[Snyk-dev] Fix for 82 vulnerabilities

[lili2311]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	Yes	Proof of Concept
	541/1000 Why? Recently disclosed, Has a fix available, CVSS 5.1	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASHES-2434283	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASHES-2434284	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHES-2434285	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434286	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHES-2434287	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHES-2434290	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	738/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	Yes	Proof of Concept
	621/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-PATHVAL-596926	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	/1000 Why?	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	/1000 Why?	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	/1000 Why?	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	/1000 Why?	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	Yes	No Known Exploit
	/1000 Why?	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	/1000 Why?	Information Exposure SNYK-JS-SANITIZEHTML-6256334	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	/1000 Why?	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	/1000 Why?	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	/1000 Why?	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	/1000 Why?	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	/1000 Why?	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	/1000 Why?	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	/1000 Why?	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	/1000 Why?	Denial of Service (DoS) SNYK-JS-WS-7266574	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @cypress/browserify-preprocessor

The new version differs by 59 commits.

• 2b1c1f4 chore: Upgrade node to 16.13.0, use https for npm registry ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #94)
• 927b76a fix: release
• 67ea9f6 chore: Fix semantic release ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #93)
• a8ff57f fix: release
• a8adb24 chore: Bump circle node orb and non-major deps ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #92)
• c66ae40 chore(docs): remove note about being default ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #91)
• 76edfbe chore(deps): update dependency semantic-release to version 17.2.3 🌟 ([Snyk-dev] Fix for 14 vulnerable dependencies #76)
• 61dae70 fix(deps): update dependency glob-parent to version 5.1.2 🌟 ([Snyk] Upgrade qs from 0.0.6 to 0.6.6 #84)
• fc9f2ee Merge pull request [Snyk] Fix for 3 vulnerable dependencies #77 from cypress-io/renovate/npm-set-value-vulnerability
• 60e408b Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #67 from cypress-io/renovate/npm-elliptic-vulnerability
• d0a76d7 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #68 from cypress-io/renovate/npm-handlebars-vulnerability
• f1273c8 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #65 from cypress-io/renovate/npm-acorn-vulnerability
• d9467f2 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #66 from cypress-io/renovate/npm-dot-prop-vulnerability
• b882246 chore(deps): update set-value to 2.0.1 🌟
• 91dbb34 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #69 from cypress-io/renovate/npm-https-proxy-agent-vulnerability
• 8f20054 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #70 from cypress-io/renovate/npm-ini-vulnerability
• 9044660 Merge pull request [Snyk] Fix for 13 vulnerable dependencies #71 from cypress-io/renovate/npm-lodash-vulnerability
• 1309f48 Merge pull request [Snyk-local] Fix for 3 vulnerable dependencies #72 from cypress-io/renovate/npm-marked-vulnerability
• e9c9043 Merge pull request [Snyk-local] Fix for 3 vulnerable dependencies #73 from cypress-io/renovate/npm-mixin-deep-vulnerability
• cff2acb Merge pull request [Snyk] Fix for 1 vulnerable dependencies #74 from cypress-io/renovate/npm-node-fetch-vulnerability
• 170a37c chore(deps): update node-fetch to 2.6.1 🌟
• 0526cb6 chore(deps): update mixin-deep to 1.3.2 🌟
• e000efc chore(deps): update marked to 0.7.0 🌟
• 494c6bd chore(deps): update lodash to 4.17.19 🌟

See the full diff

Package name: add-asset-html-webpack-plugin

The new version differs by 53 commits.

• da0dea5 docs: remove `david` from readme
• 7265aba fix: update globby to v11 ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.11 #248)
• b9bacc2 docs: update readme withcorrect version ranges
• 4073291 fix: update micromatch to v4 ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 #199)
• 8387886 fix: remove the hash calculation if hash exists ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #159)
• e84e7d5 fix: fix "compilation.emitAsset" with more than 1 HtmlWebpackPlugins ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #236)
• 87590ef chore(ci): cancel in progress builds
• d37deb4 chore(deps): lock file maintenance ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #224)
• 0a123f9 chore: lock down stack-utils
• c949ee0 chore: lock down anymatch dependency
• 49eaf2e chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 ([Snyk(Unlimited)] Upgrade from thebespokepixel/string to thebespokepixel/string #225)
• 75bf092 chore(deps): bump path-parse from 1.0.6 to 1.0.7 ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #234)
• 316c03a chore(deps): update codecov/codecov-action action to v2 ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #232)
• ed9e132 chore(deps): bump tmpl from 1.0.4 to 1.0.5 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #237)
• c5cf273 chore(deps): bump ws from 5.2.2 to 5.2.3 ([Snyk(Unlimited)] Upgrade from thebespokepixel/meta to thebespokepixel/meta #244)
• 6a994ea chore: run tests on node 16 and 17 ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 #243)
• 42a345a chore(deps): bump browserslist from 4.16.3 to 4.16.6 ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 #227)
• 041b842 chore(deps): bump lodash from 4.17.20 to 4.17.21 ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #223)
• 77fc7fb chore: lock down merge2
• af3572e chore: automerge lockfile PRs
• 718473c chore(deps): update actions/setup-node action to v2.1.5 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #205)
• 0ed36d8 chore: add renovate
• a467638 chore(deps): bump ssri from 6.0.1 to 6.0.2 ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #203)
• ca2fb77 chore: increase timeout for puppeteer test

See the full diff

Package name: adjust-sourcemap-loader

The new version differs by 27 commits.

• b4280b7 publish 5.0.0
• 95acf17 Merge pull request [Snyk] Fix for 12 vulnerable dependencies #21 from bholloway/chore/update-deps
• ae5075a update dependencies
• 5f173ee publish 4.0.0
• bf28aa7 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #19 from bholloway/add-explicitly-root-relative-codecs
• c91761c add explicit root-relative codecs, remove leading slash from project-relative codec
• 59b4c45 publish 3.0.0
• b9d9a5f update nvmrc to match package.json
• 677dc1a minor code reformat, update deps
• 871d0f9 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #17 from TrySound/drop-object-path
• 95a5b84 Merge branch 'master' into drop-object-path
• 401b707 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #14 from TrySound/tidy-up-deps
• 4b12ee3 Drop object-path
• 143a72c Tidy up dependencies
• 8557f80 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #15 from TrySound/drop-camelcase
• 03910d7 Drop camelcase
• 72f9df1 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #10 from KenjiBito/patch-1
• 6085e0c Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #12 from znarf/patch-1
• e1e9f35 remove 'assert' as dependency
• 223ffdd Create LICENSE
• b5781ce publish 2.0.0
• e7c59a9 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #7 from bholloway/remove-lodash-dependency
• d1180e9 remove lodash, update deps
• 179d8be Merge pull request [Snyk] Fix for 5 vulnerable dependencies #6 from bholloway/remove-overzealous-decode-check

See the full diff

Package name: anymatch

The new version differs by 18 commits.

• d474c82 Release 3.0.0.
• dd660f8 Update deps.
• 64ce747 Update types.
• bd27242 Fixes.
• e18de05 Update to picomatch-stable.
• 30fa2c3 Merge pull request [Snyk] Fix for 35 vulnerable dependencies #28 from leonardodino/fix-package-name
• 6b01ef6 Fix package name typo in README.md
• b500318 Remove line.
• 57e0193 Bring back arg passing.
• 13343b0 Cache patterns. Performance boost.
• 5ece3fd Switch to picomatch. Update deps.
• cece732 Fix declarations.
• 0065fca Update readme.
• 4518091 Readme.
• 1e69e91 Update.
• 9ef72e8 Changelog.
• cb143fe Improve type matching.
• 02257b9 New version. More strict. Drop returnIndex and startIndex params for now.

See the full diff

Package name: babel-loader

The new version differs by 89 commits.

• 9ff288f 9.0.0
• 006a3dc Update README.md
• daed88a Update README.md
• 0ed5fd6 Bump ini from 1.3.5 to 1.3.8 ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 #968)
• b1749e3 Bump y18n from 4.0.0 to 4.0.3 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #967)
• 3a55a4a Bump lodash from 4.17.20 to 4.17.21 ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #966)
• 9a4ffe0 Bump normalize-url from 4.5.0 to 4.5.1 ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 #962)
• 28f2482 Bump hosted-git-info from 2.8.8 to 2.8.9 ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #964)
• d850108 Bump glob-parent from 5.1.1 to 5.1.2 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #965)
• 29de619 Build for node 14.15.0 ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #963)
• 9a2451f Remove dependency on loader-utils and drop webpack 4 support ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #942)
• 12876a5 Bump tar from 6.0.5 to 6.1.11 ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 #960)
• 98a708e Bump trim-off-newlines from 1.0.1 to 1.0.3 ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 #958)
• 4ae5696 Bump minimist from 1.2.5 to 1.2.7 ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 #957)
• 4f00e41 Bump terser from 5.6.1 to 5.15.1 ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 #959)
• 87bfae7 Bump babel and node minimum versions ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 #956)
• df28fe3 Fix broken main test ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #950)
• 0b338e4 update hash method so it doesn't fail on a fips enabled machine ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 #939)
• 1f98d3c 8.2.5
• c622868 fix: respect `inputSourceMap` loader option ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #896)
• f7982c1 8.2.4
• 4bb9e21 Use md5 hashing for OpenSSL 3 ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 #924)
• 247c94b Bump loader-utils to 2.x ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #931)
• 052c07a doc(README.md): fix a broken markdown link ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 #919)

See the full diff

Package name: body-parser

The new version differs by 241 commits.

• 1752951 1.20.3
• 39744cf chore: linter ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 #531)
• 99a1bd6 deps: qs@6.12.3 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #523)
• 9d4e212 chore: add support for OSSF scorecard reporting ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• 6a464ab build: eslint-plugin-import@2.27.5
• 7ebf276 build: eslint@8.32.0
• 69bb649 build: Node.js@16.19
• 8ff995f docs: switch badges to badgen
• 850832f build: Node.js@18.13
• dad8f34 build: actions/download-artifact@v3

See the full diff

Package name: braces

The new version differs by 16 commits.

• abcf341 3.0.0
• 68a3fdf refactor
• bb5b5ba Remove appveyor from readme.
• 086008a travis: Drop sudo: false.
• 4ed704b add unit tests
• 60eb988 ranges
• 7b1abf0 Use proper nodejs versions for appveyor.
• 7b106b6 braces api
• 80eae1f Drop duplicate node v11 for travis.
• 58d868e windows support
• 27f7344 Appveyor: Drop support for nodejs <8 for now.
• 25424ec Drop support for nodejs <8 for now.
• ceef790 cover sets
• f5bf204 clean up examples
• 92ec96d start refactoring
• cd50063 2.3.2

See the full diff

Package name: browserify

The new version differs by 30 commits.

• da0f1e1 16.5.1
• dc71ea0 Use non-deprecated mkdirp package.
• c53f841 gitignore - add node_modules
• 2b50632 Update package.json
• 249f54b Update package.json
• 985dad9 deps - pin deps for node v0.8 support
• 86c3a00 fixes swapped changelog PR references in 10.2.0
• a245fe6 Add security.md
• 506533c 16.5.0
• 85489cc Update changelog.markdown
• 4c04949 Merge pull request [Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 #1918 from browserify/custom-browser-field
• 8213b64 Support custom names for "browser" field resolution
• 8980670 16.4.0
• f871a85 Update changelog.markdown
• 52de2c4 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #1916 from browserify/stream-http
• 5dc1bf2 Upgrade stream-http to v3
• 4a5ea7e Add funding.yml
• 9824fae 16.3.0
• 9e3397b Add http2 to builtins ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #1913)
• d2ade25 Add http2 to builtins
• 876182d Tweak license text so Github detects it correctly
• 16f82a7 Update license ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 #1906)
• 7ad39ce Merge pull request [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #1139 from insidewarehouse/resolve-exposed-folders
• f13b713 when a module is exposed, it should still resolve the way it would normally do, i.e. with/without extension and directories should fall back to index, and index from a directory should be accepted with/without extension too

See the full diff

Package name: browserify-sign

The new version differs by 25 commits.

• 4af5a90 v4.2.2
• 3aec038 [Dev Deps] update `tape`
• 85994cd [Fix] properly check the upper bound for DSA signatures
• 9ac5a5e [meta] fix package.json indentation
• dcf49ce [meta] add `safe-publish-latest`
• 4418183 [meta] add `npmignore` and `auto-changelog`
• 8767739 [Fix] `sign`: throw on unsupported padding scheme
• 5f6fb17 [Tests] log when openssl doesn't support cipher
• f5f17c2 [Tests] handle openSSL not supporting a scheme
• d845d85 [Tests] migrate from travis to github actions
• 703c83e [Tests] skip unsupported schemes
• 3aa43cf [Tests] node < 6 lacks array `includes`
• 75dd8fd [Tests] add `npm run posttest`
• 98d4e0d [Dev Deps] fix eslint range
• 75ce1d5 [Tests] always run coverage; downgrade `nyc`