[Snyk] Fix for 1 vulnerabilities

[dsevolve23]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: init-package-json

The new version differs by 29 commits.

• 1703339 2.0.1
• a99f769 npm-package-arg@8.1.0
• 434ecd4 read-package-json@3.0.0
• 5ac9b2a 2.0.0
• 6396ea8 chore: changelog for v2.0.0
• f4c67c5 BREAKING: requires node10+
• 35b18fc chore: update to auto-bump on npm version system
• 786e88b chore: bump transitive deps
• 32012d9 validate-npm-package-license@3.0.4
• 5deeae9 npm-package-arg@8.0.1
• 56477ed read-package-json@2.1.2
• 68f5b77 semver@7.3.2
• 6b865ec rimraf@3.0.2
• 9a05ee4 chore: remove standard-version dev dep
• 16c52cb test: removes dev dep in npm
• c0ace81 fix: accounts dot vs dash version/license config
• b20020b mkdirp@1.0.4
• 4c22248 tap@14.10.8
• 3e772e9 Updated package-lock to v2
• 2b5d21e chore: updating package-lock.json
• 8515942 chore: update CI for current Node LTS
• b30d345 chore(release): 1.10.3
• ab26834 deps: bump devDeps
• 549cb32 deps: bump npa

See the full diff

Package name: node-gyp

The new version differs by 212 commits.

• 33affe2 v7.0.0: bump version and update changelog
• ba4f34b doc: update catalina xcode clt download link
• f7bfce9 doc: update acid test and introduce curl|bash test script
• 4937722 deps: replace mkdirp with {recursive} mkdir
• a6b76a8 gyp: update gyp to 0.2.1
• e529f33 doc: update README to reflect upgrade to gyp-next
• ebc34ec gyp: update gyp to 0.2.0
• 9aed628 doc: give more attention to Catalina issues doc
• 963f2a7 doc: improve cataline discoverability for search engines
• d45438a deps: update deps, match to npm@7
• 5f47b7a v5.1.1: bump version and update changelog
• c255ffb lib: drop "-2" flag for "py.exe" launcher
• 741ab09 test: remove support for EOL versions of Node.js
• 6356117 doc, bin: stop suggesting opening node-gyp issues
• 7b75af3 doc: add macOS Catalina software update info
• 4f23c7b doc: update link to the code of conduct (Cannot install to paths with symbolic links npm/npm#2073)
• 473cfa2 doc: note in README that Python 3.8 is supported (npm installs packages into pwd/node_modules npm/npm#2072)
• e18a61a build: shrink bloated addon binaries on windows
• ca86ef2 test: bump actions/checkout from v1 to v2
• e7402b4 doc: update catalina xcode cli tools download link (Error when installing jslint  npm/npm#2044)
• 972780b gyp: sync code base with nodejs repo (Cannot install cake (using node 0.6.6 osx installer) npm/npm#1975)
• dab0305 v5.1.0: bump version and update changelog
• 35de459 doc: update catalina xcode cli tools download link; formatting
• 4864219 doc: add download link for Command Line Tools for Xcode

See the full diff

Package name: normalize-package-data

The new version differs by 20 commits.

• e584704 3.0.0
• 6899b0c fix: broken tests w/ latest hosted-git-info
• 40d07df hosted-git-info@3.0.6
• e938119 chore: update engines
• 7e70f63 resolve@1.17.0
• 0ba7f91 semver@7.3.2
• 30afb71 chore: remove async dev dep
• db9c672 tap@14.10.8
• cc89759 chore: remove underscore dev dep
• b224ba1 chore: update to package-lock v2
• dedb606 2.5.0
• f97372c deps: use `resolve.isCore` instead of `is-builtin-module` for better data and better node compat (Doesn't work nicely with Stow npm/npm#99)
• de56d3e 2.4.2
• 96c93df deps: downgrade is-builtin-module to ^1.0.0
• 39b60ac 2.4.1
• 9d1ce80 fix: update broken url to `validate-npm-package-license` in README
• 156ad83 deps: bump devDeps
• 432f89c deps: bump deps
• f828e53 chore: update CI for current Node LTS
• df8ea05 fix(license): don't fail when license is whitespace-only field (Failed install (of paperboy): 404 on http://registry.npmjs.org/paperboy/-/paperboy-0.0.1.tgz npm/npm#93)

See the full diff

Package name: npm-install-checks

The new version differs by 15 commits.

• 9b68df3 4.0.0
• d498feb allow engine if npm version not specified
• f9cc89a update travis to only include live nodes
• 0fc0126 auto-publish scripts
• ca36bca update changelog for v4
• a0d38b4 update docs for v4
• 44b7124 Simplified functionality needed for npm v7
• 1646fd7 remove unnecessary deps and metadata
• d74d479 chore: project settings
• d4463a3 chore(deps): update semver, tap, standard
• 89937d4 minimal package
• 893b181 fix: allow pre-release versions of npm and node
• ab92033 chore: bump version of semver package
• aafb4ee deps: bump deps
• f8cc119 chore: update CI for current Node LTS

See the full diff

Package name: npm-package-arg

The new version differs by 30 commits.

• 26ffdd5 chore(release): 8.0.0
• 17598ad chore: normalize settings, license, and update standard-version
• ba85e68 drop support for node 6 and 8
• 2c06e53 update tap
• 9434f79 chore: update semver to v7
• bf86221 chore(release): 7.0.0
• 68a4fc3 deps: bump hosted-git-info to 3.0.2
• ee44e84 chore: update deps
• 1da5ca9 chore(release): 6.1.1
• 84a9569 chore: add node 12 to travis
• c5da1f4 chore: boost test coverage to 100%
• 3909203 fix: preserve drive letter on windows git file:// urls
• a5a18b3 chore: update CI for current Node LTS
• b2c1e0c deps: bump devDeps
• db7ca93 deps: bump deps
• 4760e1c chore(release): 6.1.0
• 7d0d957 deps: bump devDeps
• 4b62929 deps: bump deps
• adf41e8 docs(coc): updated CODE_OF_CONDUCT.md
• f446255 docs(contributing): updated CONTRIBUTING.md
• 861040c meta: standardise release process
• ab99f8e feat(alias): add `npm:` registry alias spec (verify node's location npm/npm#34)
• 647a0b3 fix(git): Fix gitRange for git+ssh for private git (save configs when installing npm/npm#33)
• 8425a96 6.0.0

See the full diff

Package name: pacote

The new version differs by 250 commits.

• e88f844 10.3.0
• b21dd92 update semver
• d8ab8cf update npm-packlist
• 361f0b3 update tap
• c4bbf23 test: make the remote timeout test time out forever
• b4ea91f npm-registry-fetch 6.0.0
• 591edd8 @ npmcli/installed-package-contents@1.0.5
• 5ce1093 test: make remote timeout test more reliably time out
• 48fc9b8 use WhatWG URL instead of url.parse
• e515bce Update deps, float patch for npm-registry-fetch
• cf50f54 update @ npmcli/installed-package-contents, require node >=10
• 698e996 Extract: rimraf dir contents, not dir itself
• e568305 add @ npmcli/installed-package-contents module
• e8a80d7 upgrade all deps
• dfccb4f remove extraneous isNaN checking in git opts
• e33c9ce 10.2.1
• bad55cd fix: Do not drop perms in git when not root
• ccc9e20 bin: only add log listener once
• 8a8cd6a 10.2.0
• e8c274c registry: verify integrity when loading manifest
• f28888e bin: Only JSON.stringify by default if an object
• 0018eda 10.1.6
• fc1053f git: prefer git+https over git+ssh for hosted repo
• 9d2ce90 10.1.5

See the full diff

Package name: read-package-json

The new version differs by 23 commits.

• 9f7049d chore(release): 3.0.0
• 19d9fbe fix: check-in updated lockfile
• eef46fa chore: add engines definition
• 36b7ef7 chore: remove old .travis.yml envs
• b3a8831 globa@7.1.6
• fb3ceae json-parse-even-better-errors@2.3.1
• 78add03 npm-normalize-package-bin@1.0.1
• 7595d70 normalize-package-data@3.0.0
• 10175d8 chore(release): 2.1.2
• fdbf082 fix: even better json errors, remove graceful-fs
• e78afd6 chore(release): 2.1.1
• b8cb5fa fix: normalize and sanitize pkg bin entries
• 55382c2 chore(release): 2.1.0
• 0a176cc Add some tests and clean up error handling for non-string bins
• 76f6f42 feat: support bundleDependencies: true
• 4e1e4d2 some tests for index.js parsing
• 67f2d8d chore: update CI for current Node LTS
• 6bac747 chore(release): 2.0.13
• c1b24b0 misc: updating for standard
• 7090a2f deps: bump devDeps
• 5b4d790 deps: bump j-p-b-e
• 3f06586 meta: modernize release process
• 1869940 fix(git): support git packed refs --all mode (error determining node version npm/npm#77)

See the full diff

Package name: semver

The new version differs by 214 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (review ownership/mode architecture npm/npm#566)
• 5c8efbc fix: preserve build in raw after inc (don't encrypt auth in npmrc npm/npm#565)
• 717534e fix: better handling of whitespace (Use the MIT node-uuid library npm/npm#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (Fixed typo in doc/json.md npm/npm#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Error linking drty npm/npm#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (search.npmjs.org: Please add repository url and licenses to package detail page npm/npm#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (Unpublishable package.json npm/npm#552)
• 503a4e5 feat: allow identifierBase to be false (refactor read-package-json to its own library npm/npm#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (install.sh should check for nodejs bin name npm/npm#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (refactor semver into its own library npm/npm#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Failed creating the tarball on npm install with zombie npm/npm#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (NPM is seemingly down? npm/npm#538)
• aa516b5 fix: faster parse options (npm ERR! Failed creating the tarball. npm/npm#535)
• 61e6ea1 fix: faster cache key factory for range (Invalid Error on Publish npm/npm#536)
• f8b8b61 fix: optimistic parse (exec: Output all the stdout/stderr on failure, no matter what the loglevel says npm/npm#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (etc/npmrc and prefix npm/npm#533)
• 3f222b1 fix: reuse comparators on subset (negative filter npm/npm#537)
• 113f513 feat: identifierBase parameter for .inc (Added --force option to npm install npm/npm#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: update-notifier

The new version differs by 57 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (npm on windows npm/npm#192)
• 132b7ce Remove a project from "Users" section (Too many files open while linking lib folder npm/npm#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (npm ls @installed behave strangely npm/npm#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (installation issues npm/npm#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option (mongoose won't install npm/npm#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (npm update failed and removed npm. Seppuku? npm/npm#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)