[Snyk] Fix for 101 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/system-tests/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Proof of Concept
	826/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
	751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Improper Access Control SNYK-JS-ELECTRON-1049321	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Improper Input Validation SNYK-JS-ELECTRON-1049323	Yes	No Known Exploit
	665/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1049547	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Use After Free SNYK-JS-ELECTRON-1050424	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1050427	Yes	No Known Exploit
	751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-1064555	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064558	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064561	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1065981	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1070014	Yes	No Known Exploit
	464/1000 Why? Has a fix available, CVSS 5	Use After Free SNYK-JS-ELECTRON-1070015	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Heap Buffer Overflow SNYK-JS-ELECTRON-1085647	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085705	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085994	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Out-of-Bounds SNYK-JS-ELECTRON-1085996	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1085998	Yes	No Known Exploit
	655/1000 Why? Has a fix available, CVSS 8.6	Out-of-Bounds SNYK-JS-ELECTRON-1086693	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-ELECTRON-1086694	Yes	No Known Exploit
	655/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JS-ELECTRON-1086695	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1087442	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Insecure Defaults SNYK-JS-ELECTRON-1088602	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252279	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252280	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253279	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253281	Yes	No Known Exploit
	876/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1258207	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1259349	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-JS-ELECTRON-1260586	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Out-of-bounds Read SNYK-JS-ELECTRON-1261111	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1277203	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow SNYK-JS-ELECTRON-1277205	Yes	No Known Exploit
	465/1000 Why? Has a fix available, CVSS 4.8	Improper Input Validation SNYK-JS-ELECTRON-1277526	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Out Of Bounds Read SNYK-JS-ELECTRON-1278596	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296553	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296555	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296557	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296561	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Race Condition SNYK-JS-ELECTRON-1296563	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296565	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312313	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312315	Yes	No Known Exploit
	826/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
	529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1313767	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1314896	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1315151	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1533614	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534881	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534882	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Proof of Concept
	550/1000 Why? Has a fix available, CVSS 6.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1534884	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1536579	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536587	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Out-of-Bounds SNYK-JS-ELECTRON-1585619	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1586050	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Buffer Overflow SNYK-JS-ELECTRON-1656742	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1656743	Yes	No Known Exploit
	590/1000 Why? Has a fix available, CVSS 7.3	Out-of-Bounds SNYK-JS-ELECTRON-1656745	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Access Restriction Bypass SNYK-JS-ELECTRON-1656746	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1656752	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-1727342	Yes	No Known Exploit
	490/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-ELECTRON-1727344	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Sandbox Bypass SNYK-JS-ELECTRON-1731315	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910985	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910987	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-1910988	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper Access Control SNYK-JS-ELECTRON-1910991	Yes	No Known Exploit
	851/1000 Why? Currently trending on Twitter, Proof of Concept exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912074	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912075	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912082	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912084	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	No Known Exploit
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1924893	Yes	No Known Exploit
	566/1000 Why? Recently disclosed, Has a fix available, CVSS 5.6	Inappropriate Implementation SNYK-JS-ELECTRON-1924894	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Inappropriate Implementation SNYK-JS-ELECTRON-1924895	Yes	No Known Exploit
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1930826	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Domain Spoofing SNYK-JS-ELECTRON-2329155	Yes	No Known Exploit
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2329162	Yes	No Known Exploit
	726/1000 Why? Recently disclosed, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2338684	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-598894	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-608662	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	/1000 Why?	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (Update java-setup.md forcedotcom/salesforcedx-vscode#4026)
• 3f7b987 uncaughtException: report more than one exception per test (fix: changed version of types/chai to 4.3.0 forcedotcom/salesforcedx-vscode#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (chore(deps-dev): bump @types/node from 17.0.23 to 17.0.25 forcedotcom/salesforcedx-vscode#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes chore(deps-dev): bump @types/chai from 4.3.0 to 4.3.1 forcedotcom/salesforcedx-vscode#4035 (chore(deps-dev): bump @types/node from 17.0.23 to 17.0.29 forcedotcom/salesforcedx-vscode#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (Removing all checkpoints doesn't update them in the connected org forcedotcom/salesforcedx-vscode#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (fix: add ability to stop containerless function forcedotcom/salesforcedx-vscode#4025)
• 9650d3f add OpenJS Foundation logo to website (Org Browser - retrieve or metadata is not working forcedotcom/salesforcedx-vscode#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (chore(deps): bump vscode-extension-telemetry from 0.0.17 to 0.4.5 forcedotcom/salesforcedx-vscode#3971)
• aca8895 Add link checking to docs build step (chore(deps-dev): bump rimraf from 2.6.3 to 2.7.1 forcedotcom/salesforcedx-vscode#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (chore(deps): bump @salesforce/source-deploy-retrieve from 5.12.2 to 5.12.6 forcedotcom/salesforcedx-vscode#3986)
• 18ad1c1 treat '--require esm' as Node option (Unexpected error message when cancelling out of create LWC test command forcedotcom/salesforcedx-vscode#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (chore(deps-dev): bump snyk from 1.859.0 to 1.889.0 forcedotcom/salesforcedx-vscode#3984)
• ad4860e Remove extraGlobals() (chore(deps): bump jest-editor-support from 28.2.0 to 30.0.2 forcedotcom/salesforcedx-vscode#3970)
• b269ad0 Clarify effect of .skip() (chore: merge main to develop forcedotcom/salesforcedx-vscode#3947)
• 1e6cf3b Add Matomo to website (chore: add gusinfo to codeowners @W-9377468@ forcedotcom/salesforcedx-vscode#3765)
• 91b3a54 fix style on mochajs.org (Release/v54.4.0 forcedotcom/salesforcedx-vscode#3886)

See the full diff

Package name: mocha-junit-reporter

The new version differs by 23 commits.

• 8e0b9e4 Merge branch 'master' of https://github.com/michaelleeallen/mocha-junit-reporter
• 4a7cca4 Bump glob-parent from 5.1.1 to 5.1.2
• 2a321e3 Merge pull request [Snyk] Security upgrade @salesforce/core from 2.25.1 to 3.32.12 #152 from michaelleeallen/dependabot/npm_and_yarn/glob-parent-5.1.2
• 5403f63 Merge pull request [Snyk] Fix for 4 vulnerabilities #155 from pkuczynski/upgrade-strip-ansi
• 2222692 Upgrade strip-ansi@6.0.1
• 1c3eb62 Bump glob-parent from 5.1.1 to 5.1.2
• 88388ee Merge pull request [Snyk] Security upgrade electron from 7.3.2 to 10.4.1 #104 from michaelleeallen/add-actions
• 2cd514a Merge pull request [Snyk] Fix for 25 vulnerabilities #133 from michaelleeallen/dependabot/npm_and_yarn/lodash-4.17.19
• 18ff0f4 Merge pull request [Snyk] Security upgrade electron from 7.3.2 to 17.4.11 #115 from gabegorelick/setup-teardown-time
• a3ec7b5 Bump lodash from 4.17.15 to 4.17.19
• d2770c2 Testsuite time should include setup and teardown
• 3d1909d Drop support for misspelled option `suiteTitleSeparatedBy`
• fababe6 tests: Actually invoke mocha instead of mocking it out
• 076aeab Run lint in GitHub Actions
• bcbfb2f Fix eslint
• fd6ed97 Build PRs too
• 671bc9e Update jenkins mode to use suiteTitleSeparatedBy and update documentation ([Snyk] Fix for 4 vulnerabilities #123)
• 3824381 Fix all `npm audit` issues ([Snyk] Security upgrade mocha from 5.2.0 to 6.2.3 #124)
• 29a1dd4 Fix strict mode declarations
• 9e2527c Support node 10, 12, 14 ([Snyk] Security upgrade electron from 7.3.2 to 17.4.11 #117)
• e2d8232 Turn on linting ([Snyk] Security upgrade electron from 7.3.2 to 17.4.9 #116)
• 663b967 Upgrade eslint
• 298d1a6 Create npmpublish.yml

See the full diff

Package name: remap-istanbul

The new version differs by 6 commits.

• 981dac8 Release 0.10.0
• a50dbf6 Drop dependency on deprecated `gulp-util` ([Snyk] Fix for 4 vulnerabilities #158)
• 9ed0670 Removed typo ([Snyk] Fix for 4 vulnerabilities #156)
• 8342b28 Allow null file name ([Snyk] Security upgrade @salesforce/core from 2.25.1 to 3.32.12 #153)
• 18ba8f6 Add warnMissingSourceMaps parameter ([Snyk] Security upgrade electron from 7.3.2 to 19.1.5 #150)
• 50b3f4f checking if origFileName is defined before using it to build a file path ([Snyk] Security upgrade @salesforce/core from 2.25.1 to 3.32.12 #152)

See the full diff

Package name: shelljs

The new version differs by 4 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (Deploy to source org forcedotcom/salesforcedx-vscode#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (Code Coverage Reporting & UI forcedotcom/salesforcedx-vscode#973)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic