[Snyk] Fix for 3 vulnerabilities

[kallie9750]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SHESCAPE-5734237	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Improper Neutralization SNYK-JS-SHESCAPE-5849592	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/snyk-cocoapods-plugin

The new version differs by 13 commits.

• 9ae6c4f Merge pull request #38 from snyk/fix/upgrade-shescape-to-2.1.0
• 1f8e8b3 Merge pull request #39 from snyk/feat/quality-gates
• 6ff0697 feat: add prodsec/security_scans
• 7dd23c0 feat: add prodsec/security_scans
• 31ffef6 chore(ci): drop validation of EOL node versions
• db7d69f fix: upgrade shescape to v2.1.0
• e5fb2be chore: declare node version
• 4b6dd6b Merge pull request #37 from snyk/chore/asset-classification-20230925
• cd0ef8f chore: asset classification
• dc32e55 Merge pull request #34 from snyk/feat/secrets-scanning
• e70db4d feat: add secrets scanning
• bfc92f3 Merge pull request #32 from snyk/dotkas/update-codeowners
• 3417bbd Update CODEOWNERS

See the full diff

Package name: glob

The new version differs by 114 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: rimraf

The new version differs by 102 commits.

• a1268c9 4.3.1
• cacc067 changelog 4.3.1
• cd6fbc6 Only call directory removal method on actual dirs
• 4937e64 format markdown
• ba35d77 always return Dirents from readdir
• f923bb0 4.3.0
• ed7b2a6 test: chmod ordering is nondeterministic
• 4cb1d47 changelog about bin interactivity
• 95e13f2 try to make the interactive test less flaky
• 38e731f bin: add interactive mode
• ca28abb let the filter option be async for async methods
• 3b57687 add --verbose, --no-verbose to bin
• ed3288e add filter option
• e828fe2 Update v4 glob support in README
• 80aef8b 4.2.0
• 0d19a99 changelog 420
• f768f26 treat paths as glob patterns when glob option set
• 5760716 make rimraf cancelable with AbortSignals
• 417cdc7 4.1.4
• bdfa60c update deps, export types properly for cjs module
• 20e3799 use NodeJS.ErrnoException instead of FsError
• 450e3d2 4.1.3
• 8d77621 add declarationMap to tsconfig
• 49a2958 formatting tests

See the full diff

Package name: snyk-docker-plugin

The new version differs by 18 commits.

• a204504 Merge pull request feat: experimental command line flag to print the dependency tree snyk/cli#577 from snyk/snyk-upgrade-5edb9195b0d4be39c29d16251684b658
• fdadbda fix: upgrade tmp from 0.2.1 to 0.2.2
• 7c3e8aa Merge pull request [WIP] spike: grouped remediation request and TS type snyk/cli#581 from snyk/snyk-upgrade-d0e0f7f0434ad3c374cc1a6816c94905
• 159bab9 Merge pull request feat: Add branch analytics back snyk/cli#598 from snyk/snyk-upgrade-03f24a554367307b3dc177297fca5a76
• 18489ec Merge pull request feat: add monitor errors snyk/cli#599 from snyk/snyk-upgrade-d1c1c54aa936890556c9dd8f33316fbf
• fc1a6bb Merge pull request chore: add docker image for Gradle 5 snyk/cli#605 from snyk/feat/packagelockv3
• 31c1ba3 fix: package-lock v3 missing sub-dependencies - UNIFY-258
• ce95eb7 Merge pull request feat: remove isOutdated functionality from snyk test snyk/cli#604 from snyk/fix/npm-yarn-cache-discovery
• afd4322 fix: ignore npm default cache directories UNIFY-264
• 4dc8af2 Merge pull request #603 from snyk/fix/removed-jar-detection
• 22ec22c fix: handle removal of multiple additions UNIFY-243
• 8a15b8b Merge pull request fix: fix undefined in error for node_modules traversal snyk/cli#602 from snyk/fix/detect-arm64-architecture
• af0973a fix: detect platform from image config file UNIFY-253
• 894b262 Merge pull request test: Add node 12 to test matrix snyk/cli#601 from snyk/fix/resolve-vulnerability
• 83eea10 fix: extend ignoring the micromatch and braces vulns
• 1e54371 fix: upgrade event-loop-spinner from 2.2.0 to 2.3.2
• bac3301 fix: upgrade semver from 7.6.0 to 7.6.2
• 6394e2f fix: upgrade adm-zip from 0.5.10 to 0.5.12

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.