[Snyk] Fix for 22 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/ava/node_modules/source-map-support/package.json
  • node_modules/ava/node_modules/source-map-support/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Insecure Randomness npm:crypto-browserify:20140722	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Command Injection npm:shell-quote:20160621	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browserify

The new version differs by 250 commits.

• e19f256 12.0.0
• c881c07 update devdeps
• c77bf33 update glob and shell-quote
• c35f73e update builtins deps
• da949a1 update deps for streams3
• e3fbe7d update module-deps & fix symlink bug (also uses streams3)
• df43933 remove unused deps
• dca78a6 update browser-pack & fix charset bug (also uses streams3)
• 46aba9f use latest node in travis
• 76b60a9 remove node 0.8 from travis
• f5a82d8 Merge pull request [Snyk] Security upgrade mocha from 6.2.3 to 8.3.0 #1362 from mnichols/master
• 185be39 Merge pull request [Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #1393 from emilbayes/patch-1
• d48ec61 Merge pull request [Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #1396 from stevemao/patch-3
• d847221 travis: test on node4 not "4.0.0"
• a212016 Links to the wrong querystring module
• b7cf5be 11.2.0
• bb2a99d Merge pull request [Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #1361 from substack/fix-bare
• e781d9d Merge pull request [Snyk] Security upgrade mocha from 6.2.3 to 8.3.0 #1377 from demohi/patch-2
• 05d7861 update package.json version
• 85e4b9d 11.1.0
• c1c6b72 browserify adds the '.' in case you forget it
• 97a122e Update travis Node.js version & remove io.js
• 1b73d9b bump buffer to 3.4.3 to fix maximum call stack exceeded errors
• cf32d77 Exclude "process" and "buffer" when "bundleExternal === false"

See the full diff

Package name: http-server

The new version differs by 205 commits.

• 77243e7 0.13.0
• a845834 Update dependency tree
• f2c0dfb update milestone
• aec3911 update security for release
• 1f994c0 Merge pull request [Snyk] Fix for 1 vulnerabilities #591 from http-party/no_server_headers
• c57654d Merge branch 'master' into no_server_headers
• a4ec10b Merge pull request [Snyk] Security upgrade xo from 0.24.0 to 0.53.0 #713 from http-party/codeql-bye-bye
• 6b87653 drop codeql
• a7fdf0f remove server header
• cd1afb7 Merge pull request [Snyk] Security upgrade nyc from 14.1.1 to 15.0.0 #706 from zbynek/no-charset-binary
• 46c0ce7 Merge pull request [Snyk] Fix for 1 vulnerabilities #705 from zbynek/patch-1
• 9c51cb2 Merge branch 'master' into no_server_headers
• cd84a85 revert
• 7830ac2 Remove charset from header of binary files
• b4991b8 Remove line break from LICENSE
• fab3248 Merge pull request [Snyk] Fix for 1 vulnerabilities #704 from zbynek/patch-1
• e9716d1 Account for CRLF in a test
• 0f3e241 Merge pull request [Snyk] Fix for 1 vulnerabilities #642 from skyward-luke/master
• 33fe714 Merge pull request [Snyk] Security upgrade eslint from 5.16.0 to 7.0.0 #702 from http-party/replace-travis
• e9ad269 Replace travis badge
• f09c821 Update node.js.yml
• 2c2ad02 Update node.js.yml
• dad375d Update node.js.yml
• 133a64c Update node.js.yml

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons (#4912)
• 41567df Support prefers-color-scheme: dark (#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (#4878)
• 2b98521 docs: replace 'git.io' short links (#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix (#4876)
• f6695f0 chore(esm): remove code for Node v12 (#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (#4872)
• b863359 docs: fix 'fgrep' url (#4873)
• baaa41a chore(ci): ignore changes to docs files (#4871)
• ac81cc5 refactor!: drop support of 'growl' notification (#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' (#4863)
• b7b849b refactor!: remove deprecated Runner signature (#4861)
• 0608fa3 chore(site): fix supporters' download (#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (#4856)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request #5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request #5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn