[Snyk] Security upgrade axios from 0.18.1 to 0.20.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • remix-url-resolver/package.json
  • remix-url-resolver/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	416/1000 Why? Recently disclosed, Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 217 commits.

• 0d87655 Releasing 0.20.0
• cd27741 Updating changelog for 0.20.0 release
• ffea034 Releasing 0.20.0-0
• fe147fb Updating changlog for 0.20.0 beta release
• 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
• c4300a8 Adding support for URLSearchParams in node (#1900)
• bed6783 add table of content (preview) (#3050)
• c70fab9 Fix stale bot config (#3049)
• 5b08fc4 Add days and change name to work (#3035)
• 1768c23 Update close-issues.yml (#3031)
• 3dbf6a1 Add GitHub actions to close stale issues/prs (#3029)
• a9010e4 Add GitHub actions to close invalid issues (#3022)
• 36f0ad2 Replace 'blacklist' with 'blocklist' (#3006)
• 0d69a79 Refactor mergeConfig without utils.deepMerge (#2844)
• 4879416 Allow unsetting headers by passing null (#382) (#1845)
• 4b3947a Add test with Node.js 12 (#2860)
• 0077205 Adding console log on sandbox server startup (#2210)
• ee46dff docs(): Detailed config options environment. (#2088)
• 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (#2080)
• 3f2ef03 Allow opening examples in Gitpod (#1958)
• f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (#1773)
• f2b478f Revert "Fixing default transformRequest with buffer pools (Bump lodash from 4.17.15 to 4.17.19 in /remix-debugger remix-project-org/remix#1511)" (#2982)
• d35b5b5 Remove axios.all() and axios.spread() from Readme.md (#2727)
• 6d36dbe Update README.md (#2887)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[guardrails]

⚠️ We detected 119 security issues in this pull request:

Mode: paranoid | Total findings: 119 | Considered vulnerability: 119

Insecure Use of Regular Expressions (14)

Docs	Details
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 235 in b7a1378 if (!isExternalDirectCall(extDirectCall)) throw new Error('staticAnalysisCommon.js: not an external direct call Node')
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 250 in b7a1378 if (!isThisLocalCall(thisLocalCall.expression)) throw new Error('staticAnalysisCommon.js: not a this local call Node')
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 399 in b7a1378 if (!isLibraryCall(node.expression)) throw new Error('staticAnalysisCommon.js: not a library call Node')
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 587 in b7a1378 function isStorageVariableDeclaration (node: VariableDeclarationAstNode): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1002 in b7a1378 function expressionTypeDescription (node: any, typeRegex: string): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1006 in b7a1378 function typeDescription (node: any, typeRegex: string): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1010 in b7a1378 function nodeType (node: any, typeRegex: string): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1018 in b7a1378 function memName (node: any, memNameRegex: any): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1022 in b7a1378 function operator (node: any, opRegex: string): boolean {
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-url-resolver/src/resolve.ts Line 87 in b7a1378 type: 'github',
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1007 in b7a1378 return new RegExp(typeRegex).test(node.typeDescriptions.typeString)
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1011 in b7a1378 return new RegExp(typeRegex).test(node.nodeType)
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1019 in b7a1378 return (node && !memNameRegex) || new RegExp(memNameRegex).test(node.name) || new RegExp(memNameRegex).test(node.memberName)
💡	Title: Regex DOS (ReDOS), Severity: Medium remix/remix-analyzer/src/solidity-analyzer/modules/staticAnalysisCommon.ts Line 1023 in b7a1378 return new RegExp(opRegex).test(node.operator)

More info on how to fix Insecure Use of Regular Expressions in TypeScript and JavaScript.

---

Insecure File Management (12)

Docs	Details
💡	Title: Use of non-literal fs filename, Severity: High remix/gulpfile.js Line 28 in b7a1378 const latestChangelog = fs.readFileSync(__dirname + '/changes.md', 'utf8')
💡	Title: Use of non-literal fs filename, Severity: High remix/gulpfile.js Line 29 in b7a1378 const oldChangelog = fs.readFileSync(__dirname + '/CHANGELOG.md', 'utf8')
💡	Title: Use of non-literal fs filename, Severity: High remix/gulpfile.js Line 33 in b7a1378 fs.unlinkSync(__dirname + '/CHANGELOG.md');
💡	Title: Use of non-literal fs filename, Severity: High remix/gulpfile.js Line 35 in b7a1378 fs.unlinkSync(__dirname + '/changes.md');
💡	Title: Use of non-literal fs filename, Severity: High remix/gulpfile.js Line 37 in b7a1378 fs.writeFileSync(__dirname + '/CHANGELOG.md', data);
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-debug/test.js Line 29 in b7a1378 inputJson.sources[shortFilename] = {content: fs.readFileSync(filename).toString()}
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-debug/test/init.js Line 16 in b7a1378 fs.readFile(filename, 'utf8', callback)
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-debug/test/init.js Line 18 in b7a1378 return fs.readFileSync(filename, 'utf8')
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-debug/test/resources/testWeb3.js Line 6 in b7a1378 var data = init.readFile(require('path').resolve(__dirname, 'testWeb3.json'))
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-lib/test/init.js Line 16 in b7a1378 fs.readFile(filename, 'utf8', callback)
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-lib/test/init.js Line 18 in b7a1378 return fs.readFileSync(filename, 'utf8')
💡	Title: Use of non-literal fs filename, Severity: High remix/remix-lib/test/resources/testWeb3.js Line 6 in b7a1378 let data = init.readFile(require('path').resolve(__dirname, 'testWeb3.json'))

More info on how to fix Insecure File Management in JavaScript.

---

Vulnerable Libraries (93)

Severity	Details
Medium	[email protected] (t) upgrade to: >5.7.3 || >6.4.0 || >7.1.0
High	[email protected] (t) upgrade to: >1.2.2 || >2.2.0 || 3.0.0 || >4.0.2
Low	[email protected] upgrade to: >=7.1.0
Low	[email protected] (t) - no patch available
High	[email protected] (t) upgrade to: >=3.5.0
High	[email protected] upgrade to: >=0.12.3
High	[email protected] upgrade to: >=0.0.1
Critical	[email protected] (t) upgrade to: >=1.10.2
Medium	[email protected] (t) upgrade to: >=2.8.9 || >=3.0.8
High	[email protected] (t) upgrade to: >=1.18.1
High	[email protected] (t) upgrade to: >2.0.0
High	[email protected] (t) upgrade to: >2.2.2
Low	[email protected] (t) upgrade to: >=1.3.6
Low	[email protected] (t) upgrade to: >6.0.2
Medium	[email protected] (t) upgrade to: >4.16.4
High	[email protected] (t) - no patch available
Low	[email protected] (t) upgrade to: >=1.3.6
High	[email protected] (t) upgrade to: >4.17.20
High	[email protected] (t) - no patch available
High	[email protected] - no patch available
High	[email protected] upgrade to: >=5.3.1
High	[email protected] (t) - no patch available
High	[email protected] - no patch available
Medium	[email protected] (t) upgrade to: >1.1.6
High	[email protected] upgrade to: >=5.0.5
Low	deep-extend@unknown (t) upgrade to: >0.5.0
High	dot-prop@unknown (t) upgrade to: >=4.2.1 || >=5.1.1
Medium	extend@unknown (t) upgrade to: >=2.0.2 || >=3.0.2
High	[email protected] (t) upgrade to: >4.17.20
High	sshpk@unknown (t) upgrade to: >1.13.1
Medium	stringstream@unknown (t) upgrade to: >0.0.5
High	tough-cookie@unknown (t) upgrade to: >=2.3.3
Medium	[email protected] (t) upgrade to: >4.16.4
High	[email protected] (t) upgrade to: >6.5.3
High	[email protected] (t) upgrade to: >4.17.20
Low	[email protected] upgrade to: >=9.0.0
High	[email protected] (t) upgrade to: >4.5.0 || >5.3.0 || 6.0.0
High	[email protected] (t) - no patch available
High	[email protected] - no patch available
Critical	handlebars@unknown (t) upgrade to: >4.7.6
Medium	hosted-git-info@unknown (t) upgrade to: >=2.8.9 || >=3.0.8
High	[email protected] (t) upgrade to: >4.17.20
Low	[email protected] (t) upgrade to: >=0.2.1 || >=1.2.3
High	[email protected] upgrade to: >=2.2.2
High	y18n@unknown (t) upgrade to: >=5.0.5
Low	[email protected] upgrade to: >=15.1.0
High	[email protected] upgrade to: >=4.0.0
Critical	[email protected] (t) upgrade to: >=4.7.7
Medium	[email protected] (t) upgrade to: >=2.8.9 || >=3.0.8
Low	[email protected] (t) upgrade to: >=1.3.6
High	[email protected] (t) upgrade to: >4.17.20
Low	[email protected] upgrade to: >=3.9.1
High	[email protected] (t) upgrade to: >=5.0.5
High	[email protected] (t) upgrade to: >4.17.20
High	[email protected] (t) upgrade to: >=4.6.1
Low	[email protected] (t) upgrade to: >0.6.3
High	[email protected] (t) upgrade to: >=2.0.1
High	[email protected] (t) - no patch available
Medium	[email protected] (t) - no patch available
High	[email protected] (t) upgrade to: >=1.2.2
Critical	[email protected] (t) - no patch available
Medium	[email protected] (t) upgrade to: >4.16.4
High	[email protected] (t) upgrade to: >4.17.20
High	[email protected] upgrade to: >=0.25.0
Medium	[email protected] (t) upgrade to: >=2.8.9
High	[email protected] (t) upgrade to: >4.17.20
Medium	[email protected] upgrade to: >=9.2.0
Medium	[email protected] (t) upgrade to: >=1.0.7
Medium	[email protected] upgrade to: >=16.0.4
High	[email protected] (t) upgrade to: >=0.25.0
Medium	[email protected] (t) upgrade to: >=2.8.9
High	[email protected] (t) upgrade to: >4.17.20
Medium	[email protected] upgrade to: >=9.2.0
Medium	[email protected] (t) upgrade to: >=1.0.7
Medium	[email protected] upgrade to: >=16.0.4
Medium	[email protected] (t) upgrade to: >4.1.0
Medium	@ethersproject/[email protected] (t) upgrade to: >5.0.9
Medium	[email protected] (t) upgrade to: >4.16.4
Medium	[email protected] (t) upgrade to: >4.0.48
Medium	[email protected] (t) upgrade to: >2.20.5
Medium	[email protected] (t) upgrade to: >1.4.1 || >2.0.1
High	[email protected] (t) upgrade to: >=2.8.2
High	[email protected] (t) upgrade to: >4.4.17
High	[email protected] upgrade to: >1.5.2 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.5 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.5 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.6-rc.2 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.5 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.5 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.0.0 || >1.3.5 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.6-rc.2 || >=3.0.0-rc.0
High	[email protected] (t) upgrade to: >1.3.6-rc.2 || >3.0.0-rc.4
High	[email protected] (t) upgrade to: >1.3.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.