[Snyk] Fix for 111 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint-plugin-markdown/node_modules/parse-entities/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	804/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
	794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Improper Access Control SNYK-JS-ELECTRON-1049321	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Improper Input Validation SNYK-JS-ELECTRON-1049323	Yes	No Known Exploit
	665/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1049547	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Use After Free SNYK-JS-ELECTRON-1050424	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1050427	Yes	No Known Exploit
	751/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-ELECTRON-1064555	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064558	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1064561	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1065981	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Insufficient Validation SNYK-JS-ELECTRON-1070014	Yes	No Known Exploit
	464/1000 Why? Has a fix available, CVSS 5	Use After Free SNYK-JS-ELECTRON-1070015	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Heap Buffer Overflow SNYK-JS-ELECTRON-1085647	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1085994	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Out-of-Bounds SNYK-JS-ELECTRON-1085996	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-ELECTRON-1085998	Yes	No Known Exploit
	655/1000 Why? Has a fix available, CVSS 8.6	Out-of-Bounds SNYK-JS-ELECTRON-1086693	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-ELECTRON-1086694	Yes	No Known Exploit
	655/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JS-ELECTRON-1086695	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1087442	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
	619/1000 Why? Has a fix available, CVSS 8.1	Insecure Defaults SNYK-JS-ELECTRON-1088602	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1252280	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253279	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1253281	Yes	No Known Exploit
	876/1000 Why? Mature exploit, Has a fix available, CVSS 9.8	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1258207	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1259349	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-JS-ELECTRON-1260586	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Out-of-bounds Read SNYK-JS-ELECTRON-1261111	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1277203	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow SNYK-JS-ELECTRON-1277205	Yes	No Known Exploit
	465/1000 Why? Has a fix available, CVSS 4.8	Improper Input Validation SNYK-JS-ELECTRON-1277526	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Out Of Bounds Read SNYK-JS-ELECTRON-1278596	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296553	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296555	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296557	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1296561	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Race Condition SNYK-JS-ELECTRON-1296563	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296565	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312313	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1312315	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
	529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1313767	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1314896	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1315151	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1533614	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534881	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1534882	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
	550/1000 Why? Has a fix available, CVSS 6.5	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1534884	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Use After Free SNYK-JS-ELECTRON-1536579	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1536587	Yes	No Known Exploit
	694/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Out-of-Bounds SNYK-JS-ELECTRON-1585619	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-1586050	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Buffer Overflow SNYK-JS-ELECTRON-1656742	Yes	No Known Exploit
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
	590/1000 Why? Has a fix available, CVSS 7.3	Out-of-Bounds SNYK-JS-ELECTRON-1656745	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Access Restriction Bypass SNYK-JS-ELECTRON-1656746	Yes	No Known Exploit
	694/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-ELECTRON-1727344	Yes	Mature
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Sandbox Bypass SNYK-JS-ELECTRON-1731315	Yes	Proof of Concept
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1910987	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-1910988	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Improper Access Control SNYK-JS-ELECTRON-1910991	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-1912074	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912084	Yes	No Known Exploit
	754/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-564272	Yes	No Known Exploit
	/1000 Why?	Heap Overflow SNYK-JS-ELECTRON-565051	Yes	No Known Exploit
	/1000 Why?	Out-of-bounds Read SNYK-JS-ELECTRON-565052	Yes	No Known Exploit
	/1000 Why?	Improper Access Control SNYK-JS-ELECTRON-565362	Yes	No Known Exploit
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-565366	Yes	No Known Exploit
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-565368	Yes	No Known Exploit
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-565441	Yes	No Known Exploit
	/1000 Why?	Buffer Underflow SNYK-JS-ELECTRON-565488	Yes	No Known Exploit
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-565490	Yes	No Known Exploit
	/1000 Why?	Use After Free SNYK-JS-ELECTRON-565494	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-565571	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Use After Free SNYK-JS-ELECTRON-565705	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use After Free SNYK-JS-ELECTRON-565709	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Site Isolation Bypass SNYK-JS-ELECTRON-565713	Yes	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept
	/1000 Why?	Arbitrary File Read SNYK-JS-ELECTRON-575393	Yes	No Known Exploit
	/1000 Why?	Privilege Escalation SNYK-JS-ELECTRON-575394	Yes	No Known Exploit
	/1000 Why?	Privilege Escalation SNYK-JS-ELECTRON-575395	Yes	No Known Exploit
	/1000 Why?	Privilege Escalation SNYK-JS-ELECTRON-575396	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dtslint

The new version differs by 2 commits.

• 9c56a82 Update npm naming ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #269)
• c859e21 2.0.6 - remove request dependency

See the full diff

Package name: tape-run

The new version differs by 8 commits.

• ee4654e 9.0.0
• 57adc5f Bump browser-run to support sandbox option. Closes [Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #82
• ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade mocha from 8.2.1 to 9.2.2 #81)
• 31de6f9 8.0.0
• 20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #80)
• e93c616 travis: update node versions
• 463bed9 7.0.0
• e032edb bump browser-run to 7.0.1

See the full diff

Package name: tinyify

The new version differs by 4 commits.

• c89d203 3.0.0
• ddd0319 use envify from npm
• 6e40ab5 bump minify-stream
• a1c4650 add coc

See the full diff

Package name: xo

The new version differs by 145 commits.

• ab16df2 0.42.0
• de55a03 Upgrade dependencies
• 34800b7 Upgrade `globby` ([Snyk] Fix for 1 vulnerabilities #574)
• f81e933 Re-enable `import/newline-after-import` rule
• 47af93e 0.41.0
• af93e79 Upgrade dependencies
• 0733cc5 Fix code style ([Snyk] Security upgrade eslint from 5.16.0 to 7.0.0 #570)
• ab17a3c Lint `.cjs` files in codebase ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #569)
• 0a752c7 Update dependencies ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #568)
• 41c8f39 Convert project to module ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #566)
• b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
• 2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Security upgrade jest from 24.9.0 to 25.0.0 #565)
• 41f0484 0.40.3
• 374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Security upgrade eslint from 6.8.0 to 7.0.0 #561)
• 3e7b77c Remove some needless imports ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #560)
• 6adf459 Remove `update-notifier`
• b6389ef 0.40.2
• 7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #557)
• 7629ce0 0.40.1
• d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
• e9c96a1 Properly handle `parserOptions` ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #544)
• 8e1801c Avoid destructuring and just build the expected object once ([Snyk] Security upgrade xo from 0.27.2 to 0.41.0 #538)
• 4cfdc72 Fix CI
• 56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Access Control
🦉 Arbitrary File Read
🦉 More lessons are available in Snyk Learn