[Snyk] Fix for 41 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/har-schema/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	219/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0037, Social Trends: No, Days since published: 1560, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.24, Score Version: V5	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1137, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	218/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 376, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 2.16, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept
	199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1517, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	119/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00156, Social Trends: No, Days since published: 1015, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.98, Score Version: V5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	21/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Adjacent, EPSS: 0.00135, Social Trends: No, Days since published: 987, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 0.877, Score Version: V5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	158/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 296, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept
	159/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 222, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept
	97/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00083, Social Trends: No, Days since published: 901, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 1.45, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	212/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Adjacent, EPSS: 0.01055, Social Trends: No, Days since published: 154, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.6, Likelihood: 2.2, Score Version: V5	Authentication Bypass SNYK-JS-HAWK-6969142	Yes	Proof of Concept
	121/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Adjacent, EPSS: 0.01055, Social Trends: No, Days since published: 1848, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 6.65, Likelihood: 1.82, Score Version: V5	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 328, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	35/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1028, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.47, Score Version: V5	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	102/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2040, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.69, Score Version: V5	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	166/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2026, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.69, Score Version: V5	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1346, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00858, Social Trends: No, Days since published: 1346, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.44, Score Version: V5	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	152/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02082, Social Trends: No, Days since published: 1940, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.69, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1524, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 191, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00128, Social Trends: No, Days since published: 2091, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	133/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.004, Social Trends: No, Days since published: 2028, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.21, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1437, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00357, Social Trends: No, Days since published: 1338, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	65/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 2180, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.76, Score Version: V5	Prototype Pollution SNYK-JS-MERGE-72553	Yes	Mature
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	59/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.03488, Social Trends: No, Days since published: 947, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.51, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1687, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00111, Social Trends: No, Days since published: 586, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.64, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	178/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00134, Social Trends: No, Days since published: 1434, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 7.03, Likelihood: 2.52, Score Version: V5	Information Disclosure SNYK-JS-SEMANTICRELEASE-1041706	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0016, Social Trends: No, Days since published: 491, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00213, Social Trends: No, Days since published: 481, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00285, Social Trends: No, Days since published: 1242, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 1682, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 2438, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00311, Social Trends: No, Days since published: 2373, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.65, Score Version: V5	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01021, Social Trends: No, Days since published: 2443, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.5, Score Version: V5	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	257/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00659, Social Trends: No, Days since published: 2390, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.66, Score Version: V5	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00122, Social Trends: No, Days since published: 2443, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	118/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 2667, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.96, Score Version: V5	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 250 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request [BUG] When installing a git dependency, prepare script can see dev dependencies, prepack script can not npm/cli#1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request Missing Bundled Deps npm/cli#1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request [BUG] npm cannot handle directories with '/' npm/cli#1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request [BUG] npm ERR! cb() never called! npm/cli#1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request [QUESTION] How to compare npm install vs npm ci npm/cli#1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request cordova-plugin-file-transfer is not supported for WKWebview iOS npm/cli#1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: codeclimate-test-reporter

The new version differs by 8 commits.

• 1ad7ea8 Bump to 0.5.1
• 5e4b10e chore: update dependencies with security issues fixes [Snyk] Fix for 8 vulnerabilities #70
• c4b55e1 README: update deprecation notice
• 7a8c75f Update README.md
• c37a8da Update README.md ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #63)
• 9fc86ba Release v0.5.0
• d936a62 Update engines depedency to node >= 4
• 97f1ff2 Upgrade request package

See the full diff

Package name: echint

The new version differs by 39 commits.

• 7f95cd5 build(cricle): remove node7
• aa279e8 build(scripts): fix npm scripts
• 56fe10c build(scripts): update npm scripts
• cb3e093 build(circle): correct test requirements
• ed2b729 docs(readme): update badges
• cc52dcd build(circle): switch to circle ci
• d922484 fix(dependencies): update dependencies
• 8d3ad9c chore(deps): update dependency tap to v12.6.0 ([Snyk] Fix for 8 vulnerabilities #108)
• cd40b85 fix(deps): update dependency dotenv to v7 ([Snyk] Fix for 48 vulnerabilities #109)
• a44731e fix(deps): update dependency lintspaces to v0.6.3 ([Snyk] Fix for 21 vulnerabilities #100)
• b67e145 Merge pull request [Snyk] Fix for 10 vulnerabilities #107 from ahmadnassri/renovate/tap-12.x
• b536e52 chore(deps): update dependency tap to v12.5.3
• 73f1d00 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #103 from ahmadnassri/renovate/dotenv-6.x
• e7b40c4 fix(deps): update dependency dotenv to v6
• f1fc3c8 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #101 from ahmadnassri/renovate/tap-12.x
• 2a18afd chore(deps): update dependency tap to v12
• 329106f Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #106 from LinusU/prefer-const
• 9cabe96 Prefer const over let
• 5398f97 build(renovate): replace dependencies.io with Renovate app
• 6c99cd6 Merge pull request [Snyk] Fix for 197 vulnerabilities #95 from ahmadnassri/tap-11.1.3-33.0.0
• f2dfaca Update tap from 11.1.1 to 11.1.3
• 5cf03f7 Merge pull request [Snyk] Fix for 4 vulnerabilities #87 from ahmadnassri/lintspaces-0.6.0-1.0.0
• 547c589 Merge pull request [Snyk] Fix for 13 vulnerabilities #90 from ahmadnassri/tap-11.1.1-4.0.0
• efa830a Update tap from 10.7.3 to 11.1.1

See the full diff

Package name: semantic-release

The new version differs by 250 commits.

• c8d38b6 style: removed line breaks to align with xo rule ([BUG] npm pack with bundledDependencies ignores files in package.json of dependencies npm/cli#1689)
• ca90b34 fix: mask secrets when characters get uri encoded
• 63fa143 docs(plugins): add listing for new plugin ([BUG] cannot unpublish 2 minutes after publishing npm/cli#1686)
• 2bf3771 fix: use valid git credentials when multiple are provided ([BUG] install --only=development doesn't install needed dependencies if listed in production dependencies npm/cli#1669)
• 77a75f0 fix: don't parse port as part of the path in repository URLs ([BUG] error cb() never called! npm/cli#1671)
• d74ffef docs: add npm-deprecate-old-versions in plugins list (ERROR cb() never called! npm/cli#1667)
• 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (Registry and Replicate show different versions npm/cli#1656)"
• b8fb35c feat: throw an Error if package.json has duplicate "repository" key (Registry and Replicate show different versions npm/cli#1656)
• 18e35b2 docs: reorder default plugins list ([BUG] v7.x npm_config_* flags not being set for boolean values npm/cli#1650)
• e35e5bb docs(contributing): fix commit message examples ([BUG] scoped package bandwidth performance is poor and will just get worse in the future npm/cli#1648)
• 311c465 docs(README): welcome @ travi, add alumni section
• b4c5d0a fix: add logging for when ssh falls back to http ([BUG] unexpected change in behavior of npm view --json of invalid version of a package npm/cli#1639)
• c982249 docs(contributing): typo fix (Isaacs/doctor npm/cli#1638)
• 9635f50 docs: improve github actions recipe on git plugin (package 404 not found npm/cli#1626)
• d036a89 ci(docs): use actions/checkout@v2 (Issues with audit fix in npm v5 style lockfile npm/cli#1620)
• 9303d1d docs(resources.md): added more sematnic release article (NPM Install Error - Cannot read property 'match' of undefined npm/cli#1610)
• b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (Isaacs/unit test config commands npm/cli#1607)
• ee44ee8 docs(github-actions): suggest action_dispatch as trigger ([BUG] cb() never called! npm/cli#1605)
• b24d247 docs: add `semantic-release-rubygem` to community plugins (Bad Request when running the NPM command npm/cli#1602)
• 6d118c6 docs: be clear about what module of semantic-release handles updating the package.json ([BUG] npm pack fails on scoped packages npm/cli#1601)
• b5c9dea docs: update github documentation to `docs.github.com`
• 1405b94 docs: added recipe for Jenkins CI configuration ([Snyk] Upgrade ansi-regex from 2.1.1 to 6.0.1 #1) ([QUESTION] NPM Scripts double SIGINT with CTRL+C - is this intentional? npm/cli#1591)
• 0f0c650 fix: use correct ci branch context (install npm package from github repo npm/cli#1521)
• a465801 feat(bitbucket-basic-auth): support for bitbucket server basic auth ([FEATURE] Install a package as a sole project npm/cli#1578)

See the full diff

Package name: snazzy

The new version differs by 16 commits.

• 01bcc8e 7.1.0
• 595dea4 Merge pull request [Snyk] Fix for 9 vulnerabilities #19 from standard/greenkeeper/initial
• e550806 Update README.md
• 803f52d docs(readme): add Greenkeeper badge
• 608d394 chore(package): update dependencies
• f466ed1 Update README.md
• 6877619 7.0.0
• 296f03c Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #17 from feross/remove-standard
• ffa91cc cleanup
• 2b1febe travis: test on latest node
• b460ea4 BREAKING: Remove built-in copy of `standard`
• f2172ff standard
• 4d1412a 6.0.0
• e04483d Use the same exit code as standard (1)
• 4fe43e7 Document proess.on('exit') behavior
• 216d064 use canonical windows detection

See the full diff

Package name: tap

The new version differs by 250 commits.

• 793c1c0 update versions
• 47a2289 add missing @ tapjs/mock service key polyfill
• 6622dca snapshot: update snapshot
• 556e520 mock: actually be resilient against multiple instances
• 2c135b0 Add `t.mockAll` method
• d7e7e4f clean process.cwd() out of snapshots by default
• 4c0dc72 use the released version of tshy
• c858f37 need to check in .tshy configs for typedoc to work
• 82f48cd update versions
• 0f27f73 TypeScript 5.2, use tshy for hybrid builds
• de09096 remove my home directory from parser snapshots
• 46e2bbb repl: mkdirp the .tap dir if missing
• acfae01 link typedocs to main website
• 2ece1da core spawn test even less flaky
• a7a12d2 update typedoc to latest, ts-node to temporary fork
• a5c0e0c some changelog updates
• caf8d81 document repl
• a5dc854 Store t.testdir() fixtures in .tap/fixtures
• 6914d23 remove docs from source control
• 1dcc6a7 exclude test files themselves from coverage
• aff25fc update versions
• c5972e7 core: make spawn timeout test less flaky
• 1c11b37 stack: properly parse ErrnoException errors
• 1280a55 parser: remove node v12 skip check

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Authentication Bypass
🦉 More lessons are available in Snyk Learn

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.