[Snyk] Fix for 1 vulnerabilities

[nithincvpoyyil]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dateformat

The new version differs by 9 commits.

• 8802071 2.0.0
• ba00ce7 update `contributors`
• 9222537 remove cli.js
• 85d577e removes CLI
• 6fb6e92 Merge pull request [Snyk] Security upgrade copy-webpack-plugin from 4.6.0 to 6.0.0 #49 from thejameskyle/patch-1
• fbc280f Create .npmignore
• 261aec5 Merge pull request [Snyk] Fix for 2 vulnerabilities #47 from samt/master
• dd04e87 Fix code-block intent
• 5cd7114 Add mask options and named formats to Readme.md

See the full diff

Package name: internal-ip

The new version differs by 4 commits.

• df16f28 2.0.0
• 0e62348 Remove default export and extract CLI into a separate
• 4a10abe Rewrite to async with better detection and ES2015 ([Snyk Update] New fixes for 1 vulnerable dependency path #9)
• 36cfa81 Tweaks ([Snyk Update] New fixes for 1 vulnerable dependency path #8)

See the full diff

Package name: karma

The new version differs by 195 commits.

• a4d5bdc chore: release v3.0.0
• 75f466d chore: release v2.0.6
• 5db9399 chore: update contributors
• eb3b1b4 chore(deps): update mime -> 2.3.1 (#3107)
• 732396a fix(travis): Up the socket timeout 2->20s. (#3103)
• 173848e Remove erroneous change log entries for 2.0.3
• 1002569 chore(ci): drop node 9 from travis tests (#3100)
• 02f54c6 fix(server): Exit clean on unhandledRejections. (#3092)
• 0fdd8f9 chore(deps): update socket.io -> 2.1.1 (#3099)
• 90f5546 fix(travis): use the value not the key name. (#3097)
• fba5d36 fix(travis): validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. (#3094)
• 56fda53 fix(init): add "ChromeHeadless" to the browsers' options (#3096)
• f6d2f0e fix(config): Wait 30s for browser activity per Travis. (#3091)
• a58fa45 fix(travis): Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. (#3093)
• 88b977f fix(config): wait 20s for browser activity. (#3087)
• 94a6728 chore: remove support for node 4, update log4js (#3082)
• c5dc62d docs: better clarity for API usage
• 0018947 chore: release v2.0.5
• 02dc1f4 chore: update contributors
• dc7265b fix(browser): ensure browser state is EXECUTING when tests start (#3074)
• 7617279 refactor(filelist): rename promise -> lastCompletedRefresh and remove unused promise (#3060)
• a701732 fix(doc): Document release steps for admins (#3063)
• 93ba05a fix(middleware): Obey the Promise API.
• 518cb11 fix: remove circular reference in Browser

See the full diff

Package name: karma-coverage

The new version differs by 36 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix #408 (#413)
• 9c37de6 chore: add check commit message (#411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint (#410)
• 1adb27a ci: drop node 8, adopt node 12 (#409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix #398 (#403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute (#405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS (#407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul (#406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks (#387)
• 5cf931a fix: remove information about old istanbul lib (#404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 (#399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 (#392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (#397)
• 55aeead Update Source Map Handling (#394)
• b23664e Added debug msg whether coverage is in reporters (#396)
• d3f53e3 chore(all): Migrate to ES6 (#385)
• 9c8a222 Make travis file simpler (#386)
• b76db9e Remove unused dateformat dependency (#384)
• 075ece0 Remove unused istanbul dependency (#382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml (#380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Package name: log4js

The new version differs by 250 commits.

• 45eca69 3.0.0
• 7597c52 Merge pull request #755 from log4js-node/inspect-deprecated
• 16b8754 fix: removed semver dep, not needed
• 20a6b29 fix: removed the custom inspect thing as it was only need for node < 6
• 58cd7d2 chore: added node v10 to the travis builds, removed v7
• 7f2b1c2 docs: fixed references to external appenders
• dcdf2ad Merge pull request #754 from log4js-node/version-3.x
• 8c8eea5 test: fixed up the types test
• 8ad2c39 2.11.0
• 24d2663 Merge pull request #753 from log4js-node/remove-logfaces-udp
• 467f670 chore: removed the logFaces-UDP appender
• 2db6bb0 Merge branch 'master' into version-3.x
• e605365 Merge pull request #752 from log4js-node/deprecate-logfaces-udp
• db9271b chore: deprecated logFaces-UDP
• 6031257 Merge pull request #748 from log4js-node/remove-logFaces-HTTP
• 3a56566 chore: removed logFaces-HTTP appender
• 06c56b4 chore: turned off unused locals complaint for types (caused by levels)
• 5618fdb Merge branch 'master' into version-3.x
• 111fced Merge pull request #747 from log4js-node/deprecate-logfaces-http
• 29a238a chore: deprecated logFaces-HTTP appender
• 83440fa Merge pull request #745 from nicojs/744-fix-levels-typing
• 18ad653 fix(typings): correctly type the `levels` property
• 6b60cd9 Merge pull request #742 from log4js-node/remove-logstash-http
• 16603ca chore: removed logstash-http appender

See the full diff

Package name: meow

The new version differs by 96 commits.

• 6052e69 10.0.0
• e61af45 Meta tweaks
• 0c11c39 Allow user to pass in package URL for package reading (#182)
• 8c12b2d Upgrade dependencies
• 05320ac Require Node.js 12 and move to ESM (#181)
• 5400b66 Reduce cyclomatic complexity (#175)
• 569def4 9.0.0
• 1609709 Fix reporting missing required flags (#168)
• 1d1b6ab 8.1.0
• a27ff12 Add `allowUnknownFlags` options (#169)
• a0ce744 Add type test
• c725b57 Move to GitHub Actions (#170)
• a1f5f0f 8.0.0
• 1b3d9ee Upgrade dependencies
• ef7ae5d Gracefully handle package.json not being found (#167)
• 49ce74d Make `isMultiple` non-greedy ([Snyk] Security upgrade webpack from 3.12.0 to 5.0.0 #162)
• 14924de Default `isMultiple` to empty array (#163)
• dc7dae4 7.1.1
• 71d640e Fix compatibility with `vercel/ncc` ([Snyk] Security upgrade karma from 1.7.1 to 5.0.0 #159)
• ebe00a1 7.1.0
• e38789f Improve flags types to acknowledge `isMultiple` and `isRequired` options ([Snyk] Security upgrade path-to-regexp from 0.1.10 to 8.0.0 #154)
• fa2a374 Fix typo
• 629af48 Update `minimist-options` and remove type coercion patch ([Snyk] Fix for 1 vulnerabilities #152)
• 1c251e8 Rename `yargs` to `parseArguments` ([Snyk] Fix for 3 vulnerabilities #149)

See the full diff

Package name: node-gyp

The new version differs by 169 commits.

• 33affe2 v7.0.0: bump version and update changelog
• ba4f34b doc: update catalina xcode clt download link
• f7bfce9 doc: update acid test and introduce curl|bash test script
• 4937722 deps: replace mkdirp with {recursive} mkdir
• a6b76a8 gyp: update gyp to 0.2.1
• e529f33 doc: update README to reflect upgrade to gyp-next
• ebc34ec gyp: update gyp to 0.2.0
• 9aed628 doc: give more attention to Catalina issues doc
• 963f2a7 doc: improve cataline discoverability for search engines
• d45438a deps: update deps, match to npm@7
• 5f47b7a v5.1.1: bump version and update changelog
• c255ffb lib: drop "-2" flag for "py.exe" launcher
• 741ab09 test: remove support for EOL versions of Node.js
• 6356117 doc, bin: stop suggesting opening node-gyp issues
• 7b75af3 doc: add macOS Catalina software update info
• 4f23c7b doc: update link to the code of conduct (#2073)
• 473cfa2 doc: note in README that Python 3.8 is supported (#2072)
• e18a61a build: shrink bloated addon binaries on windows
• ca86ef2 test: bump actions/checkout from v1 to v2
• e7402b4 doc: update catalina xcode cli tools download link (#2044)
• 972780b gyp: sync code base with nodejs repo (#1975)
• dab0305 v5.1.0: bump version and update changelog
• 35de459 doc: update catalina xcode cli tools download link; formatting
• 4864219 doc: add download link for Command Line Tools for Xcode

See the full diff

Package name: node-notifier

The new version differs by 236 commits.

• d9ed9df v7.0.0
• cc05a8d Updates dependencies
• 04fa973 Revert "v7.0.0"
• c22030c v7.0.0
• 6d45d39 Adds changelog for v7.0.0
• 669db67 Check if stderr is set in fileCommandJson to ensure err is null on callback. Fixes #322
• bf0901e Merge pull request #320 from ORESoftware/patch-1
• a847c30 Merge pull request #318 from mikaelbr/dependabot/npm_and_yarn/acorn-5.7.4
• 9c4863d Adds docs on notify-send app-name
• aef0da8 Merge pull request #299 from gabrielfern/master
• ed6a46f Update checkGrowl.js
• 897c439 Bump acorn from 5.7.3 to 5.7.4
• be3642b Merge pull request #306 from Daniihh/master
• bd91b92 Revert package-lock.json In Commit 789c54420959bbe0dc5ca3dd678ab839c6777d98
• 2a51128 Merge pull request #305 from mikaelbr/dependabot/npm_and_yarn/handlebars-4.5.3
• 789c544 Automagically Bind `notify` Methods
• 96dd277 Bump handlebars from 4.1.2 to 4.5.3
• b71d6bc NotifySend support for app name
• b368131 Merge pull request #293 from yoavain/master
• 99a7984 Merge pull request #297 from mikaelbr/updates-after-notifu
• 0baa7a7 Update test/toaster.js
• b22f51d Break up our license from vendored license descriptions
• bf26644 Update license inclusions and add a balloon (notifu) example
• ac37b83 Merge pull request #290 from ixe013/notifu-license

See the full diff

Package name: node-sass

The new version differs by 57 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Package name: normalize-package-data

The new version differs by 10 commits.

• e584704 3.0.0
• 6899b0c fix: broken tests w/ latest hosted-git-info
• 40d07df [email protected]
• e938119 chore: update engines
• 7e70f63 [email protected]
• 0ba7f91 [email protected]
• 30afb71 chore: remove async dev dep
• db9c672 [email protected]
• cc89759 chore: remove underscore dev dep
• b224ba1 chore: update to package-lock v2

See the full diff

Package name: read-pkg

The new version differs by 26 commits.

• 55549f3 6.0.0
• 2088095 Require Node.js 12 and move to ESM
• 4c0cd9a Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #19)
• bfe8eb8 5.2.0
• 8b11c42 Bump dependencies ([Snyk] Fix for 2 vulnerable dependencies #17)
• a6ca17a Fix readme example ([Snyk] Fix for 2 vulnerable dependencies #16)
• 01d66b2 Tidelift tasks
• 371d871 Create funding.yml
• 7a86b11 5.1.1
• d57aeb1 Fix types for default value of `normalize` ([Snyk Update] New fixes for 1 vulnerable dependency path #14)
• e2ae941 Add Node.js 12 to testing ([Snyk Update] New fixes for 1 vulnerable dependency path #13)
• 1270bef 5.1.0
• a45019a Meta tweaks
• 8a3fcef Add TypeScript definition ([Snyk Update] New fixes for 1 vulnerable dependency path #12)
• d443393 Fix Travis
• 51a9429 5.0.0
• 267b050 Require Node.js 8
• 03b601f 4.0.1
• b1a3920 Use `pify`
• 8f30e19 4.0.0
• 0cd09a0 Remove the `path` arguments and drop BOM stripping
• c5f6837 Require Node.js 6
• 7eb2f6b 3.0.0
• 8aac403 Fix tests for newer AVA version

See the full diff

Package name: remap-istanbul

The new version differs by 24 commits.

• 981dac8 Release 0.10.0
• a50dbf6 Drop dependency on deprecated `gulp-util` ([Snyk] Fix for 2 vulnerabilities #158)
• 9ed0670 Removed typo ([Snyk] Fix for 1 vulnerabilities #156)
• 8342b28 Allow null file name ([Snyk] Security upgrade webpack from 3.12.0 to 5.94.0 #153)
• 18ba8f6 Add warnMissingSourceMaps parameter ([Snyk] Fix for 1 vulnerabilities #150)
• 50b3f4f checking if origFileName is defined before using it to build a file path ([Snyk] Fix for 1 vulnerabilities #152)
• 1e3046d Release 0.9.5
• 866abe7 Remap sources when remapping filenames ([Snyk] Fix for 1 vulnerabilities #145)
• af8a0b5 Release 0.9.4
• ed3bee6 Add support for remapping filenames ([Snyk] Fix for 2 vulnerabilities #144)
• 834e898 Release 0.9.3
• 343f8cd Release 0.9.2
• 2eb3bee Support files with multiple sourceMappingURL ([Snyk] Fix for 14 vulnerabilities #142)
• 72ef8e2 Remove typings folder ([Snyk] Fix for 37 vulnerabilities #139)
• 9479027 Ignore unused files ([Snyk] Security upgrade copy-webpack-plugin from 4.6.0 to 5.0.5 #138)
• b7a5795 fix for issue [Snyk] Fix for 1 vulnerabilities #61 ([Snyk] Fix for 1 vulnerabilities #133)
• d123249 Fixes [Snyk] Fix for 1 vulnerabilities #136 ([Snyk] Fix for 1 vulnerabilities #137)
• 7d1117b bump version to 0.9.1
• b010d7c Fix regression where path is resolved incorrectly ([Snyk] Fix for 1 vulnerabilities #135)
• a08125d Update to 0.9.0
• 93429a5 fix: dont overwrite sources array if there is more than one source ([Snyk] Security upgrade sass-graph from 2.2.6 to 4.0.1 #120)
• 53e89b8 Avoid reading sourcemaps in js file if it is already in fileCoverage.inputSourceMap ([Snyk] Security upgrade istanbul-instrumenter-loader from 2.0.0 to 3.0.0 #125)
• 6e40c3a fixes [Snyk] Security upgrade karma from 1.7.1 to 5.0.8 #126, prepend sourceRoot to source file paths ([Snyk] Fix for 1 vulnerabilities #127)
• ba8fe42 fixes [Snyk] Fix for 1 vulnerabilities #53, document reportOptions for writeReport command ([Snyk] Fix for 1 vulnerabilities #124)

See the full diff

Package name: semver

The new version differs by 168 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• 503a4e5 feat: allow identifierBase to be false (#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
• aa516b5 fix: faster parse options (#535)
• 61e6ea1 fix: faster cache key factory for range (#536)
• f8b8b61 fix: optimistic parse (#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (#533)
• 3f222b1 fix: reuse comparators on subset (#537)
• 113f513 feat: identifierBase parameter for .inc (#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request #6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request #6561 from joshunger/patch-1
• 6e175bc Merge pull request #6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request #6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c5b9c7e chore(release): 4.6.0
• 1ba9720 fix: reload on warnings (#4056)
• 5026601 feat: allow to pass all `chokidar` options (#4025)
• 7e78bfa chore(deps-dev): bump webpack from 5.64.2 to 5.64.3 (#4054)
• f2a7d16 chore(deps-dev): bump memfs from 3.3.0 to 3.4.0 (#4055)
• d104b58 chore: remove redundant `eslint-disable` comments (#4053)
• e6330f5 chore: remove redundant snapshots (#4052)
• cf26a3f chore(deps): bump ws from 8.2.3 to 8.3.0 (#4051)
• 7823237 chore(deps-dev): bump lint-staged from 12.1.1 to 12.1.2 (#4048)
• 9b32c96 fix: reconnection logic (#4044)
• 5e7c001 chore(deps-dev): bump eslint from 8.2.0 to 8.3.0 (#4045)
• 12d6d52 chore(deps-dev): bump lint-staged from 12.0.2 to 12.1.1 (#4047)
• 7ed2ba3 chore(deps-dev): bump webpack from 5.64.1 to 5.64.2 (#4046)
• b497f68 docs: fix typo (#4042)
• 285487f chore(deps): remove unused (#4036)
• a19ee71 chore(deps-dev): bump acorn from 8.5.0 to 8.6.0 (#4040)
• 497e615 chore(deps): bump webpack-dev-middleware
• ec882db chore(deps-dev): bump typescript from 4.4.4 to 4.5.2 (#4034)
• 7d117de chore: update dependencies (#4033)
• a5b1c70 chore: update `schema-utils` (#4032)
• d3be607 chore(deps): bump @ babel/preset-env from 7.16.0 to 7.16.4 (#4030)
• 25bace8 chore(deps): bump @ babel/plugin-transform-runtime (#4031)
• 6a5b58d docs: fix `--https` option alignment (#4028)
• fd8c54a chore: remove redundant `eslint-disable` comments (#4024)

See the full diff

Package name: yargs

The new version differs by 98 commits.

• 8515e4f docs: nit in CHANGELOG
• 4b8cfa9 docs: slight tweaks to CHANGELOG
• c809cbe chore(release): 10.0.0
• fc13dcd chore: new translations for command API overhaul (#976)
• 7269531 feat: .usage() can now be used to configure a default command (#975)
• 3757194 chore: add id translation to #976 (#986)
• 47b3078 chore: update Dutch Translation (#981)
• 20bb99b feat: replace /bin/bash with file basename (#983)
• 5a9c986 feat(translation): Update pl-PL translations (#985)
• 02cc11d docs: whoops, forgot to call out a breaking change introduced into parse()
• 7e58453 fix: the positional argument parse was clobbering global flag arguments (#984)
• a06b67d chore: update tr.json (#982)
• b2d11b3 chore: add ja translations (#979)
• 1598a7f docs: switch to using .positional() in example (#973)
• 280d0d6 feat: hidden options are now explicitly indicated using "hidden" flag (#962)
• 8c1d7bf fix: less eager help command execution (#972)
• db77c53 chore: switch to find-up from read-pkg-up (#970)
• cb16460 feat: introduce .positional() for configuring positional arguments (#967)
• 3bb8771 fix: config and normalise can be disabled with false (#952)
• c649415 chore(release): 9.1.0
...