[Snyk] Fix for 20 vulnerabilities

[karo-egnyte]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 806, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	160/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 45, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 1.58, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0107, Social Trends: No, Days since published: 1049, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 697, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1015, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 1015, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	151/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01362, Social Trends: No, Days since published: 1609, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1193, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 1759, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	133/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00317, Social Trends: No, Days since published: 1697, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.2, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 358, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.82, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	118/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00063, Social Trends: No, Days since published: 255, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.81, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	118/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00173, Social Trends: No, Days since published: 150, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	175/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01084, Social Trends: No, Days since published: 973, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.22, Score Version: V5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 652, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	141/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01021, Social Trends: No, Days since published: 2112, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.5, Score Version: V5	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00121, Social Trends: No, Days since published: 2112, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	123/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.05956, Social Trends: No, Days since published: 3400, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.04, Score Version: V5	Denial of Service (DoS) npm:qs:20140806	Yes	No Known Exploit
	87/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00102, Social Trends: No, Days since published: 3400, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.45, Score Version: V5	Denial of Service (DoS) npm:qs:20140806-1	Yes	No Known Exploit
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00126, Social Trends: No, Days since published: 2462, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-browserify

The new version differs by 35 commits.

• fd0f242 Update browserify, bump version, changelog.
• c061a05 Merge pull request #413 from mdblr/mdblr/upgrade-watchify-for-nodejs-14
• 8ae8687 Upgrade watchify from 3.x to 4.x
• f20e21c Version bump.
• 30ad90d Merge pull request #401 from zkochan/master
• 6cb1429 fix(deps): update browserify to version 16
• 4e8eb1f Merge pull request #399 from ChuanyuWang/master
• 4899438 Add example to use plulgin with options
• c660306 Typo.
• 9146bea Add aknowledgement to changelog.
• 42250e6 Remove lockfile.
• 3d18513 added browserify-incremental support
• afa393c Changelog, bump version to 5.1.0
• 4718295 Housekeeping: update dependencies + dates.
• 4f96beb Merge pull request #392 from gaurav21r/patch-1
• 2233e43 Update browserify to 14.1.0 to support async / await
• 8c30159 Remove the call for maintainers.
• cda0b5f Merge pull request #379 from mrmartineau/patch-1
• e152c57 Fixes broken issue links
• b26e20f 5.0.0
• 76537ce adds 5.0 changelog
• 2e9680c Merge pull request #378 from Sjors/browserify-13
• ace5e1f Merge pull request #358 from jeron-diovis/fix_watchify_for_mac_os
• 2d41265 Merge pull request #319 from tleunen/patch-transform

See the full diff

Package name: grunt-contrib-jasmine

The new version differs by 17 commits.

• 201bb2a Release v2.0.3
• 9b18221 Upgrade npm dependencies
• d0e2572 fix: build only should pass if the buildSpecrunner runs without error
• 74855ed Update dependencies
• d65dd20 v2.0.2
• d7f652f Fix typo
• 55a5f1f Wait for spec runner before larunching browser
• 408a233 Set the startTime before calling sendMessage
• a30f731 Create new optional 'noSandbox' option to launching Puppeteer with no-sandbox arg.
• a88f31b Launching Puppeteer with no-sandbox arg.
• de29770 v2.0.1
• a71cc54 Use the grunt current working directory to find the jasmine core folder (#277)
• f3c320c Deals with #274 (#275)
• a21b0b1 Implement options.version (#273)
• 7d3dbdc update template usage (#272)
• 51feacb Update deps (#271)
• 02e72f3 Switch from PhantomJS to Chrome Headless via Puppeteer (#269)

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 97 commits.

• 5cdebda v4.0.0. (#527)
• 7b4ecb5 v3.4.0.
• f6f834b v3.4.0.
• e7915ce v3.3.0.
• bf23f0b Lock grunt-contrib-internal to v1.3.0.
• 6db68bd upgrade to uglify-js 3.3.0
• 04494d9 Update docs/uglify-options.md.
• 263196c Add a Git .mailmap with my new name (#497)
• 3105f8d v3.2.1.
• 602ced4 Update uglify-js to v3.2.0
• 5251b6f decouple `sourceMapIn` from `sourceMap.url`
• 2edfe0b Update uglify-js to v3.1.0.
• 2773e7e v3.0.1.
• 85a1ac3 fix typo
• 755360b Move `require()` up
• 0f45e4e v3.0.0.
• ccd7ad0 Upgrade to uglify-js 3.0.4. (#472)
• f3086c1 v2.3.0.
• 7dc5e1d Log fixes. (#454) r=vladikoff
• 48fab36 v2.2.1.
• f161c6d Clean up banner option.
• bbe1da0 Update test files.
• 3a718cf Update uglify-overview.md
• a34af0d Merge pull request #453 from gruntjs/update-uglify

See the full diff

Package name: node-lessify

The new version differs by 44 commits.

• a6f0210 0.2.0
• 379ffa7 Updating version and docs
• edf3fcb Merge pull request File identification by fileid not working #27 from Fazod/master
• bb290da Updating min requirement to match less.
• 5b49b7a update dependencies;
• b451e5e Added shoutout to TIME
• 6ad860b Adding error log change to changelog
• 465ec45 Updating package version
• d2c6aab Fixing headers in readme
• 7a39050 Update README.md
• c22d3c9 Merge pull request Bump debug and grunt-contrib-watch #26 from DXCanas/to-upstream
• 7e32571 Updating error output
• 7aa9592 Cleaning up redundant functionality
• 0505753 fix docs
• 32ef312 Add docs
• 374764b add options.globalPaths for global includes
• c901b39 Update index.js
• 51bdfe9 don't override paths property
• dadefce Firing watcher event on error too
• 5b39aec Changing error message format
• 143322b Removing spaces, alignment issues
• af35550 v0.1.4: Dependencies
• ed3034f 0.1.3: Small fixes to README
• 00c955f v 0.2.1: Updated README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn