[Snyk] Fix for 37 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-BINLINKS-537609	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-BINLINKS-537610	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fast-glob

The new version differs by 114 commits.

• 03201ed fix(settings): set the `concurrency` option to count of CPUs
• d777111 build(package): drop unused dependencies
• e62d2d1 build(package): bump version to 3.0.0
• caeeda9 Merge pull request meminta agar konten yang melanggar, segera diubah atau dihapus.  greenkeeperio/greenkeeper-lockfile#203 from mrmlnc/ISSUE-155_update_documentation
• 27ae4b2 docs(settings): update description of options
• 1f853bc docs(readme): update documentation
• 0ba6dc0 refactor(benchmark): update suites
• c1d686c refactor(index): export some userful types
• d64c24f build(benchmark): add suite for stream API
• 40a1096 Merge pull request Question: Why is lockfile semver locked to @1? greenkeeperio/greenkeeper-lockfile#202 from mrmlnc/ISSUE-181_async_method_as_default_method
• ccde25e refactor: set async method as default method
• 87ed886 Merge pull request Update dependencies to enable Greenkeeper 🌴 greenkeeperio/greenkeeper-lockfile#201 from mrmlnc/issue-199_match_base_fix
• 68133f8 fix: the `baseNameMatch` option now work
• f4c443a refactor: `matchBase` → `baseNameMatch`
• c58ba78 test(smoke): add some smoke tests
• f3642dc Merge pull request feat(security): update lodash & deps greenkeeperio/greenkeeper-lockfile#200 from mrmlnc/fix_some_issues
• b32842d fix: support AsyncIterator for stream API
• 9b04800 refactor(settings): simplify the `deep` option
• 2b5bc54 fix(settings): correct default value for `throwErrorOnBrokenSymbolicLink`
• 9ab065b refactor: change some types
• 09f0107 feat: infer type of the output values
• a505273 feat: introduce `objectMode` option
• 111dbf1 refactor: drop `transform` option
• 2af2623 fix(providers): enable "posix" micromatch option

See the full diff

Package name: semantic-release

The new version differs by 203 commits.

• 45695b9 fix(package): update @ semantic-release/commit-analyzer to version 8.0.0
• 3c7b114 fix(package): update @ semantic-release/release-notes-generator to version 9.0.0
• f2b5826 fix(package): update @ semantic-release/npm to version 7.0.0
• c48bd3a fix(package): update @ semantic-release/github to version 7.0.0
• bc97537 test: fix copy/paste typo in test titles
• c7e461d docs: add `@ saithodev/semantic-release-gitea` to community plugins
• ef1b8a0 chore(package): update ava to version 3.1.0
• bec57cd chore: require Node.js >=10.18
• c6b1076 fix: correct error when remote repository has no branches
• b54b20d fix: use `--no-verify` when testing the Git permissions
• 88fe819 docs: fix typo
• 559c152 docs(README): update minimal required Node version / FAQ link (#1422)
• 31e7876 docs(travis): build on all branches by default
• 8c0490d docs: replacing firefox plugin in the list (#1416)
• 6b5b02e fix: fetch tags on repo cached by the CI
• 28b5480 docs: correct plugin execution order
• 3739ab5 fix(package): update env-ci to version 5.0.0
• 11665b2 chore(package): update dependencies
• 0785a84 fix: update plugin versions
• 152bf45 Merge remote-tracking branch 'origin/beta'
• 3ba8f2a Merge remote-tracking branch 'origin/master' into beta
• a8c747d feat: pass `envi-ci` values to plugins context
• fc70726 chore: add Mockserver generated file to gitignore
• fc7205d fix: correctly display command that errored out in logs

See the full diff

Package name: sinon

The new version differs by 250 commits.

• 6547aa1 16.1.2
• 9ea3d5b Fix hooks-install
• 6c28d07 16.1.1
• ff0e993 Showcase #replace.usingAccessor for DI in the typescript case study (#2556)
• c47a4be Bump @ babel/traverse from 7.22.5 to 7.23.2 (#2555)
• f0d250b Add TOC feature to articles (#2554)
• 737736f 16.1.0
• cac5184 Enable use of assignment in the presence of accessors (#2538)
• f8c20e5 New article: making Sinon work with complex setups (#2540)
• cb5b962 Add NPM script 'dev-docs' and document its usage
• dd7c609 Add a little update to contributing
• 79acdf3 Move tool versions into single file at root
• 03b1db5 Expose Changelog page (#2550)
• e1c3dad Add section on tooling and recommend using ASDF for tool versioning (#2547)
• 062e318 16.0.0
• c339605 fix(2525): ensure non empty message when error of type string is passed, but no message (#2544)
• 8d1f85b Modernize build script syntax slightly (#2546)
• 67a8cea docs(sandbox): fix example that defines a non-function property (#2543)
• baa1aee .define method (#2539)
• 2ddf7ff Bump actions/checkout from 3 to 4 (#2542)
• 5fc17c7 Remove dead code
• fe799e7 Fix issue 2534: spies are not restored (#2535)
• 305fb6c fix: actaully reset 'injectedKeys' (#2456)
• 8186280 Bump word-wrap from 1.2.3 to 1.2.4 (#2526)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary File Overwrite
🦉 More lessons are available in Snyk Learn