[Snyk] Fix for 9 vulnerabilities

[MrBrain295]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-NPMCLIARBORIST-1579165	No	No Known Exploit
	594/1000 Why? Has a fix available, CVSS 7.6	Arbitrary File Write SNYK-JS-NPMCLIARBORIST-1579181	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/run-script

The new version differs by 11 commits.

• f3b5a17 2.0.0
• 20214a8 feat: update to node-gyp@8 (colors@1.1.2 npm/cli#39)
• baf9478 chore: update settings.yml (testing branch dupe bug npm/cli#38)
• 7e7b52a 1.8.6
• 45ad116 chore: remove infer-owner from dependencies (Improved repository examples npm/cli#36)
• c785d52 chore(package-lock): rebuild package-lock
• 47a4d53 1.8.5
• 420d215 tap@15.0.4
• 988cd66 fix: windows ComSpec env variable name
• 2a2f1b6 1.8.4
• eeeb3f4 remove puka

See the full diff

Package name: cli-columns

The new version differs by 4 commits.

• 89eaa84 drop travis and coveralls from readme
• 5da2489 upgrade deps, drop heavy dev deps, github actions, node 10+
• b9e986b Update readme.md
• ed6df24 Update copyright info

See the full diff

Package name: columnify

The new version differs by 34 commits.

• a532ca1 Release 1.6.0
• 92fdab6 Clean up readme badges, update stats.
• a350bf2 Add npm cache to CI.
• aae8411 Actually install & test in CI.
• b2fe72f Use github actions.
• 4b54106 Update node version in travis.yml.
• c820951 Update packages.
• 10ea59d Update packages.
• e768ed8 Revert "Merge pull request readable-stream@3.0.2 npm/cli#59 from njhoffman/master"
• 1cf9287 Merge pull request readable-stream@3.0.2 npm/cli#59 from njhoffman/master
• 091ddb0 Merge pull request Docs: mention --otp flag when prompting for OTP npm/cli#60 from sreekanth370/master
• bece43f Merge pull request Canary npm/cli#49 from tdmalone/patch-1
• 4b72760 Merge branch 'master' into master
• e7c082a Merge pull request Set lowercase headers for NPM audit requests npm/cli#62 from viceice/patch-1
• db4ee97 chore: bump version
• 0bd797f chore: require node v8
• ea15deb fix: update strip-ansi to v6.0.1
• 33c942e compatibility updates
• 5cb6515 fixed transipiling errors
• a27ddb8 version bump
• 95d9a8e extract strip-ansi dependency
• 4895ec1 version bump
• 64c77f5 version bump
• 1d3ef4b add modules key and main eky to package.json

See the full diff

Package name: node-gyp

The new version differs by 137 commits.

• f5fa6b8 chore: release 8.4.1
• cc37b88 fix: windows command missing space ([BUG] peer-dependency conflict when having "greater than or equal to" range >= npm/cli#2553)
• 8083f6b deps: npmlog@6.0.0
• 787cf7f docs: fix typo in powershell node-gyp update
• 7073c65 chore: release 8.4.0
• a27dc08 feat: build with config.gypi from node headers
• 5a00387 feat: support vs2022 ([BUG] <title>npm ERR! cb() never called! npm/cli#2533)
• fb85fb2 chore: release 8.3.0
• 5585792 feat(gyp): update gyp to v0.10.0 ([BUG] missing docs around package-lock.json inside the /node_modules/ dir npm/cli#2521)
• b05b4fe chore(deps): bump make-fetch-happen from 8.0.14 to 9.1.0
• 0a67dcd test: Python 3.10 was release on Oct. 4th ([BUG] npm install --force fails for peerOptional conflicts npm/cli#2504)
• f2ad87f chore: refactor the creation of config.gypi file
• bc47cd6 chore: release 8.2.0
• ed9a9ed feat(gyp): update gyp to v0.9.6 ([BUG] <title>Unable to add my password npm/cli#2481)
• 660dd7b doc: correct link to "binding.gyp files out in the wild" ([BUG] shows outdated support contact npm/cli#2483)
• ec15a3e chore(deps): bump tar from 6.1.0 to 6.1.2 (fix(docs): clean up npm unpublish docs npm/cli#2474)
• 78361b3 ISSUE_TEMPLATE.md: Instructions for old versions (V6 npm/cli#2470)
• f0882b1 fix: missing spaces
• c8c0af7 fix: doc how to update node-gyp independently from npm
• b6e1cc7 Add title to node-gyp version document ([BUG] Broken link in npm v7 series beta re. $npm_package_* environment variables (now gone) npm/cli#2452)
• b7bccdb ci: GitHub Actions Test on node: [12.x, 14.x, 16.x] ([BUG] User-defined run script overwritten by shell command npm/cli#2439)
• 161c235 doc(wiki): safer doc names, remove unnecessary TypedArray doc
• b52e487 doc(wiki): link to docs/ from README
• f0a4835 doc(wiki): move wiki docs into doc/

See the full diff

Package name: npmlog

The new version differs by 7 commits.

• 15366fb 5.0.0
• d81ce11 docs: changelog for v5.0.0
• e420957 BREAKING CHANGE: update deps, lint, test coverage (ci summary: change console.error for console.log npm/cli#79)
• f0454b0 deps: bump tap
• c989a1c chore: update CI for current Node LTS
• 5414070 Appease standard
• c9ed17d package-lock@1

See the full diff

Package name: pacote

The new version differs by 30 commits.

• fcecf0e 12.0.0
• cbc75af deps: @ npmcli/run-script@2.0.0
• a0d4c60 fix: drop node 10 support (Fix link as code in npm-ci npm/cli#94)
• 4217bee chore: update settings.yml (Changes error code to when test is undefined npm/cli#91)
• 80cce46 chore(package-lock): rebuild package-lock
• 3557b0e 11.3.5
• e7e6f0d Merge pull request Use native fs.writeFile in lib/install/save.js npm/cli#84 from npm/lk/handle-pathspec-error
• ac56329 Merge pull request Close the file descriptor if exiting upload via an error. npm/cli#80 from npm/isaacs/unpack-no-mtime
• 7660b0b Merge pull request feat(cli, outdated): Adds 'Homepage' to outdated --long output. npm/cli#81 from npm/isaacs/include-all-dep-types-when-preparing
• c76c279 rethrow git pathspec errors when cloning from a hosted service
• 6ad9ede Merge pull request Note that "prepare" runs when installing git dependencies npm/cli#82 from npm/lk/handle-git-errors
• c285551 @ npmcli/git@2.1.0, update tests to work with latest hosted-git-info
• 0328fe0 fix: do not do dry-run/package-lock installs for preparation
• b76f51a fix: include all dep types when building for prepare
• 2ed5b64 fix: do not set mtime when unpacking
• 745265a 11.3.4
• bec3715 npm-registry-fetch@11.0.0
• 9629c64 11.3.3
• d97e2fb Merge pull request Correct spelling mistakes npm/cli#78 from npm/gar/normalize-manifest
• 14264d2 fix(registry): normalize registry manifests
• 42e977a 11.3.2
• 4311985 update tap, test on node 16
• e0128a7 npm-registry-fetch@10.0.0
• 500a34f Cache the tarballs in pacote

See the full diff

Package name: tar

The new version differs by 33 commits.

• 4f1f4a2 6.1.9
• 875a37e fix: prevent path escape using drive-relative paths
• b6162c7 fix: reserve paths properly for unicode, windows
• 3aaf19b fix: prune dirCache properly for unicode, windows
• 6a9c51d 6.1.8
• dfc5923 fix: skip extract if linkpath is stripped entirely
• 575a511 fix: reserve paths case-insensitively
• d61628c 6.1.7
• 9e018cf tests: run (and pass) on windows
• c2a0948 fix: refactoring to pass tests on Windows
• d0ce670 update deps
• 5360266 fix: normalize paths on Windows systems
• 9bc1729 6.1.6
• bdf4f51 fix: properly prefix hard links
• 94b2a74 chore: remove benchmarks from git repo
• ecaafb4 update deps
• bd4691c 6.1.5
• d694c4f ci: test on node 16
• 84acbd3 fix(unpack): fix hang on large file on open() fail
• 97c46fc fix(unpack): always resume parsing after an entry error
• 488ab8c chore: WriteEntry cleaner write() handling
• be89aaf WriteEntry backpressure
• ba73f5e chore: track fs state on WriteEntry class, not in arguments
• bf69383 6.1.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn