[Snyk] Upgrade: lodash, anymatch, async, chokidar, decompress-zip, fs-extra, semver, request, temp, ws

[girgunta]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

lodash
from 4.17.15 to 4.17.21 | 6 versions ahead of your current version | 4 years ago
on 2021-02-20
anymatch
from 1.3.0 to 1.3.2 | 1 version ahead of your current version | 7 years ago
on 2017-07-27
async
from 2.1.4 to 2.6.4 | 11 versions ahead of your current version | 2 years ago
on 2022-04-13
chokidar
from 1.6.1 to 1.7.0 | 1 version ahead of your current version | 7 years ago
on 2017-05-08
decompress-zip
from 0.3.0 to 0.3.3 | 3 versions ahead of your current version | 4 years ago
on 2021-01-11
fs-extra
from 2.0.0 to 2.1.2 | 3 versions ahead of your current version | 7 years ago
on 2017-03-16
semver
from 5.3.0 to 5.7.2 | 8 versions ahead of your current version | a year ago
on 2023-07-10
request
from 2.79.0 to 2.88.2 | 10 versions ahead of your current version | 5 years ago
on 2020-02-11
temp
from 0.8.3 to 0.9.4 | 5 versions ahead of your current version | 4 years ago
on 2020-11-10
ws
from 0.4.32 to 0.8.1 | 12 versions ahead of your current version | 9 years ago
on 2015-11-29

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-ASYNC-2441827	696	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSZIP-73598	696	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	696	Proof of Concept

Release notes

Package name: lodash

• 4.17.21 - 2021-02-20
  

  Bump to v4.17.21

• 4.17.20 - 2020-08-13
  

  Bump to v4.17.20.

• 4.17.19 - 2020-07-08
  

  Bump to v4.17.19

• 4.17.18 - 2020-07-08
• 4.17.17 - 2020-07-08
• 4.17.16 - 2020-07-08
  

  Rebuild lodash and docs

• 4.17.15 - 2019-07-19
  

  4.17.15

from lodash GitHub release notes

Package name: anymatch

• 1.3.2 - 2017-07-27
  
  • Fix a compatibility issue with older versions of IE
  • Normalize backslashes in paths before testing against user-defined function matchers
• 1.3.0 - 2015-04-22

from anymatch GitHub release notes

Package name: async

• 2.6.4 - 2022-04-13
  

  Version 2.6.4

• 2.6.3 - 2019-07-14
  

  Version 2.6.3

• 2.6.2 - 2019-02-12
• 2.6.1 - 2018-05-21
• 2.6.0 - 2017-11-07
• 2.5.0 - 2017-06-25
• 2.4.1 - 2017-05-22
• 2.4.0 - 2017-04-29
• 2.3.0 - 2017-04-02
• 2.2.0 - 2017-03-25
• 2.1.5 - 2017-02-19
• 2.1.4 - 2016-11-22

from async GitHub release notes

Package name: chokidar

• 1.7.0 - 2017-05-08
• 1.6.1 - 2016-10-14

from chokidar GitHub release notes

Package name: decompress-zip

• 0.3.3 - 2021-01-11
  

  #71: default external file attributes to File for Unix

• 0.3.2 - 2019-01-17
  

  Bump to 0.3.2

• 0.3.1 - 2018-03-26
  

  0.3.1

• 0.3.0 - 2016-04-01
  

  Bump to 0.3.0 and add changelog

from decompress-zip GitHub release notes

Package name: fs-extra

• 2.1.2 - 2017-03-16
• 2.1.1 - 2017-03-15
• 2.1.0 - 2017-03-15
• 2.0.0 - 2017-01-16

from fs-extra GitHub release notes

Package name: semver

• 5.7.2 - 2023-07-10
  

  5.7.2 (2023-07-10)

  Bug Fixes

  • 2f8fd41 #585 better handling of whitespace (#585) (@ joaomoreno, @ lukekarrys)
• 5.7.1 - 2019-08-12
• 5.7.0 - 2019-03-26
• 5.6.0 - 2018-10-10
• 5.5.1 - 2018-08-17
• 5.5.0 - 2018-01-16
• 5.4.1 - 2017-07-24
• 5.4.0 - 2017-07-24
• 5.3.0 - 2016-07-14

from semver GitHub release notes

Package name: request

• 2.88.2 - 2020-02-11
• 2.88.0 - 2018-08-10
  

  2.88.0

• 2.87.0 - 2018-05-21
  

  2.87.0

• 2.86.0 - 2018-05-15
  

  2.86.0

• 2.85.0 - 2018-03-12
  

  2.85.0

• 2.84.0 - 2018-03-12
  

  2.84.0

• 2.83.0 - 2017-09-27
• 2.82.0 - 2017-09-19
• 2.81.0 - 2017-03-09
• 2.80.0 - 2017-03-04
• 2.79.0 - 2016-11-18

from request GitHub release notes

Package name: temp

• 0.9.4 - 2020-11-10
  No content.
• 0.9.2 - 2020-10-26
  

  v0.9.2

• 0.9.1 - 2019-10-30
  No content.
• 0.9.0 - 2018-12-15
  

  Bumps version 0.9.0 and resolves minor bugs with package.

• 0.8.4 - 2019-10-30
• 0.8.3 - 2015-06-08
  

  Adds os.tmpdir() polyfill changes from sindresorhus

from temp GitHub release notes

Package name: ws

• 0.8.1 - 2015-11-29
• 0.8.0 - 2015-08-21
• 0.7.2 - 2015-05-14
• 0.7.1 - 2015-01-29
• 0.7.0 - 2015-01-22
• 0.6.5 - 2015-01-05
• 0.6.4 - 2014-12-28
• 0.6.3 - 2014-12-08
• 0.6.2 - 2014-12-06
• 0.6.1 - 2014-12-06
• 0.6.0 - 2014-12-05
• 0.5.0 - 2014-11-20
• 0.4.32 - 2014-08-06

from ws GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs