[Snyk] Fix for 12 vulnerabilities

[Sheppardmes2013]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/node/base/package.json
  • packages/node/base/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	No	Proof of Concept
	691/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.4	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @angular-devkit/build-angular

The new version differs by 250 commits.

• 29f2c17 release: cut the v16.1.0 release
• f0a4ce6 build: bump versions for minor release
• 72629bd refactor: move esbuild index generator, code bundle option and execution results
• 15e0a88 refactor(@ angular-devkit/build-angular): update code base structure to facilitate future builders
• abc49bd build: update angular
• 8424ab0 fix(@ angular-devkit/build-angular): support proxy configuration array-form in esbuild builder
• a0e3ae9 docs: removed the duplicate words
• 32e2b22 refactor: removed unused import statements
• 0e25fec refactor: replaced the String wrapper object with primitive type string
• 78084aa build: update all non-major dependencies
• 1aa9fb4 docs: updated the i tag to the em tag in the html and docs
• 0fa1167 build: update all non-major dependencies
• cd7c825 fix(@ angular-devkit/build-angular): correctly handle sass imports
• ef384f3 build: update angular
• 8772b62 release: cut the v16.1.0-rc.0 release
• bc48a0d build: update all non-major dependencies
• 15c14f7 docs: release notes for the v16.0.5 release
• bc5b7d5 refactor(@ angular-devkit/build-angular): improve initial file analysis for esbuild builder
• 7155cbe fix(@ angular-devkit/build-angular): ignore folders starting with a dot in browser-esbuild watcher
• 772fe84 fix(@ angular-devkit/build-angular): ignore .git folder in browser-esbuild watcher
• e2954d2 build: update angular
• dfc052a refactor(@ schematics/angular): deprecate private standalone utilities
• b14b959 feat(@ schematics/angular): add bootstrap-agnostic utilities for writing ng-add schematics
• b36effd refactor(@ schematics/angular): add utility to find top-level identifiers

See the full diff

Package name: @angular/cli

The new version differs by 250 commits.

• f9527ce release: cut the v17.0.0 release
• 180dfa3 build: update Angular packages to version 17 stable
• 8bae6ad release: cut the v17.0.0-rc.5 release
• 8a9def5 test: add timeout to vite re-use cache
• 9d4d11c fix(@ angular-devkit/build-angular): allow SSR compilation to work with TS allowJs option
• ec5e302 refactor(@ schematics/angular): add fallback fonts
• 3c6d2d8 refactor(@ schematics/angular): remove unused CSS
• abb1c6f refactor(@ schematics/angular): use control flow to reduce code
• 81e4917 fix(@ angular/pwa): replace Angular logos
• ecdcff2 fix(@ schematics/angular): add missing icons in ng-new template
• 569b714 build: lock file maintenance
• 303c98c fix(@ angular-devkit/build-angular): normalize exclude path
• 455aed8 Revert "test: temporary disable Jest E2E tests"
• 278bfa0 test(@ angular-devkit/build-angular): add test to validate vite cache re-usage
• a8f041f release: cut the v17.0.0-rc.4 release
• ae45c4a feat(@ schematics/angular): update `ng new` generated application
• e10f49e fix(@ angular-devkit/build-angular): convert AOT compiler exceptions into diagnostics
• 1b38430 fix(@ angular-devkit/build-angular): disable parallel TS/NG compilation inside WebContainers
• f87f22d fix(@ angular-devkit/build-angular): keep dependencies pre-bundling validate between builds
• d46fb12 fix(@ angular-devkit/build-angular): disable dependency optimization for SSR
• 4733cd3 refactor(@ angular-devkit/build-angular): clean externalMetadata arrays on every rebuild
• a02db0a refactor(@ angular-devkit/build-angular): allow JS transformer result reuse for application dev-server builder
• 323b005 build: update angular
• 59c22aa perf(@ angular-devkit/build-angular): start SSR dependencies optimization before the first request

See the full diff

Package name: jasmine

The new version differs by 176 commits.

• 51b60d2 Bump version to 5.0.0
• 04c4bfe Fixed handling of special Glob syntax in project base dirs
• e7f5fbd Bump version to 5.0.0-beta.0
• 9118835 Parallel: Removed redundant cluster disconnect
• 447408e Parallel: Report unhandled exceptions/rejections between spec files
• fd6381a Updated to Glob 10
• 0fc3a2d Parallel: take care of pending specs
• 2d8ff6c --parallel=auto option
• 81462c5 Merge branch 'main' into 5.0
• 0aeb009 Dropped support for Node 16
• 4fae3bd Parallel: Support use without globals
• f00c76a Added Node 20 to supported environments
• cd50d8d Bump version to 5.0.0-alpha.1
• fd31a42 Parallel: handle reporter errors
• 5592089 Revert "Revert "Include the underlying exception in ESM import exceptions""
• 3f36187 Merge branch 'main' into 5.0
• 5d542df Revert "Include the underlying exception in ESM import exceptions"
• 2dcd739 Include the underlying exception in ESM import exceptions
• ef8d05f Breaking: Treat unknown args of the form --foo=bar as errors, not env vars
• 9ef7f0d Breaking: Treat --parallel=1 as an error rather than running in sequential mode
• e53c593 Update to Glob 9
• 1171314 Updated dev dependencies
• ff30975 Bump version to 5.0.0-alpha.0
• e0c8cd8 Cleaned up redundant jsdocs

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

• d57b104 chore: release main (#11744)
• 0eec94c feat: roll to Chrome 121.0.6167.85 (r1233107) (#11743)
• 2f87acc chore: release main (#11742)
• df0c432 chore: disable eslint for herebyfile (#11741)
• 415cfac feat: roll to Chrome 120.0.6099.109 (r1217362) (#11733)
• b5e5086 build: regen package-lock.json (#11735)
• fa175a0 ci: limit PR CI to linux (#11738)
• 6cbc58c ci: test node-version-file (#11737)
• 3ba6b2e build(deps): update cosmiconfig (#11731)
• 69e44fc chore: handle disposal of `core/bidi` resources (#11730)
• bc7bd01 chore: add `dispose` to `core/UserContext` (#11727)
• 9df9ede chore(deps-dev): Bump the dev-dependencies group with 3 updates (#11729)
• 9c4bcec chore(deps): Bump the dependencies group with 1 update (#11728)
• 6147abb ci: weekly dependabot updates (#11725)
• 8642346 chore: add `dispose` to `core/UserPrompt` (#11726)
• 5ca65e0 chore: implement higher order event emitters (#11723)
• afa3fd4 chore: add memory debugging to mocha runner (#11722)
• d17a9df revert: refactor: adopt `core/UserContext` on `BidiBrowserContext` (#11721)
• ab5d4ac refactor: adopt `core/UserContext` on `BidiBrowserContext` (#11714)
• 5cabbf1 chore(deps): Bump the all group with 1 update (#11704)
• 2b094b7 chore(deps-dev): Bump the dev-dependencies group with 2 updates (#11695)
• dc3c8f0 chore(deps): Bump the dependencies group with 1 update (#11713)
• bb45951 refactor: adopt `core/Browser` on `BidiBrowser` (#11702)
• 280249f chore: flip test (#11707)

See the full diff

Package name: tmp

The new version differs by 33 commits.

• 9fcf3ce Merge pull request TG PR Demo bridgecrewio/terragoat#294 from raszi/fix/update-version
• 7e5f154 Update version
• 9958e21 Update Changelog
• 93854c2 Merge pull request Automatedtag bridgecrewio/terragoat#293 from raszi/fix/rimraf
• 04371f3 Add 20.x to the CI
• e498d91 Drop Node v12 compatibility
• 00bb5b2 Update rimraf and drop old Node compatibility
• aab7312 Merge pull request S3 changes bridgecrewio/terragoat#283 from raszi/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
• 5643de3 Merge pull request Bump decode-uri-component from 0.2.0 to 0.2.2 in /packages/node/base bridgecrewio/terragoat#288 from dnicolson/patch-1
• d0f7f43 Update README.md
• 3a81a17 Bump flat and mocha
• da3bc1a update docs
• 15d0692 update readme
• d6be356 update note on previously undocumented breaking changes
• 31bf774 update changelog
• da08266 update docs
• 2160076 fix info on previously undocumented breaking changes
• c492308 add info on previously undocumented breaking changes
• 7c9196c add compatibility information on v0.2.2
• 541b198 switching to github actions
• 7c31bbb add data parameter to writeFileSync call
• 455cbd3 fix matrix in ci workflow
• 970bf34 add windows-latest to ci workflow
• 0dac212 remove package-lock.json from gitignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn