[Snyk] Fix for 13 vulnerabilities #62

msolimans · 2023-11-27T14:12:24Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk

The new version differs by 250 commits.

4cc1a94 Merge pull request #2105 from snyk/feat/webpack
7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
95631e7 test: migrate is-docker to jest
babe22a test: migrate old-snyk-format to jest
e22e94f feat: Snyk CLI is bundled with Webpack
dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
e7c314f Merge pull request #2178 from snyk/test/server-close
5e824c0 fix(protect): skip previously patched files
ca2177a fix(protect): catch and log unexpected errors
c9ddb44 chore(protect): move api url warnings to stderr
e8fed38 refactor(protect): move stdout logs to top level
55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
1522c5f test: server.close uses callbacks, not promises
13dce51 test: increase timeout for slow oauth test
65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
a1e3992 chore: don't run tests on master
20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
1ed7d11 refactor: replace cc parser with split functions
707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
7973015 fix: support quoted keys in inline tables
18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Package name: yeoman-generator

The new version differs by 74 commits.

9e4ccf5 2.0.0
a29e5d9 Bump dependencies
96da393 Bump package-lock.json
4b1b841 Replace gulp with raw Mocha
6effbfe Use raw nsp
183b3a8 Get rid of before/after (toward jest migration)
68d59c1 Add package-lock.json
f8e46b0 Don't die on diffing file deletions (again) (#1028)
edc2bf2 [comments] Change wrong param name in description (#1018)
364606e Switch to `make-dir`
eaf1ade New: option shorthand on installDependencies method (#1015)
e296e52 Bump XO and minor style tweaks
9da7391 Bump dependencies
b010701 More ES2015ifing
cfd2a8e Refactor install methods to handle promises - ref #1006
1be88e6 Remove callback API from Genrator#github.username() in favor of Promise one - ref #1006
00912ce Remove class-extend (isn't necessary with ES6), clean jsdoc
2cab46e Get rid of some dependencies
6553965 More ES2015ification
d535bac Initial ES2015ification
80863b0 1.1.1
af3048f Fix issue with API documentation deploy script
74cb46f Document legacy Generator.extend method properly - rel #996
6d267f0 Use XO