[Snyk] Fix for 16 vulnerabilities

[alectronic0]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Information Exposure SNYK-JS-REQUESTRETRY-2411026	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:timespan:20170907	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hmcts/nodejs-logging

The new version differs by 11 commits.

• 771bb21 ROC-3285 Integrate logging with Azure Application Insights (Update nyc to the latest version 🚀 #28)
• 3f757ad ROC-1105: Log tracing IDs on all logger calls ([Snyk] Fix for 13 vulnerable dependencies #24)
• 86beda4 ROC-1105: Add possibility to return origin request id (Update config to the latest version 🚀 #23)
• 417c2bc ROC-1105: Request tracing (An in-range update of nunjucks is breaking the build 🚨 #22)
• f8219f8 Setup release from tags (Update yarn to the latest version 🚀 #21)
• 04ac2c7 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #20 from Louisblack/update-moment
• 6970d82 Update yarn.lock with new moment version
• f85c955 Bump version to 1.4.3
• c7e41e1 Update moment to 2.19.3
• 8eb48d8 Merge pull request Update eslint-plugin-standard to the latest version 🚀 #17 from hmcts/greenkeeper/initial
• f1e9dde chore(package): update dependencies

See the full diff

Package name: node-sass

The new version differs by 227 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: nunjucks

The new version differs by 78 commits.

• 9a0ce36 3.13 release - fix typo in CHANGELOG
• c2de0e4 Release 3.1.3
• 4d8a4cc Update chokidar optionalDependency. Fixes #1103
• d140280 Update CONTRIBUTING.md to reflect supported node releases [ci skip]
• af6427d Update CHANGELOG
• 1b76fb8 Update package.json engines to reflect supported node versions
• 8afacce Add unit tests for {% if x is [not] defined %}. refs #1110
• 248cf56 Fix "Invalid type: Is" error when using {% if x is defined %}
• 2eaea16 Drop node v4 support, add node v9
• 8041120 Include file/lineno in TemplateError message. fixes #1087, #1095
• 1b4558d Merge pull request #1090 from TheDancingCode/forceescape
• f478b06 Add "forceescape" filter
• de49d33 Merge pull request #1089 from gingerrific/master
• 3ab849c Update remaining src links
• dedb978 Update API.md links to use correct paths
• 323dabe Fix postinstall-build packaging issue, v3.1.2
• 9f1b7da Prepare for next release
• 6f3e4a3 v3.1.1
• eed7b2d Fix bug that broke template caching. fixes #1074
• db8e3c3 Fix error when running npm install nunjucks --no-bin-links
• 2c97201 try/catch require of chokidar to make it truly optional
• a65d3b8 bower forbids minified js in the main property
• 2c98065 Add nunjucks folder to bower.json ignore
• 470181d Prepare for next release

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn