[Snyk] Fix for 2 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/run-script

The new version differs by 3 commits.

• f3b5a17 2.0.0
• 20214a8 feat: update to node-gyp@8 ([Snyk] Security upgrade clang-format from 1.2.3 to 1.7.0 #39)
• baf9478 chore: update settings.yml ([Snyk] Security upgrade d3 from 5.7.0 to 7.0.0 #38)

See the full diff

Package name: node-gyp

The new version differs by 16 commits.

• 989abc7 v8.0.0: bump version and update changelog
• 0da2e01 gyp: update gyp to v0.8.1 (FAST HTTP YEAH nodejs/node#2355)
• 0093ec8 gyp: Improve our flake8 linting tests
• 06ddde2 deps: sync mutual dependencies with npm
• a5fd1f4 doc: add downloads badge (src: plug memory leaks nodejs/node#2352)
• 0d8a6f1 ci: update actions/setup-node to v2 (Cherrypick v0.12 doc updates nodejs/node#2302)
• 1bd18f3 lib: drop Python 2 support in find-python.js (tty: stdio properties are undefined inside exec() child nodejs/node#2333)
• e81602e lib: migrate requests to fetch ([Snyk] Security upgrade @babel/traverse from 7.1.4 to 7.23.2 #2220)
• a78b584 gyp: remove support for Python 2 (doc: update what’s off without Intl nodejs/node#2300)
• 392b776 lib: avoid changing process.config (doc: Reorder collaborators by their usernames nodejs/node#2322)
• c3c510d gyp: update gyp to v0.8.0 (doc: update AUTHORS list nodejs/node#2318)
• cc1cbce doc: update macOS_Catalina.md (build: bump ICU from 54 to 55 nodejs/node#2293)
• 9e1397c gyp: update gyp to v0.7.0 ([Snyk] Fix for 1 vulnerabilities #2284)
• 6287118 doc: updated README.md to copy easily ([Snyk] Fix for 1 vulnerabilities #2281)
• 15a5c7d ci: migrate deprecated grammar ([Snyk] Fix for 1 vulnerabilities #2285)
• 66c0f04 doc: add missing `sudo` to Catalina doc

See the full diff

Package name: pacote

The new version differs by 5 commits.

• fcecf0e 12.0.0
• cbc75af deps: @ npmcli/run-script@2.0.0
• a0d4c60 fix: drop node 10 support ([Snyk] Fix for 6 vulnerabilities #94)
• 4217bee chore: update settings.yml ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #91)
• 80cce46 chore(package-lock): rebuild package-lock

See the full diff

Package name: tap

The new version differs by 15 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution