[Snyk] Fix for 12 vulnerabilities

[mathild3r]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • cyclic-dep/package.json
  • cyclic-dep/package-lock.json
  • cyclic-dep/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: term-ng

The new version differs by 7 commits.

• a11fabc Update package
• cf77189 Update module
• fae702f Fix eslint
• 9db51a4 Merge branch 'greenkeeper/truwrap-0.8.0' of https://github.com/MarkGriffiths/term-ng into develop
• 8a83288 fix(package): update truwrap to version 0.8.0
• e430e29 Merge branch 'master' into develop
• d4554d0 Merge branch 'release/v0.8.1'

See the full diff

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#192)
• 132b7ce Remove a project from "Users" section ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output ([Snyk(Unlimited)] Upgrade from thebespokepixel/meta to thebespokepixel/meta snyk-fixtures/npm-lockfiles#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#174)
• ccaf686 Update dependencies

See the full diff

Package name: yargs

The new version differs by 100 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1330)
• c294d1b test: accept differently formatted output ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#1320)
• 0295132 fix: address issues with dutch translation ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1316)
• 9f2468e doc: clarify parserConfiguration object structure ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1308)
• 14920d1 docs: remove --save option as it isn't required anymore ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn