[Snyk] Fix for 68 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/package.json
  • test/fixtures/demo-os/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	614/1000 Why? Has a fix available, CVSS 8	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-BOWER-73627	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSZIP-73598	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-GETOBJECT-1054932	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	Yes	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	/1000 Why?	Insecure Defaults SNYK-JS-SOCKETIO-1024859	No	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution npm:deep-extend:20180409	No	Proof of Concept
	/1000 Why?	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	/1000 Why?	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) npm:handlebars:20151207	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	/1000 Why?	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	/1000 Why?	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	/1000 Why?	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) npm:superagent:20170807	Yes	No Known Exploit
	/1000 Why?	Information Exposure npm:superagent:20181108	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit
	/1000 Why?	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: csscomb

The new version differs by 50 commits.

• 3204363 v3.1.0
• 854005c Tests: Unskip green parser test
• ac2c972 Add test for [Snyk] Fix for 2 vulnerabilities #374
• 33388bc Use readFileSync and JSON parse to read config
• ecfc41e Follow the configPath to the real path
• efa3d8d Tests: Unskip green vendor-prefix test
• 5750550 Tests: Unskip core tests
• 658173b Tests: Unskip integral tests
• dc1cffd Gonzales 3.0: Fix detection tests
• 7c4f5cb Add test for [Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 #333
• 52501c7 Fix [Snyk] Security upgrade tap from 5.8.0 to 12.6.2 #319: Nested properties
• f556116 add iojs & 0.12
• 6af71be Update options
• 6960b03 Update names of node types
• 93b2e7f Update dependencies
• 5efd46b Tests: Unskip green tests
• 2ece912 Gonzales 3.0: Update `space-before-closing-brace`
• a25249a Gonzales 3.0: Update `sort-order` option
• 76732e4 Tests: Add `readFile` to public methods
• 587a877 Tests: Uncomment sass tests
• c8dd880 Gonzales 3.0: Update `block-indent` option
• 9be754b Gonzales 3.0: Update `vendor-prefix-align`
• d39942e Gonzales 3.0: Update `unitless-zero` option
• a848aa3 Gonzales 3.0: Update `tab-size` option

See the full diff

Package name: grunt-contrib-compress

The new version differs by 69 commits.

• b0488b4 v1.3.0
• f8f2ff4 v1.2.0
• fe2f565 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #182 from dharammaniar/master
• b8dfc50 Update archiver to v1.0.0
• c1cd66d Update CI configs from the latest grunt-contrib-internal.
• 8c2ca32 Reindent and use camelcase variable names.
• 4e049b4 Update CI configs from the latest grunt-contrib-internal.
• a2a6b33 Upgrade grunt and devDeps to 1.0
• 24e0204 v1.2.0
• 0af6341 Update devDeps
• 2edf867 Use lodash directly. Fixes [Snyk] Security upgrade node-fetch from 2.6.0 to 3.1.1 #177.
• ff37330 Update CHANGELOG.
• 9dffe39 v1.1.1
• 94e8d8a Merge pull request [Snyk] Security upgrade marked from 0.3.6 to 4.0.10 #175 from ascripcaru/verbose
• e0ab230 list each file archived only with verbose flag
• abcda60 v1.1.0
• 15f62b1 Merge branch 'fix-gruntjs#61' of https://github.com/philippsimon/grunt-contrib-compress into philippsimon-fix-gruntjs#61
• bef6a27 v1.0.0
• 12ffb95 Update archiver, chalk and pretty-bytes
• 39e13f8 Update versions of Node.js supported
• 54190aa Add Grunt as >=0.4.5 peerDep
• f3465bd Doc fixes
• fff3ef5 Fix typo
• fd63f99 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.26 #156 from daemonl/master

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 107 commits.

• f65dbb9 v4.0.1. ([Snyk] Fix for 1 vulnerabilities #535)
• b33a071 upgrade devDependencies ([Snyk] Security upgrade marked from 0.3.6 to 4.0.10 #536)
• 1e40037 upgrade to uglify-js 3.5.0 ([Snyk] Security upgrade hoek from 2.16.3 to 4.2.1 #534)
• 33724cd update links to uglifyJS documentation ([Snyk] Fix for 1 vulnerabilities #530)
• 5cdebda v4.0.0. ([Snyk] Fix for 2 vulnerabilities #527)
• 7b4ecb5 v3.4.0.
• f6f834b v3.4.0.
• e7915ce v3.3.0.
• bf23f0b Lock grunt-contrib-internal to v1.3.0.
• 6db68bd upgrade to uglify-js 3.3.0
• 04494d9 Update docs/uglify-options.md.
• 263196c Add a Git .mailmap with my new name ([Snyk] Security upgrade django from 1.6.1 to 3.2.15 #497)
• 3105f8d v3.2.1.
• 602ced4 Update uglify-js to v3.2.0
• 5251b6f decouple `sourceMapIn` from `sourceMap.url`
• 2edfe0b Update uglify-js to v3.1.0.
• 2773e7e v3.0.1.
• 85a1ac3 fix typo
• 755360b Move `require()` up
• 0f45e4e v3.0.0.
• ccd7ad0 Upgrade to uglify-js 3.0.4. ([Snyk] Security upgrade django from 2.0.1 to 3.2.15 #472)
• f3086c1 v2.3.0.
• 7dc5e1d Log fixes. ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #454) r=vladikoff
• 48fab36 v2.2.1.

See the full diff

Package name: grunt-jscs

The new version differs by 24 commits.

• d13072f Release v2.3.0
• d8fef95 Update jscs to 2.5.0 version
• c272f8f Release v2.2.0
• 4767f7f Check 4. and .12 nodes with travis CI
• cc63399 Update "load-grunt-tasks" dependency
• 1e4c9bf Use "idiomatic" preset instead of "jquery"
• 0c86a48 Use new "Checker#execute" method
• 6011f05 Release v2.1.0
• 31f9ced Release v2.0.1
• 3f2499e Update dependencies
• 302d8da Use Travis CI container-based builds
• 4a34df6 Release v2.0.0
• 9e6d86e Update dependecies
• 17f9e9c Bump jscs version to 2.0.0
• 8715716 Fix code style issues
• ad532e2 Update package.json
• 49936c6 Add enmasse testing merge with path config and inline options
• 330f2bc Merge branch 'remove-grunt-bump'
• 34dba9c Change package.json indent size to 2
• 8c7064b Document how to publish a new version
• de383ba Create npm scripts to bump version
• 1e60f29 Remove grunt-bump and the bump task
• 37a7757 Correct docs example
• b2d9ff9 Improve doc examples

See the full diff

Package name: grunt-mocha-cli

The new version differs by 56 commits.

• 4ca8d04 5.0.0
• e37c4ac Fix eslint on windows
• 78e36af Drop Node 4 and 6 support
• 6208ef4 Upgrade mocha and dependencies
• da68e65 Upgrade xo
• e587511 Upgrade ava
• d994d31 readme: https all the links
• bb878b4 Update Mocha link ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #44)
• 5f5402c v4.0.0
• 0561b60 Upgrade to mocha 4
• a738f24 Don't use sync methods
• ded2b59 Make grunt task requireable
• 24a2ab5 Revert "Upgrade coffeescript"
• bb5c30a Upgrade coffeescript
• 965f0bf Use Promises and remove some eslint-disable
• e8acd0e Stop exposing lib
• facc78f Upgrade dev setup, add prettier and switch to xo
• ed591d2 Release version 3.0.0
• a3fadd6 Drop support for node 0.10 and 0.12
• 1f10946 Fix lint warnings
• 1cf5be9 Update dependencies
• 8d4c95d Update node test versions
• 4241cd0 Release version 2.1.0
• 2b7a994 Update mocha and switch to caret semver range

See the full diff

Package name: nock

The new version differs by 250 commits.

• c7b156a v8.0.0
• 43e9b2f added missing dep
• 1735038 Merge branch 'greenkeeper-request-2.70.0'
• 568cd04 Merge branch 'master' into greenkeeper-request-2.70.0
• ca251b3 making the latest version of lodash work
• 6d997a6 Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 #521 from node-nock/greenkeeper-update-all
• 149d7ab fixes for latest tap version
• 361dc21 chore(package): update request to version 2.70.0
• d4877f7 chore(package): update dependencies
• 5d8e77d v7.7.3
• 9684dc6 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #520 from ericsaboia/master
• 2834178 properly remove interceptor with regex domain from the list after used
• 3ce48c9 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #519 from Byron-TW/patch-1
• 35e4f4f Fix typo
• 842ecfc changelog update
• 646dfd2 v7.7.2
• d8bbaab v7.7.1
• b40d53a Merge branch 'master' of github.com:node-nock/nock
• bc95ed6 v7.7.0
• 29af0e6 Merge pull request [Snyk] Fix for 16 vulnerabilities #514 from kevinburkeshyp/fix-req-no-match
• 3d08263 Merge pull request [Snyk] Security upgrade lodash from 4.17.15 to 4.17.21 #512 from kevinburkeshyp/fix-typo
• e4d7433 browserify bundle update
• 4aae26b request abort destroys socket. fixes [Snyk] Fix for 5 vulnerabilities #511
• 37d10ab Fix nock.emitter.on('no match') undefined argument

See the full diff

Package name: supertest

The new version differs by 72 commits.

• 199506d Prepare 3.0.0 release. Small readme updates, update dev libs.
• 1d82e5b Allow TestAgent pass a cert and key to request ([Snyk] Fix for 2 vulnerabilities #373)
• 188f8f2 Update readme ([Snyk] Security upgrade python from 3.6-slim to 3.7-slim #392)
• bd63752 Use superagent 3 ([Snyk] Security upgrade latest-version from 1.0.1 to 6.0.0 #400)
• 3c16aa1 Couple small updates to README
• 5930d2c Change package.json to 2.0.1 version and update engines field.
• 4d21f0d Remove node 0.12 from travis testing. A little early for 0.12 EOF but I want the new eslint libs which don't support 0.12.
• 6fcd9b3 Update dev deps. Fix couple lint issues. Add node v6 and remove 0.10 for travis tests.
• 2026549 Prepare for 2.0.1 release.
• e07e981 fix request with content-length > 0 and content-encoding: gzip ([Snyk] Fix for 2 vulnerabilities #371)
• cf9f991 Update Release History for v2.0.0
• df45dd7 Handle server not-running & superagent system errors ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #348)
• 054ad57 Prepare for 2.0.0 release.
• 7ca0574 Upgrade superagent to 2.x ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #347)
• 7d35f22 Change 'super-agent' to 'superagent' in Readme. ([Snyk] Fix for 1 vulnerabilities #343)
• d0c1457 Fix eslint checks .pem ([Snyk] Security upgrade yargs from 11.1.0 to 13.2.4 #331)
• 076ce21 Fix typo on line 74 ([Snyk] Fix for 1 vulnerabilities #330)
• a920af5 MISC Update dev deps, small updates to README.
• 25665c0 Fix readme for .expect(fn), fixes [Snyk] Fix for 1 vulnerabilities #253 ([Snyk] Security upgrade django from 1.6.1 to 2.2.28 #262)
• 480b9bb Merge pull request [Snyk] Fix for 1 vulnerabilities #324 from visionmedia/eslint-refactor
• af3c013 Slight cleanup to esline rules. Remove some overrides, refactor logic in _assertHeader function.
• 1849094 Refactor source code to use eslint with airbnb legacy rules.
• ecced93 Merge pull request [Snyk] Fix for 1 vulnerabilities #318 from oskarcieslik/patch-1
• a1533e5 Changed example with cookie-parser

See the full diff

Package name: testem

The new version differs by 250 commits.

• 6d2b9aa 3.4.1
• 38fb6fb Merge pull request [Snyk] Security upgrade madge from 3.12.0 to 4.0.0 #1421 from artemgurzhii/fix/CVE-2021-21366
• ad93bb3 fix: CVE-2021-21366
• 8528142 Merge pull request [Snyk] Security upgrade python from 3.9-slim to 3.12.0b1-slim #1451 from testem/dependabot/github_actions/GabrielBB/xvfb-action-v1.5
• db71529 Bump GabrielBB/xvfb-action from v1.4 to v1.5
• 50ca9c2 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #1448 from testem/dependabot/npm_and_yarn/sinon-10.0.0
• 0e3eb15 Bump sinon from 7.3.2 to 10.0.0
• ad7d326 3.4.0
• 3361ce5 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.28 #1446 from testem/dependabot/npm_and_yarn/sinon-chai-3.6.0
• a8a3d9a Bump sinon-chai from 3.5.0 to 3.6.0
• 97b7563 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.8.18-slim #1447 from testem/drop-node-8
• 3478102 fix: drop unsupported node 8
• e34ef52 Merge pull request [Snyk] Security upgrade rack from 1.6.5 to 2.0.9.1 #1445 from testem/dependabot/npm_and_yarn/mocha-8.3.2
• 3781b83 chore: use mocha js config
• d094714 Bump mocha from 3.5.3 to 8.3.2
• 41ea0f8 Merge pull request [Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 #1441 from testem/dependabot/npm_and_yarn/printf-0.6.1
• 8939137 Bump printf from 0.5.1 to 0.6.1
• d236a16 3.3.0
• 731c2e1 Merge pull request [Snyk] Security upgrade django from 2.0.1 to 3.2.22 #1440 from testem/dependabot/npm_and_yarn/express-4.17.1
• c5db179 Bump express from 4.16.2 to 4.17.1
• ac4e115 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 3.2.22 #1439 from testem/dependabot/npm_and_yarn/sinon-chai-3.5.0
• f6962e0 Bump sinon-chai from 3.2.0 to 3.5.0
• c95671d Merge pull request [Snyk] Security upgrade pydantic from 1.10.13 to 2.4.0 #1420 from Mifrill/issue_1419/dot_reporter-show_counter_of_failed_tests_in_summary
• e5bb8cc issue [Snyk] Security upgrade cryptography from 2.6.1 to 41.0.4 #1419 use function summaryDisplay from DotReporter for consistent

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"c8961ffb-5dd7-42df-8132-fefdd92740fe","prPublicId":"c8961ffb-5dd7-42df-8132-fefdd92740fe","dependencies":[{"name":"bower","from":"1.4.1","to":"1.8.8"},{"name":"csscomb","from":"3.0.4","to":"3.1.0"},{"name":"grunt","from":"0.4.5","to":"1.5.3"},{"name":"grunt-cli","from":"0.1.13","to":"1.3.0"},{"name":"grunt-contrib-compress","from":"0.13.0","to":"1.3.0"},{"name":"grunt-contrib-uglify","from":"0.9.1","to":"4.0.1"},{"name":"grunt-contrib-watch","from":"0.6.1","to":"1.0.1"},{"name":"grunt-jscs","from":"1.8.0","to":"2.3.0"},{"name":"grunt-mocha-cli","from":"1.13.0","to":"5.0.0"},{"name":"matchdep","from":"0.3.0","to":"1.0.1"},{"name":"nock","from":"2.3.0","to":"8.0.0"},{"name":"nodemailer","from":"0.7.1","to":"1.0.0"},{"name":"supertest","from":"1.0.1","to":"3.0.0"},{"name":"testem","from":"0.8.3","to":"3.4.1"},{"name":"top-gh-contribs","from":"2.0.2","to":"2.0.3"}],"packageManager":"npm","projectPublicId":"4f7ed5c2-f1d8-467a-8a73-f0ca85d000ea","projectUrl":"https://app.snyk.io/org/luxmedia/project/4f7ed5c2-f1d8-467a-8a73-f0ca85d000ea?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["npm:debug:20170905","npm:lodash:20180130","npm:minimatch:20160620","npm:ms:20170412","npm:qs:20140806-1"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BL-608877","SNYK-JS-BOWER-73627","SNYK-JS-COOKIEJAR-3149984","SNYK-JS-DECOMPRESSZIP-73598","SNYK-JS-ENGINEIO-1056749","SNYK-JS-ENGINEIO-3136336","SNYK-JS-GETOBJECT-1054932","SNYK-JS-GOT-2932019","SNYK-JS-GRUNT-2635969","SNYK-JS-GRUNT-2813632","SNYK-JS-GRUNT-597546","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HANDLEBARS-173692","SNYK-JS-HANDLEBARS-469063","SNYK-JS-HANDLEBARS-534478","SNYK-JS-HANDLEBARS-534988","SNYK-JS-HANDLEBARS-567742","npm:handlebars:20151207","SNYK-JS-HAWK-2808852","npm:hawk:20160119","SNYK-JS-JSYAML-174129","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","npm:lodash:20180130","SNYK-JS-MINIMATCH-1019388","SNYK-JS-MINIMATCH-3050818","npm:minimatch:20160620","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-MOCHA-561476","SNYK-JS-MOUT-1014544","SNYK-JS-MOUT-2342654","SNYK-JS-QS-3153490","npm:qs:20170213","npm:qs:20140806","npm:qs:20140806-1","npm:request:20160119","SNYK-JS-SOCKETIO-1024859","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-SOCKETIOPARSER-3091012","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-UGLIFYJS-1727251","npm:uglify-js:20150824","npm:uglify-js:20151024","SNYK-JS-WS-1296835","SNYK-JS-XML2JS-5414874","SNYK-JS-XMLDOM-1084960","npm:debug:20170905","npm:deep-extend:20180409","npm:extend:20180424","npm:growl:20160721","npm:hoek:20180212","npm:http-signature:20150122","npm:mime:20170907","npm:ms:20151024","npm:ms:20170412","npm:semver:20150403","npm:superagent:20170807","npm:superagent:20181108","npm:tough-cookie:20160722","npm:tough-cookie:20170905","npm:tunnel-agent:20170305"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BL-608877","SNYK-JS-BOWER-73627","SNYK-JS-COOKIEJAR-3149984","SNYK-JS-DECOMPRESSZIP-73598","SNYK-JS-ENGINEIO-1056749","SNYK-JS-ENGINEIO-3136336","SNYK-JS-GETOBJECT-1054932","SNYK-JS-GOT-2932019","SNYK-JS-GRUNT-2635969","SNYK-JS-GRUNT-2813632","SNYK-JS-GRUNT-597546","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HANDLEBARS-173692","SNYK-JS-HANDLEBARS-469063","SNYK-JS-HANDLEBARS-534478","SNYK-JS-HANDLEBARS-534988","SNYK-JS-HANDLEBARS-567742","SNYK-JS-HAWK-2808852","SNYK-JS-JSYAML-174129","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","SNYK-JS-MINIMATCH-1019388","SNYK-JS-MINIMATCH-3050818","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-MOCHA-561476","SNYK-JS-MOUT-1014544","SNYK-JS-MOUT-2342654","SNYK-JS-QS-3153490","SNYK-JS-SOCKETIO-1024859","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-SOCKETIOPARSER-3091012","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-UGLIFYJS-1727251","SNYK-JS-WS-1296835","SNYK-JS-XML2JS-5414874","SNYK-JS-XMLDOM-1084960","npm:debug:20170905","npm:deep-extend:20180409","npm:extend:20180424","npm:growl:20160721","npm:handlebars:20151207","npm:hawk:20160119","npm:hoek:20180212","npm:http-signature:20150122","npm:lodash:20180130","npm:mime:20170907","npm:minimatch:20160620","npm:ms:20151024","npm:ms:20170412","npm:qs:20170213","npm:request:20160119","npm:semver:20150403","npm:superagent:20170807","npm:superagent:20181108","npm:tough-cookie:20160722","npm:tough-cookie:20170905","npm:tunnel-agent:20170305","npm:uglify-js:20150824","npm:uglify-js:20151024"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,706,614,586,704,null,n...