[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hosted-git-info

The new version differs by 48 commits.

• a810463 chore(release): 3.0.8
• bede0dc fix: simplify the regular expression for shortcut matching
• afe2808 chore(release): 3.0.7
• eb5bd5a fix: correctly filter out urls for tarballs in gitlab
• d30f96e chore(release): 3.0.6
• c067102 fix: support to github gist legacy hash length
• c53c6ab chore(release): 3.0.5
• 167cef2 chore: properly advertise version support
• 47c931e update lru-cache to latest
• 8e0b0ec chore(release): 3.0.4
• 0835306 fix: Do not pass scp-style URLs to the WhatWG url.URL
• 6f39e93 chore(release): 3.0.3
• 31140a7 Ensure passwords in hosted Git URLs are correctly escaped
• 4636ac9 chore(release): 3.0.2
• 3e5fbec fix: do not encodeURIComponent the domain
• 97c8caa chore(release): 3.0.1
• e3e3054 fix: update pathmatch for gitlab
• af4835c test: added script to get coverage report
• d04239b test: removed unused testing structure
• 4693b9c test: moved all github url tests together
• a03d51e test: added refactered tests for bitbucket
• 0aea712 test: added ignore; for 100% testing (this seems wonky)
• b473c55 test: added basic test for ._fill() method
• fa87af7 fix: updated pathmatch for gitlab

See the full diff

Package name: init-package-json

The new version differs by 21 commits.

• 1703339 2.0.1
• a99f769 [email protected]
• 434ecd4 [email protected]
• 5ac9b2a 2.0.0
• 6396ea8 chore: changelog for v2.0.0
• f4c67c5 BREAKING: requires node10+
• 35b18fc chore: update to auto-bump on npm version system
• 786e88b chore: bump transitive deps
• 32012d9 [email protected]
• 5deeae9 [email protected]
• 56477ed [email protected]
• 68f5b77 [email protected]
• 6b865ec [email protected]
• 9a05ee4 chore: remove standard-version dev dep
• 16c52cb test: removes dev dep in npm
• c0ace81 fix: accounts dot vs dash version/license config
• b20020b [email protected]
• 4c22248 [email protected]
• 3e772e9 Updated package-lock to v2
• 2b5d21e chore: updating package-lock.json
• 8515942 chore: update CI for current Node LTS

See the full diff

Package name: libnpmhook

The new version differs by 14 commits.

• 7df693a 6.0.0
• ea795fb chore: basic project updates
• aa629b4 fix: remove figgy-pudding
• a0fdf7e chore: cleanup badges, contrib, readme
• da135b2 chore(release): 5.0.2
• 1a4d785 refactor(fetch): use new npm-registry-fetch features to simplify
• eba82eb chore(release): 5.0.1
• 72800a9 deps: bump n-r-f
• bb63594 fix(deps): move JSONStream to prod deps
• 4ca653c chore(release): 5.0.0
• 46b271b feat(api): overhauled API
• a9a6565 deps: bump devDeps
• f8974c7 deps: bump deps
• 283efeb misc: npm6ify pkglock

See the full diff

Package name: normalize-package-data

The new version differs by 20 commits.

• e584704 3.0.0
• 6899b0c fix: broken tests w/ latest hosted-git-info
• 40d07df [email protected]
• e938119 chore: update engines
• 7e70f63 [email protected]
• 0ba7f91 [email protected]
• 30afb71 chore: remove async dev dep
• db9c672 [email protected]
• cc89759 chore: remove underscore dev dep
• b224ba1 chore: update to package-lock v2
• dedb606 2.5.0
• f97372c deps: use `resolve.isCore` instead of `is-builtin-module` for better data and better node compat (Update npm-scripts.md to fix broken layout npm/cli#99)
• de56d3e 2.4.2
• 96c93df deps: downgrade is-builtin-module to ^1.0.0
• 39b60ac 2.4.1
• 9d1ce80 fix: update broken url to `validate-npm-package-license` in README
• 156ad83 deps: bump devDeps
• 432f89c deps: bump deps
• f828e53 chore: update CI for current Node LTS
• df8ea05 fix(license): don't fail when license is whitespace-only field (Optional appropriate environ replace npm/cli#93)

See the full diff

Package name: npm-package-arg

The new version differs by 10 commits.

• bf86221 chore(release): 7.0.0
• 68a4fc3 deps: bump hosted-git-info to 3.0.2
• ee44e84 chore: update deps
• 1da5ca9 chore(release): 6.1.1
• 84a9569 chore: add node 12 to travis
• c5da1f4 chore: boost test coverage to 100%
• 3909203 fix: preserve drive letter on windows git file:// urls
• a5a18b3 chore: update CI for current Node LTS
• b2c1e0c deps: bump devDeps
• db7ca93 deps: bump deps

See the full diff

Package name: npm-pick-manifest

The new version differs by 20 commits.

• 405d00b chore(release): 4.0.0
• 42c76d8 deps: bump npm-package-arg to v7
• 8e66272 chore(release): 3.0.2
• 420fb8c chore: update repo links
• 543da7c chore(release): 3.0.1
• 003286e fix: throw 403 for forbidden major/minor versions
• ed0fc29 chore(release): 3.0.0
• 6ab64fd chore: remove node 4.0 from travis
• ad2a962 feat: throw forbidden error when package is blocked by policy
• cf0c612 chore(release): 2.2.3
• 5e89b62 fix(enjoyBy): rework semantics for enjoyBy again
• dcef9cd chore(release): 2.2.2
• 5684f45 fix(enjoyBy): rework semantics for enjoyBy
• 3ed20c0 chore(release): 2.2.1
• 96410c4 test: improve error messaging and add more tests to enjoyBy feature
• b0ea20a chore(release): 2.2.0
• 0b8a790 feat(enjoyBy): add opts.enjoyBy option to filter versions by date
• 6effde4 opts: use figgy-pudding for opts
• d5ae6c4 fix(audit): npm audit fix --force
• 7c9e986 deps: add figgy-pudding

See the full diff

Package name: npm-registry-fetch

The new version differs by 65 commits.

• 622afb4 chore(release): 5.0.1
• 7aa14fd deps: update all deps
• 5764c15 deps: npm-package-arg@7
• 786f092 chore(release): 5.0.0
• 41ff216 chore: update travis config
• 39e5cfe doc: fix badge url
• 97c1208 chore: update tap, improve offline/prefer-offline tests
• 82abf26 chore: Add missing tests and clean up dead code
• 90ac7b1 fix: prefer const in getAuth function
• e64702e fix: use minizlib instead of core zlib
• 5cfe30b test: add string query example to test
• e7286f7 fix!: Use native Promises
• bb37f20 feat: refactor to use Minipass streams
• b758555 chore(release): 4.0.2
• e3a0186 fix: Add null check on body on 401 errors
• ff5f990 test(check-response): Added missing tests
• 49059f0 chore(release): 4.0.1
• 8eae5f0 fix(deps): Add explicit dependency on safe-buffer
• 5dbd1d7 chore(release): 4.0.0
• 0c4f060 [email protected], infer uid from cache folder
• 4b62980 chore(release): 3.9.1
• 7878bbe deps: [email protected]
• e064215 deps: [email protected]
• 4491843 chore(release): 3.9.0

See the full diff

Package name: pacote

The new version differs by 154 commits.

• ed57e5c 10.1.2
• d9bce22 git: resolved should be a git+ssh:// url, not just ssh://
• 84535a3 git: Fall back from tgz to ssh on HTTP errors
• 7ee23c3 git: make 'from' and 'resolved' consistent and useful
• 10ff45f update deps to pull in newer hosted-git-info
• 88beaab Return the requested spec as the 'from' value
• e5b84f2 test: fix git configs for git 2.23 and above
• 5a3bfbd typo in bin usage text
• 04a0f0c Keep home dir out of snapshots
• ae7c912 10.1.1
• cb31be8 filter out .swp files from package
• 43e239d 10.1.0
• 3d4012a add pacote CLI
• 99a3f21 update tap
• dc10617 test: node 13 made errno a number again
• e516f96 add repository field to package
• 37f24b3 10.0.0
• ad72e94 test: use t.testdir() instead of manually creating test dirs
• a79846e fresh update all deps
• 2e4482a Improve integrity consistency and handling
• 9964c7b update tap and minipass-fetch
• 6460b02 Remove spurious top-level dep on make-fetch-happen
• 1f4473a Pack and unpack preserving exec perms on all package bins
• 347c563 Cache manifest as fetcher.package

See the full diff

Package name: read-package-json

The new version differs by 17 commits.

• 9f7049d chore(release): 3.0.0
• 19d9fbe fix: check-in updated lockfile
• eef46fa chore: add engines definition
• 36b7ef7 chore: remove old .travis.yml envs
• b3a8831 [email protected]
• fb3ceae [email protected]
• 78add03 [email protected]
• 7595d70 [email protected]
• 10175d8 chore(release): 2.1.2
• fdbf082 fix: even better json errors, remove graceful-fs
• e78afd6 chore(release): 2.1.1
• b8cb5fa fix: normalize and sanitize pkg bin entries
• 55382c2 chore(release): 2.1.0
• 0a176cc Add some tests and clean up error handling for non-string bins
• 76f6f42 feat: support bundleDependencies: true
• 4e1e4d2 some tests for index.js parsing
• 67f2d8d chore: update CI for current Node LTS

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic