[Snyk] Fix for 11 vulnerabilities

[bumplzz69]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chownr

The new version differs by 9 commits.

• 76c21fa 1.1.0
• e8f0dc7 auto-publish scripts
• b196e0e add tests for old readdir support
• e06dd8a Avoid unnecessary stats on node v10.10 and above
• 36a93e3 use lchown to address part 1 of TOCTOU issue
• a631d84 use lchown instead of chown, if available
• cdd4ce7 use modern JavaScript
• d548650 update tap
• 924de1e update travis

See the full diff

Package name: cli-columns

The new version differs by 4 commits.

• 89eaa84 drop travis and coveralls from readme
• 5da2489 upgrade deps, drop heavy dev deps, github actions, node 10+
• b9e986b Update readme.md
• ed6df24 Update copyright info

See the full diff

Package name: columnify

The new version differs by 34 commits.

• a532ca1 Release 1.6.0
• 92fdab6 Clean up readme badges, update stats.
• a350bf2 Add npm cache to CI.
• aae8411 Actually install & test in CI.
• b2fe72f Use github actions.
• 4b54106 Update node version in travis.yml.
• c820951 Update packages.
• 10ea59d Update packages.
• e768ed8 Revert "Merge pull request [Snyk] Security upgrade unified-args from 6.0.0 to 7.0.0 #59 from njhoffman/master"
• 1cf9287 Merge pull request [Snyk] Security upgrade unified-args from 6.0.0 to 7.0.0 #59 from njhoffman/master
• 091ddb0 Merge pull request [Snyk] Security upgrade unified-args from 6.0.0 to 7.0.0 #60 from sreekanth370/master
• bece43f Merge pull request [Snyk] Security upgrade unist-util-select from 1.5.0 to 2.0.0 #49 from tdmalone/patch-1
• 4b72760 Merge branch 'master' into master
• e7c082a Merge pull request [Snyk] Security upgrade rollup-plugin-node-resolve from 3.3.0 to 5.2.0 #62 from viceice/patch-1
• db4ee97 chore: bump version
• 0bd797f chore: require node v8
• ea15deb fix: update strip-ansi to v6.0.1
• 33c942e compatibility updates
• 5cb6515 fixed transipiling errors
• a27ddb8 version bump
• 95d9a8e extract strip-ansi dependency
• 4895ec1 version bump
• 64c77f5 version bump
• 1d3ef4b add modules key and main eky to package.json

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• f5fa6b8 chore: release 8.4.1
• cc37b88 fix: windows command missing space (test: fix default value for additional param nodejs/node#2553)
• 8083f6b deps: [email protected]
• 787cf7f docs: fix typo in powershell node-gyp update
• 7073c65 chore: release 8.4.0
• a27dc08 feat: build with config.gypi from node headers
• 5a00387 feat: support vs2022 (src: check for --prof in ParseArgs nodejs/node#2533)
• fb85fb2 chore: release 8.3.0
• 5585792 feat(gyp): update gyp to v0.10.0 (added CSI (\x9b) as additionally allowable escape nodejs/node#2521)
• b05b4fe chore(deps): bump make-fetch-happen from 8.0.14 to 9.1.0
• 0a67dcd test: Python 3.10 was release on Oct. 4th (Input from TTY is strange nodejs/node#2504)
• f2ad87f chore: refactor the creation of config.gypi file
• bc47cd6 chore: release 8.2.0
• ed9a9ed feat(gyp): update gyp to v0.9.6 (The future of HTTP in Node nodejs/node#2481)
• 660dd7b doc: correct link to "binding.gyp files out in the wild" (src: improve startup time nodejs/node#2483)
• ec15a3e chore(deps): bump tar from 6.1.0 to 6.1.2 (Investigate flaky test test-dgram-multicast-multi-process nodejs/node#2474)
• 78361b3 ISSUE_TEMPLATE.md: Instructions for old versions (Investigate flaky test test-child-process-spawnsync nodejs/node#2470)
• f0882b1 fix: missing spaces
• c8c0af7 fix: doc how to update node-gyp independently from npm
• b6e1cc7 Add title to node-gyp version document (Merge v3.1.0 into next+1 nodejs/node#2452)
• b7bccdb ci: GitHub Actions Test on node: [12.x, 14.x, 16.x] (win,msi: Upgrade from old upgrade code nodejs/node#2439)
• 161c235 doc(wiki): safer doc names, remove unnecessary TypedArray doc
• b52e487 doc(wiki): link to docs/ from README
• f0a4835 doc(wiki): move wiki docs into doc/

See the full diff

Package name: npm-registry-fetch

The new version differs by 59 commits.

• 62ce833 chore(release): 4.0.5
• 43a5d84 chore: remove basic auth data from logs
• 71ab0e7 chore(release): 4.0.4
• fc5d94c Put default timeout back to zero
• 2e0c446 chore(release): 4.0.3
• d7d8c58 chore: publish as latest-v4
• 69c2977 fix: use 30s default for timeout as per README
• fe7b129 chore(doc): document the effect of ?write=true on caching
• ba8b4fe fix: always bypass cache when ?write=true
• b758555 chore(release): 4.0.2
• e3a0186 fix: Add null check on body on 401 errors
• ff5f990 test(check-response): Added missing tests
• 49059f0 chore(release): 4.0.1
• 8eae5f0 fix(deps): Add explicit dependency on safe-buffer
• 5dbd1d7 chore(release): 4.0.0
• 0c4f060 [email protected], infer uid from cache folder
• 4b62980 chore(release): 3.9.1
• 7878bbe deps: [email protected]
• e064215 deps: [email protected]
• 4491843 chore(release): 3.9.0
• a91f90c feat(auth): support username:password encoded legacy _auth
• fc0e119 chore(release): 3.8.0
• 0600986 feat(mapJson): add support for passing in json stream mapper
• 9eb0095 chore(release): 3.7.0

See the full diff

Package name: npmlog

The new version differs by 7 commits.

• 15366fb 5.0.0
• d81ce11 docs: changelog for v5.0.0
• e420957 BREAKING CHANGE: update deps, lint, test coverage (Mani nodejs/node#79)
• f0454b0 deps: bump tap
• c989a1c chore: update CI for current Node LTS
• 5414070 Appease standard
• c9ed17d package-lock@1

See the full diff

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (node-forward/node deactivation nodejs/node#192)
• 132b7ce Remove a project from "Users" section (doc: util: document --trace-deprecation nodejs/node#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (What branch/version and which of the contributing guides to use? nodejs/node#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (debugger: improve clearBreakpoint error and docs nodejs/node#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option (RFC: bundle tick processor with iojs nodejs/node#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (lib,src: remove post-gc event infrastructure nodejs/node#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn