of Bluebird (chore: cleanup iac custom rules analytics [CFG-1144] snyk/cli#3436)
• 131d154 refactor: drop safe-buffer dependency in favor of native Buffer (fix: always show path names of invalid IaC files snyk/cli#3438)
• cb1bcbf fix(server): cleanup import of the removed method (Update driftctl to v0.35 snyk/cli#3439)
• 5c334f5 fix(server): createPreprocessor was removed (Synchronizing CLI help from user-docs snyk/cli#3435)
• d7128d4 refactor(server): remove PromiseContainer class (refactor: Remove white texts from IaC test output snyk/cli#3416)
• 057d527 feat(docs): document `DEFAULT_LISTEN_ADDR` constant (chore: upgrade snyk-iac-test snyk/cli#3443)
• a673aa8 ci: drop node 8, adopt node 12 (chore: Authentication negotiation for Kerberos snyk/cli#3430)
• 9eb6436 chore(server): Convert PromiseContainer to object and remove ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 snyk/cli#3401)
• 0856234 chore(travis): release on node 10 success ([NEBULA-635] chore: bump code-client version snyk/cli#3428)
• 708ae13 feat(preprocessor): obey Pattern.isBinary when set (fix: docker/Dockerfile.python-3.6 to reduce vulnerabilities snyk/cli#3422)
• 00d536f chore(test): logLevel debug in proxy test (chore: snyk-iac-test checksum snyk/cli#3427)
• da9d8bd chore(docs): delete PULL_REQUEST_TEMPLATE.md

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: xo

The new version differs by 192 commits.

• ab16df2 0.42.0
• de55a03 Upgrade dependencies
• 34800b7 Upgrade `globby` ([Snyk] Security upgrade lodash from 4.17.13 to 4.17.21 #574)
• f81e933 Re-enable `import/newline-after-import` rule
• 47af93e 0.41.0
• af93e79 Upgrade dependencies
• 0733cc5 Fix code style ([Snyk] Security upgrade semver from 2.3.2 to 4.3.2 #570)
• ab17a3c Lint `.cjs` files in codebase ([Snyk] Security upgrade snyk from 1.101.1 to 1.465.0 #569)
• 0a752c7 Update dependencies ([Snyk] Security upgrade qs from 0.6.6 to 6.0.4 #568)
• 41c8f39 Convert project to module ([Snyk] Security upgrade minimatch from 3.0.0 to 3.0.2 #566)
• b3c5e15 Fix typo ([Snyk] Fix for 4 vulnerabilities #567)
• 2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Security upgrade jsonpointer from 2.0.0 to 5.0.0 #565)
• 41f0484 0.40.3
• 374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Security upgrade semver from 2.3.2 to 4.3.2 #561)
• 3e7b77c Remove some needless imports ([Snyk] Fix for 48 vulnerabilities #560)
• 6adf459 Remove `update-notifier`
• b6389ef 0.40.2
• 7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Security upgrade django from 1.6.1 to 3.2.15 #557)
• 7629ce0 0.40.1
• d2c5750 Properly resolve base config ([Snyk] Security upgrade rack-protection from 1.5.3 to 1.5.3 #545)
• e9c96a1 Properly handle `parserOptions` ([Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #544)
• 8e1801c Avoid destructuring and just build the expected object once ([Snyk] Fix for 5 vulnerabilities #538)
• 4cfdc72 Fix CI
• 56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)