[Snyk] Fix for 15 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: init-package-json

The new version differs by 118 commits.

• 9d12b13 chore: release 6.0.0
• 9eccb04 deps: bump read-package-json from 6.0.4 to 7.0.0
• 3024040 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• 97b1efe fix: drop node14 support
• 02495f1 chore: turn on autopublish
• f07f272 chore: bump @ npmcli/config from 6.2.1 to 7.0.0
• 9180984 chore: postinstall for dependabot template-oss PR
• 2e2eb32 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 8d5957a chore: postinstall for dependabot template-oss PR
• 60b55b8 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• 977dfe0 chore: postinstall for dependabot template-oss PR
• f51906b chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• 1f2070b chore: bump @ npmcli/template-oss from 4.12.1 to 4.14.1 (Building any npm package in OE/Yocto env run into error: npm/cli#222)
• ef2b008 chore: bump @ npmcli/template-oss from 4.12.0 to 4.12.1 (Support listing out npm cache npm/cli#194)
• 7328f8a chore: postinstall for dependabot template-oss PR
• e2443b8 chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0
• 3bd6ebd chore: postinstall for dependabot template-oss PR
• c711ff7 chore: bump @ npmcli/template-oss from 4.11.3 to 4.11.4
• a7baf44 chore: release 5.0.0 (Replaced var with const for adduser.js npm/cli#190)
• 8f61147 chore: sequential tests
• dfd3abd chore: fix race condition in test inputs
• 8b919b7 feat!: refactor
• a3643d4 chore: postinstall for dependabot template-oss PR
• 4a4808a chore: bump @ npmcli/template-oss from 4.11.0 to 4.11.3

See the full diff

Package name: libnpx

The new version differs by 5 commits.

• 84eeb54 chore(release): 10.2.4
• 7a03da5 test: patch child.js test
• 122ed5c deps: update yargs
• fa6a282 chore(release): 10.2.3
• 7d90a71 chore: update project settings, remove weall* stuff

See the full diff

Package name: licensee

The new version differs by 70 commits.

• 42aae52 9.0.0
• d84d74d Add caniuse-lite to .licensee.json
• 9e45b0f tap@16.3.0
• ed793f5 semver@7.3.7
• 12b20b5 9.0.0-pre.1
• 608f5c1 @ blueoak/list@9.0.0
• acc80c3 git rm package-lock.json
• e79776f Merge pull request [Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 #77 from jslicense/arborist
• b9e0ce6 Use tree.package.name instead of tree.name
• 53bd8b2 Fix incorrect Arborist API call
• 3117239 Refactor
• 30b2cab Fix logic error
• 64bde16 Use rimraf in unit test
• 9ea181c Call arborist.loadActual with forceActual: true
• 44a9993 @ npmcli/arborist@5.6.0
• c7cead1 Test on more newer Node.js versions
• 30e2fd4 Add unit test to Tape invocation list
• 2ae6b8b Remove npm install errors test
• 6e763fe Clobber .package-lock.json files
• cf535d2 Replace old fs.rmdir call
• ba52ba4 Remove console.log call
• fddc8c6 WIP
• 2dd7044 Configure GitHub to test on Node 12 and above
• 3e3288d WIP

See the full diff

Package name: lock-verify

The new version differs by 7 commits.

• b232554 2.2.2
• 5f9c66b update repo references
• 0b908c2 update deps
• a6d8081 2.2.1
• cd660d6 chore: add deprecation notice
• 5cb25d4 2.2.0
• adb8568 feat: include the cli as a bin

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published ([BUG] Dev dependency should not throw “unsupported platform” error when using --production flag on npm install npm/cli#2921)
• 4e493d4 chore: misc testing fixes (fix(uninstall): use correct local prefix npm/cli#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (fix(install): ignore auditLevel npm/cli#2929)
• e388255 deps: which@4.0.0 ([BUG] EACCES error with npm remove on npm@7.7.0 npm/cli#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 ([BUG] npm uninstall doesn't work in 7.7.0 npm/cli#2927)
• 4bef1ec deps: glob@10.3.10 ([BUG] npm 7.7.0 lost progress bar on npm install npm/cli#2926)
• 21a7249 chore: add check engines script to CI (Release/v7.7.0 npm/cli#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (fix(audit-level): add info audit level npm/cli#2923)
• d644ce4 docs: update applicable GitHub links from master to main ([BUG] "ERR! must provide string spec" when running "npm install" npm/cli#2843)
• 4a50fe3 chore: empty commit to add changelog entries from package-lock changes depending upon name of project folder npm/cli#2770
• 26683e9 chore: GitHub Workflows security hardening ([BUG] NPM 7.x broke the "--json" CLI parameter npm/cli#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 ([BUG] workspace packages using different major versions of the same package causes issues npm/cli#2783)
• 5746691 test: update expired certs (fix(usage): tie usage to config npm/cli#2908)
• d3615c6 Fix incorrect Xcode casing in README ([BUG] Fix ERESOLVE error output npm/cli#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python ([BUG] npm on windows can't run scripts with ".", relative paths "../" npm/cli#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after ([BUG] cannot read property 'length' of undefined with npm npm/cli#2721)
• 445c28f test: increase mocha timeout ([BUG] sudo prompt is not shown in scripts, causing install and tests to hang npm/cli#2887)
• 1bfb083 Fix Python lint error by using an f-string (feat: add exec workspaces npm/cli#2886)
• c9caa2e docs: Update windows installation instructions in README.md ([DOC] Wiki has broken link npm/cli#2882)

See the full diff

Package name: npm-registry-couchapp

The new version differs by 2 commits.

• 5a47400 3.0.0
• ff24397 remove unused www design doc

See the full diff

Package name: npmlog

The new version differs by 51 commits.

• ae1f107 chore: release 7.0.1 (docs: scoped names can begin with '.' & '_' npm/cli#134)
• add709d fix: do not enable progress while paused
• 35651cf chore: postinstall for dependabot template-oss PR
• 40ea375 chore: bump @ npmcli/template-oss from 4.5.1 to 4.6.1
• 040c663 chore: release 7.0.0 (Handle git branch references correctly npm/cli#123)
• 47f4fb1 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0
• 01dd16e deps: bump gauge from 4.0.4 to 5.0.0
• f896c8e deps: bump are-we-there-yet from 3.0.1 to 4.0.0
• 92546b8 chore: postinstall for dependabot template-oss PR
• 33b83ef chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• d4820b9 chore: postinstall for dependabot template-oss PR
• ed07d95 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• b7d204d feat!: postinstall for dependabot template-oss PR
• bd3c67b chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 36e8210 chore: postinstall for dependabot template-oss PR
• fb96681 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 4b021c3 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Update npm audit 401 error message npm/cli#112)
• 6eeb7df chore: postinstall for dependabot template-oss PR
• c0e798d chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 87e9ff0 chore(main): release 6.0.2 (dist-tag: make 'ls' the default action npm/cli#106)
• ca78ea6 chore: bump @ npmcli/template-oss from 3.2.0 to 3.4.1 (Replace hardcoded URL to advisory with a URL from audit response npm/cli#110)
• 2ee3207 chore: bump tap from 15.2.3 to 16.0.1 (Fix inline code in npm-scripts npm/cli#107)
• ab9b134 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (Release: npm@6.5.0 npm/cli#105)
• 929686c deps: update gauge requirement from ^4.0.2 to ^4.0.3 (fix(doc): move line for markdown renderers npm/cli#101)

See the full diff

Package name: read-package-json

The new version differs by 109 commits.

• eec43b7 chore: release 7.0.1 (Implements peerDependenciesMeta npm/cli#224)
• bfaffbf fix(linting): no-unused-vars
• 153cfda chore: postinstall for dependabot template-oss PR
• fae3210 chore: bump @ npmcli/template-oss to 4.22.0
• 70ebc23 chore: postinstall for dependabot template-oss PR
• cd2962f chore: bump @ npmcli/template-oss from 4.21.3 to 4.21.4
• a8d949f chore: postinstall for dependabot template-oss PR
• 1302bc7 chore: bump @ npmcli/template-oss from 4.21.1 to 4.21.3
• 653fefe chore: postinstall for dependabot template-oss PR
• 396504e chore: bump @ npmcli/template-oss from 4.19.0 to 4.21.1
• cf2a925 chore: postinstall for dependabot template-oss PR
• 82a7788 chore: bump @ npmcli/template-oss from 4.18.1 to 4.19.0
• 9815e70 chore: postinstall for dependabot template-oss PR
• 46c9b90 chore: bump @ npmcli/template-oss from 4.18.0 to 4.18.1
• c73cf0d chore: use npm 9 for CI (Replaced var with const for adduser.js npm/cli#190)
• 1f477a8 chore: Fix out-of-order ChangeLog entry (Use Installer when packaging git dependencies npm/cli#189)
• eca41e5 chore: release 7.0.0
• 3c10858 deps: bump normalize-package-data from 5.0.0 to 6.0.0
• 2845aa5 fix: drop node14 support
• beb1b31 chore: postinstall for dependabot template-oss PR
• 04c63d8 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 8f64487 chore: postinstall for dependabot template-oss PR
• 7a1f544 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• 191c78e chore: release 6.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)