[Snyk] Fix for 7 vulnerabilities

[LogGame-HU-DEaN]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: canvas

The new version differs by 225 commits.

• 8707f3d v2.8.0
• 5b5140e Add Node.js 16 to CI, remove 15
• 2bf76b5 export type NodeCanvasRenderingContext2D
• 0b49442 Update changelog to reflect previous commit
• c166443 Add ctx2d.setTransform(mat) overload
• 2f84eee Add ctx2d.getTransform() function
• d107c04 Update changelog to reflect previous commit
• 234e659 Fix text actualBoundingBoxLeft and actualBoundingBoxRight measures by using ink_rect instead of logical_rect
• e4f901c Loosen text measurement expectation.
• 12e671d Fix crash if exception thrown from onload/onerror
• 8cd191c Update changelog
• 6fae569 Use node pre gyp v1
• 7a84fc5 Fix always-false comparison warning in Canvas.cc in Node 15+
• 646b605 Update changelog
• b549ab6 Fix Windows CI build, add Node.js v15
• f8305fb Fix dtslint failing in CI
• 547b050 Fix dangling reference in BackendOperationNotAvailable exception.
• beaee39 add Dockerfile for linux prebuild image
• e476656 Added stride to the Typescript typings
• 41d1c99 Fix PNG stream method name in benchmark (fixes #1672)
• 595d559 Add invertSelf to the DOMMatrix object (#1649)
• 5054b7b translate "sans-serif" to "sans" for Pango
• 58bc728 v2.7.0
• e8ad788 Switch prebuild trigger to manual

See the full diff

Package name: googleapis

The new version differs by 139 commits.

• 7e3d978 Release v37.0.0 (#1568)
• ecb2c28 build: check for 404s in the docs (#1562)
• d49aa49 docs: run the docs command (#1566)
• d1af168 feat: run the generator (#1564)
• 9ccda50 chore(deps): update dependency eslint-config-prettier to v4 (#1565)
• 73f8f9c docs: specify gaxios over axios (#1558)
• 7f7f3cf fix(deps): update dependency googleapis-common to ^0.7.0 (#1560)
• c62efb1 docs(samples): add people samples for get & create contacts (#1543)
• 2ad63f6 feat: webpack support for all APIs (#1554)
• d8ba2ac fix(deps): update googleapis-common and google-auth-library (#1556)
• 9742db3 feat: generating webpackable packages (#1547)
• e70272c fix(generator): convert method names to camelCase (#1552)
• 8d9c5d9 docs: fix typo in README.md (#1549)
• de464c0 feat: run the generator (#1541)
• 7e07d11 docs: improve the compute sample in the README (#1537)
• 47056e9 docs(samples): rework the compute list vms sample (#1534)
• 3b612fc fix(test): fix the revoke token test (#1532)
• 4115c0f chore(deps): update dependency typedoc to ^0.14.0 (#1527)
• c61e14d docs: correct the README (#1522)
• 438979a docs: use blogger to demonstrate key authentication (#1519)
• f6edb8e chore: update license file and metadata (#1504)
• 230bb64 chore(build): inject yoshi automation key (#1503)
• 443662e chore: update nyc and eslint configs (#1502)
• 413d9ca chore: fix publish.sh permission +x (#1499)

See the full diff

Package name: i18next-node-fs-backend

The new version differs by 33 commits.

• 41d4166 update changelog
• ccffd22 Merge pull request Lyrics/genius command SwitchbladeBot/switchblade#238 from ceastman-ibm/patch-1
• 67ee4c2 Update js-yaml to a non vulnerable version
• 26e20ac rebuild
• 13157e2 Merge pull request Fix noBetValue string SwitchbladeBot/switchblade#237 from felixmosh/fix-236
• 229a7f1 Bump dep versions due to DOS vulnerability
• 0056a49 Merge pull request Ability to disable commands in channels/categories SwitchbladeBot/switchblade#233 from ffflorian/patch-1
• 714e078 Add repository to package.json
• 7e946e7 rebuild
• 1122cb7 Merge pull request Netoland Command SwitchbladeBot/switchblade#230 from jonathanz/patch-1
• 14844ac fix [ReferenceError: language is not defined]
• 6135a7f update version
• 07ac0af rebuild
• 7952dec Merge pull request c!mal „Studios” not used when multiple Studios are present SwitchbladeBot/switchblade#226 from lovro-bikic/master
• 6854cc4 update addPath to support functions and paths
• f061442 change `var` to `let` in src
• 19b5b0d fix dependencies
• cfdc02c transpile to ES5
• ca9f110 run build script
• 4e1afb2 update loadPath to support functions as parameters
• 479ac5f update travis target
• 97d8d7a remove dep
• bd52d90 remove cson parser, adds option.parse for custom parsing
• 209127a Update README.md

See the full diff

Package name: mal-scraper

The new version differs by 123 commits.

• 851a0d6 Fix tests
• 7a3d7ab v2.13.0
• 7769bc3 Lint
• a08915e Major change: Removed all related to official Api method. (XKCD commands + #115 fix SwitchbladeBot/switchblade#113)
• 00cfe65 Fix single genre parsing (XKCD command SwitchbladeBot/switchblade#111)
• 0fc8772 Added Support for Manga to getInfoFromName() and getResultsFromSearch() (Fix volume set SwitchbladeBot/switchblade#102)
• 79a148a 2.12.1
• 60676ee Merge pull request "Is It Up" command SwitchbladeBot/switchblade#106 from Aeden-B/dev
• 40ce926 Updated tests
• 1289c51 Merge pull request Economy changes SwitchbladeBot/switchblade#104 from Aeden-B/dev
• ab75d87 Update types
• 015b898 Removed test only
• c006498 2.12.0
• d115cb8 Updated tests
• bf6d776 Merge pull request Halp command SwitchbladeBot/switchblade#97 from StavrosNik4/dev
• c03ad6c Merge pull request E621 Command SwitchbladeBot/switchblade#93 from Aeden-B/dev
• 8b1b5b1 getUser() testing done
• 753f27c added location attribute
• 483c387 user testing draft
• d7d83ae Merge remote-tracking branch 'origin/dev' into dev
• 6fb0569 fixed a typo
• 9f80af1 Add status parameter for getWatchListFromUser
• f832492 Merge pull request Command loading failure messages SwitchbladeBot/switchblade#85 from StavrosNik4/dev
• b6351c6 documentation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn