[Snyk] Fix for 24 vulnerabilities

[mattdanielbrown]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	No	Proof of Concept
	/1000 Why?	Improper Certificate Validation SNYK-JS-NODESASS-1059081	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	/1000 Why?	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	/1000 Why?	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: http-server

The new version differs by 103 commits.

• 77243e7 0.13.0
• a845834 Update dependency tree
• f2c0dfb update milestone
• aec3911 update security for release
• 1f994c0 Merge pull request #591 from http-party/no_server_headers
• c57654d Merge branch 'master' into no_server_headers
• a4ec10b Merge pull request #713 from http-party/codeql-bye-bye
• 6b87653 drop codeql
• a7fdf0f remove server header
• cd1afb7 Merge pull request #706 from zbynek/no-charset-binary
• 46c0ce7 Merge pull request #705 from zbynek/patch-1
• 9c51cb2 Merge branch 'master' into no_server_headers
• cd84a85 revert
• 7830ac2 Remove charset from header of binary files
• b4991b8 Remove line break from LICENSE
• fab3248 Merge pull request #704 from zbynek/patch-1
• e9716d1 Account for CRLF in a test
• 0f3e241 Merge pull request #642 from skyward-luke/master
• 33fe714 Merge pull request #702 from http-party/replace-travis
• e9ad269 Replace travis badge
• f09c821 Update node.js.yml
• 2c2ad02 Update node.js.yml
• dad375d Update node.js.yml
• 133a64c Update node.js.yml

See the full diff

Package name: magicbook

The new version differs by 28 commits.

• 8ab0037 Merge pull request #57 from jasongao97/image-colorspace
• a0e5872 bump versions
• badb4b9 Merge branch 'dependabot/npm_and_yarn/markdown-it-12.3.2' into image-colorspace
• 3703d61 Merge branch 'dependabot/npm_and_yarn/minimatch-3.1.2' into image-colorspace
• 03458de add changelog & bump version
• be8578f Bump minimatch from 3.0.4 to 3.1.2
• 524f6f6 Merge pull request #55 from jasongao97/image-colorspace
• 498a430 add document for colorspace
• 12ef838 add colorspace transform with `sharp`
• a607595 Merge pull request #54 from magicbookproject/bump-version
• d6e0b08 bumping version
• 1b0458f Bump markdown-it from 8.4.2 to 12.3.2
• 50694d4 Merge pull request #49 from magicbookproject/m1-compatible
• 4477a33 change from node-sass to sass, update prince
• c2b22af Merge pull request [Snyk] Security upgrade magicbook from 0.1.19 to 0.1.30 #35 from leafac/patch-1
• 3cab862 Fix association between formats and platforms
• 1fe5ade more
• 8e36465 Merge pull request Bump minimist, http-server and mkdirp #25 from kant/patch-1
• 7713c8b Merge pull request Bump @babel/traverse from 7.9.0 to 7.23.2 #26 from joeyklee/bump-dep-versions
• 37d34b8 Merge pull request [Snyk] Fix for 1 vulnerabilities #30 from AntonioGHub/issue-29
• 41acf8f updates package lock
• 3ff3648 fixes [Snyk] Fix for 15 vulnerabilities #29 regression: http(s) sourced images should have not their paths normalized
• cfefdd2 fixes [Snyk] Fix for 15 vulnerabilities #29; img.src attribute not correctly resolved on Windows
• a5f2034 bump version to 0.1.19

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (#3342)
• e002e78 Command Line: Escape markup in command line output (#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (#3326)
• f545843 ESLint: Allow `Map` and `Set` in ES5 code (#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with `$` (#3320)
• 82d0ca1 Command Line: Added span around command and output (#3312)
• 2cc4660 Core: Added better error message for missing grammars (#3311)
• 3f8cc5a Added UO Razor Script (#3309)
• bcb2e2c AutoIt: Allow hyphen in directive (#3308)
• deb3a97 INI: Swap out `header` for `section` (#3304)
• e46501b editorconfig: Change alias of `section` from `keyword` to `selector` (#3305)
• 2eb89e1 Swap out `operator` for `punctuation` (#3306)
• 3a20bdc Bump node-fetch from 2.6.1 to 3.1.1 (#3307)
• 081d515 Bump copy-props from 2.0.4 to 2.0.5 (#3300)
• b90e97c Bump follow-redirects from 1.13.1 to 1.14.7 (#3299)
• 8458c41 MongoDB: Added v5 support (#3297)
• 441a142 Scala: Added support for interpolated strings (#3293)
• 0b6b1e2 1.26.0
• 3ae61a8 Updated changelog for v1.26.0 (#3292)

See the full diff

Package name: terser-webpack-plugin

The new version differs by 3 commits.

• 171819e chore(release): 2.3.6
• d3f0c81 fix: preserve `@ license` comments starting with `//`
• 7105dc3 ci: migrate on github actions

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	/1000 Why?	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn