[Snyk] Fix for 13 vulnerabilities

[cdcc1969]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babelify

The new version differs by 6 commits.

• b06b778 8.0.0
• ea73917 Remove path-is-absolute devDep
• 02f97ec drop node 0.10/0.12, add peerDep on babel-core instead of dep, drop object-assign, add package-lock
• 6d45fa8 Explicitly test Node 4, 5 and 6 in travis
• 9944a55 Explain the double negatives a bit better (Rewrite Paper Wallet (to not use jquery & use angular) MyEtherWallet/etherwallet#197)
• d9e3029 babelify in quotes in example (Update global ETH / ETC / Token balances MyEtherWallet/etherwallet#198)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 17 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (updated input width and removed watch-var from icon MyEtherWallet/etherwallet#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` (Rewriting the polish translation MyEtherWallet/etherwallet#92)
• 7828646 Upgrade to Autoprefixer 8 (When decrypting new JSON/Keystore file, the page doesn't update with new wallet's info or update existing wallet's info. MyEtherWallet/etherwallet#96)

See the full diff

Package name: gulp-clean

The new version differs by 2 commits.

• 1b2503e Merge pull request [Snyk] Security upgrade snyk from 1.299.0 to 1.324.0 #30 from kuangyeheng/pl
• d83c56a remove gulp-util

See the full diff

Package name: gulp-file-include

The new version differs by 9 commits.

• 5897e85 v2.0.1
• 07cc720 Replace hardcoded newline character in test
• c4b0bbf Drop dependency on deprecated `gulp-util`
• 9c84c87 v2.0.0
• 88853d1 lint
• 7f771cb lint
• a52b855 chore - use eslint, remove jscs
• 1510106 chore - update travis, add npmrc
• 5a5f9ca Update applyFilters method to look for filter handler options (Initial update ja.js MyEtherWallet/etherwallet#146)

See the full diff

Package name: gulp-template

The new version differs by 3 commits.

• 55805ee 5.0.0
• 229b21c Require Node.js 4
• 4939d79 Drop dependency on deprecated `gulp-util` ([Snyk] Fix for 1 vulnerabilities #42)

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: run-sequence

The new version differs by 15 commits.

• 31103da 2.2.1
• 209e46c Drop dependency on deprecated `gulp-util` (Update tr.js MyEtherWallet/etherwallet#100)
• 37e17be 2.2.0
• c450122 Changelog, cleanup for orchestration events change
• 2155560 handle orchestration aborted events (Update no.js MyEtherWallet/etherwallet#97)
• 066b8c6 2.1.0
• dada3f4 Added date to v1 in changelog
• f2b1635 Added options, code cleanup
• 578d017 Added a changelog, Closes Update 1 - Navigation & General MyEtherWallet/etherwallet#82
• 9fd7783 2.0.0
• d80ddf5 Specify chalk version (Polish Patch  MyEtherWallet/etherwallet#89)
• 59515cf Fixed typo
• 7e263af Ignore yarn lock when publishing
• b83cc34 Adding Yarn lockfile
• ee04d48 Added modern node versions to travis ci (Translated some lines into German MyEtherWallet/etherwallet#73)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request Change EOSC Chainid MyEtherWallet/etherwallet#2105 from snyk/feat/webpack
• 7737f75 Merge pull request Stuck TX in REOSC network (2894) MyEtherWallet/etherwallet#2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request devop/prep-release MyEtherWallet/etherwallet#2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request Enable Ledger hardware wallet support for Ellaism  MyEtherWallet/etherwallet#2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request Added WallOfChain contract ABI MyEtherWallet/etherwallet#2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request devop/to-field-contract-deploy MyEtherWallet/etherwallet#2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request BitBox MyEtherWallet/etherwallet#2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request devop/sync-repos MyEtherWallet/etherwallet#2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request Devop/prep release MyEtherWallet/etherwallet#2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request Release/v3.27.0 MyEtherWallet/etherwallet#2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request Add ZIX token MyEtherWallet/etherwallet#2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request AssertionError thrown from mew-custom@1.1.0 MyEtherWallet/etherwallet#2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn