[Snyk] Security upgrade tape-run from 6.0.1 to 11.0.0

[leonardoadame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912075	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912082	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1924893	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate Implementation SNYK-JS-ELECTRON-1924894	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Inappropriate Implementation SNYK-JS-ELECTRON-1924895	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1930826	Yes	No Known Exploit
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Use After Free SNYK-JS-ELECTRON-2322001	Yes	Mature
	539/1000 Why? Has a fix available, CVSS 6.5	Domain Spoofing SNYK-JS-ELECTRON-2329155	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2329162	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2329257	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2330890	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-ELECTRON-2332173	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Control of a Resource Through its Lifetime SNYK-JS-ELECTRON-2332176	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2338684	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2339883	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Interger Underflow SNYK-JS-ELECTRON-2351961	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2404183	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Check or Handling of Exceptional Conditions SNYK-JS-ELECTRON-2404184	Yes	No Known Exploit
	809/1000 Why? Mature exploit, Has a fix available, CVSS 7.6	Use After Free SNYK-JS-ELECTRON-2414027	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-JS-ELECTRON-2420972	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2420994	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-2422385	Yes	No Known Exploit
	384/1000 Why? Has a fix available, CVSS 3.4	Improper Access Control SNYK-JS-ELECTRON-2431353	Yes	No Known Exploit
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Type Confusion SNYK-JS-ELECTRON-2434822	Yes	Mature
	554/1000 Why? Has a fix available, CVSS 6.8	Use After Free SNYK-JS-ELECTRON-2434824	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2774694	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Type Confusion SNYK-JS-ELECTRON-2803052	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper implementation SNYK-JS-ELECTRON-2803053	Yes	No Known Exploit
	919/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-2805803	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2805927	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Type Confusion SNYK-JS-ELECTRON-2806357	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2806730	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate implementation SNYK-JS-ELECTRON-2807802	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-ELECTRON-2807803	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2807804	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2808872	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2808873	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Inappropriate implementation SNYK-JS-ELECTRON-2808874	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2812497	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Inappropriate implementation SNYK-JS-ELECTRON-2812499	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2824110	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2838863	Yes	No Known Exploit
	544/1000 Why? Has a fix available, CVSS 6.6	Improper Input Validation SNYK-JS-ELECTRON-2869408	Yes	No Known Exploit
	489/1000 Why? Has a fix available, CVSS 5.5	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-2869410	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2870632	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-2932172	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Protection Mechanism Failure SNYK-JS-ELECTRON-2934721	Yes	No Known Exploit
	859/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Heap-based Buffer Overflow SNYK-JS-ELECTRON-2946881	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-2946891	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ELECTRON-2961655	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-2977510	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-ELECTRON-2977512	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Buffer Overflow SNYK-JS-ELECTRON-2978483	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Access Control Bypass SNYK-JS-ELECTRON-2978519	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2992453	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2992478	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper Authentication SNYK-JS-ELECTRON-2992482	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-2994414	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ELECTRON-3014402	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3014405	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3014407	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3014409	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3014411	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3028028	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-3091122	Yes	Mature
	529/1000 Why? Has a fix available, CVSS 6.3	Improper Input Validation SNYK-JS-ELECTRON-3097694	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3097832	Yes	No Known Exploit
	504/1000 Why? Has a fix available, CVSS 5.8	Information Exposure SNYK-JS-ELECTRON-3107036	Yes	No Known Exploit
	594/1000 Why? Has a fix available, CVSS 7.6	Use After Free SNYK-JS-ELECTRON-3111876	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-3111878	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ELECTRON-3111879	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3111880	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3111881	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3160317	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-3237489	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-3252475	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-3370271	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Out-of-bounds Read SNYK-JS-ELECTRON-3370529	Yes	No Known Exploit
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Out-of-Bounds SNYK-JS-ELECTRON-5880432	Yes	No Known Exploit
	586/1000 Why? Recently disclosed, Has a fix available, CVSS 6	Improper Access Control SNYK-JS-ELECTRON-5885098	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tape-run

The new version differs by 16 commits.

• dfc05e7 11.0.0
• 26d520a pkg: add `engines.node`
• 2730fcb fix ci ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #88)
• 01f5097 upgrade `through`
• 41c594a docs: security
• 8d0e790 10.0.0
• e5579fb docs
• fb87809 replace deprecated optimist with yargs ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #85)
• ee4654e 9.0.0
• 57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade xo from 0.16.0 to 0.40.3 #82
• ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade standard from 11.0.1 to 15.0.0 #81)
• 31de6f9 8.0.0
• 20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Fix for 5 vulnerabilities #80)
• e93c616 travis: update node versions
• 463bed9 7.0.0
• e032edb bump browser-run to 7.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free
🦉 Type Confusion
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.