[Snyk] Fix for 1 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ambi

The new version differs by 31 commits.

• 393bd71 v6.1.0 - boundation, changelog, version bump
• f06948f Bump eslint from 6.6.0 to 6.7.0
• 9ff31ce Bump @ babel/cli from 7.7.0 to 7.7.4
• 7e3a1f8 Bump kava from 4.0.0 to 4.1.0
• 2dd356f Bump @ babel/core from 7.7.2 to 7.7.4
• 0f6c467 Bump @ babel/preset-env from 7.7.1 to 7.7.4
• 6034592 Bump eslint-config-prettier from 6.6.0 to 6.7.0
• 083f372 Bump @ babel/plugin-proposal-object-rest-spread from 7.6.2 to 7.7.4
• a94c35d Bump valid-directory from 1.1.1 to 1.3.0
• 2b366ec Bump typechecker from 4.10.0 to 5.0.0
• 3862d83 Bump assert-helpers from 5.3.0 to 5.4.0
• d266142 Bump eslint-config-bevry from 1.2.1 to 1.3.0
• ccb69ce [Security] Bump tar from 4.4.1 to 4.4.13
• a1ce2b2 v6.0.0 - boundation, changelog, version bump
• 19559d0 Bump valid-directory from 1.0.0 to 1.1.1
• 4197d8e Bump projectz from 1.9.0 to 1.10.0
• bec5e06 v5.2.0 - boundation, changelog, version bump
• 5df0b4c history: fix typo
• a63ffab v5.1.0 - changelog and version bump
• 19f8614 updated base files and editions using boundation
• 017c28f v5.0.0 - changelog and version bump
• a3f4b4e rewrote for promise returns
• 8188559 v4.0.0 - changelog and version bump
• e81bad4 ran boundation

See the full diff

Package name: caterpillar

The new version differs by 35 commits.

• 47981f4 v6.6.0 - boundation, changelog, version bump
• 3cfef4a Bump eslint from 7.11.0 to 7.12.0 (YAML parser not working correctly docpad/docpad#132)
• d057480 Bump @ typescript-eslint/eslint-plugin from 4.4.1 to 4.5.0 (Your flattr link in README.md is broken. docpad/docpad#134)
• 0cb2aea Bump @ typescript-eslint/parser from 4.4.1 to 4.5.0 (Support for merging a layouts fileMeta with the current documents during layout rendering. docpad/docpad#133)
• a3a6591 Bump eslint-config-prettier from 6.13.0 to 6.14.0 (Error about to push Cloud Foundry,How to fix it ? docpad/docpad#131)
• 2a2b284 Bump eslint-config-prettier from 6.12.0 to 6.13.0 (An error occured: Command failed: fatal: remote skeleton already exists. docpad/docpad#129)
• d36bfab Bump @ typescript-eslint/parser from 4.3.0 to 4.4.1 (Compilation Skiping Files Templates docpad/docpad#128)
• bd775bf Bump @ typescript-eslint/eslint-plugin from 4.4.0 to 4.4.1 (As a User, I want support for Move, so I can write my javascript in my preferred language docpad/docpad#127)
• a5c8eb2 readme: fix Admin GUI docpad/docpad#123
• e05320c Bump eslint from 7.10.0 to 7.11.0 (Octopress Migrator docpad/docpad#120)
• 44d6a9e Bump @ typescript-eslint/eslint-plugin from 4.3.0 to 4.4.0 (PDF Export docpad/docpad#119)
• 181042a Bump @ typescript-eslint/eslint-plugin from 4.0.1 to 4.3.0 (As a Maintainer, I want the issue tracker gone lean, so that I can better prioritize what is actually valuable docpad/docpad#118)
• 8d57b34 Bump @ typescript-eslint/parser from 4.1.1 to 4.3.0 (Corruption when two files have the same name docpad/docpad#117)
• 224922e Bump prettier from 2.1.1 to 2.1.2 (Survey: Where to go next??? docpad/docpad#113)
• 9821b8b Bump typedoc from 0.19.1 to 0.19.2 (As a User, I want pagination, so that ... docpad/docpad#116)
• 2d1cb6f Bump eslint-config-prettier from 6.11.0 to 6.12.0 (Plugin priority does not appear to work, which can be disabling docpad/docpad#115)
• 68636e3 Bump eslint from 7.9.0 to 7.10.0 (Generation is slowed down by large files, which is quite frustrating docpad/docpad#114)
• 3fb63ef Bump rfc-log-levels from 3.13.0 to 3.14.0 (markdown-js not work correct with inline html docpad/docpad#107)
• 69d82cf Bump typescript from 4.0.2 to 4.0.3 (jade dosn't work on windows docpad/docpad#110)
• fb62b32 Bump projectz from 2.15.0 to 2.16.0 (Fails to prepare plugins with latest node on windows docpad/docpad#111)
• 1aedda9 Bump valid-module from 1.13.0 to 1.14.0 (got jade working, not html2jade docpad/docpad#109)
• 8f360dc Bump @ typescript-eslint/parser from 4.1.0 to 4.1.1 (DocPad can be slow to prepare plugins (every single time) docpad/docpad#108)
• 1054bd8 Bump eslint from 7.8.1 to 7.9.0 (Survey: What is the problem that DocPad solves? docpad/docpad#105)
• 498aa0c Bump valid-directory from 3.3.0 to 3.4.0 (docpad scaffold is generating a CoffeeScript error docpad/docpad#106)

See the full diff

Package name: istextorbinary

The new version differs by 39 commits.

• 9d3621e v5.13.0 - boundation, changelog, version bump
• 2f4d90a Bump @ typescript-eslint/eslint-plugin from 4.6.0 to 4.6.1 (YAML parser not working correctly docpad/docpad#132)
• ce1fa7f Bump valid-directory from 3.4.0 to 3.5.0 (Compilation Skiping Files Templates docpad/docpad#128)
• 5a4b6ca Bump valid-module from 1.14.0 to 1.15.0 (Error about to push Cloud Foundry,How to fix it ? docpad/docpad#131)
• 25f05bb Bump kava from 5.12.0 to 5.13.0 (As a Maintainer, I want unit tests, so that I can automatically ensure everything works docpad/docpad#130)
• 27dd5a3 Bump textextensions from 5.11.0 to 5.12.0 (An error occured: Command failed: fatal: remote skeleton already exists. docpad/docpad#129)
• a63af6e Bump @ bevry/update-contributors from 1.17.0 to 1.18.0 (As a User, I want support for Move, so I can write my javascript in my preferred language docpad/docpad#127)
• a354680 v5.12.0 - boundation, changelog, version bump
• ca336f6 Bump eslint-config-prettier from 6.13.0 to 6.14.0 (As a User, I want themes, so that I can change my theme without changing my skeleton docpad/docpad#126)
• e8cc5af Bump @ typescript-eslint/eslint-plugin from 4.4.1 to 4.5.0 (Interactive CLI docpad/docpad#125)
• 783e896 Bump @ typescript-eslint/parser from 4.4.1 to 4.5.0 (Happiness Statistic Tracking docpad/docpad#124)
• ead559d Bump eslint from 7.11.0 to 7.12.0 (Admin GUI docpad/docpad#123)
• 1854665 Bump @ typescript-eslint/parser from 4.4.0 to 4.4.1 (Pelican Importer docpad/docpad#122)
• a8a93e7 Bump @ typescript-eslint/eslint-plugin from 4.4.0 to 4.4.1 (Hyde Migrator docpad/docpad#121)
• 25f4833 Bump eslint-config-prettier from 6.12.0 to 6.13.0 (Octopress Migrator docpad/docpad#120)
• d67db50 Bump @ typescript-eslint/parser from 4.3.0 to 4.4.0 (PDF Export docpad/docpad#119)
• ed0fef5 Bump @ typescript-eslint/eslint-plugin from 4.3.0 to 4.4.0 (As a Maintainer, I want the issue tracker gone lean, so that I can better prioritize what is actually valuable docpad/docpad#118)
• 1560075 Bump eslint from 7.10.0 to 7.11.0 (Corruption when two files have the same name docpad/docpad#117)
• 1832c6f Bump @ typescript-eslint/parser from 4.2.0 to 4.3.0 (As a User, I want pagination, so that ... docpad/docpad#116)
• c050a33 Bump @ typescript-eslint/eslint-plugin from 4.2.0 to 4.3.0 (Plugin priority does not appear to work, which can be disabling docpad/docpad#115)
• c2c7bc9 Bump eslint from 7.9.0 to 7.10.0 (As a User, I want to be able to get the rendered content without the layout, so that I can include it inside other documents docpad/docpad#112)
• 69b877f Bump @ typescript-eslint/parser from 4.1.1 to 4.2.0 (Survey: Where to go next??? docpad/docpad#113)
• b5ba7eb Bump eslint-config-prettier from 6.11.0 to 6.12.0 (Generation is slowed down by large files, which is quite frustrating docpad/docpad#114)
• b5b629d Bump @ typescript-eslint/eslint-plugin from 4.1.1 to 4.2.0 (Fails to prepare plugins with latest node on windows docpad/docpad#111)

See the full diff

Package name: semver

The new version differs by 96 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (Add unique description and keywords for posts docpad/docpad#566)
• 5c8efbc fix: preserve build in raw after inc ("you have multiple files being written" when upgrading to 6.46.2 docpad/docpad#565)
• 717534e fix: better handling of whitespace (Meta data appears in markdown renderers docpad/docpad#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (docpad init - Newsletter throws erros docpad/docpad#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Smart regenerations don't work with v6.46 docpad/docpad#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (Join our DocPad Virtual Office docpad/docpad#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (Use peerDependencies for specifying the DocPad engine docpad/docpad#552)
• 503a4e5 feat: allow identifierBase to be false (docpad update does not push docpad-plugin-jade to 2.4.1 docpad/docpad#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (Request: plugin for converting CSS into inline style attributes docpad/docpad#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (docpad-plugin-bower-requirejs docpad/docpad#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Discussion: Memory usage optimisations docpad/docpad#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (Remove all traces of synchronous file system calls docpad/docpad#538)
• aa516b5 fix: faster parse options (Fiddling with suspending collections docpad/docpad#535)
• 61e6ea1 fix: faster cache key factory for range (Added some nested tests for #518 docpad/docpad#536)
• f8b8b61 fix: optimistic parse (The discussion of meta only docs. docpad/docpad#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (How to add layouts into folders docpad/docpad#533)
• 3f222b1 fix: reuse comparators on subset (Normalize paths between unix and windows environments docpad/docpad#537)
• 113f513 feat: identifierBase parameter for .inc (Secure full-time funding for the core team docpad/docpad#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
ambi	🆕	6.1.0	None	+1	73.5 kB	bevryme
istextorbinary	⬆️	5.11.0...5.13.0	None	+2/-2	134 kB	bevryme

🚮 Removed packages: caterpillar@6.5.0, semver@7.3.2

Footnotes

1. https://docs.socket.dev ↩