[Snyk] Fix for 64 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/core/client/package.json
  • test/fixtures/demo-os/core/client/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:markdown-it:20150702	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:markdown-it:20160912	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ember-cli-babel

The new version differs by 250 commits.

• 0b83e42 7.0.0
• fcf317f Merge pull request [Snyk] Security upgrade istanbul-reports from 1.5.1 to 3.1.3 #140 from babel/babel-7
• d01d724 Prevent issues with @ babel/preset-env getting unknown options.
• 1ea60c3 Merge branch 'master' into babel-7
• 6955f46 Drop support for ember-cli < 2.13.
• eb03764 Merge changes from master...
• c58ae85 6.17.0
• 5486b3e Add recent releases to changelog...
• ec3f25c Merge pull request [Snyk] Security upgrade handlebars from 2.0.0 to 3.0.4 #241 from arthirm/master
• af16202 Bumping broccoli-babel-transpiler
• b4528ff Update test to properly match plugin style.
• 2ea0e47 Remove brittle (and unneeded) tests.
• 9671601 7.0.0-beta.5
• 1167211 Remove stray .only.
• cf8f7ee Fix issue with @ babel/polyfill update.
• b4ea00d 7.0.0-beta.4
• e53e927 Update dependencies.
• 1e494d6 Update babel-polyfill -> @ babel/polyfill.
• 7008a5f Use release version of broccoli-babel-transpiler.
• 932a1d0 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 5.7.3 #239 from dfreeman/green-tests
• a185133 Get tests passing with throwUnlessParallelizable: true
• 6d11f44 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.11.0a7-slim #237 from babel/rwjblue-patch-1
• b96e5cb Use correct preset env...
• f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: ember-cli-mocha

The new version differs by 36 commits.

• 838d666 v0.9.4
• baaad9e Bump ember-mocha ~0.8.6.
• 0be01c5 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #86 from johnnyshields/patch-2
• b019f0a Upgrade broccoli-jshint to take advantage of broccoli-persistent-filter
• 707dd81 Merge pull request [Snyk] Security upgrade yargs from 11.1.0 to 15.0.1 #84 from trentmwillis/query
• dd2ed5c Add support for query option in test command
• e21658c v0.9.3
• bf56f65 Merge pull request [Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #79 from blimmer/chore/use-lodash-template-for-component-blueprint
• a977735 Utilize lodash blueprint vs. string building.
• 2b70f97 Merge pull request [Snyk] Security upgrade string-width from 1.0.2 to 5.0.0 #75 from HeroicEric/remove-whitespace
• 2759fc8 Remove trailing whitespace from blueprint
• 2a6051f Merge pull request [Snyk] Security upgrade ansi-regex from 2.1.1 to 6.0.1 #69 from blimmer/fix-bower-install
• 3f24e0e Release 0.9.2
• a2c3f1a Fix bower install issue.
• 3328743 Merge pull request [Snyk] Fix for 1 vulnerabilities #65 from blimmer/bug/fix-ember-2-7-compat
• e3c1b8d v0.9.1
• 56389a3 Fix type component-test param broken with 0.9.0.
• 42cc756 Merge pull request [Snyk] Fix for 1 vulnerabilities #64 from blimmer/component-integration-test-by-default
• 24e5927 v0.9.0
• 68f2717 Generate a component integration test by default.
• 86caf43 v0.8.0
• 0f622d8 Bump ember-mocha ~0.8.0
• 1a56f36 Merge pull request [Snyk] Security upgrade har-validator from 1.8.0 to 3.4.0 #57 from blimmer/component-integration-test-blueprint
• f68f875 Allow generation of a component integration test.

See the full diff

Package name: ember-cli-uglify

The new version differs by 22 commits.

• 373aba7 v2.0.0
• dd9a511 Update CHANGELOG
• 315228f Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #28 from Turbo87/update
• 71d9fec Update "broccoli-uglify-sourcemap" to v2.0.0
• b82b75d 2.0.0-beta.2
• f626ca4 Update CHANGELOG for 2.0.0-beta.2.
• dcc9348 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #26 from jrjohnson/safari-mangle
• 73707d6 Add a fix for Safari to the default config
• 948d179 Add CHANGELOG
• 4b4c8f7 2.0.0-beta.1
• 4a0813c Merge pull request [Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #18 from Turbo87/readme
• e21f7a0 Merge pull request [Snyk] Security upgrade handlebars from 2.0.0 to 3.0.8 #19 from Turbo87/package-json
• 1285e37 Update README
• 3ea29f2 Use ES6 shorthand method syntax
• 979039f package.json: Adjust repository links
• 9c8d67a package.json: Sort contents
• 8a9aa92 package.json: Update "engines" property to Node 4+
• b567e39 Merge pull request [Snyk] Security upgrade yarn from 1.17.1 to 1.17.3 #17 from Turbo87/next
• 22e596b Update "broccoli-uglify-sourcemap" to v2.0.0-beta.1
• 122fcb3 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #15 from ember-cli/greenkeeper/remove-node-0.10
• 5f12f29 chore: drop support for Node.js 0.10
• 211e1bd Add link to community guidelines as CODE_OF_CONDUCT.md

See the full diff

Package name: ember-export-application-global

The new version differs by 7 commits.

• 3641991 Release 2.0.1
• 84999a5 Remove ember-cli-babel dependency.
• 2e335cf 2.0.0
• d8904dd Merge pull request [Snyk] Security upgrade jsonpointer from 2.0.0 to 4.1.0 #24 from ember-cli/update-babel-6
• cf11f03 Update to Babel 6.
• bf21819 Merge pull request [Snyk] Security upgrade open from 0.0.5 to 6.0.0 #23 from ember-cli/clean-up
• 06605c5 addon cleanup

See the full diff

Package name: glob

The new version differs by 48 commits.

• 3a7e71d v5.0.15
• 841fda0 use latest minimatch
• 4ba54a8 Skip some tests on Windows, make others pass
• 3936e1e Build: Add build for node v4
• c47d451 v5.0.14
• 821fac8 Handle ENOTSUP for sync glob as well as async
• 9625618 Test for when readdir raises ENOTSUP
• 0a2b519 Generate fixtures more effectively, with -O instead of eval
• f96190b Use js for benchmark cleanup
• 957fd93 Fix some 'use strict' errors
• bf3381e Treat ENOTSUP like ENOTDIR in readdir
• 507733d v5.0.13
• f5878af Do not emit 'match' events for ignored items
• 9439afd v5.0.12
• 6071f3a Revert "Use graceful-fs if available"
• 38ff16c v5.0.11
• f09292b Use graceful-fs if available
• 4f39b60 Remove duplicate option description
• e3cdccc v5.0.10
• 480da05 ignore .nyc_output, upgrade tap, use coverage, rm fixtures
• 155124b add more sync cb thrower tests
• f7302ca Test base-matching
• 7530e88 v5.0.9
• b185987 reduce cases where tests need to be regenerated

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn