[Snyk] Fix for 17 vulnerabilities #169

awaisab172 · 2023-11-28T20:29:15Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- test/e2e/package.json
- test/e2e/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	No	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chromedriver

The new version differs by 21 commits.

5e2c65c Replace request with axios and other updates
fe02d5f Update update.js to use signed tags
1974478 Bump version to 80.0.0
9a561eb Update @ testim/chrome-version
a24d2f3 Remove node.js 8 and add 13 to CI
b62bef3 Bump version to 79.0.2 and reformat some files
67253e1 Detect chromedriver version that corresponds to the version of Chrome installed
b1f0cab Bump version
b361ec9 Allow specifying the latest version for a specific major release
f61cbbd Fix typo in console.log
7a08121 Bump version to 79.0.0
d8d4734 Bump version to 78.0.1
f331bbe Honor XDG_CACHE_HOME and make npm_config_tmp work
4fd9570 Remove .github from package
b93c62d Bump ChromeDriver to 78.0.3904.70
4c43b45 Versioning LATEST => 75.0.3770.140
0f9ec80 Automated Chromedriver updates (Me: Button stacking on narrow screens needs improvement Automattic/wp-calypso#230)
955d73c bump chromedriver to 77.0.3865.40
79484a7 Build the package build version to 76.0.1
bae907e bump chromedriver 76.0.3809.126
0a28352 Remove node 11 from the build

See the full diff

Package name: grunt

The new version differs by 34 commits.

27bc5d9 Merge pull request Help: Fix chat ended experience Automattic/wp-calypso#1714 from gruntjs/release-1.2.0
64a3cf4 Release v1.2.0
0d23eff Merge pull request Help: Increase font size in Happiness Engineer text Automattic/wp-calypso#1570 from bhldev/feature-options-keys
ee70306 Merge pull request Signup: Trampoline: Ensure trampoline test assignments don't influenc… Automattic/wp-calypso#1697 from philz/1696
05c0634 Merge pull request Editor: Use post.utils for Status Testing Automattic/wp-calypso#1712 from gruntjs/fix-lint
cdd1c19 fix lint in file.js
bc168e3 Merge pull request Masterbar: mobile masterbar doesn't stick when scrolling Automattic/wp-calypso#1283 from greglittlefield-wf/recognize-relative-links
5f16b5a Merge pull request Editor: fade doesn't appear on format bar when sticky Automattic/wp-calypso#1675 from STRML/remove-coffeescript
58f80ae Merge pull request Plugins: update notices to the new format Automattic/wp-calypso#1677 from micellius/monorepo-support
1f61427 Add CODE_OF_CONDUCT.md
4c6fcd9 Merge pull request Signup: Change the start date of autoFillUsernameSignup Automattic/wp-calypso#1709 from NotMoni/patch-1
169d496 add link to license
288ea76 add license link
d5cdac0 Merge pull request Editor: selecting heading style toggles between heading and paragraph style Automattic/wp-calypso#1706 from gruntjs/tag-neew
4674c59 v1.1.0
6124409 Merge pull request Triforce: Layout screen needs better copy Automattic/wp-calypso#1705 from gruntjs/mkdirp-update
0a66968 Fix up Buffer usage
4bfa98e Support versions of node >= 8
f1898eb Update to mkdirp ~1.0.3
7985b19 Avoiding infinite loop on very long command names.
75da17b HTTPS link to gruntjs.com (Editor: consider handling new post/page with a permalink redirect Automattic/wp-calypso#1683)
5a0a02b support monorepo (relative path)
6795d31 Update js-yaml dependecy to ~3.13.1 (Editor: title blur doesn't cover end of title in Safari on iOS Automattic/wp-calypso#1680)
66fc8fa support monorepo (test case)

See the full diff

Package name: grunt-cli

The new version differs by 5 commits.

2293dc5 1.4.0
bbc4400 Update changelog
3fa5bf6 Ignore package-lock
c271173 Update deps, switch to actions ([Snyk] Fix for 1 vulnerabilities #141)
84ebcb8 Bump deps, required node version and ci ([Snyk] Fix for 1 vulnerabilities #137)

See the full diff

Package name: grunt-shell

The new version differs by 12 commits.

0eeba40 3.0.0
62cdda5 Require Node.js >=6 and Grunt >=1
86680b4 Allow functions as shorthand commands ([Snyk] Fix for 1 vulnerabilities #118)
32cac78 2.1.0
91aec55 Make it possible to specify cwd as a top-level target config entry ([Snyk] Security upgrade mkdirp from 0.5.1 to 0.5.2 #113)
9f190dc Fix for Windows: don't modify process.env ([Snyk] Security upgrade mocha from 5.2.0 to 6.2.3 #112)
780086a Update links ([Snyk] Security upgrade prismjs from 1.16.0 to 1.27.0 #110)
9fa3d68 2.0.0
3619e4c increase default max buffer size
1159f25 change `preferLocal` option to be `true` by default
3b379e7 [BREAKING] ES2015ify and require Node.js 4
88e6f6e simplify and improve `preferLocal` option

See the full diff

Package name: mailosaur

The new version differs by 17 commits.

96890dd Rebuild with latest swagger spec
98c9f98 New client, based on Autorest
9f816c5 Build on latest stable too
20821c3 Remove redundant port reference
e62e16b Update Travis notifications
669dc4c Ensure node client uses smtp port environment variable.
7b0ff8a Change travis config to force testing via SMTP on a different port.
6dfe25f Set licence to MIT
9a44618 Update notifications hook
c93c1e1 Ensure that MAILOSAUR_SMTP_HOST is used if provided
28c1f83 Update vars
f829d80 Add logging when using alternative base url
19b10b7 Add notifications
52d41e1 Update .travis.yml
937baed Update .travis.yml
6dc6f5d Update yaml with new test run details
0c48f8d Add look up for env variables for base url and SMTP host

See the full diff

Package name: slack-notify

The new version differs by 8 commits.

b6c0a8e Version bump to 2.0.0, increase minimum node version to 13.2.0
372143a Merge pull request [Snyk] Fix for 1 vulnerabilities #26 from andrewchilds/2022-refactor
84448dc Rewrite API to support promises instead of callbacks [fixes [Snyk] Fix for 1 vulnerabilities #17]
2dbfbad Use current webhook URL format in docs; remove redundant docs from src
f6247eb Remove default configuration overrides [fixes [Snyk] Security upgrade mocha from 5.2.0 to 6.0.0 #15]
b4053fa Update docs
58618a2 Remove lodash/request deps, use ES module syntax
79d3891 Replace coffeescript with js

See the full diff

Package name: testarmada-magellan-local-executor

The new version differs by 4 commits.

5c92c0d mv babel to optional dependencies
511cf9b Update README.md
a53ba02 Update LICENSE
df6d074 Added license

See the full diff

Package name: xunit-viewer

The new version differs by 139 commits.

0e2e0ec 6.0.0
b1eed41 adding something around migration help
f57acfd re-running tests
cc2d09b Merge branch 'v6'
e99d19c moving tests and updating the gh-pages script
dff7541 6.0.0-beta.6
6c2d95d removing unwanted html files
7e68165 6.0.0-beta.5
cf89dc4 moving files so they can be ignored making everything a little bit smaller
49c6e9c 6.0.0-beta.4
376ae29 removing src from ignore
eed2e92 6.0.0-beta.3
1dc2ed7 removing pm2
c57c190 can run tests as expected
03454c1 moving clu into src
4a12364 6.0.0-beta.2
db9019a update readme
d89050f updating deps, some linting and update readme
775e332 moving deps
e4a2049 6.0.0-beta.1
1acf07f going to deploy this version as I think everything is working as it used to
7142fa7 updating index
f48bc47 5.2.0
01fb504 sorting out the search