[Snyk] Upgrade browserify from 13.3.0 to 17.0.0

[snyk-bot]

Snyk has created this PR to upgrade browserify from 13.3.0 to 17.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2020-10-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection npm:growl:20160721	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Prototype Pollution SNYK-JS-SETVALUE-450213	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-2342653	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
	Validation Bypass SNYK-JS-KINDOF-537849	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: browserify

• 17.0.0 - 2020-10-10
  
  • Upgrade events to v3.x. EventEmitter instances now have an off() method. require('events').once can be used to react to an event being emitted with async/await syntax. (#1839)
  • Upgrade path-browserify to v1.x. (#1838)
  • Upgrade stream-browserify to v3.x. require('stream') now matches the Node.js 10+ API. (#1970)
  • Upgrade util to v0.12. Most notably, util.promisify and util.callbackify are finally available by default in browserify. (#1844)
  • Add JSON syntax checking. Syntax errors in .json files will now fail to bundle. (#1700)
• 16.5.2 - 2020-08-03
  

  16.5.2

• 16.5.1 - 2020-03-30
  

  Remove deprecated mkdirp version in favour of mkdirp-classic.

  00c913f

  Pin dependencies for Node.js 0.8 support.

  #1939

• 16.5.0 - 2019-08-09
  

  Support custom name for "browser" field resolution in package.json using the browserField option.

  #1918

• 16.4.0 - 2019-08-08
  

  Upgrade stream-http to v3. This version drops support for IE10 and below.

  #1916

• 16.3.0 - 2019-07-05
  

  add empty stub for the http2 builtin module.

  #1913

  update license text to remove references to code that is no longer included.

  #1906

  add more tests for folder resolution.

  #1139

• 16.2.3 - 2018-09-25
  

  add empty stub for the inspector builtin module.

  #1854

  change the "browser" field link to the browser-field-spec repo instead of the old gist.

  #1845

• 16.2.2 - 2018-05-09
  

  Remove some extraneous files from the published package.

• 16.2.1 - 2018-05-09
  

  Fix relative --external paths on Windows. (@ Shingyx)

  #1704

  Fix tests to work on Windows, and add Appveyor CI for Windows testing.

  #1819

• 16.2.0 - 2018-04-11
  

  update the browser versions of vm-browserify and string_decoder.

  string_decoder updates to the Node 8+ API.
  vm-browserify replaces an unlicensed dependency by an MIT one.

  #1829

• 16.1.1 - 2018-03-06
• 16.1.0 - 2018-02-12
• 16.0.0 - 2018-02-07
• 15.2.0 - 2018-01-15
• 15.1.0 - 2018-01-11
• 15.0.0 - 2018-01-04
• 14.5.0 - 2017-10-20
• 14.4.0 - 2017-05-27
• 14.3.0 - 2017-04-04
• 14.2.0 - 2017-04-04
• 14.1.0 - 2017-02-14
• 14.0.0 - 2017-01-25
• 13.3.0 - 2017-01-04

from browserify GitHub release notes

Commit messages

Package name: browserify

• 7b14fb1 17.0.0
• c1523e2 Merge pull request #1970 from browserify/streams3
• 26665c0 bump readable-stream
• 984ffc6 Merge pull request #1982 from browserify/fix-ci
• e34ed8c skip crypto tests in old node.js
• 190491a update min insert-module-globals version
• 5113ea3 Merge tag 'v16.5.2' into master
• c94b4d5 16.5.2
• 678d650 Merge pull request #1973 from browserify/browser-resolve-2
• fc324b5 update browser-resolve to v2
• 8742ec5 Merge pull request #1844 from browserify/util-11
• 3d05c3a Merge pull request #1930 from browserify/new-shasum
• 9aaa22d shasum → shasum-object
• 51bc462 Upgrade util to v0.12.0.
• 6bca7e0 Merge pull request #1957 from timgates42/bugfix_typo_library
• de9cc6c docs: Fix simple typo, libarary -> library
• ea5e6bf Merge tag 'v16.5.1'
• da0f1e1 16.5.1
• dc71ea0 Use non-deprecated mkdirp package.
• c53f841 gitignore - add node_modules
• 2b50632 Update package.json
• 249f54b Update package.json
• 985dad9 deps - pin deps for node v0.8 support
• 86c3a00 fixes swapped changelog PR references in 10.2.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

_{Mention [stepsize] in a comment if you'd like to report some technical debt. See examples here.}

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication