[Snyk] Fix for 8 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bin-links

The new version differs by 28 commits.

• ca8aad2 2.0.0
• 5ce48a1 docs: update for v2
• 3af8c54 ignore most things
• 3344f8d changelog for v2
• a1272ee v2 implementation
• d35c9b2 tests for v2
• 675263d deps for new version
• 2f8c1fa license: Artistic 2.0 -> ISC
• 49c3151 chore: only support live nodes
• 2c6fb91 fix: do not require a log option
• 3fa88fa chore: update CLI dev environment
• ee939c0 chore: Use native Promises instead of Bluebird
• 32132c9 chore(release): 1.1.7
• 0bbd303 fix: resolve folder that is passed in
• f315830 chore(release): 1.1.6
• 642cd18 fix: prevent improper clobbering of man/bin links
• bc69419 update travis
• 52e6525 chore(release): 1.1.5
• b3cfd2e fix: don't filter out ./ man references
• 181e36d github settings
• fe39e10 chore(release): 1.1.4
• 25a34f9 fix: sanitize and validate bin and man link targets
• 02bb9e1 chore(deps): add npm-normalize-package-bin module
• 24324d3 chore(release): 1.1.3

See the full diff

Package name: node-gyp

The new version differs by 203 commits.

• 989abc7 v8.0.0: bump version and update changelog
• 0da2e01 gyp: update gyp to v0.8.1 (remove some unused modules npm/cli#2355)
• 0093ec8 gyp: Improve our flake8 linting tests
• 06ddde2 deps: sync mutual dependencies with npm
• a5fd1f4 doc: add downloads badge (error cb() never called! npm/cli#2352)
• 0d8a6f1 ci: update actions/setup-node to v2 (refactor deprecate command and add tests npm/cli#2302)
• 1bd18f3 lib: drop Python 2 support in find-python.js (Release/v7.1.2 npm/cli#2333)
• e81602e lib: migrate requests to fetch ([BUG] postpack script runs BEFORE the tarball has been generated and moved to its final destination. npm/cli#2220)
• a78b584 gyp: remove support for Python 2 ([BUG] npm config removes _auth from .npmrc npm/cli#2300)
• 392b776 lib: avoid changing process.config ([BUG] NPM UPDATE removes dependencies npm/cli#2322)
• c3c510d gyp: update gyp to v0.8.0 (Error when running 'npx cypress open' npm/cli#2318)
• cc1cbce doc: update macOS_Catalina.md (test: add lib/shrinkwrap.js tests npm/cli#2293)
• 9e1397c gyp: update gyp to v0.7.0 ([BUG] Config environment variable forwarding breaks with false config values npm/cli#2284)
• 6287118 doc: updated README.md to copy easily ([BUG] cb() never called! npm/cli#2281)
• 15a5c7d ci: migrate deprecated grammar ([BUG] <title>npm ERR! cb() never called! npm/cli#2285)
• 66c0f04 doc: add missing `sudo` to Catalina doc
• 19e0f3c v7.1.1: bump version and update changelog
• 096e3ad gyp: update gyp to 0.6.2
• 54f97cd doc: add cmd to reset `xcode-select` to initial state
• b9e3ad2 v7.1.1: bump version and update changelog
• 18bf2d1 deps: update deps to match npm@7
• ee6a837 gyp: update gyp to 0.6.1
• 3e7f8cc lib: better log message when ps fails
• 7fb3143 test: GitHub Actions: Test on Python 3.9

See the full diff

Package name: npm-lifecycle

The new version differs by 7 commits.

• cf5f5ca chore(release): 2.1.1
• dbbfe27 deps: bump deps to fix security advisories
• e96f550 deps: update node-gyp to v4.0.0
• f6cef1c chore: update CI for current Node LTS
• c137ac7 deps: bump devDeps
• 62c07d3 deps: bump deps
• 220cd70 fix(test): update postinstall script for fixture

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)