[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/snyk-cocoapods-plugin

The new version differs by 9 commits.

• ad6d93a Merge pull request [Snyk] Security upgrade python from 3.7-slim to 3.8.18-slim #31 from snyk/fix/quote-args
• c73e049 fix: quote args
• eb1737c Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.8.18-slim #30 from snyk/chore/update-dependencies
• 94be128 chore: update dependencies
• 8df6ea6 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.12.0rc2-slim #29 from snyk/chore/move-to-circleci
• 99f3b0d chore: move to CircleCI
• 92f6b11 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.12.0b4-slim #27 from snyk/chore/update-co
• 82cd73f chore: fix lint
• 4182af2 chore: update co file

See the full diff

Package name: @snyk/snyk-hex-plugin

The new version differs by 15 commits.

• 95708c2 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.8-slim #25 from snyk/fix/quote-spawn-args
• e8dd2a3 fix: quote spawn args
• 86090ee Merge pull request [Snyk] Security upgrade configstore from 5.0.1 to 6.0.0 #23 from snyk/chore/fix-release-node-image
• 7d6fcb0 chore: fix node image for release step
• 7e06ca8 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.12.0b3-slim #22 from snyk/chore/bump-node-to-16
• 205bdfc chore: bump node version to 16
• 404fd22 Merge pull request [Snyk] Fix for 1 vulnerabilities #21 from snyk/chore/fix-lint-and-windows-tests
• cdc219a fix: use scoop instead of choco
• 882133e fix: change back to 2.4.0 windows orb
• 368a2ae fix: use windows 5.0.0 orb
• 43635cd chore: use elixir 1.13.3 in test
• d17cbc5 chore: try remove allow downgrade
• 11d403e chore: fix lint
• 1f4db02 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.12.0b1-slim #19 from snyk/chore/add-contributing
• ba911a8 chore: add CONTRIBUTING.md

See the full diff

Package name: snyk-docker-plugin

The new version differs by 54 commits.

• 434e588 Merge pull request feat: Add support for 'scratch' based docker images snyk/cli#463 from snyk/fix/quote-args
• d730d76 fix: quote spawn args
• 2b999b8 Merge pull request feat: add git metadata to monitor payload snyk/cli#462 from snyk/fix/do-not-trim-go-versions
• 9043afb fix: use full version of go modules in dep-graph
• 9cd135f test: update snapshots for dep-graph schema 1.3.0
• 6af6f1a Merge pull request fix: improve gzip compression of the payloads to handle some larger ones snyk/cli#461 from snyk/fix/go-filepath-determination
• ad14d23 fix: go binary file path determination
• 64ec975 Merge pull request #451 from snyk/fix/go-binary-project-names
• 7c1c91d test: add test for Go binary without PCLN table
• c5f889d fix: handle Go binaries from the Go distributions
• abd3f57 Merge pull request fix: handle PHP projects with interdependent packages snyk/cli#460 from snyk/fix/manifest-unknown-err
• 8165c0c Merge pull request #457 from snyk/feat/support-deleted-files
• d6c1c53 fix: amending condition for 'manifest unknown' errors
• b03fd7b Merge pull request feat: depGraph snyk-test for npm and yarn snyk/cli#459 from snyk/feat/MYC-41-return-content-sets-from-plugin
• 6232182 feat: return RedHat repositories with the scanResult
• 38e1c55 Merge pull request feat: updating nuget-plugin - add assets-project-name flag snyk/cli#458 from snyk/chore/windows-excutor-bump
• 7753f96 chore: bump windows executor
• 245a8b5 feat: support deleted files
• e0bed79 Merge pull request feat: Release improved project naming for csproj behind a flag snyk/cli#456 from snyk/fix/annotate-error
• 7aee68c fix: skip CGo binaries without PCLNTable
• 7963ff2 Merge pull request feat: new debug logs around plugin's inspect snyk/cli#453 from snyk/fix/python-scan-performance-improvements
• 2a5d559 fix: handle cyclic dependencies in python apps
• 03391a9 fix: improve python app analysis performance
• 34cf66e Merge pull request fix: do not fail if csproj not found snyk/cli#452 from snyk/test/fix-recurring-test

See the full diff

Package name: snyk-gradle-plugin

The new version differs by 24 commits.

• 46fb3e3 Merge pull request fix: Add missing CLI help text for docker remediation snyk/cli#240 from snyk/fix/escape-child-process-arguments
• bb1c1c7 fix: escape child process arguments
• f115e10 fix: identify projects by path (feat: '--gradle-sub-project' option to handle multip-project gradle snyk/cli#234)
• 9398d14 Merge pull request feat: docker base image remediation advice snyk/cli#238 from snyk/fix/rest-packages-path
• ce194cd fix: TS2304 cannot find name 'Blob'
• 6643455 chore: default to node 12 when performing lint
• aa86b13 fix: rest package path
• b3e2b00 test: add gradleProjectName (fix: update message for path with file name error snyk/cli#237)
• 84f728b Merge pull request chore: enable tslint no-default-export snyk/cli#236 from snyk/fix/remove-reachability
• 547d91b fix: remove reachability
• 9af47fc fix: don't fail if matching config doesn't exist (fix: bump snyk-python-plugin to 1.8.2 - to handle pip 18 snyk/cli#235)
• 90d2c57 Merge pull request Fix/alert if path with filename snyk/cli#232 from snyk/feat/use-best-practice-packages-route
• edef32e feat: use /rest/packages best practice Snyk REST API endpoint
• b855db9 fix: display more accurate error message (Fix/snyk resolve deps update snyk/cli#233)
• 9253f07 refactor: get target project (chore: js -> ts snyk/cli#231)
• 0ed9feb test: change name assertions to be exact (fix: move constants for test-unpublished to json and add it to packag… snyk/cli#230)
• 76ef3b0 Merge pull request Lockfile autodetection for test, wizard, protect and monitor snyk/cli#228 from snyk/fix/add-needle-types
• b8869f0 fix: add @ types/needle
• a4eb261 Merge pull request https://github.com/snyk/snyk/issues/225 snyk/cli#226 from snyk/feat/normalize-deps
• cad5070 feat: implement gradle-normalize-deps hash searching
• 3ea5ec1 fix: subproject with same name as root (fix: bump needle to ^2.2.4 to fix bug with node 8.12.0 snyk/cli#222)
• 79a8a08 fix: matching configuration error on version-catalog (Add yarn lock support snyk/cli#221)
• c1c2e41 feat: add debug logging for configs with failing resolvedConfiguration (feat: upgrade snyk-docker-plugin snyk/cli#218)
• d8b0a60 test: run pipeline tests on master branch (Add typescript snyk/cli#216)

See the full diff

Package name: snyk-mvn-plugin

The new version differs by 23 commits.

• 2bfb3e2 Merge pull request #141 from snyk/fix/quote-args
• 02cda9b fix: escape child process arguments
• 13c6f33 Merge pull request #140 from snyk/chore/update-readme
• 38010e0 chore: update supported node versions
• a52d276 Merge pull request #139 from snyk/chore/refactor-update-circleci-config
• 9325c10 chore: update circleci config to use matrix
• b5d1b31 Merge pull request #138 from snyk/fix/remove-reachability
• 0b968bb fix: remove reachability
• 41d2614 Merge pull request Fix/adding json option in help snyk/cli#137 from snyk/fix/unmanaged-scan-unknown-archives
• 033e55d fix: unmanaged scan unknown archives
• e3e6313 Merge pull request #136 from snyk/feat/maven-aggregate-project-option
• c1b44f5 feat: maven aggregate project option
• 7c4108e Merge pull request #135 from snyk/refactor/build-dep-graph
• 2105f20 refactor: build dep-graph
• 8908d19 Merge pull request #134 from snyk/refactor/parse-stdout
• f6aa59d refactor: parse stdout
• e5ce697 Merge pull request #133 from snyk/refactor/parse-digraph
• 28ab493 refactor: parse digraph output
• 734ee3d Merge pull request Add CodeTriage badge to snyk/snyk snyk/cli#131 from snyk/refactor/parse-dependency
• eccea58 refactor: parse dependency
• 1d66754 Merge pull request #132 from snyk/chore/upgrade-linter
• 533f137 chore: update nvmrc
• 0282044 chore: update linter

See the full diff

Package name: snyk-python-plugin

The new version differs by 6 commits.

• 6144e09 Merge pull request fix: adjust spacing on 'test' output snyk/cli#197 from snyk/fix/quote-spawn-args
• 8591abd fix: quote spawn args
• 43d4b85 Merge pull request chore: automate pkg assets publishing snyk/cli#192 from snyk/fix/support-pipenv-with-empty-packages
• a199379 fix: support pipenv empty packages
• 7938b02 Merge pull request #191 from snyk/chore/fix-broken-tests-and-bump-node-to-16
• 9aa61ba chore: fix broken tests and bump node to 16

See the full diff

Package name: snyk-sbt-plugin

The new version differs by 16 commits.

• 3e02fa4 Merge pull request #120 from snyk/fix/quote-args
• 99c09eb fix: escape child process arguments
• 63e5c44 Merge pull request [dont-merge] test: update proxyquire to 1.8.0 snyk/cli#118 from snyk/fix/scopekey-error-in-plugin-inspect
• 179e8c2 fix: filter out configs where isPublic is false
• 3aff460 Merge pull request #117 from snyk/chore/remove-redundant-files
• 07b8dad chore: remove redundant files from fixtures
• c1c8ba3 Merge pull request #115 from snyk/feat/relax-conditions-for-plugin-inspect
• 37e0114 feat: relax conditions for plugin inspect
• e451665 Merge pull request #114 from snyk/test/add-tests-for-latest-sbt-versions
• 24c0bc7 test: add tests for sbt 1.7.0
• 331f46b Merge pull request fix: add proxy support snyk/cli#112 from snyk/chore/add-debug-logs
• 4358d57 chore: add debug logs
• ef3f1f6 Merge pull request #111 from snyk/fix/reduce-sbt-output
• 735776e fix: reduce scala script output size
• 0c104cb Merge pull request #108 from snyk/test/sbt-1.7.0
• 05c1bc1 test: support for sbt v.1.7.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.