[Snyk] Fix for 33 vulnerabilities #32

Bhanditz · 2023-11-25T14:54:21Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	Yes	No Known Exploit
509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit
576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

55eb23a Release: 4.0.0
173a532 Docs: Fix the installation instructions
ec54d09 Docs: Improve note about out-of-date docs
03b7c98 Docs: Update recipes to install gulp@next
2eba29e Docs: Remove run-sequence from recipes
76eb4d6 Docs: Add installation instructions & update badges
fbc162f Docs: Remove references to gulp-util
3011cf9 Scaffold: Normalize repository
f27be05 Update: Remove graceful-fs from test suite
361ab63 Upgrade: Update glob-watcher
064d100 Build: Avoid broken node 9
057df59 Release: 4.0.0-alpha.3
c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
89acc5c Docs: Improve ES2015 task exporting examples (#1999)
0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
723cbc4 Docs: Fix syntax in recipe example (#1715)
d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
29ece6f Upgrade: Update undertaker
e931cb0 Docs: Fix changelog typos (#1696)
477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-less

The new version differs by 2 commits.

7d9df97 4.0.0
cde149b Update accord to support less@3.0.0 - closes #269

See the full diff

Package name: gulp-uglify

The new version differs by 98 commits.

e4f9045 2.0.0
566ec6a refactor(tests): write tests with mocha
5651111 refactor(tests): replace `cmem` with `testdouble`
b82387b refactor(tests): compose streams with `mississippi` utilities
1232c3c fix(errors): emit errors of type `GulpUglifyError`
5632cee fix(minifer): use `gulplog` for the warning
8160697 feat(minifier): use UglifyJS 2.7.0's input map support
3ec8fc3 chore(package): update uglify-js to version 2.7.0
a9c55b9 doc(README): spelling mistake in example
80da765 chore(release): 1.5.4
01fb8ca chore(package): update uglify-js to version 2.6.4
8aa877e chore(package): update uglify-js to version 2.6.3
0027093 chore(lint): resolve lint failures
fe2158a chore(package): update xo to version 0.16.0
a03b663 docs(README): document how to minify (some) ES6
1eb00a8 chore(xo): resolve lint failures
a4376ad chore(package): update xo to version 0.15.0
c9d11a1 docs(pump): correct error handler example
b446cf7 docs(README): clean up badges
c3f6005 docs(README): suggest using `pump` to capture errors
eb9893e chore(line): resolve xo@0.14.0 lint failures
9d59beb chore(package): update xo to version 0.14.0
aba369b docs(README): fix-up typo
5a70cd0 docs(README): document "minifier" entry point

See the full diff

Package name: gulp-uncss

The new version differs by 9 commits.

85a7132 1.0.0
dbc4c14 Merge pull request [Snyk] Fix for 1 vulnerabilities #23 from ben-eb/1.0.0-beta
2124cf7 Bump UnCSS to 0.12.0.
ad28362 Add silent reporter to dev deps.
f35056f Documentation improvements for 0.11.0.
af1fa90 Pass through full options object.
a7343b6 Index superfluous.
6df4540 Update build process.
98cb9c2 Bump dev deps.

See the full diff

Package name: gulp-util

The new version differs by 84 commits.

28c2aa2 3.0.8
1034a68 Upgrade: bump dateformat, per https://github.com/removes CLI felixge/node-dateformat#53#issuecomment-245782776 (#130)
5a417cf Merge pull request #125 from jmeas/patch-1
8cdbc07 Remove gutil.beep() from README example
b74a5ff 3.0.7
5c0c5cf bump logger versions
3879b24 Merge pull request #106 from stevelacy/patch-1
7bba70f Update package repo link
194248a Merge pull request #105 from gulpjs/gulplog
65c210a add branching logic to support new gulplog stuff
4656163 Merge pull request #100 from makky3939/clean_up_template_js
878c95b fix
385b059 more readable
7e1336e 3.0.6
64325ae Merge pull request #99 from TrySound/master
5755bb3 Updated dependencies
1c96495 Merge pull request #97 from arthurvr/patch-1
de9c310 Update node version in readme
d9ac713 3.0.5
5155266 Merge pull request #94 from pgilad/patch-1
d666893 update license attribute
81a61ce Merge pull request #92 from stringparser/fix-log-formatting
c107206 missing quotes on previous test and space for object in current
0c4f90f fix tests logging

See the full diff

Package name: less-plugin-autoprefix

The new version differs by 4 commits.

bffe924 Merge pull request [Snyk] Security upgrade nodemailer from 1.11.0 to 6.9.9 #34 from calvinjuarez/update-dependencies
0004d46 2.0.0
50963ba package – bump minimum node version
dea07ce autoprefixer – update to 8.6.3; postcss – update to 6.0.22

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn