[Snyk] Fix for 18 vulnerabilities

[patooworld]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	165/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00303, Social Trends: No, Days since published: 1251, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 828, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 386, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 19, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00714, Social Trends: No, Days since published: 1104, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.66, Score Version: V5	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00209, Social Trends: No, Days since published: 765, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.9, Score Version: V5	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 427, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 638, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1378, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 380, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 182, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	95/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00889, Social Trends: No, Days since published: 867, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.6, Likelihood: 0.989, Score Version: V5	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01656, Social Trends: No, Days since published: 867, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.6, Likelihood: 1.01, Score Version: V5	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 866, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 839, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.969, Score Version: V5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 839, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.969, Score Version: V5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00059, Social Trends: No, Days since published: 839, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.968, Score Version: V5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2275, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma

The new version differs by 210 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command (#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major (#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency (#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier (#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies (#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file (#3507)
• fdc4f9d refactor(test): remove no debug matching option (#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents (#3502)
• 4f2fe56 chore: add Node 14 to the build matrix (#3501)
• 100b227 refactor(test): move execKarma into the World (#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size (#3496)
• a3d1f11 refactor(test): add common method to start server in background (#3495)
• e4a5126 refactor(test): write config file in its own steps (#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic (#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim (#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 (#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized (#3486)
• 255bf67 refactor(test): migrate World to ES2015 (#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode (#3488)

See the full diff

Package name: node-sass

The new version differs by 97 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: nodemon

The new version differs by 7 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site

See the full diff

Package name: postcss-cli

The new version differs by 103 commits.

• 745ad2c 7.0.0
• cf6ea09 Update eslint config
• ea1cec4 Update eslint-config-problems to version 3.1.0 (Update csdp-introduction.md codefresh-io/cap-docs.codefresh.io#306)
• 1519430 Update globby to version 10.0.1 (CR-9567-POC codefresh-io/cap-docs.codefresh.io#303)
• 5b47456 Update eslint to version 6.8.0 (Update gitops and concepts codefresh-io/cap-docs.codefresh.io#305)
• e241672 Update nyc to version 15.0.0 (Updates codefresh-io/cap-docs.codefresh.io#297)
• 4a87ff1 Update chalk to version 3.0.0 (Proj one deployments codefresh-io/cap-docs.codefresh.io#294)
• e666505 Update prettier to version 1.19.1 (CR-9567 codefresh-io/cap-docs.codefresh.io#304)
• 0d3591a Update ava to version 2.4.0 (Update install and admin topics codefresh-io/cap-docs.codefresh.io#302)
• cb9f451 Update fs-extra to version 8.1.0 (Update csdp-introduction.md codefresh-io/cap-docs.codefresh.io#301)
• 4f68a46 Update chokidar to version 3.3.0 (Update install topics codefresh-io/cap-docs.codefresh.io#300)
• 5c22ddb Update yargs to version 15.0.2 (Add latest updates from Classic codefresh-io/cap-docs.codefresh.io#298)
• 79eb0ac Update get-stdin to version 7.0.0 (Remove ingress-less term from tunnel-based codefresh-io/cap-docs.codefresh.io#273)
• 71384c6 Update Travis config; remove AppVeyor
• 6b92df3 BREAKING: Drop Node 6 & 8; test on new Node versions
• 7091819 6.1.3
• 0de7ccf Fix map file path creation (Proj one testing codefresh-io/cap-docs.codefresh.io#286)
• f1c7352 Update prettier to version 1.18.0 (Proj one deployments codefresh-io/cap-docs.codefresh.io#281)
• 035bab8 Update nyc to version 14.0.0 (Fix x-refs codefresh-io/cap-docs.codefresh.io#274)
• 541048e Update prettier to version 1.17.0 (Update installation.md codefresh-io/cap-docs.codefresh.io#272)
• 8fd79b0 6.1.2
• 72376fc Upgrade prettier to ~1.16.4
• 87a7286 Update globby to v9.0.0 (Update manage monitor topics codefresh-io/cap-docs.codefresh.io#270)
• c079cff Test Node 10 & 11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary File Overwrite

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
cap-docs-codefresh-io-sos4	❌ Failed (Inspect)			Mar 29, 2024 11:57am

[patooworld]

approved