[Snyk] Fix for 8 vulnerabilities

[falkodev]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 196 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: html-to-text

The new version differs by 19 commits.

• cc4d026 Version bumped 5.1.0
• 30c5556 Remove hardcoded CLI options (Getting values from custom module singleton apostrophecms/apostrophe#173)
• 14c7475 README updated
• fc487c9 Dependency on fs module removed (import csv file tags issue apostrophecms/apostrophe#171)
• b642ec7 Added tests for the cli arguments ( aposSingletonIsEmpty doesn't work as expected apostrophecms/apostrophe#153)
• 4e6127d prepublish script added
• d1e3077 Changelog updated
• ac0e63b Potential security vulnerability fixed
• 8f8a5c8 Merge branch 'jstewmon-fix-href-anchors'
• 5781f8a Closed Gettings tags by they popularity apostrophecms/apostrophe#148
• 3540426 Merge branch 'master' of github.com:werk85/node-html-to-text
• d561095 Version bumped to 4.0.0. package-lock.json added. README updated.
• 655a754 Supports format blockquote (fix slideshow orientation apostrophecms/apostrophe#142)
• 1a3d878 Drop support for Node.js < 4; switch from underscore to lodash (Restart server to refresh HTML apostrophecms/apostrophe#150)
• b5d0ea1 customizable ul li item prefix (Question : Modules / Plugins apostrophecms/apostrophe#140)
• fc503dc take a stance on semicolons
• 912536a fix: html entities in hrefs should not trigger noAnchorUrl
• 1dbebe1 Fix docs typo (Button target apostrophecms/apostrophe#146)
• 019f45e chore(package): update chai to version 4.0.1 (upload files using apostrophe-moderator apostrophecms/apostrophe#133)

See the full diff

Package name: nunjucks

The new version differs by 250 commits.

• 53d1223 Release v3.2.1
• 93129bf Replace yargs with commander
• 17691da Chokidar bump
• 40dfdf0 Remove dead link
• cefb1cf Prevent optional dependency Chokidar from loading when not watching
• 1485a44 Add badges in README.md
• 2246457 Add Mozilla Code of Conduct file
• ff5571c Release v3.2.0
• f997a52 Add NodeResolveLoader
• 34b0a26 Fix syntax typos in CONTRIBUTING.md
• 55e0b7a Set dash as joiner element
• c99154e Update faq.md
• 1338712 Emit 'load' events on Loader and Environment instances
• 057e7b3 Add test for line/column info in user-function exception
• bcf38f3 Emit line and column info for functions
• fbddcd5 lexer more accurately tracks token line and column information
• 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
• b828158 Fix documentation typo
• 1370361 v3.1.7
• 0a65e1f Fixes for replace example
• 2946fb4 Removed postinstall-build in favor of npm prepare script
• 9fd5bdb Add link to Plugin syntax highlighting for VSCode
• 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
• 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Package name: oembetter

The new version differs by 17 commits.

• 287658a Merge pull request [Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.3 #19 from apostrophecms/fix-date
• d4e35d9 fix the date
• d1e9c8e Merge pull request [Snyk] Security upgrade sanitize-html from 1.27.5 to 2.3.2 #18 from apostrophecms/remove-warnings
• 39081ed cleanup
• a12b17f better but I still have to deal with the deprecated url parser
• 9cd7208 npm audit clearance
• 2dd7065 changelog and version
• fef21e9 all tests passing again
• 892d48b tweak
• 85bf326 wip still debugging
• 1f15424 Bumps version number ([Snyk] Security upgrade nodemailer from 4.7.0 to 6.4.16 #16)
• 6f58844 Updates cheerio version and creates changelog file ([Snyk] Security upgrade html-to-text from 3.3.0 to 6.0.0 #15)
• 49638bb Merge pull request [Snyk] Security upgrade sanitize-html from 1.27.5 to 2.0.0 #14 from apostrophecms/sd-225-vimeo-private-referer
• 117789f support for passing headers, so we can embed vimeo private videos
• 38e83e7 Merge pull request [Snyk] Fix for 1 vulnerabilities #13 from apostrophecms/allowlist
• 51eb144 Bumps to 1.0 and removes whitelist alias
• efb3c9f Updates terms to allowlist

See the full diff

Package name: prompt

The new version differs by 79 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency Docs: Implement docs.update or docs.save apostrophecms/apostrophe#213
• 33febea add eslint
• c071b85 Merge pull request apostrophe:clear-cache task is missing apostrophecms/apostrophe#198 from caub/1.1
• 88c403e 1.1.0
• 756fa65 Fix inconsistent options.noHandleSIGINT for windows
• 8d5495c Merge pull request jade & sass apostrophecms/apostrophe#196 from caub/promisify
• 33ddf56 prompt.get promise: add test, update readme
• b92a9a9 promisify prompt.get
• 0ff93b6 Merge pull request login doesn't work mongodb with replica set apostrophecms/apostrophe#184 from dsych/windows-sigint
• 9e80863 triggering sigint on windows
• 1c95d1d Merge pull request import csv file tags issue apostrophecms/apostrophe#171 from blahah/master
• 65ac6e2 Merge pull request Showing a single letter of a tag apostrophecms/apostrophe#172 from Shank09/Shank09-package.json
• d03edd0 Added missing keywords in package.json
• df42a26 Respect falsy overrides (fixes richText: false apostrophecms/apostrophe#151)
• b732102 Merge pull request Changing the submission message of apostrophe-moderator apostrophecms/apostrophe#169 from jordanyaker/master
• 6ebf54a Removed the pkginfo dependency. Updated the required version of winston.
• 7d1a28f Removed the pkginfo dependency.
• d550674 Merge pull request CSV import behaviour apostrophecms/apostrophe#163 from Eagerod/fixer/add-properties
• 9b5f65b Added a test addProperties() with no parameters.
• fb83773 Fixed an issue where the first parameter in a callback would not be the
• e7b5449 Merge pull request events after/before save apostrophecms/apostrophe#121 from rubbingalcoholic/master
• e493cb8 Merge pull request aposSingletonIsEmpty doesn't work as expected apostrophecms/apostrophe#153 from devrelm/devrelm.function-defaults
• 3046431 Merge pull request Bug: internationalised sites save the "Enter here" in the tag field apostrophecms/apostrophe#156 from littleguga/master

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)