[Snyk] Fix for 10 vulnerabilities

[DonJayamanne]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: azure-storage

The new version differs by 52 commits.

• 30a84ff Merge pull request #711 from EmmaZhu/readme
• 9c91937 Remove details about of the readme to only redirect to latest storage JS SDKs and indicate that the package is deprecated.
• 1f29b33 Merge pull request #708 from EmmaZhu/migrationguide
• dc4a53b Add migration guide link into readme.
• a1d23d4 Merge pull request #707 from ramya-rao-a/patch-4
• f40c22d Indicate that azure-storage is legacy package
• 2571d0f Merge pull request #705 from EmmaZhu/dependencies
• 3eaa32a Update dependency mark to make it use more recent version automatically.
• 34aabd8 Merge pull request #706 from ramya-rao-a/patch-2
• 2e530df Bring more attention to the note on newer packages
• ad8472f Merge pull request #702 from EmmaZhu/master
• ddc7e8b Upgrade json-schema to 0.4.0. fixed an issue where customized retry interval doesn't take effact.
• 7a42c7b Merge pull request #699 from Azure/dependabot/npm_and_yarn/validator-13.7.0
• 5c5f836 Bump validator from 13.6.0 to 13.7.0
• c422631 Merge pull request #695 from EmmaZhu/validator
• cf37807 Update package version to 2.10.5
• 35676b4 Upgrade validator 13.6.0.
• c2656be Merge pull request #684 from Azure/dependabot/npm_and_yarn/lodash-4.17.21
• d813bde Merge pull request #690 from Azure/dependabot/npm_and_yarn/postcss-7.0.36
• 58c92d1 Bump lodash from 4.17.19 to 4.17.21
• b120cd5 Merge pull request #692 from Azure/dependabot/npm_and_yarn/path-parse-1.0.7
• 0036af3 Merge pull request #682 from Azure/dependabot/npm_and_yarn/handlebars-4.7.7
• 92dac84 Merge pull request #681 from Azure/dependabot/npm_and_yarn/grunt-1.3.0
• 9efb7bc Merge pull request #674 from Azure/dependabot/npm_and_yarn/elliptic-6.5.4

See the full diff

Package name: vscode-extension-telemetry

The new version differs by 83 commits.

• 21d7c13 Missed a place bumping the version
• 41bc647 Update version for release
• c561107 Lower target to support more legacy codebases
• 4911887 Fix #88
• 1551186 Update build to node LTS
• 081c624 Remove whitespace expansion due to perf reasons
• 188ee72 Merge pull request #73 from radeksimko/f-collect-arch
• ddeafdb common.arch -> common.nodeArch
• 4d7a45b common: Collect architecture as a common property
• bdbab89 Remove first party explicitness from readme
• 068ddd9 Fix compilation
• 1ca205c Update level enum
• e0f1cca Bump version to prepare for a release
• 389b8b2 Fix #76
• 0e1a889 Switch to npm 6
• 1099714 Update package.json with new esbuild
• 7174c44 Merge pull request #75 from radeksimko/f-raw-telemetry-event
• 92d1291 rename: TelemetryRawEventProperties -> RawTelemetryEventProperties
• c3ea7fc simplify object notation
• c4d17f1 Add codespaces as a remote authority
• 91e1e18 fix typo Telemtry -> Telemetry
• 7d2d3e4 Introduce 'sendRawTelemetryEvent'
• bb8286d Run on macos latest
• 7bf72ee Update ansi regex

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection