[Snyk] Fix for 5 vulnerabilities

[aliceUnhinged613]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-FASTJSONPATCH-3182961	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: addons-linter

The new version differs by 250 commits.

• 969afa7 5.27.0
• 7a68ae8 Use vendored `ajv-merge-patch` library (#4678)
• 0e8aac7 chore(deps): bump @ mdn/browser-compat-data from 5.2.28 to 5.2.29 (#4680)
• 5627091 chore(deps): bump eslint from 8.31.0 to 8.32.0 (#4674)
• 51d1a42 chore(deps): bump glob from 8.0.3 to 8.1.0 (#4675)
• 5d6da74 chore(deps-dev): bump prettier from 2.8.2 to 2.8.3 (#4676)
• 4b776e4 chore(deps): bump @ mdn/browser-compat-data from 5.2.27 to 5.2.28 (#4677)
• a7adec8 chore(deps): bump @ mdn/browser-compat-data from 5.2.26 to 5.2.27 (#4671)
• 9af4f17 5.26.0
• bc2d5ef Ensure empty ZIP files will output results when auto-close feature is disabled (#4662)
• 5563f11 chore: Added unit tests for the dnr manifest fields validation (#4667)
• afb6da8 chore(deps): bump addons-scanner-utils from 8.2.0 to 8.3.0 (#4668)
• 06e4a04 feat: Imported Firefox 109.0b9 API schema (#4655)
• a119bf9 chore(deps): bump postcss from 8.4.20 to 8.4.21 (#4666)
• 36b48e2 chore(deps): bump fluent-syntax from 0.13.0 to 0.14.0 (#4665)
• 22a3074 chore(deps-dev): bump prettier from 2.8.1 to 2.8.2 (#4664)
• 298b869 chore(deps): bump @ mdn/browser-compat-data from 5.2.25 to 5.2.26 (#4663)
• a142244 Prevent errors when permissions in manifest.json isn't an array (#4660)
• e1f8902 chore(deps): bump addons-scanner-utils from 8.1.0 to 8.2.0 (#4656)
• 08c04e5 chore(deps-dev): bump babel-loader from 9.1.0 to 9.1.2 (#4659)
• 6e215ee chore(deps): bump @ mdn/browser-compat-data from 5.2.24 to 5.2.25 (#4658)
• 446b1f0 chore(deps-dev): bump @ babel/core from 7.20.7 to 7.20.12 (#4657)
• e2495d7 chore(deps): bump ajv from 8.11.2 to 8.12.0 (#4653)
• ecfbb7e chore(deps-dev): bump eslint-config-amo from 5.6.0 to 5.7.0 (#4651)

See the full diff

Package name: watchpack

The new version differs by 179 commits.

• c42f625 2.0.0
• 39d556d 2.0.0-beta.15
• e8010ae Merge pull request fix(): Increased test timeout for Travis mozilla/web-ext#175 from webpack/bugfix/plan-merging
• dc01813 add time logging to test, make test faster, increase timeout
• fe75d0d wait longer before starting testing
• c25701b avoid recursive watchers in the root of the filesystem
• 295b564 fix priority calculation
• 90a1c98 allow nested watchers in plan
• 8014a39 improve ManyWatcher test for nested watching
• 0f88e2e fix parent connections in reducePlan
• a54e09b check if watchers work as expected
• 9ec3868 Merge pull request Tracker: Set defaults for all options using a config file mozilla/web-ext#176 from webpack/feature/logging
• 0158fd5 increase timeout for large test
• b4454e4 enable logging on CI
• 994f2b0 add logging
• ce3b818 2.0.0-beta.14
• 84a833e Merge pull request Update grunt to version 1.0.0 🚀 mozilla/web-ext#170 from webpack/bugfix/watcher-limit
• 224fc1f remove console.log
• b6f5b2c update azure to node 14
• 732f8b7 create less watchers when no options are passed
• 7c197b4 bugfix incorrect type
• c48c3d2 improve test case for multiple files
• ff2cdb4 improve how polling is scheduled to reduce load
• eb608fa improve test and cost function

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)