[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hbs

The new version differs by 88 commits.

• 7a0da80 v4.1.1
• 0647f9b deps: handlebars@4.7.6
• 3cc3455 deps: handlebars@4.7.3
• 07d4acc build: mocha@7.1.1
• 0717195 build: eslint-plugin-markdown@1.0.2
• da7edaf tests: add test for typical model usage
• a9dbdc2 build: mocha@7.1.0
• 8640b2d build: eslint@6.8.0
• 2fb94e0 build: Node.js@12.16
• 74e5568 build: Node.js@10.19
• da05674 lint: apply to readme
• 504a635 build: mocha@7.0.1
• 55df109 v4.1.0
• 54780a9 build: remove deprecated mocha.opts
• 42e5550 build: nyc@15.0.0
• 04ff393 build: mocha@7.0.0
• 57a2086 deps: handlebars@4.5.3
• 00b0449 build: Node.js@12.14
• 0d99d08 build: Node.js@10.18
• e49d614 build: Node.js@8.17
• c3f0070 build: Node.js@10.17
• b3252a3 deps: handlebars@4.4.5
• 7f9133b docs: fix history formatting
• 5b74831 build: Node.js@12.13

See the full diff

Package name: http-server

The new version differs by 86 commits.

• e6f6358 0.12.0
• fee644f fix repo urls
• cd0bbc8 SSL Certificate Checking and Grammar Fixes (Not able to select new tab opened and continue testing cypress-io/cypress-example-recipes#479)
• 3c5dfc6 Test on osx (Examples matching URL cypress-io/cypress-example-recipes#576)
• 9fa7e93 Merge pull request #575 from http-party/update-readme-badges
• 6b2fe25 test on osx
• 0f65fc6 update readme badges to use new repo
• a306ebc Merge pull request Sometimes CSS interception works, sometimes does not cypress-io/cypress-example-recipes#573 from Xmader/test-on-windows
• 9a0f64f force to use ecstatic v3.3.2 in tests (chore(deps): update dependency cypress to version 5.4.0 🌟 (minor) cypress-io/cypress-example-recipes#574)
• 5f06ac8 bump ecstatic in package.json to ^3.3.2
• f96fc99 Merge branch 'master' into test-on-windows
• c1ea830 do a hacky workaround directly to the http-server package to fix… (extend recipe to download JS and TXT files cypress-io/cypress-example-recipes#569)
• e708c79 force to install ecstatic v3.3.2 in tests
• 8028337 force to check out files with LF EOL
• 3addf09 test on Windows
• a2e7721 Merge branch 'master' into hacky-fix
• 6260536 Merge pull request chore(deps): update dependency @cypress/browserify-preprocessor to version 3.0.1 🌟 (major) - autoclosed cypress-io/cypress-example-recipes#510 from ebiiim/patch-1
• dbf4881 -t flag to control timeout (Add 'Community Recipes' table with links to other repositories using cypress cypress-io/cypress-example-recipes#295)
• 901ca49 Merge pull request Noticed that Cypress v5.1.0 broke iframe spy on fetch test cypress-io/cypress-example-recipes#557 from epugh/master
• a0db8f9 add process title (feat: Add TypeScript example. cypress-io/cypress-example-recipes#515)
• da111d6 Update travis node versions (Updated for 4.9.0 release cypress-io/cypress-example-recipes#507)
• afb8f4f Merge pull request add tests for select2 with remote data source cypress-io/cypress-example-recipes#516 from http-party/specify_engines
• de7cf70 Merge branch 'master' into update-travis-node-versions
• 1755478 Merge pull request chore: Skip broken download spec cypress-io/cypress-example-recipes#572 from Xmader/fix-tests

See the full diff

Package name: json-server

The new version differs by 79 commits.

• a703fc1 Update CHANGELOG.md
• 4d1ffa1 0.15.0
• 84b0409 Update CHANGELOG.md
• b3865fe Update CHANGELOG.md
• 8670992 Update homepage
• 13a0657 Add postinstall
• a843cf1 Update homepage
• 6da9597 Update README.md
• 5870c1c Update .travis.yml
• ddd1517 Require Node 8
• 47392e0 Upgrade dependencies
• ff9e4e2 Update dependencies
• a58af99 Use vanilla JS for the homepage
• 18e6969 Update README.md
• c491af7 Update README.md
• 03e541a Update README.md
• 596b260 Update README.md
• 93e4011 Update README.md
• d1f9940 Update README.md
• c544add Update README.md
• 96391a3 Update README.md
• 94611a0 Update README.md (#910)
• 4427141 0.14.2
• 59bac68 Merge branch 'master' of https://github.com/typicode/json-server

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic