[Snyk] Fix for 12 vulnerabilities

[satoshinakamoto007]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (Wrong "Create a commit comment" link github/docs#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (Readme-md  github/docs#11441)
• 2226742 chore: minor simplify format results error (## ✨ ✨ New layout ✨ ✨ github/docs#11432)
• 78eb25d chore: remove needless assign (Update managing-notifications-from-your-inbox.md github/docs#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (https://docs.github.com/github/writing-on-github/getting-started-with… github/docs#11429)
• 27bee72 fix: run GC before collecting open handles (repo sync github/docs#11278)
• 50451df feat: use fallback if prettier not found (WALEED AL AREQI Update making-a-github-app-public-or-private.md github/docs#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (https://github.com/facebook/facebook-ios-sdk github/docs#11428)
• 9633a26 feat: support reporters written in ESM (Readme-md  github/docs#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (repo sync github/docs#11263)
• 57e32e9 Detect open handles with done callbacks (Join  github/docs#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (repo sync github/docs#10995)
• 4fa3a0b feat: custom haste (Blockchair github/docs#11107)
• 2047a36 chore: bump deps (Bump eslint-plugin-promise from 5.1.0 to 5.1.1 github/docs#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (repo sync github/docs#9924)
• db643a1 Link to Jest config (Blockchair github/docs#11106)
• b16082c Fix locale issue #10014 (Bump @primer/css from 17.9.0 to 18.0.2 github/docs#11412)

See the full diff

Package name: jest-puppeteer

The new version differs by 20 commits.

• 153d47b v5.0.0
• 36602a1 fix: Resolve module paths in preset ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.43.1 #335)
• e54fb7e fix: Leverage Puppeteer's native support for Firefox ([Snyk] Upgrade: @babel/core, @babel/plugin-transform-runtime, @babel/preset-env, @babel/runtime #356)
• ea3b189 chore: update dev deps
• a050a72 add jest-puppeteer.config.js back to example
• f2f5b62 feat: allow path for wait-on resource ([Snyk] Security upgrade domwaiter from 1.1.0 to 1.4.0 #382)
• 964b9a2 fix: toFill doesn't empty contents when given an empty string ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1209.0 #381)
• a7b5693 Update expect-puppeteer/README.md fix example code ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1203.0 #370)
• c0559d2 Update readme with command to install types ([Snyk] Upgrade sass from 1.26.3 to 1.54.3 #355)
• d3d320f Remove looking for maintainers in readme
• 183a390 Update all dependencies ([Snyk] Upgrade sass from 1.26.3 to 1.54.9 #392)
• 5a4eb5b docs(readme): looking for maintainers
• 78ebef3 Update README.md
• 28f4e56 Update README.md
• 69a0c3e docs: add missing import ([Snyk] Security upgrade node-fetch from 2.6.1 to 3.2.10 #332)
• bcc6f9c chore(deps): bump acorn from 5.7.3 to 5.7.4 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1170.0 #330)
• 949027b feat: support XPATH selectors ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.43.0 #321)
• 49d313c fix: require to `puppeteer-core` as fallback ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.42.0 #315)
• 655d37c chore: update wait-on to version 4.0.0 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1160.0 #316)
• ebbfd32 docs: fix FUNDING.yml

See the full diff

Package name: jest-silent-reporter

The new version differs by 1 commits.

• f0843f4 Update jest-utils ([Snyk] Security upgrade debian from 9.5-slim to stretch-20210902-slim #20)

See the full diff

Package name: nock

The new version differs by 133 commits.

• e4b0331 fix(dep): migrate from lodash.set to lodash. (Update adding-an-existing-project-to-github-using-github-desktop.md github/docs#2306)
• 8a82b50 chore(deps-dev): bump got from 11.8.3 to 12.1.0
• 342e8dc chore(deps-dev): bump eslint-plugin-mocha from 10.0.4 to 10.0.5
• 0a9fc3e chore(deps-dev): bump eslint from 8.14.0 to 8.16.0
• 82e8028 chore(deps-dev): bump typescript from 4.6.4 to 4.7.2
• 3d534f8 chore(deps-dev): bump eslint from 8.12.0 to 8.14.0
• 5f9ebaa chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.111 to 0.0.112
• 502182a chore(deps-dev): bump typescript from 4.6.3 to 4.6.4
• 0d30bee chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.1 to 9.1.2
• 7452368 chore(deps-dev): bump sinon from 13.0.1 to 13.0.2
• a7056ef chore(deps-dev): bump eslint-plugin-mocha from 10.0.3 to 10.0.4
• bcb0dc7 chore(deps-dev): bump prettier from 2.6.1 to 2.6.2
• c4ba7d1 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (Improve description of branch targeting for action release management github/docs#2326)
• 8e56fbd chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.0 to 9.1.1
• 8789084 chore(deps-dev): bump prettier from 2.5.1 to 2.6.1
• be07d83 chore(deps-dev): bump mocha from 9.2.1 to 9.2.2
• b4e839d chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.110 to 0.0.111
• 14e7e87 chore(deps-dev): bump mocha from 9.2.0 to 9.2.1
• 0814d6e chore(deps-dev): bump typescript from 4.5.5 to 4.6.2
• 96ae061 chore(deps): bump actions/setup-node from 2 to 3 (tekst github/docs#2308)
• 7c949be chore(deps): bump actions/checkout from 2 to 3 (Soheilmoameni1357@gmail.com github/docs#2309)
• d424370 chore(deps-dev): bump semantic-release from 18.0.1 to 19.0.2
• 87a73d3 chore(deps-dev): bump eslint from 8.8.0 to 8.10.0
• 3384728 chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.103 to 0.0.110

See the full diff

Package name: npm-merge-driver-install

The new version differs by 5 commits.

• 0dac6aa 2.0.0
• 20dc4e5 chore: fix travis
• ce8eccf feat: remove most dependencies to prevent security issues
• 84ab239 chore(package): update dependencies to enable Greenkeeper 🌴 ([Snyk] Security upgrade resolve-url-loader from 3.1.1 to 3.1.2 #7)
• 84a52a6 chore(package): update videojs-generator-verify to version 1.2.0 ([Snyk] Upgrade @primer/octicons from 11.0.0 to 11.3.0 #5)

See the full diff

Package name: pa11y-ci

The new version differs by 33 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.34.0 #82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters ([Snyk] Upgrade sass from 1.26.3 to 1.49.1 #129)
• 40ba01a Replace make with npm scripts and update Node versions ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim #139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults
• 9de41f3 Version 2.4.2
• 7cb5bd8 Replace npmignore with allow list for consistency
• fefa70b Retry launching browser if first time fails
• 6846233 Adds example of running pa11y-ci in Docker ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim #137)
• 00ac4f9 refactor(npm): remove unnecessary files from package ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.37.2 #126)
• 18f1e60 Version 2.4.1 ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim #135)
• d0843ab Pin puppeteer version to avoid downloading twice ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim #134)
• 830d5a6 Update integration tests to remove DNS dependencies ([Snyk] Upgrade: @babel/core, @babel/plugin-transform-runtime, @babel/preset-env, @babel/runtime #133)
• cda8b5a Replace Travis with GH Actions
• 7da3907 Version 2.4.0 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim #119)
• 2ba2d91 Allow only bugfix update in dependencies ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim #117)
• eadb710 Run the changelog through markdownlint ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim #118)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request repo sync github/docs#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request Additional TOTP options github/docs#11603 from MayaWolf/master
• 76e8cbd Merge pull request repo sync github/docs#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request Tweak AWS OIDC instructions github/docs#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request OIDC cloud-specific docs are missing environment variables github/docs#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request repo sync github/docs#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Patch 2 github/docs#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request repo sync github/docs#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Beaconcha.in ETH2 API 1.0 github/docs#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Index.Md github/docs#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request https://maps.app.goo.gl/?link=https://www.google.com/maps/dir///@35.7…https://maps.app.goo.gl/?link=https://www.google.com/maps/dir///@35.7761024,50.970624,10z/data%3D!4m5!4m4!1m1!4e2!1m0!3e2?entry%3Dml&apn=com.google.android.apps.maps&amv=914018424&isi=585027354&ibi=com.google.Maps&ius=comgooglemapsurl&utm_campaign=ml_promo&ct=ml-nonlu-md-dc-en&mt=8&pt=9008&cid=5697265834171445826&_fpb=CLgEEMACGgVlbi1VUw==&_cpt=cpit&_iumenbl=1&_iumchkactval=1&_plt=3691&_uit=2653&_cpb=1&_icp=1 github/docs#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Is it possible to migrate an OAuth app to Github app without asking users to re-authenticate? github/docs#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests ($fuckchrisknight 041215663 1318664565848 github/docs#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (content/rest/index.mdUpdate index.md github/docs#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Improve docs to be more explanatory github/docs#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Explain how to use environment variables in a test matrix github/docs#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (Explain how to use environment variables in a test matrix github/docs#1254)
• a7cba2f chore: project maintanance and typescript fix (repo sync github/docs#1247)
• 7748472 chore: ignore package-lock.json and remove its references (Remove extraneous grammar period which breaks the compare URL github/docs#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Dashboard github/docs#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (repo sync github/docs#1238)
• 6cc6a49 chore: post refactor CLI (Update restriction github/docs#1237)
• 358651e chore: move cli under lerna package (Update about-the-dependency-graph.md github/docs#1225)
• 2dc495a fix(init): fix webpack config scaffold (Avoid use branch for example workflows github/docs#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (repo sync github/docs#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (SystemformNuch1991 github/docs#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Fix the table overflowing sidebar github/docs#1234)
• 35d1381 tests(generator): enable init generator test (index.md github/docs#1233)
• 66cdcb6 chore(generator): remove transpiled tests (Fixes #1190 github/docs#1229)
• f29a170 fix(init): fix the invalid package name (Issue: Improve existing docs github/docs#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Add note that secret scanning endpoints should be able to handle larg… github/docs#1224)

See the full diff

Package name: website-scraper

The new version differs by 65 commits.

• 74bce19 Mention minimum supported nodejs v14.14.x
• 25bb362 Release v5
• 68f8fac Update README.md
• cf9b834 Update README.md
• 758f5f6 Bump got from 11.8.2 to 12.0.0 ([Snyk] Upgrade: @babel/core, @babel/plugin-transform-runtime, @babel/preset-env, @babel/runtime #470)
• 6670b29 Bump eslint from 7.25.0 to 8.5.0 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1277.0 #472)
• efe7c52 Bump sinon from 10.0.1 to 12.0.1 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1280.0 #476)
• f452942 Bump srcset from 3.0.1 to 5.0.0 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1281.0 #477)
• 6376e4e Bump fs-extra from 9.1.0 to 10.0.0 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1282.0 #478)
• 80a17d8 Drop Node.js v12 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1283.0 #479)
• b7f49ac Bump normalize-url from 6.0.1 to 7.0.2 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1276.0 #471)
• 2e05ee6 Publish codeclimate coverage ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1284.0 #480)
• 75d7491 Run "npm i", add scheduled tests run ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1279.0 #475)
• df715e9 Remove package-lock.json
• 28d8f4a Create dependabot.yml
• e7e88c9 Enable tests on nodejs-17 ([Snyk] Upgrade sass from 1.26.3 to 1.56.2 #469)
• 188911e Remove coveralls ([Snyk] Upgrade instantsearch.js from 4.8.2 to 4.49.2 #468)
• 0d5e8a2 Update cheerio to 1.0.0-rc.10, fixes [Snyk] Upgrade sass from 1.26.3 to 1.54.3 #355 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1275.0 #467)
• 7887499 Update BACKERS.md
• 461c6ac Avoid filtering out root urls, closes [Snyk] Upgrade aws-sdk from 2.610.0 to 2.1268.0 #460 ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1273.0 #465)
• 8bdc0f4 Update dependencies ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1272.0 #464)
• d67969c Add node 16 to Github Actions ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1271.0 #463)
• 44cc74c Replace request with got ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1253.0 #445)
• 6db2b51 Use Github Actions for CI ([Snyk] Upgrade aws-sdk from 2.610.0 to 2.1260.0 #450)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)