[Snyk] Fix for 30 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-FIREBASEUTIL-1038324	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	Yes	Proof of Concept
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	No	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-SWIPER-1088062	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-543307	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-WEBPACKBUNDLEANALYZER-174190	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/pubsub

The new version differs by 119 commits.

• 2fe206b feat: release @ google-cloud/pubsub v0.21.0 (+ Add startTs and upcoming concept likecoin/like-co#333)
• b852c58 fix(deps): update dependency google-gax to ^0.22.0 (Change tab bar layout likecoin/like-co#335)
• f465ba9 chore(deps): update dependency gts to ^0.9.0 (= Fine tune cookies param & lang attr likecoin/like-co#334)
• f9466ce chore: update eslintignore config (Best effort mission sorting likecoin/like-co#332)
• f50b95d chore(build): eslint all js files, and use js for all generated files (! Fix missing close button in MissionDialog likecoin/like-co#331)
• e2444d9 refactor: drop dependencies on google-proto-files and async (Email notification of tx complete cannot show decimal places likecoin/like-co#329)
• e0b4518 docs(samples): update samples to use async/await (+ Make locale loading async likecoin/like-co#305)
• aa9c442 chore(deps): update dependency @ google-cloud/nodejs-repo-tools to v3 (+ Show MyAccount in txDialog if already in tokensale page likecoin/like-co#328)
• f551564 refactor: use Object.assign where possible (Fix mission list style likecoin/like-co#324)
• 5c8b2e0 chore: drop contributors from multiple places (Add error messages to register form likecoin/like-co#325)
• cdcc23f chore(deps): update dependency @ types/is to v0.0.21 (! Fix single input form ui likecoin/like-co#323)
• 8c1efa6 refactor(ts): introduce a round of types (+ Add loading indicator for pending mission likecoin/like-co#319)
• f50fd13 chore: use latest npm on Windows (+ Add cumulative mission bonus history likecoin/like-co#322)
• 6cd4da3 fix(deps): update dependency through2 to v3 (Fix misplaced social links in home page likecoin/like-co#320)
• bb357fc refactor(ts): enable noImplicitThis (Fix mission dialog likecoin/like-co#316)
• 6c74961 Add Pub/Sub ack deadline example (Update nightwatch to the latest version 🚀 likecoin/like-co#315)
• f8bd0ae refactor(ts): convert to typescript (= Lazy load ledger packages likecoin/like-co#310)
• 1984bce chore: update CircleCI config (= Use local timeoffset in txHistory likecoin/like-co#309)
• 13b9451 chore: include build in eslintignore (Fix naive bug of mission page likecoin/like-co#304)
• c79c28c chore(deps): update dependency eslint-plugin-node to v8 (+ Add copy like.co link function in TrustDialog likecoin/like-co#300)
• c16287a chore: update issue templates (Update index.js likecoin/like-co#299)
• 54b04b4 chore: remove old issue template (Add bonus menu item likecoin/like-co#297)
• bfdf7e6 build: run tests on node11 (Add home button to sliding menu likecoin/like-co#296)
• a36bc31 chores(build): do not collect sponge.xml from windows builds (* Adjust more bonus button likecoin/like-co#295)

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• a99fac5 Updates SDK to v2.1354.0
• 62847a4 Bump xml2js to 0.5.0 (#4389)
• 56ad952 Updates SDK to v2.1353.0
• 8a20e16 Updates SDK to v2.1352.0
• d39ba59 Updates SDK to v2.1351.0
• 3ee782c Updates SDK to v2.1350.0
• 8dcb3e2 Updates SDK to v2.1349.0
• cc11160 Updates SDK to v2.1348.0
• c58ec67 Updates SDK to v2.1347.0
• ded882e Updates SDK to v2.1346.0
• 2a4e007 Updates SDK to v2.1345.0
• d21d111 Updates SDK to v2.1344.0
• 1c27481 Updates SDK to v2.1343.0
• 31f179d Updates SDK to v2.1342.0
• 7a4205c Updates SDK to v2.1341.0
• f990ba2 Updates SDK to v2.1340.0
• 05a0d49 Updates SDK to v2.1339.0
• f04a795 Updates SDK to v2.1338.0
• eba3268 Updates SDK to v2.1337.0
• 512728e Updates SDK to v2.1336.0
• 7b8436a Updates SDK to v2.1335.0
• f3bfd44 add Makefile to .gitignore (#4370)
• ac41da1 Updates SDK to v2.1334.0
• 4c9c49d delete Makefile

See the full diff

Package name: body-parser

The new version differs by 145 commits.

• 424dadd 1.19.2
• 11248a2 deps: [email protected]
• 7a088eb build: [email protected]
• ecedf31 build: [email protected]
• b6bfabd build: [email protected]
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: [email protected]
• 70560b1 build: [email protected]
• 548a06f build: [email protected]
• 3b00678 deps: [email protected]
• d5acb61 build: [email protected]
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: [email protected]
• c631b58 build: [email protected]
• c81a8e2 build: [email protected]
• 3c4dcb8 build: [email protected]
• d0a214b 1.19.1
• fb172d4 build: [email protected]
• c5e63cb build: [email protected]
• c6d43bd build: [email protected]
• 313ed6d build: [email protected]
• 8389b51 deps: [email protected]
• aae94b2 deps: [email protected]
• 7f84d4f deps: [email protected]

See the full diff

Package name: express

The new version differs by 193 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: sharp

The new version differs by 250 commits.

• db654de Release v0.30.5
• a6aeef6 Install: pass `PKG_CONFIG_PATH` via env rather than substitution
• 7bf6cbd Docs: correct links to libvips documentation
• 04c31b3 Install: warn about filesystem owner running npm v8+ as root
• ee9cdb6 Bump deps
• 8960eb8 Docs: changelog entry for #3218
• 54d9dc4 Fix rotate-then-extract for EXIF orientation 2 (#3218)
• 51b4a7c Add support for --libc flag to improve cross-platform install (#3160)
• 5b03579 Docs: more details about concurrency, parallelism, threads
• 58c2af3 Docs: improve output format info for toBuffer
• ee948ac Docs: changelog and credit for #3196
• 66a3ce5 Allow installation of prebuilt libvips binary from filesystem (#3196)
• 75e5afc Docs: fix typo in gif example (#3201)
• d396a4e Release v0.30.4
• ae1dbcd Bump deps
• 4c29368 Docs: EXIF metadata unsupported for TIFF output #3074
• 36e5596 Docs: mention npm's foreground-scripts option to aid debugging
• 985e881 Bump deps
• 0b11671 Docs: changelog for #3178
• 9deac83 Add missing file name to 'Input file is missing' error message (#3178)
• 5d36f5f Improve error message for SVG render above limit #3167
• 926572b Control sensitivity to invalid images via failOn
• d0c8e95 Docs: expand info about use with worker threads
• b0ca23c Docs: changelog and credit for #3146

See the full diff

Package name: url-parse

The new version differs by 81 commits.

• ad23357 1.5.9
• 0e3fb54 [fix] Strip all control characters from the beginning of the URL
• 61864a8 [security] Add credits for CVE-2022-0686
• bb0104d 1.5.8
• d5c6479 [fix] Handle the case where the port is specified but empty
• 4f2ae67 [security] Add credits for CVE-2022-0639
• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to `url.href` ([Mac Firefox- All Language] P2P page broken likecoin/like-co#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request + Add swiper for invitee list likecoin/like-co#223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• 4e53a8c [doc] Document that the returned hostname might be invalid
• 9be7ee8 [fix] Correctly handle userinfo containing the at sign
• f7774f6 [security] Fix typos in SECURITY.md
• 82c4908 [dist] 1.5.4
• e324874 [doc] Remove dependency status badge
• 5e8a444 [ci] Test on node 17
• a72a5c6 [doc] Remove "made by" and IRC badges
• e9a8353 [ci] Update coverallsapp/github-action action to version 1.1.3

See the full diff

Package name: vue-awesome-swiper

The new version differs by 91 commits.

• fe09013 chore(release): 4.0.0
• 26d6048 Update badges
• ddd371e Update configs
• c4beddb Update NPM badge color
• 3be844f Update test script
• 5eb31e7 Update release note
• 046738b chore(release): 4.0.0-rc.1
• 57243d1 Improve doc text
• 05a3208 Fix event path
• d9fc6ae Rename methods
• 9bf468a Update document
• 76274c6 Update document
• 8c2a12f Update document
• 4838fb7 Update document
• 3992f36 Update document
• 5182e08 Update document
• e667e41 Update document
• 59d0c84 Update logo size
• 3abb83b Remove dist dir
• 81ecf8f Merged Swiper5 as v4.0.0
• 84fd4df Update homepage url
• 285207f Add component logo and improve documents
• bc17c76 Update cdn link
• 9b40e31 Update document

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn