[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: find-node-modules

The new version differs by 7 commits.

• d7a1ff0 Merge pull request [Snyk] Security upgrade shelljs from 0.7.6 to 0.8.5 #13 from PunChaFeng/upgrade-merge
• 2cdfee5 Update package-lock.json
• 5d91ac5 Update package.json
• 2f4a0dd 2.1.0
• 891bfcf Add package-lock.json
• dc65c2e Merge pull request [Snyk] Security upgrade find-node-modules from 2.0.0 to 2.1.1 #11 from sebelga/chore/update-findup-sync-dep
• 4bcc026 chore(deps): update findup-sync from 3.0.0 to 4.0.0

See the full diff

Package name: shelljs

The new version differs by 108 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (bug: issue with LRU cache, cannot execute git-cz commitizen/cz-cli#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (updated 404 url commitizen/cz-cli#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (chore(deps): update all non-major dependencies commitizen/cz-cli#903)
• 4bd22e7 chore(ci): fix codecov on travis (Why are there no releases anymore? commitizen/cz-cli#897)
• 2b3b781 fix: silent exec (chore(deps) Update dependency semantic-release to v19 - autoclosed commitizen/cz-cli#892)
• 37acb86 chore(npm): add ci-or-install script (chore(deps): update all non-major dependencies to v7.17.0 commitizen/cz-cli#896)
• 4e861db chore(appveyor): run entire test matrix (chore(deps): update dependency conventional-changelog-conventionalcommits to v4.6.2 commitizen/cz-cli#886)
• d079515 docs: remove gitter badge (chore: remove unused Travis-CI config commitizen/cz-cli#880)
• 4113a72 grep includes the i flag (chore(deps) Update dependency strip-json-comments to v4 commitizen/cz-cli#876)
• 8dae55f Fix(which): match only executable files (fix(deps): update dependency inquirer to v8 commitizen/cz-cli#874)
• 6d66a1a chore: rename some tests (chore(deps): update dependency sinon to v12 commitizen/cz-cli#871)
• 131b88f Fix cp from readonly source (chore(deps): update dependency sinon to v11 - autoclosed commitizen/cz-cli#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (Ownership of find-node-modules commitizen/cz-cli#863)
• 72ff790 chore: bump dev dependencies and add package-lock (build(node versions): - Deprecates Node 10 and adds current LTS versions commitizen/cz-cli#864)
• 93bbf68 Prevent require-ing bin/shjs (filter type input commitizen/cz-cli#848)
• aa9d443 chore: output npm version in travis (signed-off-by commitizen/cz-cli#850)
• 4733a32 chore(appveyor): do not use latest npm (git commit -m to pre-fill commit title commitizen/cz-cli#847)
• dd5551d chore: update shelljs-release version (cz.json version mismatch merge conflict commitizen/cz-cli#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Privilege Management
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn