[Snyk] Fix for 8 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1	Uninitialized Memory Exposure npm:base64url:20180511	Yes	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: download

The new version differs by 5 commits.

• 0dfcb7c 5.0.0
• 7f8ab78 Bump `decompress`
• 49d6bcb Promisify and support Node.js >=4 (Added nyc for Test coverage GoogleChromeLabs/psi#103)
• 5f1ff80 Bump nock
• b208656 Update for the latest AVA

See the full diff

Package name: googleapis

The new version differs by 201 commits.

• 8669d9a run npm install before npm publish (#944)
• d571e5d release 25.0.0 (#932)
• 2722f1f update package-lock.json (#942)
• 515fa50 chore: asyncify generator (#926)
• 0c306e5 chore: update source-map-support to 0.5.2 (#941)
• 9cdb096 chore: remove node 7 from CI (#940)
• eb86822 Update README.md (#928)
• 658c7cb Update mocha to the latest version 🚀 (#935)
• 8654a48 chore(package): update source-map-support to version 0.5.1 (#931)
• 640c621 chore(package): update opn to version 5.2.0 (#925)
• 573d96e Update js-green-licenses to the latest version 🚀 (#933)
• e734909 Circleci tests (#937)
• 474bed7 chore: Upgrade to the latest google-auth-library (#891)
• efd4af5 chore(package): update semistandard to version 12.0.0 (#910)
• 70a2ec0 fix: cleanup and fix samples (#916)
• dfcae5a chore(package): update js-green-licenses to version 0.3.1 (#919)
• 6a9b578 publishing 24.0.0 (#922)
• cdf72a2 reverting breaking change (#921)
• 8135ce0 updating googleapis (#920)
• 4c4cf53 Revert "updating googleapis"
• 2ffccde Revert "bump version, fix formatting"
• a408328 bump version, fix formatting
• c0a06ba updating googleapis
• 6ab07d9 chore(package): update nock to version 9.1.5 (#902)

See the full diff

Package name: update-notifier

The new version differs by 35 commits.

• 492c21e 2.3.0
• 3eaa793 Force bump `boxen` dependency
• 70b8248 package.json indentation
• 97d0b97 Add is-installed-globally for auto-detection (Feature/common use cases GoogleChromeLabs/psi#114)
• 6008ccf Meta tweaks
• 6f2b074 Move to AVA for testing (Add Field Data Wording for CLS and LCP GoogleChromeLabs/psi#121)
• 4bfb8b4 Update chalk to 2.0.1 (Check for details before accessing. GoogleChromeLabs/psi#117)
• adf7af0 2.2.0
• d032e12 Bail if notify is disabled (Update package googleapis to ^47.0.0 GoogleChromeLabs/psi#110)
• 1055d57 Meta tweaks
• e2f9233 Add npm as »reference« (Remove not needed dependencies GoogleChromeLabs/psi#108)
• 86ca238 2.1.0
• 607d3c9 Add option to exclude `-g` argument from default update message (Fix build failure GoogleChromeLabs/psi#105)
• d295cf3 2.0.0
• fda96b6 ES2015ify
• ac47d69 Improve readme
• f1de1bf Update dependencies
• 01fcd25 Bump minimum supported `node` version to `node@4`. (4.0.0 GoogleChromeLabs/psi#102)
• e36671d 1.0.3
• d66245c Exit process on SIGINT (Update to psi v5 GoogleChromeLabs/psi#98)
• 384e846 get tests passing on Travis CI with latest xo, etc (Update pagespeed insight to v5 GoogleChromeLabs/psi#97)
• b72bf7f 1.0.2
• c2a9565 Lazy load dependencies (Set color for speed and usability scores GoogleChromeLabs/psi#82)
• 38aa83a 1.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution