[Snyk] Fix for 56 vulnerabilities

[maban]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	No	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	Yes	Mature
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) npm:gmail-js:20160721	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Memory Exposure npm:ws:20160104	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20160624	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: falcor-router-demo

The new version differs by 6 commits.

• 02461e1 Bump for node 4.x support (pouchdb update)
• 6891e3f Merge pull request [Snyk] Fix for 26 vulnerable dependency paths #10 from intellix/node-4.0.0-pouchdb
• d3dce91 Update pouchdb to work with node 4.0.0
• 2444b5c 1.0.4
• ec27f59 Merge pull request [Snyk] Fix for 26 vulnerable dependency paths #9 from Netflix/updateVersionDeps-1
• db03a85 Updated Version Deps

See the full diff

Package name: gmail-js

The new version differs by 163 commits.

• cd19e7f Update changelog. Bump version.
• 9698171 Merge pull request #437 from appfluence/fix-offset
• a266051 Ship with a modern version of jQuery.
• 3e8284f Merge pull request #436 from appfluence/fix-make_request
• 4bf1e94 Fix: now the parameter "sstart" is Nan, so the offset is broken, we need to split it by "-". (i.e: "51-100").
• 938b3b9 Style: use double-quotes not single .
• a985d07 Fix ajax request: "SyntaxError: Unexpected token )", we need to specify the datatype for the response.
• 7351f5f Tenative fix for gmail.get.selected_emails_data()
• ada00c2 Update changelog. Bump version.
• 6b2e349 Merge pull request #432 from KartikTalwar/detect_localization
• 45ff062 Fix typo.
• 89d115a Add changes up to verison 0.6.11
• 1832400 Don't report region-denominator in user-language.
• 2522da2 Add unit-tests for deeper language-detection.
• 1d4ea65 Add unit-tests for list-processing. Fix edge-cases.
• 81218bf Detect UI-lanaguge from hl= parameter in user-links.
• 7729361 Try to improve locale-detection.
• 0d1fd3e Merge pull request #427 from sufuf3/add_badge
• 2e082c6 Add npm version badge in README.md
• 12f8dbb Add warning of possible deprecation.
• 19012e8 Merge pull request #424 from KartikTalwar/readme
• 11dc353 Slightly clean up readme.
• f532bae Bump version
• 54ab619 Make api.get.compose_ids() detect inline replies.

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: hapi

The new version differs by 107 commits.

• faacf02 deps and passthrough validation error. Closes #3136. Closes #3137. Closes #3138. Closes #3139. Closes #3140. Closes #3141. Closes #3142. Closes #3143. Closes #3144. Closes #3145. Closes #3146. Closes #3147
• 40dbdc1 Merge pull request #3128 from mikefrey/patch-1
• e169ee3 Spelling/grammar fix
• af95913 Merge pull request #3111 from hapijs/johnbrett-patch-1
• 2752e23 add test for multipart payload exceeding byte limit
• d870e6a Merge pull request #3113 from danielb2/master
• 5d1b437 test for strictHeader false
• f8e897d Update hapijs/subtext to 4.0.1 from 4.0.0
• 8aef93a typo
• 526d5ea Cleanup
• fb83094 Merge branch 'master' of github.com:hapijs/hapi
• a739abe Allow validating any input. Closes #3107
• 6f20a78 Merge pull request #3105 from devinivy/api-deps-on-init
• d3ca463 Clarify that plugin deps are enforced during initialize
• 0cd1b62 Merge pull request #3068 from kanongil/fast-shutdown
• ea04005 version
• 9e5c889 Fix incorrect entity error message. Closes #3101
• 7a47a85 Actively end idle persistent connections on server.stop()
• 2435a08 Test that server.stop() completes active requests before denying new requests
• a123307 Add server.stop() destroy test for in-progress connections
• 6e80746 Revise server.stop() self close test
• ed195fa 13.2.1
• 23e333e Cleanup for #3044
• 687a378 Merge pull request #3044 from csabapalfi/disable-cache-control

See the full diff

Package name: inert

The new version differs by 23 commits.

• c4f6b07 4.0.0
• d53a0ec Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #47 from kanongil/confine-file-path
• 7251728 Remove '..' param check which is no longer required. Closes [Snyk] Fix for 27 vulnerable dependency paths #5
• 0a6b551 Add confine option that confines file responses
• fef2232 Update license date
• ac741b5 Update hoek to 4.x.x
• d751e8d Update travis config to match hapi
• c439c5b Update joi to 8.x.x
• d2998d8 Update devDependencies
• 11ce9bf Merge pull request [Snyk] Fix for 1 vulnerable dependencies #56 from prashaantt/clarify
• 9607ea4 Merge pull request [Snyk] Fix for 2 vulnerable dependencies #59 from simon-p-r/absolutePath
• 4e3ec4d Merge pull request [Snyk] Fix for 2 vulnerabilities #61 from kanongil/gzip-range-fix
• bd6a007 Restrict when range request logic is applied. Closes [Snyk] Fix for 3 vulnerabilities #60
• 3c4cd57 remove hoek.isAbsolutePath for path.isAbsolute
• 5540383 Clarify bad path for directory handler message
• 0b33f1e Update lru-cache to 4.0.x. Closes Configure Snyk protect to enable patches #53
• 86a12b8 Fix license according to Copyright and license outmoded/hapi-contrib#66
• f5f704d Don't test using the hapi-lts branch
• ef243e1 Additional ES6 style fixes
• cbab9fc Merge branch 'escalant3-es6-and-node4'
• 6614b93 Use ES6 endsWith for better readability
• 90c860a Remove unnecessary memoizing
• b7210a2 Update dependencies. Update codebase to ES6/Node4

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: ws

The new version differs by 250 commits.

• 6dd88e7 [dist] 5.2.3
• 76d47c1 [security] Fix ReDoS vulnerability
• 5d55e52 [dist] 5.2.2
• 8aba871 [fix] Fix use after invalidation bug
• 175ce46 [dist] 5.2.1
• 307be7a [fix] Remove the `'data'` listener when the receiver emits an error
• 6046a28 [fix] Do not prematurely remove the listener of the `'data'` event
• bf9b2ec chore(package): update nyc to version 12.0.2 (#1395)
• bcab531 chore(package): update eslint-plugin-promise to version 3.8.0 (#1389)
• e4d032c [dist] 5.2.0
• e7bfe5f chore(package): update mocha to version 5.2.0 (#1385)
• 6dae94b chore(package): update eslint-plugin-import to version 2.12.0 (#1384)
• aebda2b chore(package): update nyc to version 11.8.0 (#1382)
• d871bdf [feature] Add `headers` argument to `verifyClient()` callback (#1379)
• bb9c21c [test] Fix failing test on node 10
• 6d8f1f4 [ci] Test on node 10
• 4385c78 [doc] Add `request` to emit arguments in shared server example (#1372)
• 690b3f2 [minor] Replace bound function with arrow function
• 9dc25a3 chore(package): update nyc to version 11.7.1 (#1364)
• a81e580 chore(package): update mocha to version 5.1.0 (#1362)
• 3215cf3 chore(package): update eslint-plugin-import to version 2.11.0 (#1361)
• 0100d82 [doc] Improve FAQ example for X-Forwarded-For header (#1360)
• c801e99 [doc] Improve docs and examples (#1355)
• 10c92ff [dist] 5.1.1

See the full diff

Package name: yargs

The new version differs by 250 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
• c294d1b test: accept differently formatted output (#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (#1320)
• 0295132 fix: address issues with dutch translation (#1316)
• 9f2468e doc: clarify parserConfiguration object structure (#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary JavaScript Code Injection
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn