[Snyk] Fix for 9 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • stepped-solutions/45 - Finished App/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:timespan:20170907	Yes	No Known Exploit
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: forever

The new version differs by 38 commits.

• b2120f9 Remove utile (#1099)
• 071cc04 Update changelog
• c1bcbff Remove dependency on broadway (#1098)
• 3586afe Prepare 3.0.1 for release
• 67cc950 Prepare 3.0.1 for release
• 877d93a Replaced optimist with yargs (#1093)
• a36330a Update forever-monitor (#1081)
• 0c5d32a Update dependencies and test Node 14 (#1080)
• 9e85c59 Fix argument type of fs.writeFileSync (#1075)
• 58eb131 Add CLI test for starting/stopping from a directory with space (#1068)
• 437ca4a Remove unnecessary path-is-absolute dependency (#1062)
• 8f739b0 Execute Mocha tests (#1054)
• ceb235c Update changelog
• 008766f Add linting (#1053)
• a5b97ae add '--version' to help text (#1041)
• 3c09b6f Update async to 1.x.x (#1052)
• c551947 Update async (#1051)
• dda79a6 Update dependencies (#1050)
• 70259bc Drop support for Node < 6 (#1049)
• 8b41d16 Bump version in package-lock.json
• 2f6d4e0 Only publish necessary files
• 067c758 Bump version to 1.0.1, update changelog
• bce5991 Update forever-monitor (#1047)
• 0ef5100 Fix CI (#1048)

See the full diff

Package name: html-to-text

The new version differs by 19 commits.

• cc4d026 Version bumped 5.1.0
• 30c5556 Remove hardcoded CLI options (#173)
• 14c7475 README updated
• fc487c9 Dependency on fs module removed (#171)
• b642ec7 Added tests for the cli arguments (#153)
• 4e6127d prepublish script added
• d1e3077 Changelog updated
• ac0e63b Potential security vulnerability fixed
• 8f8a5c8 Merge branch 'jstewmon-fix-href-anchors'
• 5781f8a Closed #148
• 3540426 Merge branch 'master' of github.com:werk85/node-html-to-text
• d561095 Version bumped to 4.0.0. package-lock.json added. README updated.
• 655a754 Supports format blockquote (#142)
• 1a3d878 Drop support for Node.js < 4; switch from underscore to lodash (#150)
• b5d0ea1 customizable ul li item prefix (#140)
• fc503dc take a stance on semicolons
• 912536a fix: html entities in hrefs should not trigger noAnchorUrl
• 1dbebe1 Fix docs typo (#146)
• 019f45e chore(package): update chai to version 4.0.1 (#133)

See the full diff

Package name: juice

The new version differs by 72 commits.

• a628051 v7.0.0
• 5d89c6e Merge pull request #368 from TrySound/upgrade-web-resource-inliner
• ef3a266 Merge pull request #369 from TrySound/published-files
• 335ed19 Publish only necessary files in package
• 3ec34d3 Upgrade web-resource-inliner
• 56e8fbc Merge pull request #367 from TrySound/upgrade-commander
• 1dac1f4 Upgrade commander
• 1f82379 Merge pull request #366 from TrySound/upgrade-cheerio
• 4178da6 Upgrade typescript
• 0ea9842 Upgrade to cheerio v1
• ec41c65 Merge pull request #352 from hansottowirtz/support-htmlparser2
• f55f820 Merge pull request #364 from TrySound/drop-deep-extend
• 7116879 Replace deep-extend with nested Object.assign
• 879e34c Merge pull request #363 from TrySound/unused-inliner-options
• 8899cd7 Merge pull request #365 from TrySound/object-assign
• 0765875 Merge pull request #362 from TrySound/cross-spawn-dev
• d08b1ed Replace custom extend utility with native Object.assign
• fb22fc0 Drop unused cssmin and uglify options from cli
• f3307de Move cross-spawn to dev dependencies
• 49b5412 Merge pull request #349 from ArsenyYankovsky/master
• 0ce3da7 Merge pull request #360 from nekocode/fix-empty-tag
• 990f0dd Merge pull request #353 from asztal/patch-1
• 35d9a9d fix #359
• 6963fe6 Add changelog entry for v6.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)