[Snyk] Fix for 10 vulnerabilities

[bumplzz69]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: init-package-json

The new version differs by 118 commits.

• 9d12b13 chore: release 6.0.0
• 9eccb04 deps: bump read-package-json from 6.0.4 to 7.0.0
• 3024040 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• 97b1efe fix: drop node14 support
• 02495f1 chore: turn on autopublish
• f07f272 chore: bump @ npmcli/config from 6.2.1 to 7.0.0
• 9180984 chore: postinstall for dependabot template-oss PR
• 2e2eb32 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 8d5957a chore: postinstall for dependabot template-oss PR
• 60b55b8 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• 977dfe0 chore: postinstall for dependabot template-oss PR
• f51906b chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• 1f2070b chore: bump @ npmcli/template-oss from 4.12.1 to 4.14.1 (Building any npm package in OE/Yocto env run into error: npm/cli#222)
• ef2b008 chore: bump @ npmcli/template-oss from 4.12.0 to 4.12.1 (Support listing out npm cache npm/cli#194)
• 7328f8a chore: postinstall for dependabot template-oss PR
• e2443b8 chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0
• 3bd6ebd chore: postinstall for dependabot template-oss PR
• c711ff7 chore: bump @ npmcli/template-oss from 4.11.3 to 4.11.4
• a7baf44 chore: release 5.0.0 (Replaced var with const for adduser.js npm/cli#190)
• 8f61147 chore: sequential tests
• dfd3abd chore: fix race condition in test inputs
• 8b919b7 feat!: refactor
• a3643d4 chore: postinstall for dependabot template-oss PR
• 4a4808a chore: bump @ npmcli/template-oss from 4.11.0 to 4.11.3

See the full diff

Package name: libnpx

The new version differs by 15 commits.

• 84eeb54 chore(release): 10.2.4
• 7a03da5 test: patch child.js test
• 122ed5c deps: update yargs
• fa6a282 chore(release): 10.2.3
• 7d90a71 chore: update project settings, remove weall* stuff
• 26a8394 chore(release): 10.2.2
• e0eb3cb fix: install latest npm on travis for node 6
• e8b4a7e chore: put node 6 back in travis set
• 9a23db1 fix: correct Kat's github url
• 3733137 fix: Update changelog to fix old issue links
• 3192e0f v10.2.1
• 40df81c fix: point repo at proper git remote
• 43d68c8 fix: spurious test failure
• f51a8d3 travis: only test on supported node versions
• b7c8b9f fix(platform): drop node 4 and 7, add 9 and 10

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published ([BUG] Dev dependency should not throw “unsupported platform” error when using --production flag on npm install npm/cli#2921)
• 4e493d4 chore: misc testing fixes (fix(uninstall): use correct local prefix npm/cli#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (fix(install): ignore auditLevel npm/cli#2929)
• e388255 deps: which@4.0.0 ([BUG] EACCES error with npm remove on npm@7.7.0 npm/cli#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 ([BUG] npm uninstall doesn't work in 7.7.0 npm/cli#2927)
• 4bef1ec deps: glob@10.3.10 ([BUG] npm 7.7.0 lost progress bar on npm install npm/cli#2926)
• 21a7249 chore: add check engines script to CI (Release/v7.7.0 npm/cli#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (fix(audit-level): add info audit level npm/cli#2923)
• d644ce4 docs: update applicable GitHub links from master to main ([BUG] "ERR! must provide string spec" when running "npm install" npm/cli#2843)
• 4a50fe3 chore: empty commit to add changelog entries from package-lock changes depending upon name of project folder npm/cli#2770
• 26683e9 chore: GitHub Workflows security hardening ([BUG] NPM 7.x broke the "--json" CLI parameter npm/cli#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 ([BUG] workspace packages using different major versions of the same package causes issues npm/cli#2783)
• 5746691 test: update expired certs (fix(usage): tie usage to config npm/cli#2908)
• d3615c6 Fix incorrect Xcode casing in README ([BUG] Fix ERESOLVE error output npm/cli#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python ([BUG] npm on windows can't run scripts with ".", relative paths "../" npm/cli#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after ([BUG] cannot read property 'length' of undefined with npm npm/cli#2721)
• 445c28f test: increase mocha timeout ([BUG] sudo prompt is not shown in scripts, causing install and tests to hang npm/cli#2887)
• 1bfb083 Fix Python lint error by using an f-string (feat: add exec workspaces npm/cli#2886)
• c9caa2e docs: Update windows installation instructions in README.md ([DOC] Wiki has broken link npm/cli#2882)

See the full diff

Package name: npmlog

The new version differs by 51 commits.

• ae1f107 chore: release 7.0.1 (docs: scoped names can begin with '.' & '_' npm/cli#134)
• add709d fix: do not enable progress while paused
• 35651cf chore: postinstall for dependabot template-oss PR
• 40ea375 chore: bump @ npmcli/template-oss from 4.5.1 to 4.6.1
• 040c663 chore: release 7.0.0 (Handle git branch references correctly npm/cli#123)
• 47f4fb1 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0
• 01dd16e deps: bump gauge from 4.0.4 to 5.0.0
• f896c8e deps: bump are-we-there-yet from 3.0.1 to 4.0.0
• 92546b8 chore: postinstall for dependabot template-oss PR
• 33b83ef chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• d4820b9 chore: postinstall for dependabot template-oss PR
• ed07d95 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• b7d204d feat!: postinstall for dependabot template-oss PR
• bd3c67b chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 36e8210 chore: postinstall for dependabot template-oss PR
• fb96681 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 4b021c3 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Update npm audit 401 error message npm/cli#112)
• 6eeb7df chore: postinstall for dependabot template-oss PR
• c0e798d chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 87e9ff0 chore(main): release 6.0.2 (dist-tag: make 'ls' the default action npm/cli#106)
• ca78ea6 chore: bump @ npmcli/template-oss from 3.2.0 to 3.4.1 (Replace hardcoded URL to advisory with a URL from audit response npm/cli#110)
• 2ee3207 chore: bump tap from 15.2.3 to 16.0.1 (Fix inline code in npm-scripts npm/cli#107)
• ab9b134 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (Release: npm@6.5.0 npm/cli#105)
• 929686c deps: update gauge requirement from ^4.0.2 to ^4.0.3 (fix(doc): move line for markdown renderers npm/cli#101)

See the full diff

Package name: read-package-json

The new version differs by 116 commits.

• eec43b7 chore: release 7.0.1 (Implements peerDependenciesMeta npm/cli#224)
• bfaffbf fix(linting): no-unused-vars
• 153cfda chore: postinstall for dependabot template-oss PR
• fae3210 chore: bump @ npmcli/template-oss to 4.22.0
• 70ebc23 chore: postinstall for dependabot template-oss PR
• cd2962f chore: bump @ npmcli/template-oss from 4.21.3 to 4.21.4
• a8d949f chore: postinstall for dependabot template-oss PR
• 1302bc7 chore: bump @ npmcli/template-oss from 4.21.1 to 4.21.3
• 653fefe chore: postinstall for dependabot template-oss PR
• 396504e chore: bump @ npmcli/template-oss from 4.19.0 to 4.21.1
• cf2a925 chore: postinstall for dependabot template-oss PR
• 82a7788 chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• 9815e70 chore: postinstall for dependabot template-oss PR
• 46c9b90 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• c73cf0d chore: use npm 9 for CI (Replaced var with const for adduser.js npm/cli#190)
• 1f477a8 chore: Fix out-of-order ChangeLog entry (Use Installer when packaging git dependencies npm/cli#189)
• eca41e5 chore: release 7.0.0
• 3c10858 deps: bump normalize-package-data from 5.0.0 to 6.0.0
• 2845aa5 fix: drop node14 support
• beb1b31 chore: postinstall for dependabot template-oss PR
• 04c63d8 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 8f64487 chore: postinstall for dependabot template-oss PR
• 7a1f544 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• 191c78e chore: release 6.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution