[Snyk] Fix for 16 vulnerabilities

[hemanth]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: yeoman-generator

The new version differs by 250 commits.

• aad5fac 5.0.0
• 4f4a802 Add transform to expected priority.
• 57d240c Remove only from test.
• 812751f Lint fix
• 33d050f Implement getFeatures for singleton support.
• 99ac2c5 Add transform priority.
• 5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#1278)
• fa408bd Bump actions/stale from v3.0.15 to v3.0.16 (#1275)
• d7103f3 Drop reference from yeoman-test repository
• b36f294 Bump yeoman-environment to 3.0.0-rc.1
• ee0d1ad Hide shared options and drop support for kebab case options.
• 310f72d Fix spawn destinationRoot.
• 8f4afe9 Switch composeWith to use environment.
• e9d0a15 Remove support for chainning at composeWith.
• c2245e1 Switch from node 10 to 12 at Travis.
• 5be7b07 5.0.0-rc.0
• 8a448b4 Bump yeoman-environment to 3.0.0-rc.0
• 6d6c4b0 Changes to queueTransformStream
• 632d60d Add option to skip parsing options.
• 7050e53 Pass destinationRoot to spawn-command by default.
• 097cd20 Implement package-json mixin.
• 52c90a2 Add merge support to Storage.
• f4336d9 5.0.0-beta.1
• 1952724 Change version to 5.0.0-beta.0

See the full diff

Package name: yosay

The new version differs by 12 commits.

• c698632 3.0.0
• 7e41f27 Require Node.js 18 and move to ESM
• edf8387 update deps and cleanup code ([Snyk] Security upgrade yeoman-generator from 0.19.2 to 5.0.0 #32)
• 30c5652 Reduce test code duplication ([Snyk] Security upgrade yeoman-generator from 0.19.2 to 0.24.1 #31)
• bcd9a70 2.0.2
• 33feb5b Add license file
• 6c3028e 2.0.1
• 72d685f Set charIndex correctly when sentence contains whitespace ([Snyk] Security upgrade yeoman-generator from 0.19.2 to 1.0.0 #30)
• 4534a16 2.0.0
• 00c279f ES2015ify
• af09c7a Bump minimum supported `node` version to `node@4`. ([Snyk] Security upgrade yeoman-generator from 0.19.2 to 0.21.0 #25)
• 1614e0a fix travis

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
yosay	1.2.1...3.0.0	environment	+12/-10	746 kB	sindresorhus
yeoman-generator	0.19.2...5.10.0	None	+225/-368	16.5 MB	mshima