[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	No Known Exploit
	590/1000 Why? Has a fix available, CVSS 7.3	Insecure Randomness SNYK-JS-CRYPTOJS-548472	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Signature Validation Bypass SNYK-JS-ELECTRONUPDATER-561421	Yes	No Known Exploit
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	Yes	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-PUPA-174563	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 14 commits.

• face016 Releasing 0.18.1
• 0628763 Update Changelog for release (0.18.1)
• dc9b29c adjust README to match IE support
• 16326d5 Remove usages of isOldIE in tests
• 5a4228b Remove IE10 launcher from karma config
• 695b5f7 Remove isOldIE check in tests
• e314ab0 Remove HTTP 1223 handling
• 7efa822 Remove btoa polyfill tests
• f3cdcc7 Delete btoa polyfill
• efc0b58 Remove ie8/9 special CORS treatment and btoa polyfill
• 91f3bb2 Remove ie9 custom launcher
• 8a46195 Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993)
• adff2aa Fix failing SauceLabs tests by updating configuration
• acabfbd Destroy stream on exceeding maxContentLength (fixes Anchor has encountered an error greymass/anchor#1098) (#1485)

See the full diff

Package name: electron-context-menu

The new version differs by 41 commits.

• 1286195 1.0.0
• 4de32a9 Require Electron 8
• 71c5d2e Add built-in support for spellchecking (dosent show me 0 balance greymass/anchor#94)
• 2f1bae0 Add `showSaveImage` option (New Crowdin translations greymass/anchor#100)
• d47071e 0.16.0
• 296ae9c Support rich text for `Cut`, `Copy`, and `Paste` items
• 1410532 Add `WebContents` to `browserWindow` TypeScript type (I'm unable to unstake my eos greymass/anchor#90)
• 5b36497 0.15.2
• 26938e1 Fix the TypeScript types
• dd5dc58 0.15.1
• 7b9637c Meta tweaks
• 9e9fd9a Fix showing `Inspect Element` menu item
• 4d28a12 Fix TypeScript definition
• 4e1177d 0.15.0
• d9fd3ad Meta tweaks
• 79868f1 Add `Copy Image` option (0.1.6 prep greymass/anchor#79)
• 1310a1d 0.14.0
• 4c8eb16 Fix the "Save Image" label ID
• bf760be 0.13.0
• dcf9979 Don't show `lookUpSelection` on links
• 1b389b7 Meta tweaks
• 12d60d9 Improve `lookUpSelection` implementation (When voting on activated chain the wallet doesn't work still consuming CPU greymass/anchor#76)
• 295e19d Add Services submenu on macOS (Check for update function greymass/anchor#73)
• 28662f3 Fix typo

See the full diff

Package name: electron-store

The new version differs by 9 commits.

• 84c6b72 3.1.0
• eee6263 Upgrade `conf` dependency
• 66054bc 3.0.0
• 8989899 Upgrade `conf` dependency
• ca19e10 Require Electron 4
• abffec0 Meta tweaks
• 584c627 CI updates (Update producers.json greymass/anchor#54)
• 23bbd64 Add related modules to the readme
• a213bce Document `onDidChange` limitation

See the full diff

Package name: i18next

The new version differs by 250 commits.

• 8c63160 19.6.0
• 2a6d7e7 changelog
• 26d5719 introduce new option skipOnVariables to fix #1479 (#1483)
• 44c2e76 fix prototype pollution (#1482)
• 8a3b93b 19.5.6
• 1b32fc1 fix local usage of nsSeparator option
• c9be7ad 19.5.5
• 41431ba changelog
• 360c8a9 fix nesting recursion #1479 (#1480)
• 2108da8 additional interpolation with nesting test case
• 457768b 19.5.4
• 93f17d9 changelog
• 9be2ed6 fix type declarion of exposed EventEmitter#off methods (#1460)
• c883ddb fix: getDataByLanguage typings & test (#1472)
• 4bfa7a3 19.5.3
• 39b09ed changelog
• e3ad1ad fix: Macedonian plural formula - *11 (11, 111, 211, 311, 58711...) is plural (#1476)
• 72c5009 19.5.2
• 6dc82bb changelog
• 1b78398 fix nesting interpolation with prepended namespace, fixes #1474 (#1475)
• 67e2569 19.5.1
• 0e1ba26 rebuild
• 80a3810 Merge pull request #1471 from i18next/fix-getBestMatchFromCodes
• ba5c120 getBestMatchFromCodes: use fallbackLng if nothing found, fixes #1470

See the full diff

Package name: redux-persist-electron-storage

The new version differs by 21 commits.

• 2838d18 - Refactoring
• c0eed14 Merge pull request [Snyk] Upgrade react-idle-timer from 4.1.3 to 4.2.12 #3 from phbernard/master
• ea6f19c Update documentation to match new redux-persist API
• c2dfded Update .gitignore
• 2fe4026 using eslint instead of standardjs (using standardjs plugin)
• 75b0c59 Update .travis.yml
• 0a12c4d add travis ci
• c0092cf Update README.md
• 26da72a Update README.md
• c7ab3ee Update .travis.yml
• 88024cd Testing travis ci
• faa05f8 Testing travis ci
• 824e380 remove npm build from precommit
• d68f400 add git hooks using husky
• cdea105 Update .travis.yml
• b71a408 Merge branch 'master' of github.com:psperber/redux-persist-electron-storage
• 31649be change test require dir
• 3d8ab0b Update README.md
• 4de216c Create .travis.yml
• 76be94b rename lib folder to dist
• b861b63 intend README

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic