[Snyk] Fix for 17 vulnerabilities

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	521/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	No	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @seadub/danger-plugin-junit

The new version differs by 202 commits.

• 267c8a3 chore(release): 0.3.0 [skip ci]
• e34dddd ci(github): use node 14 for release action
• e21dbf4 build(deps): update to latest xmldom package
• 84baeaf style: fix lint error
• f1ccd98 build: update jest related dependencies
• 775937e feat: allow calling warn instead of fail for failed tests
• e974756 build(deps): [security] bump tar from 6.1.0 to 6.1.3
• 35f3f2f build(deps-dev): bump @ types/node from 16.4.7 to 16.4.10
• 094ef35 build(deps-dev): bump @ types/node from 16.4.6 to 16.4.7
• e551326 build(deps-dev): bump @ types/node from 16.4.5 to 16.4.6
• 21ce750 build(deps-dev): bump @ types/node from 16.4.3 to 16.4.5
• 8bf64de build(deps-dev): bump @ types/node from 16.4.1 to 16.4.3
• 6f21e38 build(deps-dev): bump lint-staged from 11.1.0 to 11.1.1
• 32adc78 build(deps-dev): bump @ types/node from 16.4.0 to 16.4.1
• c8730de build(deps-dev): bump lint-staged from 11.0.1 to 11.1.0
• a177c57 build(deps-dev): bump @ types/node from 16.3.3 to 16.4.0
• 5fa5549 build(deps-dev): bump @ types/node from 16.3.2 to 16.3.3
• 029c262 build(deps-dev): bump @ types/node from 16.3.1 to 16.3.2
• 9a63e24 build(deps-dev): bump lint-staged from 11.0.0 to 11.0.1
• e93bf4a build(deps-dev): bump @ types/node from 16.3.0 to 16.3.1
• 32f7c7c build(deps-dev): bump @ types/node from 16.0.1 to 16.3.0
• 149b1d9 build(deps-dev): bump @ types/node from 16.0.0 to 16.0.1
• 963c54d build(deps-dev): bump @ types/jest from 26.0.23 to 26.0.24
• d2b1a80 build(deps-dev): bump husky from 7.0.0 to 7.0.1

See the full diff

Package name: commitizen

The new version differs by 53 commits.

• 0939910 ci(release): defined a github workflow to release with semantic-release (chore(deps-dev): bump eslint from 7.32.0 to 8.6.0 tidev/vscode-titanium#923)
• 757a806 chore(deps): update all non-major dependencies
• 25dc80c fix: fix the "isFunction" utility to match both "asyncFunction"s and "Function"s (chore(deps-dev): bump @vscode/test-electron from 1.6.2 to 2.0.1 tidev/vscode-titanium#927)
• fc283fb chore(deps): update dependency semver to v7.3.7
• c35a3c7 chore(deps): update all non-major dependencies
• 69de704 fix(deps): update all non-major dependencies
• e79f3ee chore(deps): update dependency @ babel/core to v7.17.8
• 69689fb chore(deps): update all non-major dependencies to v7.17.7
• 3c2553f fix(deps): update all non-major dependencies
• 4118263 docs: add cz-git commitizen adapter (chore(deps-dev): bump @types/uuid from 8.3.1 to 8.3.3 tidev/vscode-titanium#905)
• 70ca1f4 docs: adjust example to a valid husky prepare-commit-msg command (Android - Prompt to used saved keystore info during build tidev/vscode-titanium#908)
• fcc85e5 docs(readme): match casing of tutorial's title
• bcd9c73 docs(readme): fix dead link to tutorial
• 941bf38 chore(deps): update all non-major dependencies
• a3f4ffa chore(deps): update dependency @ babel/core to v7.17.2
• 8f76acd chore(deps): update dependency node-fetch to 2.6.7 [security] (chore(deps-dev): bump lint-staged from 12.0.2 to 12.1.1 tidev/vscode-titanium#902)
• d4e39c6 chore(deps): update all non-major dependencies to v7.17.0
• 056b0ed chore(deps): update all non-major dependencies (chore(deps-dev): bump sinon from 11.1.2 to 12.0.1 tidev/vscode-titanium#891)
• 5b2c458 chore: remove unused dev-dependency axios (chore(deps-dev): bump danger from 10.7.0 to 10.7.1 tidev/vscode-titanium#894)
• 9c7e863 fix(deps): update dependency inquirer to v8 (chore(deps-dev): bump vscode-extension-tester from 4.2.0 to 4.2.1 tidev/vscode-titanium#874)
• 218d454 chore: remove unused Travis-CI config (chore(deps-dev): bump @types/sinon from 10.0.4 to 10.0.5 tidev/vscode-titanium#880)
• f1cf649 chore(deps): update all non-major dependencies
• dc7ac60 chore(deps): update all non-major dependencies
• c6a2857 chore(deps): update dependency conventional-changelog-conventionalcommits to v4.6.2

See the full diff

Package name: danger

The new version differs by 188 commits.

• 202d727 Release 10.9.0
• 34fe471 Prepare for release
• 06928e3 Merge branch 'adjust-structured-diff-return-value' into main
• fb66c81 Merge pull request chore(deps-dev): bump @commitlint/cli from 17.6.6 to 18.6.0 tidev/vscode-titanium#1201 from berlysia/adjust-structured-diff-return-value
• 6303c88 Lock node-fetch to the latest 2.x
• 9049848 Merge pull request chore(deps-dev): bump @types/ms from 0.7.31 to 0.7.34 tidev/vscode-titanium#1198 from jonny133/jonny133-node-fetch-2_6_7
• dc54972 now structuredDiffForFile is well-typed
• 0b5865f make structuredDiffForFile for BitBucketServer the same as the others
• ab77e3c Resolve node-fetch to 2.6.7
• a7355a3 Merge pull request chore(deps-dev): bump @types/chai-as-promised from 7.1.5 to 7.1.8 tidev/vscode-titanium#1197 from danger/fb/fix-moved-json-crash
• 3411074 Cleanup debug log
• 99e19f7 Don't crash when danger.git.JSONDiffForFile encounters a moved JSON file
• d896baf Merge pull request Can't debugging with xcode 15 on device or simulator tidev/vscode-titanium#1176 from Rouby/patch-1
• 4804f80 Merge branch 'main' into patch-1
• 4418fe3 Release 10.8.0
• 7ae4121 Faff
• cb52e29 Merge pull request chore(deps-dev): bump sinon and @types/sinon tidev/vscode-titanium#1188 from danger/fb/release-10.8.0
• cf48b28 Fix the yml
• ac8d0e8 Merge pull request chore(deps-dev): bump the eslint group with 6 updates tidev/vscode-titanium#1191 from danger/pr_body
• 6772c4f Faff
• dfd4c81 Ensure the pr body always exists
• 38a963e Merge branch 'main' of https://github.com/danger/danger-js into patch-1
• a64699c Merge pull request chore(deps-dev): bump patch-package from 6.5.1 to 8.0.0 tidev/vscode-titanium#1189 from danger/fb/node-14
• 7b7529e Update .babelrc

See the full diff

Package name: husky

The new version differs by 27 commits.

• b9a0917 4.3.7
• 839d84a update pkg-dir dependency and some devDependencies
• 6a1b3da Upgrade find-versions to 4.0.0 (chore(deps-dev): bump @typescript-eslint/eslint-plugin from 4.30.0 to 4.31.0 tidev/vscode-titanium#837)
• cbb0af7 4.3.6
• eb1eeb8 fix prepare-commit-msg on windows (chore(deps-dev): bump eslint from 7.27.0 to 7.28.0 tidev/vscode-titanium#737)
• 65bc6e5 Update README.md
• cbd0e06 add prepare-commit-msg test
• 992c1e0 4.3.5
• 642af0c rollback do not exit with 1 if install fails
• ccb71b2 Update README.md
• 3c43bd5 4.3.4
• 1e1b289 update error message
• b29ee2b 4.3.3
• fd0233e ignore tsconfig.tsbuildinfo
• a5f1259 4.3.2
• 41472b7 provide workaround for npm7
• 6dc9a51 4.3.1
• 033a2ae exit with 1 if husky fails to install/uninstall
• 38a7163 update gitignore
• eff9aa3 Update README.md
• b616d84 Changed create-react-app repo url (chore(deps-dev): bump @types/xml2js from 0.4.8 to 0.4.9 tidev/vscode-titanium#759)
• bb0c414 Update README.md
• b05e72f Update node.js.yml
• 44e02bd Update node.js.yml

See the full diff

Package name: mocha

The new version differs by 129 commits.

• cc51b8f build(v9.2.0): release
• dea3115 build(v9.2.0): update CHANGELOG [ci skip]
• 1825645 chore: update dependencies (#4818)
• bc0fda2 chore: update some devDependencies (#4816)
• 8b089a2 feat(parallel): assign each worker a worker-id (#4813)
• 9fbf3ae chore: run Netlify deploy on Node v16 (#4778) [ci skip]
• f297790 chore: switch 'linkify-changelog.js' to ESM (#4812) [ci skip]
• 0a1b7f8 build(v9.1.4): release
• a04d050 build(v9.1.4): update CHANGELOG [ci skip]
• baa12fd fix: wrong error thrown if loader is used (#4807)
• 60fafa4 Update copyright year in LICENSE (#4804)
• 3b4cc05 chore(devDeps): remove 'cross-spawn' (#4779)
• a99d40c chore(ci): add Node v17 to test matrix (#4777)
• ac43029 chore(devDeps): update 'prettier' (#4776)
• 9c9fcb5 chore: update some devDependencies (#4775)
• 28b4824 build(v9.1.3): release
• 3dcc2d9 build(v9.1.3): update CHANGELOG [ci skip]
• 012d79d fix(browser): enable 'bdd' import for bundlers (#4769)
• 111467f fix(integration): revert deprecation of 'EVENT_SUITE_ADD_*' events (#4764)
• 0ea732c fix(website): improve backers sprite image (#4756)
• 18a1055 build(v9.1.2): release
• 011a5a4 fix: regex in 'update-authors.js'
• 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
• a87461c chore(deps): remove 'wide-align' (#4754)

See the full diff

Package name: vscode-extension-tester

The new version differs by 166 commits.

• 7c04eea Changes for v4.2.4
• 7d9bdb4 Merge pull request build(deps-dev): bump cz-conventional-changelog from 3.2.1 to 3.3.0 tidev/vscode-titanium#411 from yannickowow/master
• 9039938 Merge branch 'master' into master
• 73ebb5f Merge pull request Fix Jenkinsfile usage tidev/vscode-titanium#420 from odockal/fix-native
• c468b78 Remove native bundle/package
• b5f574c Update versions
• e6e37e9 Update version to 4.2.4 and include sec. fixes
• 3d1b7ef Fixing build(deps-dev): bump @types/sinon from 9.0.4 to 9.0.5 tidev/vscode-titanium#400
• 15870f4 Revert "Use `Global Agent` to fix proxy / ca issues on `got`"
• 5ae230d Fixes for new vscode
• 19d00c6 Add missing @ types/mocha dependency in helloworld example
• 0f3d1b5 Use `Global Agent` to fix proxy / ca issues on `got`
• 7a4da6d Ensure outdated extensions are updated
• b11dc36 Bump vsce version
• c176c79 Update CHANGELOG.md
• a3c5854 4.2.3
• 2f343bc Fix cli calls for 1.62.1
• a22de06 4.2.2
• 66439b0 Update versions
• 8a59c1c pre release
• 51cd21a Unify search for editor titles
• df34cd9 Add codelenses (Fix integration tests tidev/vscode-titanium#379)
• e28fa8f Fix command prompt not opening with some webviews
• 6009d52 Reveal tree item actions buttons when retrieving

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn