[Snyk] Fix for 6 vulnerabilities #8

snyk-bot · 2021-08-24T11:11:26Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-REACTNATIVE-1298632	No	No Known Exploit
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit

Commit messages

Package name: fast-glob

The new version differs by 114 commits.

03201ed fix(settings): set the `concurrency` option to count of CPUs
d777111 build(package): drop unused dependencies
e62d2d1 build(package): bump version to 3.0.0
caeeda9 Merge pull request TinyMCE per block: Enhancing the embed block WordPress/gutenberg#203 from mrmlnc/ISSUE-155_update_documentation
27ae4b2 docs(settings): update description of options
1f853bc docs(readme): update documentation
0ba6dc0 refactor(benchmark): update suites
c1d686c refactor(index): export some userful types
d64c24f build(benchmark): add suite for stream API
40a1096 Merge pull request Move inserter on the block outline. See #72. WordPress/gutenberg#202 from mrmlnc/ISSUE-181_async_method_as_default_method
ccde25e refactor: set async method as default method
87ed886 Merge pull request Move arrows above full bleed. See #110. WordPress/gutenberg#201 from mrmlnc/issue-199_match_base_fix
68133f8 fix: the `baseNameMatch` option now work
f4c443a refactor: `matchBase` → `baseNameMatch`
c58ba78 test(smoke): add some smoke tests
f3642dc Merge pull request TinyMCE per block: Remove setTimeout when focusing programmatically WordPress/gutenberg#200 from mrmlnc/fix_some_issues
b32842d fix: support AsyncIterator for stream API
9b04800 refactor(settings): simplify the `deep` option
2b5bc54 fix(settings): correct default value for `throwErrorOnBrokenSymbolicLink`
9ab065b refactor: change some types
09f0107 feat: infer type of the output values
a505273 feat: introduce `objectMode` option
111dbf1 refactor: drop `transform` option
2af2623 fix(providers): enable "posix" micromatch option

See the full diff

Package name: lerna

The new version differs by 183 commits.

4582c47 chore(release): v4.0.0
2d0a97a fix(version): Ensure --create-release environment variables are present during initialization
63f18ba test(version): Assert on mocked releases, not calls
1f17e0c chore(lerna): Set top-level package tag -> next
80a072e chore(lerna): Enable --temp-tag during publish
e00779a chore: Add release script
255c2ea docs(version): Move changelogPreset examples
7acf883 Merge branch 'next' into 'main'
c3814b5 test(child-process): Avoid windows bullshit
671ddef chore: Reset lockfile
affed1c feat(deps): Bump dependencies
126676a chore(scripts): Support --no-install flag
d8100fd feat(deps): execa@^5.0.0
187cd58 chore(deps): Bump devDependencies
ce232c8 chore: remove volta pins, annoying
d181863 chore: Bump volta pins
42ab453 feat(prompt): Remove ambiguous exports
4acff59 refactor: Synchronize import ChildProcessUtilities -> childProcess
a02e12e refactor(test): Refactor mockPromptChoices() -> promptSelectOne.chooseBump()
69bb2e4 refactor: Decompose PromptUtilities namespace import
a08bafb refactor(test): Use unambiguous mockPromptChoices() method
3c67f15 refactor: Migrate to unambiguous promptConfirmation()
5d05d95 refactor: Migrate to unambiguous promptSelectOne()
e9237f3 refactor: Migrate to unambiguous promptTextInput()