[Snyk] Fix for 1 vulnerabilities

[nathan-snyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/dep-graph

The new version differs by 25 commits.

• b0ad714 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#58 from snyk/fix/bump-deps
• 315b5d4 fix: Bump dependencies
• d95baaa Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#56 from snyk/fix/lodash-patch-version
• c1c61d9 fix: patch lodash using @ snyk/lodash
• 9b45ff1 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#55 from snyk/chore/prettier
• cd86302 chore: format the code with prettier
• 4f00999 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#54 from snyk/fix/node-engine-version
• 094a43d fix: package.json: update min supported node to 8
• 5162b82 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#53 from snyk/feat/drop-node-6-support
• f5f494e feat: drop Node 6 support
• 62b0ff5 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#52 from snyk/fix/unexisting-lodash-version
• dfcdf58 fix: unexisting lodash version
• 826f27b Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#51 from snyk/feat/scratch-image-support
• 06e55b3 feat: graph-to-tree: set `.targetOS` also for `linux` pkg-manager
• 24f0506 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#50 from snyk/fix/fix-label-pruning-bug
• c6f41ba fix: Fix label instance reuse bug during pruning
• 2cb43d5 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#49 from snyk/feat/directDepsLeadingTo
• 0fa0136 feat: add directDepsLeadingTo public method
• fc9ff9a Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#46 from snyk/feat/update-tests-and-types
• 2a7e541 test: fix comparisons of PkgInfo arrays
• 9e42e65 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#45 from snyk/feat/expose-node-info
• 6b6336b test: helpers.depTreesEqual checks labels & provenance
• 0786b06 feat: getPkgNodes(pkg) to get package nodes data
• 3c133ff feat: clarify Pkg.version type (undefined instead of null)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: nock

The new version differs by 234 commits.

• 11dba99 fix (feat: initial snyk-fix package setup & loadPlugin functionality snyk/cli#1659)
• bf1d7d6 test: Clarify that cleanAll removes persistent mocks (feat: add init-script argument to CLI for gradle snyk/cli#1647)
• e661d0d bug(recorder): replace qs lib with native querystring. (fix: bump snyk-python-plugin snyk/cli#1653)
• 05ae31e Refactor lifecycle tests using got / async (feat: execute all tests with lerna to test all packages snyk/cli#1646)
• 26fc08f Async Reply functions (always emit errors) (fix: gradle 5.4 Java 11 Dockerfile npm install snyk/cli#1596)
• 35221ce refactor: overhaul body and query matching (Added init-script to the monitor command options snyk/cli#1632)
• 88e85ac fix: trigger release (feat: Don't open browser auth if inside container snyk/cli#1645)
• e744b0a bug: handle content-type request headers when arrays
• 87cac20 refactor: default function arguments (Feat/add snyk code test support snyk/cli#1640)
• 9c504f6 refactor: default options on recorder, remove dead code ([Snyk] Upgrade snyk-policy from 1.14.1 to 1.19.0 snyk/cli#1641)
• ad264cb test: change tests to use test domain (feat: drop node 8 support snyk/cli#1639)
• 4a4b8ec feat(overrider): added support for header modifications before end()
• 213014b Display the badge correctly (#1637)
• df1a5cd refactor: Convert Scope to a class (Introduce release notes generation snyk/cli#1636)
• 3bdadef refactor: Convert Socket to a class (#1635)
• 08b1b6b refactor: Convert DelayedBody to a class (Replace lodash with lodash subpackages snyk/cli#1634)
• f385edd Advertise and enforce 100% coverage, drop Coveralls (#1633)
• 60a055b refactor(interceptor): separate hostname matching
• 2a54482 feat(interceptor): duplicate query calls throw (feat: Show auto detected user instructions in 'container test' output snyk/cli#1630)
• f015929 chore(deps): bump lodash from 4.17.11 to 4.17.13 (feat: add Visual Studio as an official integration snyk/cli#1629)
• c78ceb3 Clean up some more hostnames in tests (feat: update critical sev colour snyk/cli#1627)
• a2208d1 feat(interceptor): duplicate query keys throw
• 880224a refactor: Scope.pendingMocks
• a201ac0 test(socket): add coverage for timeout without a callback

See the full diff

Package name: os-name

The new version differs by 4 commits.

• 3bd71d6 4.0.0
• a1adfb8 Require Node.js 10
• 6e18891 Tidelift tasks
• 4de9adc Create funding.yml

See the full diff

Package name: restify

The new version differs by 250 commits.

• 2053ef6 chore(master): release 10.0.0
• 3f94e4f chore: upgrade release-please (please work)
• c21f6a8 chore: remove wrong link from CHANGELOG.md
• 5795223 feat!: support v18.x
• f384900 chore: Update example to allow downgrading to http1
• fa52f60 feat: bump dtrace-provider version to avoid MacOS errors
• e911d17 chore: upgrade send@^0.18.0
• c9e5dfd chore: upgrade mime@^3.0.0
• 15b8458 chore: upgrade semver@^7.0.0
• 1e25d31 chore: upgrade pidusage@^3.0.0
• 70370d9 chore: upgrade pino@^8.0.0
• de36103 chore: upgrade lru-cache@^7.0.0
• c944080 chore: upgrade uuid@^9.0.0
• 50bfac7 chore: upgrade csv@^6.0.0
• 638930c chore(examples): delete bench example in favor of the benchmark script
• a70880e chore(examples): update socket.io
• 23a80ae chore(examples): update todoapp
• 7228b94 chore: bump find-my-way to ^7.2.0
• caba351 updated package.json [ci skip]
• bf2e42a updated CHANGELOG.md [ci skip]
• c15111f chore: drop support for EOL Node.js versions
• d052b7c feat: deprecate req.closed
• 839fb4a chore: bump version of http-signature to ^1.3.6 (chore: Enforce minimum npm version snyk/cli#1889)
• cc483e0 chore: remove travis and update github ci (fix: propagate argument to all modules snyk/cli#1878)

See the full diff

Package name: semver

The new version differs by 140 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease ([Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 EitanGayor/monorepo_demo#566)
• 5c8efbc fix: preserve build in raw after inc ([Snyk] Security upgrade snyk from 1.101.1 to 1.1064.0 EitanGayor/monorepo_demo#565)
• 717534e fix: better handling of whitespace ([Snyk] Fix for 6 vulnerabilities EitanGayor/monorepo_demo#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 ([Snyk] Security upgrade testem from 0.8.3 to 0.9.10 EitanGayor/monorepo_demo#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error ([Snyk] Security upgrade ember-cli from 0.2.7 to 3.5.0 EitanGayor/monorepo_demo#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([Snyk] Security upgrade django from 1.6.1 to 2.2.28 EitanGayor/monorepo_demo#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#552)
• 503a4e5 feat: allow identifierBase to be false ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#538)
• aa516b5 fix: faster parse options ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#535)
• 61e6ea1 fix: faster cache key factory for range ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#536)
• f8b8b61 fix: optimistic parse ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#541)
• 796cbe2 fix: semver.diff prerelease to release recognition ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#533)
• 3f222b1 fix: reuse comparators on subset ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#537)
• 113f513 feat: identifierBase parameter for .inc ([Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: snyk-docker-plugin

The new version differs by 250 commits.

• 2e95b32 Merge pull request [Snyk] Security upgrade flask from 0.12.2 to 0.12.3 EitanGayor/monorepo_demo#327 from snyk/feat/bump-semver
• 860cca7 Merge pull request [Snyk] Security upgrade bower from 1.4.1 to 1.6.2 EitanGayor/monorepo_demo#328 from snyk/snyk-upgrade-905484f9ce21e8fc578947dbe3445d0c
• e03fddd fix: upgrade dockerfile-ast from 0.1.0 to 0.2.0
• c281c4e feat: upgrade semver to 7
• 883996e Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 5.2.6.2 EitanGayor/monorepo_demo#326 from snyk/feat/update-dockerfile-base-image
• deda807 feat: update dockerfile with new base image
• 231f1ec Merge pull request [Snyk] Security upgrade nodemailer from 0.7.1 to 1.0.0 EitanGayor/monorepo_demo#323 from snyk/fix/docker-empty-history-entries
• 503d5c9 fix: Added filtering history entries with no "created_by"
• 8489b3d Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 EitanGayor/monorepo_demo#322 from snyk/fix/use-latest-nodejs-lockfile-parser
• d8100e9 fix: use latest snyk-nodejs-lockfile-parser
• 29eadb6 Merge pull request [Snyk] Security upgrade testem from 0.8.3 to 0.9.10 EitanGayor/monorepo_demo#321 from snyk/fix/oci-archive-labels
• 1230b1a fix: Don't return empty labels for oci-archive
• a284081 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.27 EitanGayor/monorepo_demo#319 from snyk/feat/image-labels
• 5aed530 feat: Extract labels from docker-archive images
• 727ced7 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.27 EitanGayor/monorepo_demo#320 from snyk/fix/try-catch-go-parsing
• aca5829 fix: ensure to capture and rethrow errors from image layer parsing
• 4b2b142 test: show that errors in go parsing throw an uncaught exception
• fac3665 Merge pull request [Snyk] Security upgrade ember-cli-mocha from 0.7.0 to 0.8.0 EitanGayor/monorepo_demo#317 from snyk/feat/extract-red-hat-content-sets
• 70a0058 feat: extract content manifests from layers
• 930e331 Merge pull request [Snyk] Security upgrade ember-cli from 0.2.7 to 1.13.5 EitanGayor/monorepo_demo#318 from snyk/No-Ticket/bump_dockerfile-ast_version
• 9292cdd fix: upgrade lib version
• 2b1f49f refactor: move getObjFromFixture to utils
• 94afe8c chore: add tsconfig.local.json to git ignore
• 61d1254 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 EitanGayor/monorepo_demo#314 from snyk/snyk-upgrade-17edddd74081ceead262f59d978c71df

See the full diff

Package name: snyk-policy

The new version differs by 24 commits.

• cc835cc Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#48 from snyk/feat/semver-7
• 5a70662 feat: upgrade semver to 7
• 76b7ffc Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#44 from snyk/feat/drop-then-fs-2
• 74df76d feat: bump snyk deps to pick up then-fs drops
• 14b204a Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#45 from snyk/feat/update_node+_version
• 3303d2a feat: move policy to node 8
• a4aead4 Merge pull request [Snyk] Fix for 1 vulnerabilities EitanGayor/monorepo_demo#43 from snyk/feat/drop-then-fs
• 43d6ec1 feat: swap out then-fs for promise-fs
• dec6970 Merge pull request [Snyk] Security upgrade eslint from 5.16.0 to 9.0.0 #41 from snyk/feat/prettier-dev
• 371ffc4 feat: prettier is a dev dependency
• 5a50d0e Merge pull request [Snyk] Security upgrade python from 3.7-slim to 3.13.0a4-slim #40 from snyk/feat/module
• 290a166 feat: bump snyk-module (no more node 6)
• 19ec76a Merge pull request [Snyk] Security upgrade python from 3.7-slim to 3.13.0a3-slim #37 from snyk/chore/prettier
• 1e7f331 chore: prettier
• 997351c chore: intellij's var2const
• b143a76 Merge pull request [Snyk] Security upgrade python from 3.7-slim to 3.8.18-slim #36 from snyk/chore/update_patch_fixture_urls
• eef4096 chore: Update fixtures to correct patch urls
• 8ca0f2f Merge pull request [Snyk] Security upgrade proxy-agent from 3.1.1 to 6.3.0 #35 from snyk/chore/debug
• 1ee77b9 fix: upgrade debug and skip some logging
• d261c06 Merge pull request [Snyk] Security upgrade snyk-resolve-deps from 4.4.0 to 4.8.0 #34 from snyk/feat/upgrade-module
• b5c1020 feat: remove @* logic so we hit the fast path
• f1bd932 feat: upgrade snyk-module
• 6f3b8ff Merge pull request [Snyk] Fix for 1 vulnerabilities #32 from snyk/chore/add-codeowners
• 286c556 chore: add codeowners file

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 EitanGayor/monorepo_demo#192)
• 132b7ce Remove a project from "Users" section ([Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 EitanGayor/monorepo_demo#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output ([Snyk] Fix for 2 vulnerabilities EitanGayor/monorepo_demo#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 EitanGayor/monorepo_demo#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option ([Snyk] Security upgrade aiohttp from 2.2.2 to 3.7.4 EitanGayor/monorepo_demo#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest ([Snyk] Fix for 2 vulnerabilities EitanGayor/monorepo_demo#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)