[Snyk] Fix for 9 vulnerabilities

[kobianisland]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	621/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-FLAT-596927	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cpy

The new version differs by 26 commits.

• 84fe6ed 9.0.0
• 1e39ee8 Meta tweaks
• 0934ab1 Fix recursive bugs (#92)
• c08f103 Update dependencies (#97)
• 59f3f5c Include `glob-pattern.js` for publish (#95)
• e2be678 Update to `globby` v12 (Bump ini from 1.3.5 to 1.3.7 tensult/cloud-reports#87)
• f2b3321 Move to ESM
• be263e1 Implement recursive and flat copy (Won't build using Node LTS on Debian 10 tensult/cloud-reports#77)
• 94fff3a 8.1.2
• 4c72590 Fix readme example (Bump lodash from 4.17.14 to 4.17.19 tensult/cloud-reports#81)
• 6f2c116 Move to GitHub Actions (Bump websocket-extensions from 0.1.3 to 0.1.4 in /src/reporters/html tensult/cloud-reports#80)
• b28be2a 8.1.1
• fdcae2f Fix Windows compatibility (Reports with tag based filters tensult/cloud-reports#78)
• f7ab742 8.1.0
• 7df88b8 Add `filter` option (Update code to handle undefined alarms tensult/cloud-reports#66)
• 85831f1 8.0.1
• 0c38098 Revert regression caused by Update src/analyzers/aws/cloudwatch/ec2_status_checks_failed_alarms.ts tensult/cloud-reports#68 (UnhandledPromiseRejectionWarning  tensult/cloud-reports#75)
• 14d5991 8.0.0
• a2d65aa Meta tweaks
• c4014c0 Throw if the given source file does not exist (Update src/analyzers/aws/cloudwatch/ec2_status_checks_failed_alarms.ts tensult/cloud-reports#68)
• d93e189 Fix typo (Updated serialize-javascript dependency tensult/cloud-reports#70)
• 8008fe6 Add `ignoreJunk` option (Update pdf generation tensult/cloud-reports#67)
• 5637c16 Remove Windows from Travis
• 4e282cc Add `concurrency` option (Changed font and color in Cloud Report pdf tensult/cloud-reports#69)

See the full diff

Package name: flat

The new version differs by 3 commits.

• d2ed12b Release 4.1.1
• 5a7c5b8 Fix prototype pollution on unflatten
• 6ed45bb Test prototype pollution on unflatten

See the full diff

Package name: puppeteer-core

The new version differs by 250 commits.

• 101fcb9 chore: release main (#9789)
• ca797ad chore: fix pre-release
• 0df369a chore: fix husky
• 22e4cc3 chore: fix pre-release workflow (#9788)
• baf51bc chore: use prerelease for browser (#9786)
• 364b23f fix: update dependencies (#9781)
• 299d444 chore: remove pre-push and pre-commit (#9777)
• 813882d chore: update glob (#9776)
• 04247a4 feat: browsers: recognize chromium as a valid browser (#9760)
• 6777604 chore: fix analyzer yarn installs (#9778)
• 2123f80 chore: remove rimraf (#9775)
• 8bf9718 chore(deps): Bump yargs from 17.7.0 to 17.7.1 (#9752)
• f84873c chore: support commas in P selectors (#9769)
• 62d5f39 chore(deps): Bump @ angular-devkit/schematics from 15.2.0 to 15.2.1 (#9773)
• 3a4e726 chore: fix Browsers failing tests (#9768)
• 2922611 chore(deps): Bump @ angular-devkit/core from 15.2.0 to 15.2.1 (#9761)
• f68e046 chore(deps): Bump cosmiconfig from 8.0.0 to 8.1.0 (#9751)
• d3b25df chore: update test expectation data for Firefox for 19.7.2 downstream sync (#9756)
• f887292 chore: add more debugging info on Debug Runs (#9754)
• 004a99a chore: implement simple BiDi ElementHandle (#9753)
• 232873a chore: fix Mocha test runner suggestion when hooks fail (#9750)
• 4a365a4 chore: extract BiDi context to allow emitting only to it (#9742)
• ed1bb7c chore(deps): Bump @ angular-devkit/schematics from 15.1.6 to 15.2.0 (#9748)
• 4ddf63d chore(deps): Bump @ angular-devkit/core from 15.1.6 to 15.2.0 (#9749)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn