[Snyk] Fix for 59 vulnerabilities

[TheRealPiotrP]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEEXTEND-73641	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Insufficiently Protected Credentials SNYK-JS-TYPEDRESTCLIENT-5487993	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-543307	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	571/1000 Why? Mature exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:is-my-json-valid:20180214	No	Mature
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Prototype Override npm:querystringify:20180419	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Open Redirect npm:url-parse:20180731	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha-typescript

The new version differs by 50 commits.

• 480b0df Merge pull request [C#] Intellisense for the common operations are not user friendly (or irrelevant) and not displaying in correct order. dotnet/vscode-csharp#99 from pana-cc/fix-types-mocha
• 69f4b4d fix: Augment the new @ types/mocha interfaces
• 64ccff3 Merge pull request C# Unity auto complete hints are wrong dotnet/vscode-csharp#97 from pana-cc/fix-di-typedi
• a42a84b fix: include di/typedi.js in the package
• adf188b chore: patch version to 1.1.17
• 66a0452 Merge pull request Add categories to package.json to ensure the extension shows up prominently in the market place dotnet/vscode-csharp#94 from pana-cc/di
• 15a3ea4 feat: support for custom DI, support for typedi
• c6cca3a chore: patch version 1.1.16
• 0f2fce9 Merge pull request Code formatting does not obey editor.insertSpaces dotnet/vscode-csharp#93 from pana-cc/cankov/contrib-and-log
• 98fdbf2 chore: add CHANGELOG.md
• c27a674 chore: add CONTRIBUTING.md and conventional-changelog
• 47f9a70 1.1.15
• 8594aa8 Merge pull request ignore dotnet/vscode-csharp#91 from pana-cc/[VSCodeEndGameTesting-Aditi][Command-Palette] Getting error when trying to run command for dnx. dotnet/vscode-csharp#84
• 7a4907c fix [VSCodeEndGameTesting-Aditi][Command-Palette] Getting error when trying to run command for dnx. dotnet/vscode-csharp#84 prevent suite inheritance
• e7dfbe6 Merge pull request Unable to target CoreCLR from Visual Studio Code dotnet/vscode-csharp#88 from pana-cc/Code reports errors in removed source files dotnet/vscode-csharp#87
• a57b974 Merge pull request [CSharp] Have "add using ..." on top in quick fix dialog  dotnet/vscode-csharp#86 from pana-cc/[ERROR] Error: Failed to start OmniSharp dotnet/vscode-csharp#83
• ddf3d7d fix Code reports errors in removed source files dotnet/vscode-csharp#87 update to latest versions of dependencies
• 2617864 fix [ERROR] Error: Failed to start OmniSharp dotnet/vscode-csharp#83 output of tsc has changed with 2.9.x
• 35febf6 Merge pull request Break points are not hit when running the app  dotnet/vscode-csharp#82 from pana-cc/params
• 1e497ee fix test expectations cleanup and provide new expectations for failing tests
• 2434121 add test suites for new @ params feature
• 7216781 Fix usage as custom ui
• d1a9397 fix stderr assertions
• aebc0ce expand test coverage to also include stderr of spawned processes

See the full diff

Package name: vsce

The new version differs by 250 commits.

• ab8770c feat: allow publishing universal target alongside platform specific targets (Update debugger location in package.json dotnet/vscode-csharp#790)
• 8c1b1a0 chore: Spelling (Unable to launch kestrel-based console app dotnet/vscode-csharp#789)
• 9aa361e Merge pull request Debug Tests on a Class Library Project dotnet/vscode-csharp#787 from microsoft/lramos15/removePrChat-auto
• 2419f51 Remove PR Chat
• df59e0f build(deps): bump minimatch from 3.0.4 to 3.0.5 (ERROR: Unknown Error: 0x9233000b dotnet/vscode-csharp#784)
• d608ecd feat: prompt for full name to confirm unpublish action (Highlighting inside constructor base call is broken dotnet/vscode-csharp#782) (CPU 100% and vscode host process even sticks around after closing vscode dotnet/vscode-csharp#783)
• 1dcedef feat: support pricing model in the manifest file (Quote's not automatically being closed in c# files dotnet/vscode-csharp#749)
• 2589114 feat: allow to skip publishing duplicate package (Question: Is debugging possible for ASP.NET Core applications running on Full .NET Framework dotnet/vscode-csharp#776)
• 8e193c9 feat: expose all options to packaging and publishing APIs (Comments after preprocessor instructions are not syntax highlighted correctly dotnet/vscode-csharp#759)
• 5110bcf fix: correct program path in `launch.json` (GoToDefinition is not available in [metadata] files dotnet/vscode-csharp#771)
• 742720a chore: set up #codereview automation (Properly discover .NET SDK path dotnet/vscode-csharp#768)
• 3024d0f fix: clarify simultaneous use of packagePath and target in `vsce publish` (Fixes the incorrect lodash.debounce import/require dotnet/vscode-csharp#765)
• 0940626 fix: list all valid targets in documentation for --target (OmniSharp Stops Responding, Running VSCode in MS Docker Derived Image dotnet/vscode-csharp#766)
• 27fad23 chore: add branch protection (Update launch.json generation logic for MSBuild-based .NET Core dotnet/vscode-csharp#767)
• 9c50aa6 feat: github actions logging (Fix extension launch dotnet/vscode-csharp#752)
• 7e16ed7 fix: support fragments in image URLs (C# Debugger does not understand DateTime dotnet/vscode-csharp#753)
• 955c760 build(deps): bump shell-quote from 1.7.2 to 1.7.3 (Syntax highlighter broken on line with class inside string dotnet/vscode-csharp#746)
• 57112fd Merge pull request [WARNING:OmniSharp#MSBuild] Skipped unsupported project type 'xyz.xproj' - causes intellisense to shut off dotnet/vscode-csharp#745 from microsoft/fix-744
• d68e2f7 Remove check for yarn.lock
• b2288cd fix: ensure that we can define dependency argument in config (Unit tests in nested classes can't be run or debugged dotnet/vscode-csharp#743)
• 76b06f2 build(deps-dev): bump semantic-release from 19.0.2 to 19.0.3 (C# IntelliSense version 1.4.1 not creating any references in the code  dotnet/vscode-csharp#741)
• 293f3d5 build(deps): bump semver-regex from 3.1.3 to 3.1.4 (Debugger not showing correct decimal values dotnet/vscode-csharp#738)
• 9ef1cf0 build(deps): bump npm from 8.3.2 to 8.12.0 (Add Linux Mint 18 case to switch statement dotnet/vscode-csharp#736)
• 95823b6 Merge pull request "Running" forever for folder with multiple .NET Core projects dotnet/vscode-csharp#735 from microsoft/sandy081/horrible-rat

See the full diff

Package name: vscode

The new version differs by 81 commits.

• c871436 v1.1.37
• e55dfe8 Clean up for new release
• faa0254 Merge pull request No tasks.json/launch.json created for root folder containing global.json dotnet/vscode-csharp#170 from microsoft/pine/154
• 71ff0ef Fix Intellisense activating inside of strings dotnet/vscode-csharp#154
• 216c61a Merge pull request debugger always fails to "restore" dotnet/vscode-csharp#169 from microsoft/dependabot/npm_and_yarn/https-proxy-agent-2.2.4
• e1e0c6c Bump https-proxy-agent from 2.2.1 to 2.2.4
• 0090df8 v1.1.36
• 50e9a97 Add a migration notice
• 1688fb3 Use an accurate repository field in package.json (Improve logging for 'dotnet --info' failures (#159) dotnet/vscode-csharp#160)
• f6fef4d v1.1.35
• a6da027 Upgrade to mocha@5. Fix vscode NPM package is causing a diff security issue microsoft/vscode#75732
• 38c68ad update @ types/node
• 9489901 v1.1.34
• bcb4b8a Upgrade vscode-test dependency
• 10007a7 v1.1.33
• df9c929 Drop dead code
• 26a6775 Update vscode-test deps
• c54e6b7 Clean up for Locate OmniSharp launch executable more robustly dotnet/vscode-csharp#155
• b38bba3 Merge pull request Locate OmniSharp launch executable more robustly dotnet/vscode-csharp#155 from gkalpak/fix-test-use-correct-version
• 59f742e fix(test): take `CODE_VERSION` into account when downloading VSCode
• cdb897e fix(test): look for existing VSCode app in the correct directory
• 113b669 v1.1.32
• 2290809 Install is not refactored, leave shared, request and url-parse
• 470c3da v1.1.31

See the full diff

Package name: vscode-extension-telemetry

The new version differs by 144 commits.

• 21d7c13 Missed a place bumping the version
• 41bc647 Update version for release
• c561107 Lower target to support more legacy codebases
• 4911887 Fix Unable to target CoreCLR from Visual Studio Code dotnet/vscode-csharp#88
• 1551186 Update build to node LTS
• 081c624 Remove whitespace expansion due to perf reasons
• 188ee72 Merge pull request Add --configfile to dotnet commands dotnet/vscode-csharp#73 from radeksimko/f-collect-arch
• ddeafdb common.arch -> common.nodeArch
• 4d7a45b common: Collect architecture as a common property
• bdbab89 Remove first party explicitness from readme
• 068ddd9 Fix compilation
• 1ca205c Update level enum
• e0f1cca Bump version to prepare for a release
• 389b8b2 Fix Merge dev branch into master dotnet/vscode-csharp#76
• 0e1a889 Switch to npm 6
• 1099714 Update package.json with new esbuild
• 7174c44 Merge pull request Update MIEngine reference dotnet/vscode-csharp#75 from radeksimko/f-raw-telemetry-event
• 92d1291 rename: TelemetryRawEventProperties -> RawTelemetryEventProperties
• c3ea7fc simplify object notation
• c4d17f1 Add codespaces as a remote authority
• 91e1e18 fix typo Telemtry -> Telemetry
• 7d2d3e4 Introduce 'sendRawTelemetryEvent'
• bb8286d Run on macos latest
• 7bf72ee Update ansi regex

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn