[Snyk] Fix for 13 vulnerabilities #32

snyk-bot · 2022-08-19T07:47:07Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	No	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 35 commits.

82d79b8 1.5.3
572d79b Merge pull request Feature request: Explain the DEF24 sponsorship gchq/CyberChef#1745 from gruntjs/fix-copy-op
58016ff Patch up race condition in symlink copying.
0749e1d Merge pull request Bug report: URL DECODE MISS "+" gchq/CyberChef#1746 from JamieSlome/patch-1
69b7c50 Create SECURITY.md
ac667b2 1.5.2
7f15fd5 Update Changelog
b0ec6e1 Merge pull request Accessibility - Aria labels for buttons gchq/CyberChef#1743 from gruntjs/cleanup-link
433f91b Clean up link handling
d5969ec 1.5.1
ad22608 Merge pull request Bug report: Base58 wrong conversion gchq/CyberChef#1742 from gruntjs/update-symlink-test
0652305 Fix symlink test
a7ab0a8 1.5.0
b2b2c2b Updated changelog
3eda6ae Merge pull request Bug report: AES CTR results differ from expected gchq/CyberChef#1740 from gruntjs/update-deps-22-10
47d32de Update testing matrix
2e9161c More updates
04b960e Remove console log
aad3d45 Update dependencies, tests...
fdc7056 Merge pull request Add prettier formatter gchq/CyberChef#1736 from justlep/main
e35fe54 support .cjs extension
ee722d1 1.4.1
e7625e5 Update Changelog
5d67e34 Merge pull request Feature request: OPA Policy Language gchq/CyberChef#1731 from gruntjs/update-options

See the full diff

Package name: nightwatch

The new version differs by 135 commits.

b69a97e 1.7.11
0e9921e updated dependencies
391428d 1.7.10
0c825a4 reversed a change about setValue and added new updateValue command
8bdfea5 1.7.10
8bfde6f Fixed #2899 - issue with sendKeys() command
73e3cef Update README.md
dd400a6 1.7.9
7adbc1a fixed #2892 – unable to parse the selenium_host config setting
4cf9b7d updated setValue
d2fd8ba Add support to set browserName to null to accommodate Appium
9aa21ae updated deps to fix dependabot alerts
544bcff Update back.js
62b240e api-docs: update forward (#2866)
1419cb7 1.7.8
845de6e removed postinstall message
babd88c Fixes/find elements result value in async commands (#2820)
4ec23f2 send last error to browserstack transport reason (#2778)
b23f747 Fixes resolve node promise incase of failure (#2802)
da83b77 remove node promise rejection in case of error (#2797)
f949ce2 Change: default port for edge (#2790)
e9ebff5 Update README.md (#2788)
27a855a strict click custom command (#2787)
851425a Update build-node.yaml (#2786)

See the full diff

Package name: node-sass

The new version differs by 31 commits.

99242d7 7.0.1
77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
918dcb3 Lint fix
0a21792 Set rejectUnauthorized to true by default (#3149)
e80d4af chore: Drop EOL Node 15 (#3122)
d753397 feat: Add Node 17 support (#3195)
dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
80d6c00 chore: Windows x86 on GitHub Actions (#3041)
566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
6200b21 docs: Double word "support" (#3159)
eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
c167004 6.0.1
911d4db remove mkdirp dep (#3108)
30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
cfcbb2c chore: Use default Apline version from docker-node (#3121)
886319b chore: Drop Node 10 support
c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: postcss-css-variables

The new version differs by 4 commits.

f791dd2 0.18.0
0ae84a1 Prepare changelog with X.509 Parser bug gchq/CyberChef#129
2d7e0ee adding basic postcss 8 support
de77c3c Fix typo

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

c9271b9 chore(release): 4.0.0
18bf369 test: fix stability (#3676)
cdcabb2 fix: respect protocol from browser for manual setup (#3675)
1768d6b fix: initial reloading for lazy compilation (#3662)
4f5bab1 docs: improve examples (#3672)
f2d87fb fix: improve https CLI output (#3673)
0277c5e chore: remove redundant console statements (#3671)
16fcdbc docs: add `ipc` example (#3667)
8915fb8 test: add e2e tests for built in routes (#3669)
4d1cbe1 docs: ask `version` information in issue template (#3668)
b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
f1fdaa7 chore(release): 4.0.0-rc.1
c4678bc fix: legacy API (#3660)
d8bdd03 test: fix stability (#3661)
22b1414 refactor: remove `killable` (#3657)
75bafbf test: add e2e tests for module federation (#3658)
493ccbd chore(deps): update `ws` (#3652)
ae8c523 test: add e2e test for universal compiler (#3656)
f94b84f chore(deps): update (#3655)
1923132 test: fix cli
2adfd01 test: fix todo (#3653)
6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)