[Snyk] Fix for 16 vulnerabilities #1235

restinpeaceinout · 2023-12-19T20:11:25Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @atom/watcher

The new version differs by 93 commits.

2f4fe33 1.2.0
d2f5840 1.1.6-6
5f11f59 Handle the prebuild exit status manually
c19b397 1.1.6-5
09f4af9 Redirect stder to null on Windows
d00e19d 1.1.6-4
1543bcb Pass -u directly to prebuild
adf79a8 --build-from-source no longer needs an argument
d03e155 Depend on prebuild-install
e64025e 1.1.6-3
92cbe6b Use "pre-build" instead of "prebuild" to avoid collisions
7bbc8d3 Set MACOSX_DEPLOYMENT_TARGET to make XCode happy with prebuild
bbd6e7e Ignore prebuild output
e2f56e2 1.1.6-2
8ec235d Merge branch 'aw/prebuild'
709cc8e I thought I already did that
80fe26a Left in an extraneous "npm run publish"
603b383 1.1.6-1
fb0d0e5 Run the new prebuild scripts on all three CI platforms
edc57e9 Replace node-pre-gyp-github with prebuild
f5fc9bf 🔥 CI diagnostic
005372f 1.1.6-0
5afa006 Diagnose when APPVEYOR_REPO_TAG is set
abe46b0 Publish 32-bit binaries

See the full diff

Package name: less-cache

The new version differs by 6 commits.

e8bb5a3 1.1.1
ea484ed Merge pull request [Snyk] Upgrade postcss from 5.2.4 to 5.2.18 #17 from aminya/less3
9f85e26 rebump devDeps
b80d80b dynamic require from the cjs dist of less
99ed498 updating the dependencies
9de02d0 using node scripts instead of grunt