[Snyk] Fix for 2 vulnerabilities

[cs-sagarmalve]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nunjucks

The new version differs by 28 commits.

• 53d1223 Release v3.2.1
• 93129bf Replace yargs with commander
• 17691da Chokidar bump
• 40dfdf0 Remove dead link
• cefb1cf Prevent optional dependency Chokidar from loading when not watching
• 1485a44 Add badges in README.md
• 2246457 Add Mozilla Code of Conduct file
• ff5571c Release v3.2.0
• f997a52 Add NodeResolveLoader
• 34b0a26 Fix syntax typos in CONTRIBUTING.md
• 55e0b7a Set dash as joiner element
• c99154e Update faq.md
• 1338712 Emit 'load' events on Loader and Environment instances
• 057e7b3 Add test for line/column info in user-function exception
• bcf38f3 Emit line and column info for functions
• fbddcd5 lexer more accurately tracks token line and column information
• 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
• b828158 Fix documentation typo
• 1370361 v3.1.7
• 0a65e1f Fixes for replace example
• 2946fb4 Removed postinstall-build in favor of npm prepare script
• 9fd5bdb Add link to Plugin syntax highlighting for VSCode
• 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
• 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Package name: socket.io-client

The new version differs by 137 commits.

• d30914d [chore] Release 2.0.0
• 9e7b543 [chore] Bump engine.io to version 3.1.0 (#1109)
• 442587e [chore] Bump dev dependencies (#1108)
• ff4cb3e [feat] Move binary detection to the parser (#1103)
• b4c7e49 [chore] Bump debug to version 2.6.4 (#1101)
• 3f19445 Merge pull request #1096 from satya164/patch-1
• 628eb3b Fix dependencies
• d32bc5b [docs] Fix messed events documentation (#1089)
• 2135ed8 [docs] Fix Manager constructor documentation (#1093)
• 25321d1 [docs] Fix format in API.md (#1090)
• 9064608 [docs] Add note regarding the Emitter class (#1079)
• 49fb3e0 [fix] Run tests on the minified files (#1042)
• 4af8fd3 [docs] Add missing path option in the documentation (#1078)
• 2dcc794 [feature] Allow the use of a custom parser (#1075)
• 4322cf2 [docs] Fix typo (#1076)
• 1ac8374 [chore] Bump engine.io-client to version 2.0.2 (#1074)
• 3d63875 [chore] Bump socket.io-parser to version 2.3.2 (#1071)
• 8fc4b44 [docs] Fix typo (#1066)
• a98f94d [chore] Bump engine.io-client to version 2.0.0 (#1062)
• fcb5c43 [fix] Add nsp prefix to socket.id (#1058)
• ba5dca3 [test] Update browsers matrix (#1059)
• 7a533cd [chore] Update issue template with fiddle (#1057)
• 55411df [docs] Add `connect_error` and `connect_timeout` events (#1051)
• 558163d [docs] API documentation (#1049)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)