[Snyk] Fix for 23 vulnerabilities

[civilizador]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chai-http

The new version differs by 24 commits.

• a3715c4 4.4.0
• 83f4f9e build
• ce9866f Dependency updates to fix security vulnerabilities (#306)
• dbba17c ci: update npm token (#289)
• 0c2c350 docs: add badges to the README
• be1d005 ci: don't run publish-npm job unless push
• 0e78cee build(dev-deps): update semantic-release packages to latest versions
• ee4952e docs: update README examples to modern syntax
• 233118b feat: drop support for node < 10
• 04ebb3d ci: update release token (#287)
• edb5bca docs: add auth example with Bearer Token (#282)
• 56e15ff ci: install node deps before release (#285)
• 55c0e80 ci: use correct `event_name` property (#284)
• c34b299 ci: correctly template github event in `if` condition for release (#283)
• 4a196eb feat(deps): update superagent to ^6.1.0 (#281)
• 601854f Build: Use GitHub Actions for CI/CD (#255)
• 50d9db4 feat: add charset assertion (#253)
• 7f5f260 docs: add extended request method explanations (#256)
• 7f9a8a5 ci: build before release, commit assets, remove .npmrc (#252)
• 9a99ed4 Merge pull request #250 from chaijs/ci/fix-tokens
• cfd84e3 ci: add secure variables to release stage
• da01dba ci: add semantic-release, update ci (#248)
• 799f668 4.3.0
• 9b8fea3 feat: configures redirectTo to accept regex

See the full diff

Package name: mocha

The new version differs by 33 commits.

• 86cd699 Release v6.1.2
• 2e8f31f update CHANGELOG for v6.1.2
• 9b516bf Release v6.1.1
• 9e138b1 update CHANGELOG for v6.1.1 [ci skip]
• d7de948 Set eol for publishing
• f4fc95a Release v6.1.0
• bd29dbd update CHANGELOG for v6.1.0 [ci skip]
• aaf2b72 Use cwd-relative pathname to load config file (#3829)
• b079d24 upgrade deps as per npm audit fix; closes #3854
• e87c689 Deprecate this.skip() for "after all" hooks (#3719)
• 81cfa90 Copy Suite property "root" when cloning; closes #3847 (#3848)
• 8aa2fc4 Fix issue 3714, hide pound icon showing on hover header on docs page (#3850)
• 586bf78 Update JS-YAML to address security issue (#3845)
• d1024a3 Update doc examples "tests.html" (#3811)
• 1d570e0 Delete "/docs/example/chai.js"
• ade8b90 runner.js: "self.test" undefined in Browser (#3835)
• 0098147 Replace findup-sync with find-up for faster startup (#3830)
• d5ba121 Remove "package" flag from sample config file because it can only be passes as CLI arg (#3793)
• a3089ad update package-lock
• 75430ec Upgrade yargs-parser dependency to avoid loading 2 copies of yargs
• ca9eba6 guard against undefined timeout option in constructor; closes #3813
• 735161f MarkdownMagic script updates (#3815)
• e654253 update yargs; closes #3742
• b27bc60 Add autoprefixer to documentation page CSS

See the full diff

Package name: nodemon

The new version differs by 42 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of chokidar@2.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn