[Snyk] Fix for 10 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	571/1000 Why? Mature exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:is-my-json-valid:20180214	Yes	Mature
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (Output Only Link Not Working jsbin/jsbin#3540)
• d5aa9d1 Fixes Output window jsbin/jsbin#3371 Allow conditional evaluation of function args (Moddy  jsbin/jsbin#3532)
• a722237 Remove lib folder from git (movie free online jsbin/jsbin#3531)
• e0f5c1a Move changelog to root (Учётная запись. Проблемы с входом на RS School jsbin/jsbin#3530)
• f7bdce7 Duplicate dist files in root for older links (rdsfgtdyh657u68u jsbin/jsbin#3529)
• 0925cf1 Test-data module (BEST MOVIE jsbin/jsbin#3525)
• 51fb02b Fixes Snapshots are not saved, menu is messed up jsbin/jsbin#3504 / organizes tests (Some simple javascript does nothing jsbin/jsbin#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (Payment for upgrade is impossible - link to Stripe learn more. jsbin/jsbin#3501) (Why "You are marked as spam, and therefore cannot authorize a third party application." jsbin/jsbin#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (Can't open bin jsbin/jsbin#3521)
• a3641e4 Resolve Bins not saving jsbin/jsbin#3398 Add flag to disable sourcemap url annotation (Js.bin not working jsbin/jsbin#3517)
• e018ba8 fix(Forward to jsbin.com webmaster: Broken link on Home-Page jsbin/jsbin#3294): use loadFileSync when loading plugins with syncImport: true (jsbin code editor visibility jsbin/jsbin#3506)
• 95b9007 Update changelog
• 6238bbc Fixes Saving a snapshot command triggers a 500 error jsbin/jsbin#3508 (jsbin is not saving/auto saving. jsbin/jsbin#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (Fix GitHub link of JSBin in About page jsbin/jsbin#3498)
• 0f271f3 issue#3481 ignore missing debugInfo ([Snyk] Security upgrade moment from 2.19.2 to 2.29.2 jsbin/jsbin#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (Ads are covering ui elements on mobile jsbin/jsbin#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (Accessibility improvement suggestions jsbin/jsbin#3490)
• 2634494 Properly exit calc mode after use ([Snyk] Security upgrade moment from 2.19.2 to 2.29.4 jsbin/jsbin#3493)
• 096dd22 Convert to auto-changelog (Getting a string "JS Bin Output" instead of undefined jsbin/jsbin#3477)
• 842386b Fixes can't register jsbin via github. jsbin/jsbin#3469 - Include tslib dependency (My bins cannot be accessed by others jsbin/jsbin#3475)
• 1adaadb 3.11.0 (Issue: UX, Functional: Last few lines of the editor are not accessible by user. Ads are placed on top of it. jsbin/jsbin#3468)

See the full diff

Package name: tap

The new version differs by 250 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 tap-parser@11.0.1
• f576a60 docs: setting t.snapshotFile
• d9fa241 libtap@1.3.0
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 Prototype Pollution

[stale]

This issue has been automatically marked as stale because it has not had recent activity. More importantly, jsbin has been undergoing a massive refactor by Remy, and a large number of issues have been resolved, but with the growing 600+ open issues, the Stalebot (me), has been brought in to try to manage the issues.
Keep an eye on jsbin.com blog posts and the @js_bin twitter account for updates on the new version of jsbin ❤️
It will be closed next week if no further activity occurs. Thank you for your contributions.