[Snyk] Fix for 38 vulnerabilities

[ssmbct-netops]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	No	No Known Exploit
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Cryptographic Weakness SNYK-JS-JSRSASIGN-1244072	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Improper Verification of Cryptographic Signature SNYK-JS-JSRSASIGN-2869122	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-JSRSASIGN-561755	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Signature Bypass SNYK-JS-JSRSASIGN-572936	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Memory Corruption SNYK-JS-JSRSASIGN-572937	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Remote Code Execution (RCE) SNYK-JS-JSRSASIGN-572938	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	No	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	No	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:is-url:20180319	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: d3

The new version differs by 95 commits.

• 1b8bada 7.0.0
• b98d63a update API
• 23b0212 Adopt type: module. (#3506)
• 0f01226 Fix broken markdown for link
• 5149a2f 6.7.0
• a8ebbc5 update d3-time, d3-scale
• 31d73d1 6.6.2
• 1836b64 update d3-scale
• 76c92ca 6.6.1
• ff34b4c d3-array 2.12.1
• cff66a4 add space
• b62d444 fix a typo in API.md
• 607a60f 6.6.0
• 11aa552 update dependencies
• 37cd9bf 6.5.0
• 73110b9 d3-array 2.11
• 12336e3 6.4.0
• afd34bb update dependencies
• e9fee2c 6.3.1
• ec388d8 Update d3-array.
• a8baadf 6.3.0
• 4d3baf7 Update d3-array.
• 3c63660 6.2.0
• ffb43e6 Update d3-array, d3-scale.

See the full diff

Package name: jimp

The new version differs by 43 commits.

• 2b3413a Bump version to: v0.12.0 [skip ci]
• 0bd02d5 Update CHANGELOG.md [skip ci]
• 651de24 Fix package.json
• a2b44a1 Add readme description
• 697f2a6 Remove compiling polyfills into published code (Delete file-32x32.png gchq/CyberChef#891)
• ec736c9 Bump version to: v0.11.0 [skip ci]
• a52b096 Update CHANGELOG.md [skip ci]
• 2f99663 Make callback optional for Jimp.rgbaToInt (Delete favicon.ico gchq/CyberChef#889)
• 585c1ab Removed Core-JS as a dependency. (Delete cook_female-32x32.png gchq/CyberChef#882)
• 3719710 Bump version to: v0.10.3 [skip ci]
• 30f04f7 Update CHANGELOG.md [skip ci]
• e93497a Simplify and fix flip (Made GIF extractor more robust. gchq/CyberChef#879)
• dd7a6ba Bump version to: v0.10.2 [skip ci]
• baf756c Update CHANGELOG.md [skip ci]
• b038cba Rewrite handling EXIF orientation — add tests, make it plugin-independent (Feature request: remember scroll position after tab change gchq/CyberChef#875)
• 44ce60b Bump version to: v0.10.1 [skip ci]
• da6bf75 Update CHANGELOG.md [skip ci]
• bd5ba89 Update package.json (Bug report: Gzip comment not working gchq/CyberChef#870)
• 3cc4a4c Fix a `loadFont` and case inconsistency of `jimp` (Update .editorconfig aling with the navbar code in between gchq/CyberChef#868)
• c23237b Bump version to: v0.10.0 [skip ci]
• 1add0ba Update CHANGELOG.md [skip ci]
• e1d05da Properly split constructor and instance types (AES encrypt/decrypt padding option gchq/CyberChef#867)
• 3a3df33 Bump version to: v0.9.8 [skip ci]
• df1fd79 Update CHANGELOG.md [skip ci]

See the full diff

Package name: jsonpath

The new version differs by 5 commits.

• c1dd8ec version 1.1.1
• 1303356 upgrade underscore dependency version
• eafa80c version 1.1.0
• c125a0c Merge pull request Feature: 'Comment' operation gchq/CyberChef#123 from chris-branch/master
• 9fec3fa Bug fix for permissions issue during global installs

See the full diff

Package name: markdown-it

The new version differs by 119 commits.

• d72c68b 12.3.2 released
• aca3396 dist rebuild
• ffc49ab Fix possible ReDOS in newline rule.
• 76469e8 12.3.1 released
• ae5a243 dist rebuild
• 1cd8a51 Fix tab preventing paragraph continuation in lists
• 830757c Fix spelling error in question Github Template (Delete ExtractLSB.mjs gchq/CyberChef#835)
• 2e31d34 12.3.0 released
• 393354c Dist rebuild
• 8564eed Dev deps bump
• 24abaa5 Improve emphasis algorithm
• e07a9dd typo fix
• 6e2de08 12.2.0 released
• 08827d6 dist rebuild
• 8bcc82a Parser: Set ordered list_item_open token info to input marker.
• 77fb937 Add pathological test from cmark
• e5986bb Always suffix indented code block with a newline
• 13cdeb9 12.1.0 released
• 13d8335 Dist rebuild
• eed156e Fix emphasis algorithm as per 0.30 spec
• 0b14fa0 Update CommonMark spec to 0.30
• 064d602 Updated highlight.js usage info
• df4607f 12.0.6 released
• e5b0eb3 dist rebuild

See the full diff

Package name: node-forge

The new version differs by 84 commits.

• 6c5b901 Release 1.3.0.
• 0f3972a Update changelog.
• dc77b39 Fix error checking.
• bb822c0 Add advisory links.
• d4395fe Update changelog.
• a4405bb Improve signature verification tests.
• aa9372d Add missing RFC 8017 algorithm identifiers.
• 3f0b49a Fix signature verification issues.
• c20f309 Adjust remaining length.
• e27f612 Remove unused option.
• 2b1f368 Add fallback to pretty print invalid UTF8 data.
• 7928551 Start 1.2.2-0.
• 2162bfc Release 1.2.1.
• 43a456e Update changelog.
• 2f3820a Refactor logging to avoid use of URLSearchParams.
• 50a20ec Load entire module while testing.
• 1545316 Start 1.2.1-0.
• 866ed40 Release 1.2.0.
• a9f013a Update changelog.
• f8e498a Fix typos.
• 9d8b0ee Add verification helper.
• 2fb9995 Add helper to create signature digest.
• 03d3ed7 Added alternate OID 1.3.14.3.2.29 for sha1 with RSA
• 874cef8 Update changelog.

See the full diff

Package name: tesseract.js

The new version differs by 96 commits.

• 66e2ce8 Release v2.0.2
• 2956afc Fix lint error
• 781f2f8 Remove api.End() as it doesn't stop api.Recognize(), fix Feature/remove letter accents gchq/CyberChef#387
• 548a5a5 Merge pull request Add tooltip to regex matches #279 gchq/CyberChef#386 from nisarhassan12/master
• 9b91579 [readme] Add ready-to-code badge + describe gitpod in a better way.
• 7cc3427 Merge pull request Bug report: npx missing on master branch gchq/CyberChef#383 from OliverCole/update-is-url
• 71dc2a8 Update is-url package for vuln fix. Fixes https://snyk.io/vuln/npm:is-url:20180319
• 9db6ebf Merge pull request Make the check for Wikipedia URLs slightly stricter gchq/CyberChef#379 from frinyvonnick/patch-1
• db3eed3 Fix broken links in api.md file
• e975d29 Add electron link to README.md
• f9c76a9 Release v2.0.1
• 945f5d3 Update rectangles to rectangle as only one region can be assigned, fix Stop treating backslashes in CSV as escape character gchq/CyberChef#378
• b8aba2e Add electron environment check, fix Bug Report: Postinstall Failed on Windows 10 gchq/CyberChef#376
• b603d42 Resize logo image
• c7a74a6 Add logo image
• 3bb543d Add new logo
• fa5b267 Fix lint error
• 15b7983 Update docs
• b2bc416 Remove axios and add webpack-bundle-analyzer, close Feature/improve parse ip range gchq/CyberChef#353
• a5fa14c Add Edge example
• 2aba728 Release v2.0.0
• 1051b2a Create SECURITY.md
• 5c22cd5 Merge pull request Feature request: Rijndael Crypto suite (with configurable KeySize/BlockSize) gchq/CyberChef#374 from WebReflection/moz-extension
• 5a7576c Enable moz-extension:// too

See the full diff

Package name: ua-parser-js

The new version differs by 88 commits.

• 9999815 Update version number to 0.7.24
• 809439e Fix potential ReDoS vulnerability as reported by Doyensec
• 5b83893 Merge pull request Bug Fix: Fix conversion when using compass directions as input delimiters gchq/CyberChef#479 from joeyparrish/develop
• 9d154cc chore: Update build
• 7679003 fix: Xbox OS detection
• 45bf76a Merge pull request simple docker for dev gchq/CyberChef#474 from dust-off/master
• f543c5a facebook movile app with no browser info
• 89a72c2 Merge pull request bugfix for UTF16 vs UTF8 problems gchq/CyberChef#471 from jishidaaaaa/fix-firetv-detection
• 314131d Merge pull request Bug report: ToBase64 description is incorrect gchq/CyberChef#472 from GeraldHost/master
• 386ebc2 feat: update readme playstation
• b0f14de Fix Detection Rule For Amazon Fire TV
• fd8a583 Merge pull request Bug Report: aes encryption in GCM mode is incorrect gchq/CyberChef#469 from bynice/patch-1
• cc2da93 Merge pull request Allow alternatives to viewing URLs "on Wikipedia" gchq/CyberChef#368 from Deliaz/master
• 34e2e80 Update ua-parser.js
• 26c74ef Merge branch 'develop' into master
• e4b3029 Merge pull request Operation request: Extract Hash Values gchq/CyberChef#466 from yoyo837/patch-1
• b7d4865 Update homepage
• d5ab75a Merge branch 'master' of github.com:faisalman/ua-parser-js
• c7475db 0.7.23
• 83d37b4 Merge pull request Operation request: Image manipulation operations from Jimp gchq/CyberChef#451 from dineshks1/master
• 2d53ceb Merge branch 'develop' of github.com:faisalman/ua-parser-js into develop
• d107155 Merge pull request Operation Request - de bruijn sequence generator gchq/CyberChef#463 from vinyldarkscratch/bump-deps
• 43fb4d1 Merge pull request Improve Date format in 'Parse X.509 certificate' gchq/CyberChef#459 from WizKid/master
• 6d1f26d Fix ReDoS vulnerabilities reported by Snyk

See the full diff

Package name: xmldom

The new version differs by 160 commits.

• f763b00 xmldom version 0.5.0
• d4201b9 Merge pull request from GHSA-h6q6-9hqw-rwfv
• a4d717c Update MDN links in readme.md (OTP operations gchq/CyberChef#188)
• e984b3f Update @ stryker-mutator/core -> ^4.4.1 - devDependencies (Bug report: Save to file not working in Edge browser gchq/CyberChef#184)
• c762161 Update stryker monorepo (major) (Fix bug with UTF16LE in Encode/Decode ops gchq/CyberChef#140)
• fd47c51 Fix breaking preprocessors' directives when parsing attributes (Added JPath expression operation gchq/CyberChef#171)
• baa67f5 Update xmltest -> ^1.5.0 - devDependencies (Bug fix: Substitute commas gchq/CyberChef#182)
• 64c7388 fix(dom): Escape `]]>` when serializing CharData (Misc: Mobile UI gchq/CyberChef#181)
• b73a965 Update eslint-config-prettier -> ^7.2.0 - devDependencies (New 'pretty' recipe format gchq/CyberChef#179)
• 21bc17e Switch to (only) MIT license (Adds support to build/run CyberChef in a Docker container. gchq/CyberChef#178)
• ad773c9 test: Use toBe/toStrictEqual instead of toEqual ([Operation] String escape/unescape functions gchq/CyberChef#175)
• 23608d9 chore: Add karfau as contributor (Added a GeoCities theme gchq/CyberChef#177)
• dbd2171 Export DOMException; remove custom assertions; etc. (Bug report: Downloadable version not working on Safari due to unavailable localStorage gchq/CyberChef#174)
• 8698e6b Update eslint-config-prettier -> 7 - devDependencies (Feature Request: Jscript.Encode Decoder gchq/CyberChef#165)
• 7aa75c7 Update nodemon -> ^2.0.7 - devDependencies ([Fix] Adds scrolling to description popover gchq/CyberChef#170)
• 8236db1 build(deps): bump node-notifier from 8.0.0 to 8.0.1 (Updated dependencies and linted gchq/CyberChef#169)
• 484005e Update eslint -> ^7.18.0 - devDependencies (Windows Filetime mod gchq/CyberChef#162)
• c33b2f5 Update eslint-plugin-prettier -> ^3.3.1 - devDependencies (Feature request: Addition of Chi-Squared Entropy Algorithm gchq/CyberChef#164)
• 5d13108 Update actions/setup-node action -> 2 - action (Binary-Coded Decimal operations gchq/CyberChef#167)
• 7f32da6 Update prettier -> ^2.2.1 - devDependencies ([Feature] HTTP Gzip payload decryption gchq/CyberChef#163)
• d4040a7 build(deps): bump ini from 1.3.5 to 1.3.8 (Differential schemes to 'XOR Brute Force' operation gchq/CyberChef#166)
• f7b44d9 Update eslint -> ^7.12.1 - devDependencies (Bug report: Image display issue in dev and prod gchq/CyberChef#157)
• 7493052 Update jest -> ^26.6.3 - devDependencies (Send File Data To Input gchq/CyberChef#161)
• 2107a91 Update jest -> ^26.6.2 - devDependencies (Remove preloader ring overlap gchq/CyberChef#159)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 XML External Entity (XXE) Injection
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication