[Snyk] Fix for 14 vulnerabilities

[colinsimningsnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	199/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 807, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	199/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 47, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 12.6, Likelihood: 1.58, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	211/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 365, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.81, Score Version: V5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	72/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 1409, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.42, Score Version: V5	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	73/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 617, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.45, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	171/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1357, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	187/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00522, Social Trends: No, Days since published: 1622, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	148/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00063, Social Trends: No, Days since published: 257, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.81, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	198/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.06698, Social Trends: No, Days since published: 807, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	187/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00447, Social Trends: No, Days since published: 1622, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	148/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00173, Social Trends: No, Days since published: 151, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	144/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 653, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	56/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00267, Social Trends: No, Days since published: 2945, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 100, Impact: 2.94, Likelihood: 1.9, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	66/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 2389, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 100, Impact: 2.94, Likelihood: 2.23, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hbs

The new version differs by 63 commits.

• 7a0da80 v4.1.1
• 0647f9b deps: handlebars@4.7.6
• 3cc3455 deps: handlebars@4.7.3
• 07d4acc build: mocha@7.1.1
• 0717195 build: eslint-plugin-markdown@1.0.2
• da7edaf tests: add test for typical model usage
• a9dbdc2 build: mocha@7.1.0
• 8640b2d build: eslint@6.8.0
• 2fb94e0 build: Node.js@12.16
• 74e5568 build: Node.js@10.19
• da05674 lint: apply to readme
• 504a635 build: mocha@7.0.1
• 55df109 v4.1.0
• 54780a9 build: remove deprecated mocha.opts
• 42e5550 build: nyc@15.0.0
• 04ff393 build: mocha@7.0.0
• 57a2086 deps: handlebars@4.5.3
• 00b0449 build: Node.js@12.14
• 0d99d08 build: Node.js@10.18
• e49d614 build: Node.js@8.17
• c3f0070 build: Node.js@10.17
• b3252a3 deps: handlebars@4.4.5
• 7f9133b docs: fix history formatting
• 5b74831 build: Node.js@12.13

See the full diff

Package name: humanize-ms

The new version differs by 7 commits.

• d9cdffe Release 1.2.1
• c6da77c deps: ms@2
• 3b6f1ba fix: package.json to reduce vulnerabilities (Save deployment files #3)
• 51a95e8 Add license text ([Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #2)
• 627c5c4 Release 1.2.0
• e584c58 add benchmark
• 4cf945f deps: upgrade ms to 0.7.0

See the full diff

Package name: tap

The new version differs by 250 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 tap-parser@11.0.1
• f576a60 docs: setting t.snapshotFile
• d9fa241 libtap@1.3.0
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn