[Snyk] Fix for 8 vulnerabilities

[Richienb]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: js-yaml

The new version differs by 16 commits.

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request Grey AppVeyor "vendor: unresponsive" badges badges/shields#480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• 99c0bf9 Fix for issue Isolating makeImage in a domain badges/shields#468 includes passing test (Moving text width measure to it's own function, with cache badges/shields#469)
• b6d2609 3.12.1 released
• 7b68122 Browser files rebuild
• 784d1d0 Add "noArrayIndent" option (Suggestion: Visual Studio Gallery downloads badges/shields#461)
• 00bba11 Fix description of onWarning (Suggestion: also detect variations in license-file names in GitHub repos, such as LICENSE.md badges/shields#460)
• 2d1fbed Travis-CI: increase tests timeout

See the full diff

Package name: jsonpath

The new version differs by 7 commits.

• c1dd8ec version 1.1.1
• 1303356 upgrade underscore dependency version
• eafa80c version 1.1.0
• c125a0c Merge pull request img.shields.io is down!  badges/shields#123 from chris-branch/master
• 778bc1e version 1.0.2
• 7fbf022 make jison a dev dependency and better support imports
• 9fec3fa Bug fix for permissions issue during global installs

See the full diff

Package name: redis

The new version differs by 142 commits.

• fc28860 Bump version to 3.1.1 ([Vaadin Directory] Changed URI field star to stars badges/shields#1597)
• 2d11b6d fix Heads-up about the new PyPI badges/shields#1569 - improve monitor_regex (Add circleci logo badges/shields#1595)
• 7e77de8 Add Chat (Failing to fetch when endpoint doesn't end in .json badges/shields#1594)
• 5d3e995 Merge branch 'master' of https://github.com/NodeRedis/node-redis
• b797cf2 add user to README.md
• 79f34c2 Bump version to 3.1.0 ([appveyor] Error handling in BaseService badges/shields#1590)
• 7fdc54e fix for 428e1c8a7b2322c2650294638cb1663ac5692728 - fix auth retry when redis is in loading state
• 09f0fe8 "fix" tests
• 428e1c8 Add support for Redis 6 `auth pass [user]` ([hhvm] #1499 - update hhvm service badges/shields#1508)
• bb208d0 Add codeclimate badge (Update query-string to the latest version 🚀 badges/shields#1572)
• 47e2e38 Exclude examples from deepsource (Searches with regex control characters should not crash badges/shields#1579)
• fbca5cd Upgrade node and dependencies (search crashes on website if search for c++ badges/shields#1578)
• 2188744 Create codeql-analysis.yml (Hitting JSON endpoint with valid "style" param causes timeout and 5xx error badges/shields#1577)
• 32861b5 Create .deepsource.toml (Do not rate limit in dev badges/shields#1574)
• 2a34d41 Add LGTM badge (Shippable badge colors not changing badges/shields#1571)
• 69b7094 Workflows fixes (Support Visual Studio Team Service Release Badge badges/shields#1570)
• 49c4131 Merge pull request Travis service tests from tutorial badges/shields#1531 from marnikvde/improve-docs
• 3c8ff5c Merge branch 'master' into improve-docs
• 685a72d Merge pull request [npm node] support for custom npm registry badges/shields#1277 from dcharbonnier/patch-1
• 055f5c5 Merge branch 'master' into patch-1
• c78b6d5 Merge pull request logo data uri encoding badges/shields#1527 from heynikhil/patch-1
• 53f1468 Merge branch 'master' into patch-1
• 232f191 Merge pull request Move service tests alongside code badges/shields#1563 from lebseu/patch-1
• e4cb073 Update README.md

See the full diff

Package name: xmldom

The new version differs by 160 commits.

• f763b00 xmldom version 0.5.0
• d4201b9 Merge pull request from GHSA-h6q6-9hqw-rwfv
• a4d717c Update MDN links in readme.md (Cached badges using shields.io API 404 on GitHub badges/shields#188)
• e984b3f Update @ stryker-mutator/core -> ^4.4.1 - devDependencies ([CocoaPods] Added CocoaPods license and platform badges badges/shields#184)
• c762161 Update stryker monorepo (major) (CocoaPods version integration badges/shields#140)
• fd47c51 Fix breaking preprocessors' directives when parsing attributes (Adds puppet forge (versioning) support. badges/shields#171)
• baa67f5 Update xmltest -> ^1.5.0 - devDependencies (Coveralls apiUrl use badge subdomain badges/shields#182)
• 64c7388 fix(dom): Escape `]]>` when serializing CharData (I am getting tag:invalid badges badges/shields#181)
• b73a965 Update eslint-config-prettier -> ^7.2.0 - devDependencies (Add NuGet download count badges/shields#179)
• 21bc17e Switch to (only) MIT license (Add TeamCity code coverage badges/shields#178)
• ad773c9 test: Use toBe/toStrictEqual instead of toEqual (Packagist version badge outdated badges/shields#175)
• 23608d9 chore: Add karfau as contributor (PNG background is white, not transparent badges/shields#177)
• dbd2171 Export DOMException; remove custom assertions; etc. (Add appveyor support badges/shields#174)
• 8698e6b Update eslint-config-prettier -> 7 - devDependencies (Fix Gemnasium's devDependencies badge badges/shields#165)
• 7aa75c7 Update nodemon -> ^2.0.7 - devDependencies (Get latest GitHub release by creation dates comparison badges/shields#170)
• 8236db1 build(deps): bump node-notifier from 8.0.0 to 8.0.1 (GitHub Release Parsing badges/shields#169)
• 484005e Update eslint -> ^7.18.0 - devDependencies (Support for Bower badges/shields#162)
• c33b2f5 Update eslint-plugin-prettier -> ^3.3.1 - devDependencies (Adds TeamCity CodeBetter build badge badges/shields#164)
• 5d13108 Update actions/setup-node action -> 2 - action (Add total downloads for Packagist badges/shields#167)
• 7f32da6 Update prettier -> ^2.2.1 - devDependencies (Coveralls.io shield showing "vendor unresponsive", actual badge present badges/shields#163)
• d4040a7 build(deps): bump ini from 1.3.5 to 1.3.8 (Fix typo in README.md badges/shields#166)
• f7b44d9 Update eslint -> ^7.12.1 - devDependencies (Add a badge for Chef cookbooks badges/shields#157)
• 7493052 Update jest -> ^26.6.3 - devDependencies (GitHub Releases Broken badges/shields#161)
• 2107a91 Update jest -> ^26.6.2 - devDependencies (add templates support and new flat style option badges/shields#159)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection
🦉 Arbitrary Code Injection
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn