[Snyk] Fix for 3 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-gyp

The new version differs by 131 commits.

• 989abc7 v8.0.0: bump version and update changelog
• 0da2e01 gyp: update gyp to v0.8.1 (remove some unused modules npm/cli#2355)
• 0093ec8 gyp: Improve our flake8 linting tests
• 06ddde2 deps: sync mutual dependencies with npm
• a5fd1f4 doc: add downloads badge (error cb() never called! npm/cli#2352)
• 0d8a6f1 ci: update actions/setup-node to v2 (refactor deprecate command and add tests npm/cli#2302)
• 1bd18f3 lib: drop Python 2 support in find-python.js (Release/v7.1.2 npm/cli#2333)
• e81602e lib: migrate requests to fetch ([BUG] postpack script runs BEFORE the tarball has been generated and moved to its final destination. npm/cli#2220)
• a78b584 gyp: remove support for Python 2 ([BUG] npm config removes _auth from .npmrc npm/cli#2300)
• 392b776 lib: avoid changing process.config ([BUG] NPM UPDATE removes dependencies npm/cli#2322)
• c3c510d gyp: update gyp to v0.8.0 (Error when running 'npx cypress open' npm/cli#2318)
• cc1cbce doc: update macOS_Catalina.md (test: add lib/shrinkwrap.js tests npm/cli#2293)
• 9e1397c gyp: update gyp to v0.7.0 ([BUG] Config environment variable forwarding breaks with false config values npm/cli#2284)
• 6287118 doc: updated README.md to copy easily ([BUG] cb() never called! npm/cli#2281)
• 15a5c7d ci: migrate deprecated grammar ([BUG] <title>npm ERR! cb() never called! npm/cli#2285)
• 66c0f04 doc: add missing `sudo` to Catalina doc
• 19e0f3c v7.1.1: bump version and update changelog
• 096e3ad gyp: update gyp to 0.6.2
• 54f97cd doc: add cmd to reset `xcode-select` to initial state
• b9e3ad2 v7.1.1: bump version and update changelog
• 18bf2d1 deps: update deps to match npm@7
• ee6a837 gyp: update gyp to 0.6.1
• 3e7f8cc lib: better log message when ps fails
• 7fb3143 test: GitHub Actions: Test on Python 3.9

See the full diff

Package name: standard

The new version differs by 197 commits.

• 9c505a9 13.0.0
• 7f3dd5d eslint-config-standard-jsx@7.0.0
• 8cfb0ee eslint-config-standard@13.0.0
• e235cb5 changelog 13.0.0
• f125f0c add link to security disclosure policy
• bd44694 add nodejs logo; change logos to 4 per row
• f7f98bf Update CHANGELOG.md
• 5e6315c remove badge
• e3862be Update AUTHORS.md
• f796995 13.0.0-0
• 16ffaef Update CHANGELOG.md
• c1f817e bump deps
• ffb0b8e travis: drop node 6, add node 12
• d5565b5 Update CHANGELOG.md
• 4dcd00a add Nuxt.js logo
• ee3104d compress logos
• 6e077d7 standard
• d33bfe9 Merge pull request [FEATURE] configuration standard for all packages npm/cli#1308 from munierujp/update_japanese_documents
• dd8fe00 Create FUNDING.yml
• 318bfac readme/changelog: global installation changes
• 329a2e0 readme: fix typescript instructions
• db61e3f Update CHANGELOG.md
• 7c661eb Automatically pass on Node 6 or earlier
• 0cfc932 Update Japanese document for 40d1d5e

See the full diff

Package name: tap

The new version differs by 250 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 tap-parser@11.0.1
• f576a60 docs: setting t.snapshotFile
• d9fa241 libtap@1.3.0
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution