[Snyk] Fix for 19 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: canvas

The new version differs by 85 commits.

• 8707f3d v2.8.0
• 5b5140e Add Node.js 16 to CI, remove 15
• 2bf76b5 export type NodeCanvasRenderingContext2D
• 0b49442 Update changelog to reflect previous commit
• c166443 Add ctx2d.setTransform(mat) overload
• 2f84eee Add ctx2d.getTransform() function
• d107c04 Update changelog to reflect previous commit
• 234e659 Fix text actualBoundingBoxLeft and actualBoundingBoxRight measures by using ink_rect instead of logical_rect
• e4f901c Loosen text measurement expectation.
• 12e671d Fix crash if exception thrown from onload/onerror
• 8cd191c Update changelog
• 6fae569 Use node pre gyp v1
• 7a84fc5 Fix always-false comparison warning in Canvas.cc in Node 15+
• 646b605 Update changelog
• b549ab6 Fix Windows CI build, add Node.js v15
• f8305fb Fix dtslint failing in CI
• 547b050 Fix dangling reference in BackendOperationNotAvailable exception.
• beaee39 add Dockerfile for linux prebuild image
• e476656 Added stride to the Typescript typings
• 41d1c99 Fix PNG stream method name in benchmark (fixes #1672)
• 595d559 Add invertSelf to the DOMMatrix object (#1649)
• 5054b7b translate "sans-serif" to "sans" for Pango
• 58bc728 v2.7.0
• e8ad788 Switch prebuild trigger to manual

See the full diff

Package name: newrelic

The new version differs by 250 commits.

• f35a229 release: 6.5.0 (2020-03-19)
• 5779e3c Updated release notes
• 435d053 Merge pull request #1969 from NodeJS-agent/ntzaperas/attribute-rename
• 3d0dbd2 Rename span error attribute
• a01821f Fix span error attributes appearing on span intrinsics
• 76e0572 Updated changelog for v6.5.0.
• cd9406c Merge pull request #1966 from NodeJS-agent/ntzaperas/lasp-span-errors
• bfb2e70 Remove span_error_attributes feature flag
• 613a285 Test span error attributes and HSM/ignore
• a4ac95b Merge pull request #1964 from NodeJS-agent/mgoin/ConvertAgentAggregatorsUnitTests
• 2de8843 Merge pull request #1959 from NodeJS-agent/mgoin/ConvertAgentsUnitTestFullyTap
• 3f53da6 Converts event-aggregator.test.js to fully use tap API.
• e339089 Use the same attributes on spans as on TransactionErrors
• 0166c8a Span error attributes should adhere to security policy
• de2658d Converts base-aggregator.test.js to fully use tap API.
• 1e036e5 Converts synthetics.test.js to fully use tap API.
• 6d75845 Converts intrinsics.test.js to fully use tap API.
• 8c43fc6 Converts agent.test.js to fully use tap API.
• ade4dc3 Merge pull request #1957 from NodeJS-agent/ntzaperas/NODE-2307-error-attrs-on-spans
• 2ce89a6 Put span error attributes behind a feature flag
• 9013e0f Tests for span error attributes
• 64c6d47 Update tests to match new error interface
• ecae7a2 Add error info to span and link to TransactionError events
• 233e48e Merge pull request #1956 from NodeJS-agent/mgoin/NODE-2314-EventHandlersNotCleaningUp

See the full diff

Package name: sinon

The new version differs by 250 commits.

• 6547aa1 16.1.2
• 9ea3d5b Fix hooks-install
• 6c28d07 16.1.1
• ff0e993 Showcase #replace.usingAccessor for DI in the typescript case study (#2556)
• c47a4be Bump @ babel/traverse from 7.22.5 to 7.23.2 (#2555)
• f0d250b Add TOC feature to articles (#2554)
• 737736f 16.1.0
• cac5184 Enable use of assignment in the presence of accessors (#2538)
• f8c20e5 New article: making Sinon work with complex setups (#2540)
• cb5b962 Add NPM script 'dev-docs' and document its usage
• dd7c609 Add a little update to contributing
• 79acdf3 Move tool versions into single file at root
• 03b1db5 Expose Changelog page (#2550)
• e1c3dad Add section on tooling and recommend using ASDF for tool versioning (#2547)
• 062e318 16.0.0
• c339605 fix(2525): ensure non empty message when error of type string is passed, but no message (#2544)
• 8d1f85b Modernize build script syntax slightly (#2546)
• 67a8cea docs(sandbox): fix example that defines a non-function property (#2543)
• baa1aee .define method (#2539)
• 2ddf7ff Bump actions/checkout from 3 to 4 (#2542)
• 5fc17c7 Remove dead code
• fe799e7 Fix issue 2534: spies are not restored (#2535)
• 305fb6c fix: actaully reset 'injectedKeys' (#2456)
• 8186280 Bump word-wrap from 1.2.3 to 1.2.4 (#2526)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn