[Snyk] Fix for 14 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json
  • script/package-lock.json
  • script/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	490/1000 Why? CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	365/1000 Why? CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	220/1000 Why? CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-460283	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: klaw-sync

The new version differs by 14 commits.

• 2059501 update changelog, bump to v2.0.0
• 84532ab 2.0.0
• 3fc387f Merge pull request ⬆️ Bump highlight.js from 9.18.1 to 9.18.5 #2 from manidlou/add-filter-opt
• 4323677 update readme
• e76afdf change option name, update readme and changelog
• c4c78c5 remove unnecessary deps
• 2389ab0 update readme and changelog
• 56d1828 update changelog
• dd27335 refactor filter additional option, update readme
• e56432d add more tests for filter, update readme
• 739a6e3 remove ignore option, remove micromatch, refactor filter option, update bm.js
• a8c98ab fix bug: ignore with glob pattern (closes ⬆️ Bump ini from 1.3.5 to 1.3.8 #1), add filter option
• ab77725 benchmark/bm.js: set async run to false
• 4d498ea benchmark/bm.js: set async run to false

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 04af9e4 13.0.0
• 704f6a2 Prepare 13.0.0
• 50ba8a9 Reorder changelog
• 1666bba Update devDependencies (UTF-8 problems: characters mysteriously incorrectly encoded atom/atom#4542)
• 062d298 Reindent nodejs.yml (Uncaught Error: EACCES, open '/home/alex/.atom/compile-cache/cson/5af7724b023a6274b520f79f04fb798a67319ca7.json' atom/atom#4541)
• a24e44a Fix atypical rule README structure (Uncaught Error: spawn pep8 ENOENT atom/atom#4537)
• 616ad71 Bump husky from 4.0.3 to 4.0.6 (Uncaught Error: Minified exception occurred atom/atom#4536)
• 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (FuzzyFinder is double displaying atom/atom#4528)
• eaee6a4 Refactor CLI options definition (Commandline behaviour changed moving from Chocolatey to Squirrl atom/atom#4530)
• 6a2ffbd Fix plugin path
• 644b713 Fix Windows path problem
• 1005cbd Add info about invalid syntax in FAQ (Fixed activateNow when no activation promise atom/atom#4535)
• 18b1f99 Fix help text indentation (Better BufferedProcess error handling atom/atom#4531)
• d3c4a9f Update CHANGELOG.md
• 32f67e7 Update CHANGELOG.md
• 04ec577 Bump globby from 10.0.1 to 11.0.0
• d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (Uncaught TypeError: Bad argument atom/atom#4513)
• 1dc203e Regenerate package-lock.json (Windows releases late again. atom/atom#4517)
• 36bf292 Bump husky from 3.1.0 to 4.0.3 (getting red notifications when saving keymap.cson with parse error atom/atom#4527)
• f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (Update Chocolatey package to call the new Squirrel based installer atom/atom#4526)
• a254fd2 Bump got from 10.2.0 to 10.2.1 (Uncaught Error: spawn grunt ENOENT atom/atom#4525)
• f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 ("Reveal in Tree View" does not work when there is no folder selected. atom/atom#4524)
• 74d5233 Remove unneeded `@ types/meow` package (Uncaught TypeError: Cannot read property 'destroyItem' of undefined atom/atom#4523)
• cef0b95 Update CHANGELOG.md

See the full diff

Package name: yargs

The new version differs by 250 commits.

• 706fc7a chore(release): 13.1.0
• 95700d6 test: add tests for alias behavior, based on conversations today (Make i18n support a setting atom/atom#1291)
• f45a817 chore: slight refactor of approach being used, add support for per-command
• 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
• cc8af76 chore(release): 13.0.0
• e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers (Switch Editor to a Telepath Model subclass atom/atom#1286)
• ef16792 chore: drop Node 6 from testing matrix (Tough to understand failure case with CI atom/atom#1287)
• f25de4f chore: update dependencies (Fix grunt download-atom-shell on Windows atom/atom#1284)
• 6916ce9 feat: adds config option for sorting command output (When text is highlighted and find is opened, default to the selected text atom/atom#1256)
• 7b200d2 chore: increase test timeout for windows
• 64af518 fix: middleware added multiple times due to reference bug (Upload releases to atom/atom-master-builds repo atom/atom#1282)
• 61f1b25 doc: update docs to reflect new parserConfiguration method (Copy/Paste don't work in the feedback editor atom/atom#1280)
• 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config (Syntax/UI Theme Generator atom/atom#1262)
• da75ea2 fix: better bash path completion (This screenshot is inline. I promise atom/atom#1272)
• e0c62c8 doc: edit help example to align with actual output (Handle deleted files correctly atom/atom#1271)
• bc0ee40 chore: address @ aorinevo's code review so that we can land
• f3a4e4f feat: support promises in middleware
• 64a0d7e docs: Testing command modules (git reset leaves old files in tree-view atom/atom#1267)
• 0510fe6 fix(validation): Use the error as a message when none exists otherwise (The multitude of shortcuts for "Editor : Select To  atom/atom#1268)
• 27bf739 fix(deps): Update os-locale to avoid security vulnerability (Handle installation of atom script for users without system privilege atom/atom#1270)
• 54e165d docs(advanced): document non-singleton use, .exit() and parsed (I would love to have a Solarized Light theme for th atom/atom#1251)
• 8789bf4 chore(release): 12.0.5
• dc8d63f chore: explicit update to yargs-parser
• eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined (Observe editor.tabLength config in TokenizedBuffer atom/atom#1247)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic