[Snyk] Fix for 20 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	No	No Known Exploit
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: grunt

The new version differs by 55 commits.

• 6f49017 1.3.0
• faab6be Merge pull request #1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request #1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request #1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log
• 3b75085 1.2.1
• ae11839 Changelog update
• 9d23cb6 Merge pull request #1715 from sibiraj-s/remove-path-is-absolute
• e789b1f Remove path-is-absolute dependency
• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link

See the full diff

Package name: jshint

The new version differs by 113 commits.

• d5c1a00 v2.9.6
• ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
• eaca85b [[CHORE]] Improve test coverage for ASI warning
• 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
• 3aa02db [[FIX]] Tolerate division following closing brace
• 55aa54e [[FIX]] Correct restriction on function name
• ff71d3c [[FIX]] Remove warning W100
• bcb3b23 [[CHORE]] Complete Lodash update (#3283)
• 030713d [[DOCS]] Introduce administration e-mail address
• 7993101 [[FIX]] Fix "is is" message typos
• 578575d Merge pull request #3254 from mathiasbynens/unicode-10
• d763e70 Use old Unicode version for ES5 identifiers
• 77414e8 Update to Unicode v11
• 5995a9f [[FIX]] Restrict IdentifierNames in ES5 code
• f2ce8fe [[TEST]] Add regression test
• 8df4a32 [[FIX]] Correct spelling of Uint8ClampedArray
• 274d2be [[DOCS]] Add a code of conduct
• e0b4e91 [[CHORE]] Update to latest version of Lodash
• 6b7feae Merge branch 'master' into unicode-10
• 5276788 [[TEST]] Use `test262-stream`
• 98316fe [[TEST]] Extend Test262 "expectations" file
• 32aa96a [[TEST]] Reformat Test262 "expectations" file
• 3b125e5 Update identifier data to ES2015+ and Unicode 10
• 157a508 [[CHORE]] Correct linting violation

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (#4026)
• 3f7b987 uncaughtException: report more than one exception per test (#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
• 9650d3f add OpenJS Foundation logo to website (#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (#3971)
• aca8895 Add link checking to docs build step (#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (#3986)
• 18ad1c1 treat '--require esm' as Node option (#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (#3984)
• ad4860e Remove extraGlobals() (#3970)
• b269ad0 Clarify effect of .skip() (#3947)
• 1e6cf3b Add Matomo to website (#3765)
• 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: nyc

The new version differs by 204 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
• f3c9e6c chore: Temporarily pin test-exclude (#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
• 7307626 chore: Remove cp-file module (#1230)
• dfd629d fix: Better error handling for main execution, reporting (#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
• a1dee03 chore: Update yargs (#1224)
• 8078a79 chore: Fix 404 in README.md. (#1220)
• 7a02cb7 chore: Add enterprise language (#1217)
• ea94c7f chore: Remove unused functions (#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
• f890360 docs: Fix URL to default excludes in README.md (#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
• cc77e13 chore: Add `use strict` to all except fixtures (#1197)
• bcbe1df chore: Update dependencies (#1196)
• 2735ee2 chore: 100% coverage (#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)

See the full diff

Package name: shelljs

The new version differs by 71 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
• 4bd22e7 chore(ci): fix codecov on travis (#897)
• 2b3b781 fix: silent exec (#892)
• 37acb86 chore(npm): add ci-or-install script (#896)
• 4e861db chore(appveyor): run entire test matrix (#886)
• d079515 docs: remove gitter badge (#880)
• 4113a72 grep includes the i flag (#876)
• 8dae55f Fix(which): match only executable files (#874)
• 6d66a1a chore: rename some tests (#871)
• 131b88f Fix cp from readonly source (#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (#863)
• 72ff790 chore: bump dev dependencies and add package-lock (#864)
• 93bbf68 Prevent require-ing bin/shjs (#848)
• aa9d443 chore: output npm version in travis (#850)
• 4733a32 chore(appveyor): do not use latest npm (#847)
• dd5551d chore: update shelljs-release version (#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Package name: standard

The new version differs by 250 commits.

• 9c505a9 13.0.0
• 7f3dd5d eslint-config-standard-jsx@7.0.0
• 8cfb0ee eslint-config-standard@13.0.0
• e235cb5 changelog 13.0.0
• f125f0c add link to security disclosure policy
• bd44694 add nodejs logo; change logos to 4 per row
• f7f98bf Update CHANGELOG.md
• 5e6315c remove badge
• e3862be Update AUTHORS.md
• f796995 13.0.0-0
• 16ffaef Update CHANGELOG.md
• c1f817e bump deps
• ffb0b8e travis: drop node 6, add node 12
• d5565b5 Update CHANGELOG.md
• 4dcd00a add Nuxt.js logo
• ee3104d compress logos
• 6e077d7 standard
• d33bfe9 Merge pull request #1308 from munierujp/update_japanese_documents
• dd8fe00 Create FUNDING.yml
• 318bfac readme/changelog: global installation changes
• 329a2e0 readme: fix typescript instructions
• db61e3f Update CHANGELOG.md
• 7c661eb Automatically pass on Node 6 or earlier
• 0cfc932 Update Japanese document for 40d1d5e

See the full diff

Package name: yargs

The new version differs by 250 commits.

• aa09faf chore: release 15.0.1 (#1480)
• 6a9ebe2 fix(deps): cliui, find-up, and string-width, all drop Node 6 support (#1479)
• 5cc2b5e chore: release 15.0.0 (#1462)
• 62a114a force build
• 1840ba2 feat: expose `Parser` from `require('yargs/yargs')` (#1477)
• afd5b48 fix(docs): update boolean description and examples in docs (#1474)
• c10c38c feat(deps)!: yargs-parser now throws on invalid combinations of config (#1470)
• 0cba424 build: switch to release-please for releases (#1471)
• 445bc58 chore: update engines to note Node 6 is dropped (#1469)
• 52d875a test: add additional test for 1459
• 12c82e6 fix: stop-parse was not being respected by commands (#1459)
• b4812ac test: add tests for argsert warning to display positional information (#1468)
• 10f10ee test: cover missing filter arg in obj-filter (#1467)
• cb0396f build: switch to c8 for coverage (#1464)
• ebee59d fix!: update to yargs-parser with fix for array default values (#1463)
• 5120aec test: adds missing array choice regression test (#1447)
• 2ba8ce0 chore!: drop Node 6 support (#1461)
• cb64329 build: configure release-please
• 0d3642b refactor!: remove package.json-based parserConfiguration (#1460)
• 9adf22e doc(webpack): webpack example (#1436)
• 7e1c8fc Add missing french translation (#1456)
• b1b156a fix(docs): TypeScript import to prevent a future major release warning (#1441)
• bc3c4d1 chore(release): 14.2.0
• 4d21520 feat(deps): introduce yargs-parser with support for unknown-options-as-args (#1440)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic