[Snyk] Fix for 10 vulnerabilities

[mongoloidkhulmikuki366385]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (Wrong "Create a commit comment" link github/docs#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (Readme-md  github/docs#11441)
• 2226742 chore: minor simplify format results error (## ✨ ✨ New layout ✨ ✨ github/docs#11432)
• 78eb25d chore: remove needless assign (Update managing-notifications-from-your-inbox.md github/docs#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (https://docs.github.com/github/writing-on-github/getting-started-with… github/docs#11429)
• 27bee72 fix: run GC before collecting open handles (repo sync github/docs#11278)
• 50451df feat: use fallback if prettier not found (WALEED AL AREQI Update making-a-github-app-public-or-private.md github/docs#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (https://github.com/facebook/facebook-ios-sdk github/docs#11428)
• 9633a26 feat: support reporters written in ESM (Readme-md  github/docs#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (repo sync github/docs#11263)
• 57e32e9 Detect open handles with done callbacks (Join  github/docs#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (repo sync github/docs#10995)
• 4fa3a0b feat: custom haste (Blockchair github/docs#11107)
• 2047a36 chore: bump deps (Bump eslint-plugin-promise from 5.1.0 to 5.1.1 github/docs#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (repo sync github/docs#9924)
• db643a1 Link to Jest config (Blockchair github/docs#11106)
• b16082c Fix locale issue #10014 (Bump @primer/css from 17.9.0 to 18.0.2 github/docs#11412)

See the full diff

Package name: jest-puppeteer

The new version differs by 20 commits.

• 153d47b v5.0.0
• 36602a1 fix: Resolve module paths in preset (Revert "repo sync" github/docs#335)
• e54fb7e fix: Leverage Puppeteer's native support for Firefox (Add files via upload github/docs#356)
• ea3b189 chore: update dev deps
• a050a72 add jest-puppeteer.config.js back to example
• f2f5b62 feat: allow path for wait-on resource (Remove dead links github/docs#382)
• 964b9a2 fix: toFill doesn't empty contents when given an empty string (Rename access-permissions-on-github.md to .access-permissions-on-gith… github/docs#381)
• a7b5693 Update expect-puppeteer/README.md fix example code (> ### أي مقال على docs.github.com يتأثر؟ github/docs#370)
• c0559d2 Update readme with command to install types (repo sync github/docs#355)
• d3d320f Remove looking for maintainers in readme
• 183a390 Update all dependencies (Update signing-tags.md github/docs#392)
• 5a4eb5b docs(readme): looking for maintainers
• 78ebef3 Update README.md
• 28f4e56 Update README.md
• 69a0c3e docs: add missing import (Ollie07 github/docs#332)
• bcc6f9c chore(deps): bump acorn from 5.7.3 to 5.7.4 (Ollie github/docs#330)
• 949027b feat: support XPATH selectors (Along riza l patch 2 github/docs#321)
• 49d313c fix: require to `puppeteer-core` as fallback (Along riza l patch 1 github/docs#315)
• 655d37c chore: update wait-on to version 4.0.0 (homepage calculation gives bad URLs on Windows github/docs#316)
• ebbfd32 docs: fix FUNDING.yml

See the full diff

Package name: jest-silent-reporter

The new version differs by 1 commits.

• f0843f4 Update jest-utils ([Snyk] Security upgrade nodemon from 2.0.4 to 3.0.0 #20)

See the full diff

Package name: linkinator

The new version differs by 59 commits.

• ce88410 fix(perf): refactor to use htmlparser2 (Revert "repo sync" github/docs#335)
• 86a52fa chore(deps): update dependency ansi-regex to 5.0.1 [security] (Update about-pull-requests.md github/docs#334)
• a30fe8f chore(deps): update dependency nth-check to 2.0.1 [security] (Fix Cache Search Example github/docs#333)
• f906d49 build(deps): bump nth-check from 2.0.0 to 2.0.1 (Ollie07 github/docs#332)
• 295617c chore(deps): update dependency semantic-release to v18 (Ollie07 github/docs#331)
• 025a263 build: switch node 15 to 16 in tests (repo sync github/docs#325)
• 395ad5b chore(deps): update dependency @ types/cheerio to v0.22.30 (lint-files test fails on Windows github/docs#318)
• 2f1b5b1 feat: add support for url rewrites (add recent localization contributors github/docs#317)
• 999fca3 fix(deps): update to the latest version of cheerio (homepage calculation gives bad URLs on Windows github/docs#316)
• c165d73 build(deps): bump glob-parent from 5.1.1 to 5.1.2 (correct for windows slashes in redirect precompile github/docs#312)
• c06ecab build(deps): bump normalize-url from 4.5.0 to 4.5.1 (developer route redirects load incorrectly on Windows github/docs#311)
• 5d66c2e chore(deps): update dependency trim-newlines to 3.0.1 [security] (Update renaming-an-organization.md github/docs#310)
• 39b37bb build(deps): bump lodash from 4.17.20 to 4.17.21 (repo sync github/docs#302)
• a24d3a0 chore(deps): update dependency sinon to v11 (repo sync github/docs#307)
• 7123959 chore(deps): update dependency @ types/node to v14 (Update about-pull-requests.md github/docs#304)
• 55d7f4c chore(deps): update dependency lodash to 4.17.21 [security] (permission-levels-for-an-organization.AlongRizal github/docs#301)
• 854ca26 chore(deps): update dependency @ types/cheerio to v0.22.29 (Update and rename managing-commit-signature-verification.md to managi… github/docs#306)
• 28cdd27 build(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (Update index. content/github/authenticating-to-github/managing-commit-signature-verification.AlongRizal github/docs#303)
• 61be22a chore(deps): update dependency hosted-git-info to 3.0.8 [security] (docs: add casals as a contributor github/docs#300)
• 8e3c461 chore(deps): update dependency pkg to v5 (Some of the PNGs in assets/images are not optimized github/docs#298)
• 9ae7afd chore(deps): update dependency @ types/sinon to v10 (Configure Dependabot version updates github/docs#288)
• b47f295 chore(deps): update dependency @ types/cheerio to v0.22.28 (repo sync github/docs#285)
• 0451a8d chore(deps): update dependency sinon to v10 (repo sync github/docs#286)
• ea52c0c chore(deps): update dependency @ types/cheerio to v0.22.27 (PowerShell Quickstart github/docs#284)

See the full diff

Package name: nock

The new version differs by 133 commits.

• e4b0331 fix(dep): migrate from lodash.set to lodash. (Update adding-an-existing-project-to-github-using-github-desktop.md github/docs#2306)
• 8a82b50 chore(deps-dev): bump got from 11.8.3 to 12.1.0
• 342e8dc chore(deps-dev): bump eslint-plugin-mocha from 10.0.4 to 10.0.5
• 0a9fc3e chore(deps-dev): bump eslint from 8.14.0 to 8.16.0
• 82e8028 chore(deps-dev): bump typescript from 4.6.4 to 4.7.2
• 3d534f8 chore(deps-dev): bump eslint from 8.12.0 to 8.14.0
• 5f9ebaa chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.111 to 0.0.112
• 502182a chore(deps-dev): bump typescript from 4.6.3 to 4.6.4
• 0d30bee chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.1 to 9.1.2
• 7452368 chore(deps-dev): bump sinon from 13.0.1 to 13.0.2
• a7056ef chore(deps-dev): bump eslint-plugin-mocha from 10.0.3 to 10.0.4
• bcb0dc7 chore(deps-dev): bump prettier from 2.6.1 to 2.6.2
• c4ba7d1 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (Improve description of branch targeting for action release management github/docs#2326)
• 8e56fbd chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.0 to 9.1.1
• 8789084 chore(deps-dev): bump prettier from 2.5.1 to 2.6.1
• be07d83 chore(deps-dev): bump mocha from 9.2.1 to 9.2.2
• b4e839d chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.110 to 0.0.111
• 14e7e87 chore(deps-dev): bump mocha from 9.2.0 to 9.2.1
• 0814d6e chore(deps-dev): bump typescript from 4.5.5 to 4.6.2
• 96ae061 chore(deps): bump actions/setup-node from 2 to 3 (tekst github/docs#2308)
• 7c949be chore(deps): bump actions/checkout from 2 to 3 (Soheilmoameni1357@gmail.com github/docs#2309)
• d424370 chore(deps-dev): bump semantic-release from 18.0.1 to 19.0.2
• 87a73d3 chore(deps-dev): bump eslint from 8.8.0 to 8.10.0
• 3384728 chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.103 to 0.0.110

See the full diff

Package name: pa11y-ci

The new version differs by 21 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows (Update "Securing Your Webhooks" to prefer X-Hub-Signature-Sha-256 header github/docs#82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters (GitHub App Guide typo github/docs#129)
• 40ba01a Replace make with npm scripts and update Node versions (Use operationId for #anchor tags of REST API endpoint titles github/docs#139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults
• 9de41f3 Version 2.4.2
• 7cb5bd8 Replace npmignore with allow list for consistency
• fefa70b Retry launching browser if first time fails
• 6846233 Adds example of running pa11y-ci in Docker (Tests may be broken on Windows github/docs#137)
• 00ac4f9 refactor(npm): remove unnecessary files from package (#126)
• 18f1e60 Version 2.4.1 (#135)
• d0843ab Pin puppeteer version to avoid downloading twice (#134)
• 830d5a6 Update integration tests to remove DNS dependencies (Uncollapsed sidebar items are a bit confusing github/docs#133)
• cda8b5a Replace Travis with GH Actions

See the full diff

Package name: remark-rehype

The new version differs by 8 commits.

• b5e3ef3 6.0.0
• f18c8ec Update `mdast-util-to-hast`
• bfe0e7f Refactor prose
• 6267614 Update dev-dependencies
• 8233f0e Update metadata
• 801a046 Add `funding` field to `package.json`
• 47e547d Add notes on security
• 3b5a603 Update dev-dependencies

See the full diff

Package name: website-scraper

The new version differs by 65 commits.

• 74bce19 Mention minimum supported nodejs v14.14.x
• 25bb362 Release v5
• 68f8fac Update README.md
• cf9b834 Update README.md
• 758f5f6 Bump got from 11.8.2 to 12.0.0 (Updated manipulating_file_prereqs.md github/docs#470)
• 6670b29 Bump eslint from 7.25.0 to 8.5.0 (Confusing parameter description in REST API docs for /users github/docs#472)
• efe7c52 Bump sinon from 10.0.1 to 12.0.1 (Github Actions context variables data format not precise github/docs#476)
• f452942 Bump srcset from 3.0.1 to 5.0.0 (Fix typos in search part of contribution guideline github/docs#477)
• 6376e4e Bump fs-extra from 9.1.0 to 10.0.0 (repo sync github/docs#478)
• 80a17d8 Drop Node.js v12 (Rename content/github/getting-started-with-github/access-permissions-… github/docs#479)
• b7f49ac Bump normalize-url from 6.0.1 to 7.0.2 (Create FUNDING.yml github/docs#471)
• 2e05ee6 Publish codeclimate coverage (Added a quick tip about PR's base branch github/docs#480)
• 75d7491 Run "npm i", add scheduled tests run (Fix all-contributors file. github/docs#475)
• df715e9 Remove package-lock.json
• 28d8f4a Create dependabot.yml
• e7e88c9 Enable tests on nodejs-17 (Revert 1 marleyjustin08 patch 1 github/docs#469)
• 188911e Remove coveralls (Update set-up-git.md github/docs#468)
• 0d5e8a2 Update cheerio to 1.0.0-rc.10, fixes repo sync github/docs#355 (Update building-github-apps.md github/docs#467)
• 7887499 Update BACKERS.md
• 461c6ac Avoid filtering out root urls, closes Commit link raw text contained unnecessary information github/docs#460 (Update and rename content/github/importing-your-projects-to-github/su… github/docs#465)
• 8bdc0f4 Update dependencies (Rename content/github/getting-started-with-github/exploring-early-acc… github/docs#464)
• d67969c Add node 16 to Github Actions (repo sync github/docs#463)
• 44cc74c Replace request with got (Use ubuntu-latest instead of 16.04 as an Actions example github/docs#445)
• 6db2b51 Use Github Actions for CI (#2 github/docs#450)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)

[performance-testing-bot]

Unable to locate .performanceTestingBot config file

[pull-request-quantifier-deprecated]

This PR has 18 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +9 -9
Percentile : 7.2%

Total files changed: 1

Change summary by file extension:
.json : +9 -9

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[vizipi]

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code.
This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below )   Feedback always welcome

No other active qualified developers found to review these specific changes. You might consider involving more team members with these code segments.

---

Potential missing files from this Pull request

files commonly committed with a subset of this pr, but not committed this time. (click to collapse)

File	Percentile	rate
package-lock.json	73.12 %	185 out of 253 times

---

Committed file ranks

(click to expand)

100.00%[package.json]