[Snyk] Fix for 19 vulnerabilities #54

bizoton19 · 2023-12-19T17:36:17Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 83 commits.

2b55728 v2.26.9
2bf8812 v2.26.8
0f3cc0b fix: npm audit fixes (root)
ba1f09f fix: npm audit fixes
d89252a Merge pull request #1749 from ProLoser/securityFix
df81272 Merge pull request #1771 from tolulawson/master
64f87b9 Merge pull request #1768 from fozzleberry/bump-http-proxy-1.18.1
43dc459 Merge pull request #1725 from nitinbansal1989/master
894d031 -- Corrected codesync tagline
0667104 used correct syntax on bump
938e611 bumped node engines to >= 8.0.0
20a0334 bumped http proxy to >=1.18.1
c103029 Security fix for #1649
864c9f1 upgrade chokidar version
2191369 v2.26.7
53f9b36 docs: readme
0b3d98b v2.26.6
fdfc681 tests: add e2e tests to package.json
c56cfd9 Merge pull request #1698 from emeitch/fix_deprecated_header
2fd598f Merge pull request #1690 from XhmikosR/xmr-ci
841ccd5 Merge pull request #1694 from coliff/patch-1
209c9c1 Merge pull request #1697 from gaards/update-localtunnel
87bee4b Use getHeaders or _headers
77abfd3 Update localtunnel

See the full diff

Package name: css-loader

The new version differs by 9 commits.

43179a8 chore(release): 1.0.0
3d53968 Merge remote-tracking branch 'origin/master'
240db53 version 1.0 (#742)
1b7acf7 Merge remote-tracking branch 'origin/master'
1703721 docs(README): add more context to `localIdentName` (#711)
1c51265 docs(README): fix malformed emoji (#701)
50f8ec0 Merge remote-tracking branch 'origin/master'
07444ad tests: css custom variables (#709)
3de8aa7 tests: css custom variables (#709)

See the full diff

Package name: gulp

The new version differs by 134 commits.

55eb23a Release: 4.0.0
173a532 Docs: Fix the installation instructions
ec54d09 Docs: Improve note about out-of-date docs
03b7c98 Docs: Update recipes to install gulp@next
2eba29e Docs: Remove run-sequence from recipes
76eb4d6 Docs: Add installation instructions & update badges
fbc162f Docs: Remove references to gulp-util
3011cf9 Scaffold: Normalize repository
f27be05 Update: Remove graceful-fs from test suite
361ab63 Upgrade: Update glob-watcher
064d100 Build: Avoid broken node 9
057df59 Release: 4.0.0-alpha.3
c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
89acc5c Docs: Improve ES2015 task exporting examples (#1999)
0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
723cbc4 Docs: Fix syntax in recipe example (#1715)
d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
29ece6f Upgrade: Update undertaker
e931cb0 Docs: Fix changelog typos (#1696)
477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
c3dbc10 Docs: Clarify incremental builds example (#1609)