[Snyk] Fix for 49 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRINTF-1072096	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	Yes	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (Default electronWinstallerConfig name property causes failure adopted-ember-addons/ember-electron#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (Beta: Ember electron:package completes without result adopted-ember-addons/ember-electron#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (Ember Inspector: Ember application not detected! adopted-ember-addons/ember-electron#140)
• dbae68d Update dependent package count in the readme (TypeError: Path must be a string. Received undefined adopted-ember-addons/ember-electron#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Upgrade to latest ember-cli release? adopted-ember-addons/ember-electron#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (Use electron-forge under the hood adopted-ember-addons/ember-electron#129)
• 835ca3d You've just reached 10,000 dependent modules. (Attempted to load extension "Ember Inspector" that has already been loaded. adopted-ember-addons/ember-electron#122)
• 74c087d minor doc improvements ([WIP] Update testem integration adopted-ember-addons/ember-electron#120)

See the full diff

Package name: electron-forge

The new version differs by 250 commits.

• 8b290d6 5.2.3
• ab31294 updated CHANGELOG.md
• 8d16b20 chore(maker): upgrade electron-wix-msi to 2.x
• d194f6e fix(maker): return the correct outPath for a deb prerelease version (Fix handle-file-urls on Windows adopted-ember-addons/ember-electron#589)
• befdf65 5.2.2
• 0d36963 updated CHANGELOG.md
• 602f030 fix(packager): disable the all option (build(deps-dev): bump ember-cli-htmlbars from 5.1.2 to 5.2.0 adopted-ember-addons/ember-electron#509)
• 977d112 5.2.1
• 461eb74 updated CHANGELOG.md
• 15a6879 fix(publisher): remove deprecated option from @ octokit/rest params
• e26de71 fix(initializer): fix setting Electron version in.compilerc when it's x.0 (build(deps-dev): bump sass from 1.26.8 to 1.26.9 adopted-ember-addons/ember-electron#506)
• 049055c 5.2.0
• 2e9becf updated CHANGELOG.md
• 2f1888e feat(publisher): Allow custom release channel for ERS (build(deps-dev): bump release-it from 13.5.8 to 13.6.0 adopted-ember-addons/ember-electron#474)
• 489a25c refactor(generic): incorporate changes requested in PR
• 05874ae feat(generic): allow specifying electron-prebuilt-compile via URL
• 1075d68 refactor(packager): decouple electron version from packageJSON
• e4f6573 Remove duplicate version changelog
• f173d57 5.1.2
• 340bc9d updated CHANGELOG.md
• f761424 updated CHANGELOG.md
• fe897a4 Travis: set snapcraft debug so the build doesn't time out
• d95a9d8 Building a snap takes 10+ minutes, apparently
• ccb7575 Point badges to the correct branch

See the full diff

Package name: ember-cli-babel

The new version differs by 250 commits.

• 0b83e42 7.0.0
• fcf317f Merge pull request Ember Inspector: Ember application not detected! adopted-ember-addons/ember-electron#140 from babel/babel-7
• d01d724 Prevent issues with @ babel/preset-env getting unknown options.
• 1ea60c3 Merge branch 'master' into babel-7
• 6955f46 Drop support for ember-cli < 2.13.
• eb03764 Merge changes from master...
• c58ae85 6.17.0
• 5486b3e Add recent releases to changelog...
• ec3f25c Merge pull request Investigate: require shim no longer working in 2.x adopted-ember-addons/ember-electron#241 from arthirm/master
• af16202 Bumping broccoli-babel-transpiler
• b4528ff Update test to properly match plugin style.
• 2ea0e47 Remove brittle (and unneeded) tests.
• 9671601 7.0.0-beta.5
• 1167211 Remove stray .only.
• cf8f7ee Fix issue with @ babel/polyfill update.
• b4ea00d 7.0.0-beta.4
• e53e927 Update dependencies.
• 1e494d6 Update babel-polyfill -> @ babel/polyfill.
• 7008a5f Use release version of broccoli-babel-transpiler.
• 932a1d0 Merge pull request Fix package json adopted-ember-addons/ember-electron#239 from dfreeman/green-tests
• a185133 Get tests passing with throwUnlessParallelizable: true
• 6d11f44 Merge pull request Cleaned docs, making them a little more prominently displayed in our README adopted-ember-addons/ember-electron#237 from babel/rwjblue-patch-1
• b96e5cb Use correct preset env...
• f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: npmi

The new version differs by 16 commits.

• 3d7da3d v4.0.0: using global-npm instead of npm as local dep
• a14d55b Merge pull request [Snyk] Fix for 1 vulnerable dependencies #16 from karanjthakkar/global-npm
• 5687dd9 Bump pkg version to 4.0.0
• 9847690 Use global npm instead of local installation
• 4167957 ack @ lukaskollmer
• e6d4338 doc warning for npm 5 regarding local modules
• 4d043cc gotta put mocha in devDeps
• 7a91a4a Merge pull request [Snyk] Fix for 15 vulnerable dependencies #14 from lukaskollmer/master
• a0c7ec5 Update README.md
• fe6d7fe Update .travis.yml
• 2fd8fc4 Bump version
• bb12fc6 Update depencencies
• f714a75 Update README.md
• 1deebb4 README ack for HEADS
• 8db04f7 Update README.md
• 94b534e Update README.md

See the full diff

Package name: socket.io

The new version differs by 154 commits.

• 1af3267 chore(release): 3.0.0
• 02951c4 chore(release): 3.0.0-rc4
• 54bf4a4 feat: emit an Error object upon middleware error
• aa7574f feat: serve msgpack bundle
• 64056d6 docs(examples): update TypeScript example
• cacad70 chore(release): 3.0.0-rc3
• d16c035 refactor: rename ERROR to CONNECT_ERROR
• 5c73733 feat: add support for catch-all listeners
• 129c641 feat: make Socket#join() and Socket#leave() synchronous
• 0d74f29 refactor(typings): export Socket class
• 7603da7 feat: remove prod dependency to socket.io-client
• a81b9f3 docs(examples): add example with TypeScript
• 20ea6bd docs(examples): add example with ES modules
• 0ce5b4c chore(release): 3.0.0-rc2
• 8a5db7f refactor: remove duplicate _sockets map
• 2a05042 refactor: add additional typings
• 91cd255 fix: close clients with no namespace
• 58b66f8 refactor: hide internal methods and properties
• 669592d feat: move binary detection back to the parser
• 2d2a31e chore: publish the wrapper.mjs file
• ebb0575 chore(release): 3.0.0-rc1
• c0d171f test: use the reconnect event of the Manager
• 9c7a48d test: use the complete export name
• 4bd5b23 feat: throw upon reserved event names

See the full diff

Package name: testem

The new version differs by 250 commits.

• 528972b 3.7.0
• 196d9de Merge pull request Bump ember-auto-import from 2.6.1 to 2.6.3 adopted-ember-addons/ember-electron#1449 from testem/dependabot/npm_and_yarn/mustache-4.2.0
• 0737396 Bump mustache from 3.0.0 to 4.2.0
• 85ea992 Merge pull request Bump @babel/eslint-parser from 7.22.9 to 7.22.10 adopted-ember-addons/ember-electron#1556 from testem/dependabot/npm_and_yarn/sinon-14.0.0
• 260d73a Merge pull request Bump @babel/core from 7.22.9 to 7.22.10 adopted-ember-addons/ember-electron#1555 from testem/dependabot/npm_and_yarn/eslint-8.15.0
• 7571b2b build(deps-dev): bump sinon from 13.0.2 to 14.0.0
• 20ac70e build(deps-dev): bump eslint from 8.14.0 to 8.15.0
• 88fc78a Merge pull request Missing docs adopted-ember-addons/ember-electron#1553 from testem/dependabot/npm_and_yarn/express-4.18.1
• bcb18cc Merge pull request Bump eslint-config-prettier from 8.10.0 to 9.0.0 adopted-ember-addons/ember-electron#1554 from testem/dependabot/github_actions/nick-invision/retry-2.7.0
• f1f39e8 build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0
• 2643775 build(deps): bump express from 4.17.3 to 4.18.1
• 5ea94cf Merge pull request Bump eslint-config-prettier from 8.8.0 to 8.9.0 adopted-ember-addons/ember-electron#1548 from testem/dependabot/npm_and_yarn/eslint-8.14.0
• 8ac2bf3 build(deps-dev): bump eslint from 8.13.0 to 8.14.0
• 40b9744 Merge pull request Bump eslint from 8.45.0 to 8.46.0 adopted-ember-addons/ember-electron#1549 from testem/dependabot/npm_and_yarn/npmlog-6.0.2
• e3243fa build(deps): bump npmlog from 6.0.1 to 6.0.2
• 9d90087 Merge pull request Bump sass from 1.64.1 to 1.64.2 adopted-ember-addons/ember-electron#1550 from testem/dependabot/npm_and_yarn/socket.io-4.5.0
• eddfd15 build(deps): bump socket.io from 4.4.1 to 4.5.0
• 5ee71e9 Merge pull request Bump eslint-config-prettier from 8.9.0 to 8.10.0 adopted-ember-addons/ember-electron#1551 from testem/dependabot/npm_and_yarn/socket.io-client-4.5.0
• c383ba7 chore: limit sauce concurrency
• 1499559 build(deps-dev): bump socket.io-client from 4.4.1 to 4.5.0
• 2f2f79d Merge pull request Bump execa from 5.1.1 to 7.2.0 adopted-ember-addons/ember-electron#1547 from testem/dependabot/npm_and_yarn/sinon-13.0.2
• 4da7c64 build(deps-dev): bump sinon from 13.0.1 to 13.0.2
• 2f1d812 Merge pull request Bump stylelint from 15.10.1 to 15.10.2 adopted-ember-addons/ember-electron#1543 from testem/dependabot/npm_and_yarn/eslint-8.13.0
• cb65246 Merge pull request Bump sass from 1.63.6 to 1.64.0 adopted-ember-addons/ember-electron#1544 from testem/dependabot/npm_and_yarn/eslint-plugin-mocha-10.0.4

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn