[Snyk] Fix for 7 vulnerabilities

[titanism]

Snyk has created this PR to fix 7 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• template/package.json
• template/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	751
	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	731
	Improper Control of Generation of Code ('Code Injection') SNYK-JS-PUGCODEGEN-7086056	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	686
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	646
	Prototype Pollution SNYK-JS-UNDERSCOREDEEP-2936792	624

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Prototype Pollution
🦉 Improper Control of Generation of Code ('Code Injection')
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@ladjs/i18n","from":"7.2.6","to":"8.0.0"},{"name":"@slack/web-api","from":"6.7.1","to":"6.12.1"},{"name":"cabin","from":"9.1.2","to":"11.0.0"},{"name":"mandarin","from":"4.2.0","to":"5.0.2"},{"name":"pug","from":"3.0.2","to":"3.0.3"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PROTOBUFJS-2441248","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PROTOBUFJS-5756498","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PUGCODEGEN-7086056","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-UNDERSCOREDEEP-2936792","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"}],"prId":"00fd875c-fcad-43a1-8ae5-e73583fa843b","prPublicId":"00fd875c-fcad-43a1-8ae5-e73583fa843b","packageManager":"yarn","priorityScoreList":[686,646,731,751,696,696,624],"projectPublicId":"deecffb5-5423-445c-8826-70aff63668ac","projectUrl":"https://app.snyk.io/org/titanism/project/deecffb5-5423-445c-8826-70aff63668ac?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-PROTOBUFJS-2441248","SNYK-JS-PROTOBUFJS-5756498","SNYK-JS-PUGCODEGEN-7086056","SNYK-JS-SEMVER-3247795","SNYK-JS-UNDERSCOREDEEP-2936792"],"vulns":["SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-FOLLOWREDIRECTS-6444610","SNYK-JS-PROTOBUFJS-2441248","SNYK-JS-PROTOBUFJS-5756498","SNYK-JS-PUGCODEGEN-7086056","SNYK-JS-SEMVER-3247795","SNYK-JS-UNDERSCOREDEEP-2936792"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@cospired/i18n-iso-languages@4.2.0	None	0	229 kB	e110c0
npm/@google-cloud/common@4.0.3	environment	0	133 kB	google-wombot
npm/@google-cloud/projectify@3.0.0	None	0	31.3 kB	google-wombot
npm/@google-cloud/promisify@3.0.1	None	0	36.1 kB	google-wombot
npm/@google-cloud/translate@7.2.2	environment	0	3.99 MB	google-wombot
npm/@grpc/grpc-js@1.8.22	environment, filesystem, network	0	1.63 MB	murgatroid99
npm/@grpc/proto-loader@0.7.13	filesystem	0	120 kB	murgatroid99
npm/@jsdoc/salty@0.2.8	None	0	26.7 kB	hegemonic
npm/@ladjs/i18n@8.0.3	environment	0	23.3 kB	titanism
npm/@slack/types@2.13.0	None	0	216 kB	filmaj
npm/@slack/web-api@6.12.1	filesystem	0	2.09 MB	e-zim
npm/@types/glob@8.1.0	None	0	6.66 kB	types
npm/@types/linkify-it@5.0.0	None	0	14.1 kB	types
npm/@types/markdown-it@14.1.2	None	0	73 kB	types
npm/@types/mdurl@2.0.0	None	0	5.41 kB	types
npm/@types/parse5@5.0.3	None	0	20.4 kB	types
npm/@types/rimraf@3.0.2	None	0	7.5 kB	types
npm/acorn-jsx@5.3.2	None	0	24.4 kB	rreverser
npm/axios@1.7.7	network	0	2.14 MB	jasonsaayman
npm/cabin@11.1.5	environment	0	129 kB	titanism
npm/catharsis@0.9.0	filesystem	0	318 kB	hegemonic
npm/deep-is@0.1.4	None	0	8.11 kB	thlorenz
npm/escodegen@1.14.3	None	0	107 kB	michaelficarra
npm/eslint-visitor-keys@3.4.3	None	0	32.3 kB	eslintbot
npm/espree@9.6.1	None	0	73.6 kB	eslintbot
npm/esprima@4.0.1	None	0	314 kB	ariya
npm/estraverse@4.3.0	None	0	36.3 kB	michaelficarra
npm/esutils@2.0.3	None	0	50.6 kB	michaelficarra
npm/follow-redirects@1.15.8	None	0	30 kB	olalonde, rubenverborgh
npm/gaxios@5.1.3	environment, network	0	73.6 kB	google-wombot
npm/gcp-metadata@5.3.0	environment, filesystem	0	75.2 kB	google-wombot
npm/google-auth-library@8.9.0	environment, filesystem, shell	0	516 kB	google-wombot
npm/google-gax@3.6.1	environment, filesystem, network, shell	0	3.23 MB	google-wombot
npm/google-p12-pem@4.0.1	filesystem	0	25.2 kB	google-wombot
npm/gtoken@6.1.2	filesystem	0	38.7 kB	google-wombot
npm/hast-to-hyperscript@9.0.1	None	0	18.3 kB	wooorm
npm/hast-util-from-parse5@6.0.1	None	0	16.8 kB	wooorm
npm/hast-util-parse-selector@2.2.5	None	0	7.53 kB	wooorm
npm/hast-util-raw@6.1.0	None	0	17.7 kB	wooorm
npm/hast-util-to-parse5@6.0.0	None	0	10.7 kB	wooorm
npm/hastscript@6.0.0	None	0	18.3 kB	wooorm
npm/inline-style-parser@0.1.1	None	0	30.6 kB	remarkablemark
npm/is-electron@2.2.2	None	0	3.26 kB	cheton
npm/is-fqdn@2.0.1	None	0	3.29 kB	parroit
npm/js2xmlparser@4.0.2	None	0	59.3 kB	michaelkourlas
npm/jsdoc@4.0.3	None	0	1.53 MB	hegemonic
npm/levn@0.3.0	None	0	34 kB	gkz
npm/long@5.2.3	None	0	119 kB	dcode
npm/mandarin@5.0.6	environment, filesystem, network	0	20 kB	titanism
npm/markdown-it-anchor@8.6.7	None	0	154 kB	valeriangalliat
npm/marked@4.3.0	None	0	428 kB	tonybrix
npm/merge-options@3.0.4	None	0	10.7 kB	schnittstabil
npm/optionator@0.8.3	None	0	50.1 kB	gkz
npm/prelude-ls@1.1.2	None	0	36 kB	gkz
npm/proto3-json-serializer@1.1.1	None	0	86.1 kB	google-wombot
npm/protobufjs-cli@1.1.1	filesystem, shell	0	112 kB	google-wombot
npm/protobufjs@7.4.0	filesystem, network	0	2.77 MB	google-wombot
npm/proxy-from-env@1.1.0	environment	0	29.5 kB	rob-w
npm/pug@3.0.3	environment, eval, filesystem	0	59.7 kB	pug-bot
npm/punycode.js@2.3.1	None	0	33.5 kB	google-wombot
npm/rehype-raw@5.1.0	None	0	9.45 kB	wooorm
npm/rehype-rewrite@1.0.2	None	0	11.1 kB	wcjiang
npm/rehype-stringify@8.0.0	None	0	7.47 kB	wooorm
npm/remark-contributors@4.0.1	filesystem	0	16.7 kB	wooorm
npm/remark-license@5.2.0	filesystem	0	14.4 kB	wooorm
npm/remark-rehype@8.1.0	None	0	10.2 kB	wooorm
npm/requizzle@0.2.4	filesystem, unsafe	0	19.6 kB	hegemonic
npm/retry-request@5.0.2	None	0	18.2 kB	google-wombot
npm/spdx-license-list@6.9.0	None	0	9.97 MB	sindresorhus
npm/strip-json-comments@3.1.1	None	0	6.96 kB	sindresorhus
npm/style-to-object@0.3.0	None	0	30.5 kB	remarkablemark
npm/teeny-request@8.0.3	environment, network	0	65.8 kB	google-wombot
npm/ts-mdast@1.0.0	None	0	112 kB	sveyret
npm/type-check@0.3.2	None	0	20.9 kB	gkz
npm/uglify-js@3.19.3	environment, eval, filesystem	0	1.3 MB	alexlamsl
npm/web-namespaces@1.1.4	None	0	5.14 kB	wooorm
npm/word-wrap@1.2.3	None	0	10.6 kB	jonschlinkert
npm/xmlcreate@2.0.4	None	0	169 kB	michaelkourlas

🚮 Removed packages: npm/@babel/cli@7.17.6), npm/@babel/core@7.17.9), npm/@babel/generator@7.17.9), npm/@babel/helper-compilation-targets@7.17.7), npm/@babel/helper-module-transforms@7.17.7), npm/@babel/helpers@7.17.9), npm/@babel/template@7.16.7), npm/@cospired/i18n-iso-languages@2.2.0), npm/@google-cloud/common@3.10.0), npm/@google-cloud/projectify@2.1.1), npm/@google-cloud/promisify@2.0.4), npm/@google-cloud/translate@6.3.1), npm/@grpc/grpc-js@1.6.7), npm/@grpc/proto-loader@0.6.9), npm/@jridgewell/resolve-uri@3.0.6), npm/@jridgewell/sourcemap-codec@1.4.11), npm/@jridgewell/trace-mapping@0.3.9), npm/@ladjs/i18n@7.2.6), npm/@nicolo-ribaudo/chokidar-2@2.1.8-no-fsevents.3), npm/@slack/types@2.4.0), npm/@slack/web-api@6.7.1), npm/anymatch@3.1.2), npm/atomic-sleep@1.0.0), npm/axios@0.26.1), npm/binary-extensions@2.2.0), npm/cabin@9.1.2), npm/chokidar@3.5.3), npm/convert-source-map@1.8.0), npm/deepmerge@4.2.2), npm/dijkstrajs@1.0.2), npm/encode-utf8@1.0.3), npm/figures@2.0.0), npm/follow-redirects@1.14.9), npm/fs-readdir-recursive@1.1.0), npm/fsevents@2.3.2), npm/gaxios@4.3.3), npm/gcp-metadata@4.3.1), npm/google-auth-library@7.14.1), npm/google-gax@2.30.2), npm/google-p12-pem@3.1.4), npm/gtoken@5.3.2), npm/hast-util-sanitize@3.0.2), npm/is-binary-path@2.1.0), npm/is-electron@2.2.0), npm/is-plain-object@5.0.0), npm/load-json-file@4.0.0), npm/long@4.0.0), npm/mandarin@4.2.0), npm/normalize-path@3.0.0), npm/pkg-conf@2.1.0), npm/pngjs@5.0.0), npm/popper.js@1.16.1), npm/proto3-json-serializer@0.1.8), npm/protobufjs@6.11.2), npm/pug@3.0.2), npm/qrcode@1.5.0), npm/quick-format-unescaped@4.0.4), npm/readdirp@3.6.0), npm/remark-contributors@5.1.0), npm/remark-html@13.0.2), npm/remark-license@4.0.1), npm/remark-textr@4.0.0), npm/reserved-email-addresses-list@0.0.8), npm/retry-request@4.2.2), npm/signale@1.4.0), npm/sonic-boom@1.4.1), npm/spdx-license-list@3.0.1), npm/stack-generator@2.0.5), npm/stacktrace-gps@3.0.4), npm/stacktrace-js@2.0.2), npm/strip-bom@3.0.0), npm/striptags@3.2.0), npm/teeny-request@7.2.0), npm/textr@0.3.0), npm/uncaught@0.0.5), npm/vfile-find-up@5.0.1), npm/zxcvbn@4.4.2)

View full report↗︎