[Snyk] Fix for 21 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/har-validator/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	486/1000 Why? Mature exploit, Has a fix available, CVSS 2	Prototype Pollution SNYK-JS-MERGE-72553	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: echint

The new version differs by 97 commits.

• 7f95cd5 build(cricle): remove node7
• aa279e8 build(scripts): fix npm scripts
• 56fe10c build(scripts): update npm scripts
• cb3e093 build(circle): correct test requirements
• ed2b729 docs(readme): update badges
• cc52dcd build(circle): switch to circle ci
• d922484 fix(dependencies): update dependencies
• 8d3ad9c chore(deps): update dependency tap to v12.6.0 ([Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #108)
• cd40b85 fix(deps): update dependency dotenv to v7 ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #109)
• a44731e fix(deps): update dependency lintspaces to v0.6.3 ([Snyk] Security upgrade django from 1.6.1 to 1.8.16 #100)
• b67e145 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #107 from ahmadnassri/renovate/tap-12.x
• b536e52 chore(deps): update dependency tap to v12.5.3
• 73f1d00 Merge pull request [Snyk] Security upgrade snyk-docker-plugin from 4.21.3 to 4.25.1 #103 from ahmadnassri/renovate/dotenv-6.x
• e7b40c4 fix(deps): update dependency dotenv to v6
• f1fc3c8 Merge pull request [Snyk] Security upgrade bl from 0.9.5 to 1.2.3 #101 from ahmadnassri/renovate/tap-12.x
• 2a18afd chore(deps): update dependency tap to v12
• 329106f Merge pull request [Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #106 from LinusU/prefer-const
• 9cabe96 Prefer const over let
• 5398f97 build(renovate): replace dependencies.io with Renovate app
• 6c99cd6 Merge pull request [Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #95 from ahmadnassri/tap-11.1.3-33.0.0
• f2dfaca Update tap from 11.1.1 to 11.1.3
• 5cf03f7 Merge pull request [Snyk] Security upgrade yargs from 11.1.0 to 15.0.1 #87 from ahmadnassri/lintspaces-0.6.0-1.0.0
• 547c589 Merge pull request [Snyk] Security upgrade yargs from 11.1.0 to 15.0.1 #90 from ahmadnassri/tap-11.1.1-4.0.0
• efa830a Update tap from 10.7.3 to 11.1.1

See the full diff

Package name: istanbul

The new version differs by 72 commits.

• 89e338f 0.4.5
• 7efe4dc update changelog, contributors
• da79378 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #673 from popomore/swap-fileset-for-glob
• 58f4c90 swap fileset for glob
• fef889b Merge pull request [Snyk] Security upgrade qs from 0.6.6 to 6.0.4 #657 from djorg83/master
• 91bb666 log filename when file fails to parse using esprima
• 5dbd62c 0.4.4
• 5642fb4 Update changelog, contributors
• f4195bb Merge pull request [Snyk] Fix for 13 vulnerabilities #507 from Victorystick/es-modules-support
• c521035 Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 #628 from inversion/use-tmp-dir
• 66fffdc Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 7.21.0 #597 from JamesMGreene/patch-1
• dfcab10 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #627 from a0viedo/patch-1
• abec3ae Merge pull request [Snyk] Security upgrade @google-cloud/profiler from 2.0.2 to 4.1.3 #625 from ChALkeR/tmpdir
• a9aaf53 tmp dir setting was being ignored in TmpStore
• 522f465 link build badge to master branch
• 0b5e80d use os.tmpdir() instead of os.tmpDir()
• 5069661 Set "medium" coverage CSS color scheme to yellow
• 0e8c350 Merge pull request [Snyk] Fix for 10 vulnerabilities #587 from clickthisnick/chore-remove-trailing-spaces
• fc3ba35 0.4.3
• b3de106 Update changelog, contributors
• bb5b6e1 Merge pull request [Snyk] Fix for 4 vulnerabilities #579 from jtangelder/fix-colors
• 0411600 return plain string when an invalid clazz is given
• a556a5e Merge pull request [Snyk] Fix for 10 vulnerabilities #552 from abejfehr/patch-1
• 369ed49 Merge pull request [Snyk] Security upgrade rack-protection from 1.5.3 to 1.5.3 #545 from pra85/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn