[Snyk] Fix for 10 vulnerabilities #1

snyk-bot · 2022-08-19T00:40:05Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: husky

The new version differs by 27 commits.

b9a0917 4.3.7
839d84a update pkg-dir dependency and some devDependencies
6a1b3da Upgrade find-versions to 4.0.0 (#837)
cbb0af7 4.3.6
eb1eeb8 fix prepare-commit-msg on windows (#737)
65bc6e5 Update README.md
cbd0e06 add prepare-commit-msg test
992c1e0 4.3.5
642af0c rollback do not exit with 1 if install fails
ccb71b2 Update README.md
3c43bd5 4.3.4
1e1b289 update error message
b29ee2b 4.3.3
fd0233e ignore tsconfig.tsbuildinfo
a5f1259 4.3.2
41472b7 provide workaround for npm7
6dc9a51 4.3.1
033a2ae exit with 1 if husky fails to install/uninstall
38a7163 update gitignore
eff9aa3 Update README.md
b616d84 Changed create-react-app repo url (#759)
bb0c414 Update README.md
b05e72f Update node.js.yml
44e02bd Update node.js.yml

See the full diff

Package name: minimist

The new version differs by 4 commits.

7efb22a 1.2.6
ef88b93 security notice for additional prototype pollution issue
c2b9819 isConstructorOrProto adapted from PR
bc8ecee test from prototype pollution PR

See the full diff

Package name: nodemon

The new version differs by 88 commits.

27e91c3 fix: update packge-lock
0144e4f fix: bump update-notifier to v6.0.0 (#2029)
c870342 chore: update supporters
5c0b472 chore: add supporter
e26aaa9 fix: support windows by using path.delimiter
9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
de5d32a docs: Unified Node.js capitalization (#1986)
e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
bc4547b chore: update sponsors
07159c5 chore: add supporters
cd100da chore: update supporters
6a34922 chore: supporters
e5d6067 chore: updating supporters
242f9f7 Merge branch 'main' of github.com:remy/nodemon
141e58c chore: update supporters
53422af ci(release): workflow uses 'npm' cache (#1933)
581c641 ci(node.js): workflow uses 'npm' cache (#1934)
cb1c8b9 docs: Fix typo in faq.md (#1950)
54784ab fix: bump prod dep versions
26db983 chore: update supporters
61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
b449171 docs: Fix typo in faq.md
0a3175f chore: update supporters
18516d8 chore: add supporter

See the full diff

Package name: purgecss

The new version differs by 90 commits.

f5fc9d2 build: 3.1.0
39d4d02 chore: update changelog 3.1.0
c00cc0a build(grunt-purgecss): v3.1
ebcdc1f docs: fix indentation for next.js purgecss
446e1e6 docs: fix incorrect usage syntax
72302ff fix: ci update to postcss 8.2
28000c2 chore: add missing package-lock files
a6a5d21 chore: add package-lock in grunt plugin
3daf0af ci: change dependencies installation command
43dbe3c fix: safelist option in CLI
61a04ad chore: add package-lock
a3f163b docs: update docs 3.1
1f5c180 docs: fix incorrect usage syntax
f5e4427 build: 3.1.0 pre
564c114 fix indentation for next.js purgecss
84da7ca fix: webpack types
1d587d8 fix: blocklist acts as not present
6dc099d feat: use detailed extractor for purgecss-from-html
f2cfcf5 feat: webpack 5 compatibility
2ce212e build(deps-dev): bump mini-css-extract-plugin from 0.11.3 to 1.2.0
15d28b1 build(deps-dev): bump mini-css-extract-plugin from 0.11.3 to 1.2.0
f4504e0 build(deps-dev): bump css-loader from 4.3.0 to 5.0.0
0b2ab59 build(deps-dev): bump css-loader from 4.3.0 to 5.0.0
5422b5f Merge pull request #493 from FullHuman/dependabot/npm_and_yarn/types/webpack-sources-2.0.0

See the full diff

Package name: watchify

The new version differs by 9 commits.

7b27a3c 4.0.0
5d4842a bump deps (#380)
b840f29 disable package-lock.json
bae5e02 update chokidar and anymatch (#378)
3445775 ci: use github actions (#379)
f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (#369)
bd2f677 ci: run on more node versions
563a90d Merge pull request #367 from Trott/update-readme-badge
bb2b429 chore: Fix Travis-CI badge in readme.markdown