[Snyk] Fix for 3 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: engine.io-client

The new version differs by 177 commits.

• 1cbab34 [chore] Release 3.1.2
• 0b26bc3 [fix] Remove parsejson dependency (#580)
• b949abc [chore] Release 3.1.1
• 11f3fdd [test] Launch browser tests on localhost by default (#571)
• 753c180 [chore] Unpin debug version (#568)
• fce140a [chore] Release 3.1.0
• 32fe4e5 [chore] Bump engine.io-parser to version 2.1.1 (#566)
• be73a9c [chore] Pin debug to version 2.6.4 (#567)
• 7aad0d6 [chore] Bump engine.io-parser to version 2.1.0 (#565)
• cfb2775 [chore] Bump ws to version 2.3.1 (#564)
• f7be578 [chore] Bump debug to version 2.6.4 (#563)
• 3e03346 [refactor] Set responseType based on 'Content-Type' header (#562)
• 51d7529 [chore] Release 3.0.0
• 7a72404 [chore] Bump dependencies (download and parse revision history c9/core#560)
• beb7090 [fix] Default `rejectUnauthorized` to `true` (Bump ws from 1.0.1 to 7.3.1 c9/core#558)
• 82f3f61 [chore] Drop support for old nodejs versions (0.10 & 0.12) (How to delete cloud9? c9/core#557)
• 4c021d3 [chore] Release 2.1.1 (Failed to write to 'state.settings'. options.stream must be readable.  c9/core#556)
• 56bf176 [chore] Bump engine.io-parser to version 2.0.2 (Python 2 out of support. c9/core#555)
• 0d2cc68 [chore] Release 2.1.0 (Bump acorn from 2.5.2 to 7.1.1 c9/core#550)
• 3ba6fa1 [chore] Bump engine.io-parser to version 2.0.1 (Require password to access Theia in browser? c9/core#549)
• 8f04149 [chore] Bump concat-stream to version 1.5.2 (Connect to the IDE from a subdomain? c9/core#548)
• 1519765 [feat] Allow to set the protocols for the websocket transport (Bump debug from 0.7.4 to 4.1.1 c9/core#546)
• be4c906 [chore] Release 2.0.2 (Fresh install - git extension not working c9/core#541)
• 144a7fd [chore] Bump ws to version 1.1.2 (vulnerability fix) (Vulnerabilities c9/core#539)

See the full diff

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (#3540)
• d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
• a722237 Remove lib folder from git (#3531)
• e0f5c1a Move changelog to root (#3530)
• f7bdce7 Duplicate dist files in root for older links (#3529)
• 0925cf1 Test-data module (#3525)
• 51fb02b Fixes #3504 / organizes tests (#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
• a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
• e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
• 95b9007 Update changelog
• 6238bbc Fixes #3508 (#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (#3498)
• 0f271f3 issue#3481 ignore missing debugInfo (#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (#3490)
• 2634494 Properly exit calc mode after use (#3493)
• 096dd22 Convert to auto-changelog (#3477)
• 842386b Fixes #3469 - Include tslib dependency (#3475)
• 1adaadb 3.11.0 (#3468)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)