[Snyk] Upgrade: , async-each, git-url-parse, ora, path-exists, shelljs, yargs

[nurrony]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@babel/polyfill
from 7.2.5 to 7.12.1 | 12 versions ahead of your current version | 4 years ago
on 2020-10-15
async-each
from 1.0.1 to 1.0.6 | 5 versions ahead of your current version | 2 years ago
on 2023-02-04
git-url-parse
from 11.1.2 to 14.1.0 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-15
ora
from 4.0.3 to 8.0.1 | 22 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-12-23
path-exists
from 3.0.0 to 5.0.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
on 2021-08-12
shelljs
from 0.8.3 to 0.8.5 | 2 versions ahead of your current version | 3 years ago
on 2022-01-07
yargs
from 7.1.0 to 17.7.2 | 116 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-04-27

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	571	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	571	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	571	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	571	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	571	Proof of Concept
	Improper Input Validation SNYK-JS-PARSEURL-3024398	571	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	571	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	571	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	571	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	571	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	571	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	571	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	571	Proof of Concept

Release notes

Package name: @babel/polyfill

• 7.12.1 - 2020-10-15
• 7.11.5 - 2020-08-31
• 7.10.4 - 2020-06-30
• 7.10.1 - 2020-05-27
• 7.8.7 - 2020-03-05
• 7.8.3 - 2020-01-13
• 7.8.0 - 2020-01-12
• 7.7.0 - 2019-11-05
• 7.6.0 - 2019-09-06
• 7.4.4 - 2019-04-26
• 7.4.3 - 2019-04-02
• 7.4.0 - 2019-03-19
• 7.2.5 - 2018-12-21

from @babel/polyfill GitHub release notes

Package name: async-each

• 1.0.6 - 2023-02-04
  No content.
• 1.0.5 - 2023-01-29
  No content.
• 1.0.4 - 2023-01-28
  

  Full Changelog: 1.0.3...1.0.4

• 1.0.3 - 2019-04-16
  

  Release 1.0.3.

• 1.0.2 - 2019-03-14
  

  Release 1.0.2.

• 1.0.1 - 2016-08-24
  

  Release 1.0.1.

from async-each GitHub release notes

Package name: git-url-parse

• 14.1.0 - 2024-07-15
  

  fix parsing with 'blob' in file path /cc #168

• 14.0.0 - 2024-01-02
  

  Reencode owner and repo names -- thanks @ lfcyja 🍰

• 13.1.1 - 2023-10-19
  

  fixed name and organization issue when parsing on the issue URL

• 13.1.0 - 2022-09-16
  

  Add edit filetype support /cc #146 -- thanks @ ggdaltoso! 🍰

• 13.0.0 - 2022-08-30
  

  git-url-parse@13.0.0

  • Fix shorthand urls. Fix #147.
  • Custom SSH User support. /cc #142 -- thanks @ privatenumber!

  There are breaking changes due to the update to parse-url@^8.0.0. ✨

• 12.0.0 - 2022-06-27
  

  git-url-parse 12.0.0

  This is a major release fixing several issues and improving the security of the project.

  Breaking changes

  • VSTS SSH URLs may give unexpected results — I left a TODO in the tests to remind us to fix it.
  • For shorthand urls use the href property instead of pathname.
  • The user and password properties are now parsed separately.

  For other potential breaking changes, you may want to check out the release of git-up.

  Issues Fixed

  • Fixes #102 — Support GitHub usernames with numbers (only numbers).
  • Fixes #130 — Update git-up
  • Fixes #135

  If you have any suggestions and questions let me know. 😊

• 11.6.0 - 2021-09-06
  

  Fix parsing Bitbucket Server urls with files located in subfolders -- thanks @ goober! 🍰

• 11.5.0 - 2021-06-29
  

  Add support for Bitbucket Server repository root and commit endpoints /cc #128 -- thanks @ goober 🍰

• 11.4.4 - 2021-01-27
  

  Add Azure DevOps parsing git branch /cc #124 Thanks @ n2ygk! 🍰

• 11.4.3 - 2020-12-15
• 11.4.1 - 2020-12-15
• 11.4.0 - 2020-10-22
• 11.3.0 - 2020-09-30
• 11.2.0 - 2020-09-04
• 11.1.3 - 2020-08-09
• 11.1.2 - 2019-01-03

from git-url-parse GitHub release notes

Package name: ora

• 8.0.1 - 2023-12-23
  
  • Fix the process not exiting 89a1f31

  v8.0.0...v8.0.1

• 8.0.0 - 2023-12-22
  

  Breaking

  • Require Node.js 18 675590f

  Improvements

  • Update dependencies 675590f

  v7.0.1...v8.0.0

• 7.0.1 - 2023-08-01
  
  • Fix missing dependency (#228) 1dc1ece

  v7.0.0...v7.0.1

• 7.0.0 - 2023-07-28
  

  Breaking

  • Require Node.js 16 0e96acd

  v6.3.1...v7.0.0

• 6.3.1 - 2023-05-15
  
  • Fix Node.js 12 compatibility 4b1c2be

  v6.3.0...v6.3.1

• 6.3.0 - 2023-03-24
  
  • Add suffixText option (#223) 2378eaf

  v6.2.0...v6.3.0

• 6.2.0 - 2023-03-19
  
  • Add spinners export to be able to access all available spinners (#222) f2ac111

  v6.1.2...v6.2.0

• 6.1.2 - 2022-06-27
  
  • Revert "Fix preserving stdin's pause state (#210)" f4e03ea
    • Reason: #211

  v6.1.1...v6.1.2

• 6.1.1 - 2022-06-26
  
  • Fix preserving stdin's pause state (#210) 77ccc1e

  v6.1.0...v6.1.1

• 6.1.0 - 2022-02-21
  
  • Expose the spinner interval as a getter 447812b
  • Internal refactoring. If you use any undocumented properties, this may break for you.

  v6.0.1...v6.1.0

• 6.0.1 - 2021-09-13
• 6.0.0 - 2021-08-23
• 5.4.1 - 2021-06-08
• 5.4.0 - 2021-03-17
• 5.3.0 - 2021-01-20
• 5.2.0 - 2020-12-29
• 5.1.0 - 2020-09-06
• 5.0.0 - 2020-08-07
• 4.1.1 - 2020-08-07
• 4.1.0 - 2020-08-06
• 4.0.5 - 2020-07-17
• 4.0.4 - 2020-04-21
• 4.0.3 - 2019-11-13

from ora GitHub release notes

Package name: path-exists

• 5.0.0 - 2021-08-12
  

  Breaking

  • Require Node.js 12.20 3e66105
  • This package is now pure ESM. Please read this.
  • Changed from a default export to named exports.

  v4.0.0...v5.0.0

• 4.0.0 - 2019-04-04
  

  Breaking:

  • Require Node.js 8 (#10) ee2d762

  Enhancements:

  • Add TypeScript definition (#10) ee2d762

  v3.0.0...v4.0.0

• 3.0.0 - 2016-05-01
  

  3.0.0

from path-exists GitHub release notes

Package name: shelljs

• 0.8.5 - 2022-01-07
  

  This was a small security fix for #1058.

• 0.8.4 - 2020-04-25
  

  Small patch release to fix a circular dependency warning in node v14. See #973.

• 0.8.3 - 2018-11-13
  

  Closed issues:

  • Shelljs print stderr to console even if exec-only "silent" is true #905
  • refactor: remove common.state.tempDir #902
  • Can't suppress stdout for echo #899
  • exec() doesn't apply the arguments correctly #895
  • shell.exec('npm pack') painfully slow #885
  • shelljs.exec cannot find app.asar/node_modules/shelljs/src/exec-child.js #881
  • test infra: mocks and skipOnWin conflict #862
  • Support for shell function completion on IDE #859
  • echo command shows options in stdout #855
  • silent does not always work #851
  • Appveyor installs the latest npm, instead of the latest compatible npm #844
  • Force symbolic link (ln -sf) does not overwrite/recreate existing destination #830
  • inconsistent result when trying to echo to a file #798
  • Prevent require()ing executable-only files #789
  • Cannot set property to of [object String] which has only a getter #752
  • which() should check executability before returning a value #657
  • Bad encoding experience #456
  • phpcs very slow #440
  • Error shown when triggering a sigint during shelljs.exec if process.on sigint is defined #254
  • .to\(file\) does not mute STDIO output #146
  • Escaping shell arguments to exec() #143
  • Allow multiple string arguments for exec() #103
  • cp does not recursively copy from readonly location #98
  • Handling permissions errors on file I/O #64

  Merged pull requests:

  • Add test case for sed on empty file #904 (wyardley)
  • refactor: don't expose tempdir in common.state #903 (nfischer)
  • chore(ci): fix codecov on travis #897 (nfischer)
  • chore(npm): add ci-or-install script #896 (nfischer)
  • Fix silent exec #892 (nfischer)
  • chore(appveyor): run entire test matrix #886 (nfischer)
  • docs: remove gitter badge #880 (nfischer)
  • grep includes the i flag #876 (ppsleep)
  • Fix(which): match only executable files (#657) #874 (termosa)
  • chore: rename some tests #871 (nfischer)
  • Fix cp from readonly source #870 (nfischer)
  • chore: bump dev dependencies and add package-lock #864 (nfischer)
  • fix(mocks): fix conflict between mocks and skip #863 (nfischer)
  • chore: output npm version in travis #850 (nfischer)
  • Prevent require-ing bin/shjs #848 (freitagbr)
  • chore(appveyor): do not use latest npm #847 (nfischer)
  • chore: update shelljs-release version #846 (nfischer)

from shelljs GitHub release notes

Package name: yargs

• 17.7.2 - 2023-04-27
  

  17.7.2 (2023-04-27)

  Bug Fixes

  • do not crash completion when having negated options (#2322) (7f42848)
• 17.7.1 - 2023-02-21
  

  17.7.1 (2023-02-21)

  Bug Fixes

  • address display bug with default sub-commands (#2303) (9aa2490)
• 17.7.0 - 2023-02-16
  

  17.7.0 (2023-02-13)

  Features

  • add method to hide option extras (#2156) (2c144c4)
  • convert line break to whitespace for the description of the option (#2271) (4cb41dc)

  Bug Fixes

  • copy the description of the option to its alias in completion (#2269) (f37ee6f)
• 17.6.2 - 2022-11-03
  

  17.6.2 (2022-11-03)

  Bug Fixes

  • deps: update dependency yargs-parser to v21.1.1 (#2231) (75b4d52)
  • lang: typo in Finnish unknown argument singular form (#2222) (a6dfd0a)
• 17.6.1 - 2022-11-02
  

  17.6.1 (2022-11-02)

  Bug Fixes

  • lang: fix "Not enough non-option arguments" message for the Czech language (#2242) (3987b13)
• 17.6.0 - 2022-10-01
• 17.5.1 - 2022-05-16
• 17.5.0 - 2022-05-11
• 17.4.1 - 2022-04-09
• 17.4.0 - 2022-03-19
• 17.3.1 - 2021-12-23
• 17.3.0 - 2021-11-30
• 17.2.1 - 2021-09-25
• 17.2.0 - 2021-09-23
• 17.1.1 - 2021-08-13
• 17.1.1-candidate.0 - 2021-08-13
• 17.1.0 - 2021-08-04
• 17.1.0-candidate.0 - 2021-07-15
• 17.0.2-candidate.1 - 2021-07-15
• 17.0.2-candidate - 2021-07-10
• 17.0.1 - 2021-05-03
• 17.0.0 - 2021-05-02
• 17.0.0-candidate.13 - 2021-04-26
• 17.0.0-candidate.12 - 2021-04-12
• 17.0.0-candidate.11 - 2021-04-11
• 17.0.0-candidate.10 - 2021-04-04
• 17.0.0-candidate.9 - 2021-04-04
• 17.0.0-candidate.8 - 2021-03-26
• 17.0.0-candidate.7 - 2021-03-14
• 17.0.0-candidate.6 - 2021-03-11
• 17.0.0-candidate.5 - 2021-03-10
• 17.0.0-candidate.4 - 2021-03-08
• 17.0.0-candidate.3 - 2021-02-22
• 17.0.0-candidate.2 - 2021-02-16
• 17.0.0-candidate.1 - 2021-02-15
• 17.0.0-candidate.0 - 2021-01-09
• 16.2.0 - 2020-12-05
• 16.1.1 - 2020-11-15
• 16.1.0 - 2020-10-16
• 16.0.4-candidate.0 - 2020-09-21
• 16.0.3 - 2020-09-10
• 16.0.2 - 2020-09-09
• 16.0.1 - 2020-09-09
• 16.0.0 - 2020-09-09
• 16.0.0-beta.3 - 2020-09-08
• 16.0.0-beta.2 - 2020-09-08
• 16.0.0-beta.1 - 2020-08-27
• 16.0.0-beta.0 - 2020-08-22
• 16.0.0-alpha.3 - 2020-08-19
• 16.0.0-alpha.2 - 2020-08-17
• 16.0.0-alpha.1 - 2020-08-17
• 16.0.0-alpha.0 - 2020-08-17
• 15.5.0-candidate.0 - 2021-02-22
• 15.4.1 - 2020-07-10
• 15.4.0 - 2020-07-02
• 15.4.0-beta.1 - 2020-07-01
• 15.4.0-beta.0 - 2020-05-15
• 15.3.2-beta.0 - 2020-04-17
• 15.3.1 - 2020-03-16
• 15.3.1-beta.0 - 2020-03-12
• 15.3.0 - 2020-03-08
• 15.3.0-beta.1 - 2020-03-08
• 15.3.0-beta.0 - 2020-03-02
• 15.2.0 - 2020-03-01
• 15.2.0-beta.2 - 2020-03-01
• 15.2.0-beta.1 - 2020-02-29
• 15.2.0-beta.0 - 2020-02-24
• 15.1.0 - 2020-01-02
• 15.0.2 - 2019-11-19
• 15.0.1 - 2019-11-16
• 15.0.0 - 2019-11-10
• 14.2.3 - 2020-03-13
• 14.2.2 - 2019-11-19
• 14.2.1 - 2019-10-30
• 14.2.0 - 2019-10-07
• 14.1.0 - 2019-09-06
• 14.0.0 - 2019-07-30
• 13.3.2 - 2020-03-13
• 13.3.0 - 2019-06-10
• 13.2.4 - 2019-05-13
• 13.2.2 - 2019-03-06
• 13.2.1 - 2019-02-18
• 13.2.0 - 2019-02-15
• 13.1.0 - 2019-02-12
• 13.0.0-candidate.0 - 2019-02-02
• 12.0.5 - 2018-11-19
• 12.0.4 - 2018-11-10
• 12.0.3-candidate.0 - 2018-10-06
• 12.0.2 - 2018-09-04
• 12.0.1 - 2018-06-29
• 12.0.0 - 2018-06-26
• 12.0.0-candidate.0 - 2018-04-04
• 11.1.1 - 2019-10-07
• 11.1.0 - 2018-03-04
• 11.0.0 - 2018-01-22
• 10.1.2 - 2018-01-17
• 10.1.1 - 2018-01-09
• 10.1.0 - 2018-01-01
• 10.0.3 - 2017-10-21
• 10.0.2 - 2017-10-21
• 10.0.1 - 2017-10-19
• 10.0.0 - 2017-10-18
• 10.0.0-alpha.4 - 2017-10-18
• 10.0.0-alpha.3 - 2017-10-17
• 10.0.0-alpha.2 - 2017-10-16
• 10.0.0-alpha.1 - 2017-10-14
• 10.0.0-alpha.0 - 2017-10-13
• 9.0.1 - 2017-09-17
• 9.0.0 - 2017-09-03
• 8.0.2 - 2017-06-12
• 8.0.1 - 2017-05-02
• 8.0.0 - 2017-05-01
• 8.0.0-candidate.1 - 2017-05-01
• 8.0.0-candidate.0 - 2017-04-15
• 7.1.2 - 2021-04-25
• 7.1.1 - 2020-05-22
• 7.1.0 - 2017-04-13

from yargs GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs