[Snyk] Fix for 24 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:react-dom:20180802	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hbs

The new version differs by 88 commits.

• 7a0da80 v4.1.1
• 0647f9b deps: handlebars@4.7.6
• 3cc3455 deps: handlebars@4.7.3
• 07d4acc build: mocha@7.1.1
• 0717195 build: eslint-plugin-markdown@1.0.2
• da7edaf tests: add test for typical model usage
• a9dbdc2 build: mocha@7.1.0
• 8640b2d build: eslint@6.8.0
• 2fb94e0 build: Node.js@12.16
• 74e5568 build: Node.js@10.19
• da05674 lint: apply to readme
• 504a635 build: mocha@7.0.1
• 55df109 v4.1.0
• 54780a9 build: remove deprecated mocha.opts
• 42e5550 build: nyc@15.0.0
• 04ff393 build: mocha@7.0.0
• 57a2086 deps: handlebars@4.5.3
• 00b0449 build: Node.js@12.14
• 0d99d08 build: Node.js@10.18
• e49d614 build: Node.js@8.17
• c3f0070 build: Node.js@10.17
• b3252a3 deps: handlebars@4.4.5
• 7f9133b docs: fix history formatting
• 5b74831 build: Node.js@12.13

See the full diff

Package name: http-server

The new version differs by 86 commits.

• e6f6358 0.12.0
• fee644f fix repo urls
• cd0bbc8 SSL Certificate Checking and Grammar Fixes (Not able to select new tab opened and continue testing cypress-io/cypress-example-recipes#479)
• 3c5dfc6 Test on osx (Examples matching URL cypress-io/cypress-example-recipes#576)
• 9fa7e93 Merge pull request #575 from http-party/update-readme-badges
• 6b2fe25 test on osx
• 0f65fc6 update readme badges to use new repo
• a306ebc Merge pull request Sometimes CSS interception works, sometimes does not cypress-io/cypress-example-recipes#573 from Xmader/test-on-windows
• 9a0f64f force to use ecstatic v3.3.2 in tests (chore(deps): update dependency cypress to version 5.4.0 🌟 (minor) cypress-io/cypress-example-recipes#574)
• 5f06ac8 bump ecstatic in package.json to ^3.3.2
• f96fc99 Merge branch 'master' into test-on-windows
• c1ea830 do a hacky workaround directly to the http-server package to fix… (extend recipe to download JS and TXT files cypress-io/cypress-example-recipes#569)
• e708c79 force to install ecstatic v3.3.2 in tests
• 8028337 force to check out files with LF EOL
• 3addf09 test on Windows
• a2e7721 Merge branch 'master' into hacky-fix
• 6260536 Merge pull request chore(deps): update dependency @cypress/browserify-preprocessor to version 3.0.1 🌟 (major) - autoclosed cypress-io/cypress-example-recipes#510 from ebiiim/patch-1
• dbf4881 -t flag to control timeout (Add 'Community Recipes' table with links to other repositories using cypress cypress-io/cypress-example-recipes#295)
• 901ca49 Merge pull request Noticed that Cypress v5.1.0 broke iframe spy on fetch test cypress-io/cypress-example-recipes#557 from epugh/master
• a0db8f9 add process title (feat: Add TypeScript example. cypress-io/cypress-example-recipes#515)
• da111d6 Update travis node versions (Updated for 4.9.0 release cypress-io/cypress-example-recipes#507)
• afb8f4f Merge pull request add tests for select2 with remote data source cypress-io/cypress-example-recipes#516 from http-party/specify_engines
• de7cf70 Merge branch 'master' into update-travis-node-versions
• 1755478 Merge pull request chore: Skip broken download spec cypress-io/cypress-example-recipes#572 from Xmader/fix-tests

See the full diff

Package name: json-server

The new version differs by 79 commits.

• a703fc1 Update CHANGELOG.md
• 4d1ffa1 0.15.0
• 84b0409 Update CHANGELOG.md
• b3865fe Update CHANGELOG.md
• 8670992 Update homepage
• 13a0657 Add postinstall
• a843cf1 Update homepage
• 6da9597 Update README.md
• 5870c1c Update .travis.yml
• ddd1517 Require Node 8
• 47392e0 Upgrade dependencies
• ff9e4e2 Update dependencies
• a58af99 Use vanilla JS for the homepage
• 18e6969 Update README.md
• c491af7 Update README.md
• 03e541a Update README.md
• 596b260 Update README.md
• 93e4011 Update README.md
• d1f9940 Update README.md
• c544add Update README.md
• 96391a3 Update README.md
• 94611a0 Update README.md (#910)
• 4427141 0.14.2
• 59bac68 Merge branch 'master' of https://github.com/typicode/json-server

See the full diff

Package name: minimist

The new version differs by 13 commits.

• 6457d74 1.2.3
• 38a4d1c even more aggressive checks for protocol pollution
• 13c01a5 more failing proto pollution tests
• f34df07 1.2.2
• 67d3722 cleanup
• 63e7ed0 don't assign onto __proto__
• 47acf72 console.dir -> console.log
• 0efed03 failing test for protocol pollution
• 29783cd 1.2.1
• 6be5dae add test
• ac3fc79 fix bad boolean regexp
• 4cf45a2 Merge pull request Update fs-extra to the latest version 🚀 cypress-io/cypress-example-recipes#63 from lydell/dash-dash-docs-fix
• 5fa440e move the `opts['--']` example back where it belongs

See the full diff

Package name: morgan

The new version differs by 27 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic