[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	651/1000 Why? Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ansi-regex

The new version differs by 24 commits.

• d908492 6.0.1
• 8d1d7cd Fix potential ReDoS ([Snyk] Fix for 1 vulnerable dependencies #37)
• c1b5e45 6.0.0
• 1b337ad Require Node.js 12 and move to ESM
• 178363b Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #35)
• 0755e66 Add @ Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition ([Snyk] Fix for 1 vulnerable dependencies #32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• a079ab2 4.1.0
• 96200bb Support more escape types like links ([Snyk-local] Fix for 34 vulnerable dependencies #29)
• e076cd1 Add Tidelift mention in the readme
• a1d9246 4.0.0
• ced7421 Require Node.js 6
• eac826a Add option to only match the first occurrence ([Snyk] Fix for 2 vulnerable dependencies #24)
• 385eca9 Add scroll escapes ([Snyk] Fix for 14 vulnerable dependencies #20)
• 14839a4 Add failing test for [Snyk] Fix for 12 vulnerable dependencies #21 ([Snyk] Fix for 2 vulnerable dependencies #22)
• 0a8cc19 3.0.0
• d9d806e Minor tweaks
• 69bebf6 Support urxvt escapes ([Snyk] Fix for 1 vulnerable dependencies #13)
• 3dff5e7 Use Map instead of Object for the fixtures
• baacbab Require Node.js 4 and meta tweaks

See the full diff

Package name: cli-truncate

The new version differs by 20 commits.

• 42f602d 3.0.0
• 38ea95c Require Node.js 12.20 and move to ESM
• 0c2e152 Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #16)
• 2f422c1 2.1.0
• c7369b8 Update dependencies
• 09870e1 Tidelift tasks
• 4ded8c0 2.0.0
• d474918 Meta tweaks
• baf4461 Add `preferTruncationOnSpace` option ([Snyk-local] Fix for 1 vulnerable dependencies #11)
• 21f9d9b Create funding.yml
• 5744234 Add Node.js 12 to testing ([Snyk] Fix for 1 vulnerable dependencies #14)
• 7e0c356 Add `space` option ([Snyk-local] Fix for 1 vulnerable dependencies #10)
• 21df450 Meta tweaks
• 1c65dfa Add TypeScript definition ([Snyk] Fix for 1 vulnerable dependencies #13)
• 27ed208 Require Node.js 8
• 94f2697 1.1.0
• a437535 Meta tweaks
• f379a0e Add support for fullwidth characters and Unicode surrogate pairs ([Snyk] Fix for 5 vulnerable dependencies #6)
• 4da60e7 1.0.0
• bd8025b ES2015ify and require Node.js 4

See the full diff

Package name: has-ansi

The new version differs by 17 commits.

• 525ed42 5.0.0
• 05a4012 Require Node.js 12 and move to ESM
• 43ec17d 4.0.1
• 709af08 Small performance improvement when creating the RegExp ([Snyk] Fix for 1 vulnerable dependencies #4)
• 5a232db Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #3)
• 13f3217 Add @ Qix- to funding.yml
• e0482ff 4.0.0
• 5922c60 Require Node.js 8
• cc62ac2 Tidelift tasks
• 5b1f1e1 3.0.0
• 7ba9550 Bump ansi-regex
• 4a130d3 Require Node.js 4
• d4c3315 Updates maintainer email.
• 82a887c update tests for latest AVA version
• 8265d04 add XO
• 77fd627 added Qix as maintainer
• 4d4def8 update references to new org

See the full diff

Package name: license-checker

The new version differs by 20 commits.

• 890ca17 changelog
• f243287 23.0.0
• ec185c5 Merge pull request [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #178 from jonny-improbable/fix/filtering
• 67fcdce Merge pull request [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #175 from jonny-improbable/patch-1
• f2c6611 Fixes [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #177, --packages and --excludePackages filtering
• 0a598df Improve --onlyAllow violation Error
• ee723af changes
• bd398c3 22.0.0
• f066efa Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.11 #172 from fzaninotto/exclude-packages
• 014fd96 added changes
• d75fe43 21.0.0
• 05cb221 [Fixes [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #174] - Moved private and unknown detection above filtering
• b1d5700 Add an excludePackages option
• 231bd3f updated readme
• 6c61a7b changelog
• 28dc521 20.2.0
• 58ccc0b Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 #169 from codepunkt/restrict_packages
• 5e4b274 refactor: restore previous code style
• ed25d68 test: add test for --packages flag
• 0f53922 feat: allow restricting output to specified packages

See the full diff

Package name: listr

The new version differs by 16 commits.

• edbba65 0.14.2
• f5d0b0d Remove unused dependencies
• 69ad1d4 Fix tests
• b53c439 Meta tweaks
• b3d4abe Drop support for Node.js <= 4 ([Snyk-local] Fix for 38 vulnerable dependencies #99)
• 5880368 0.14.1
• 0e3d740 Pin XO for Node.js 4
• e422755 Test Node.js 10
• d6a722f Fix `is-observable` detection for RxJS@6
• 4e41f98 Fix linting and example
• bee2889 Remove is-observable due to issues with RxJS@6
• 447e8d1 Upgrade stream-to-observable@0.3.0 - fixes [Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #91
• b295525 0.14.0
• 42f38c2 refactor(lib): Cleanup linter errors
• 44cb4db fix(deps): Add support for RxJS 6
• d28fb95 Remove unused dependency ([Snyk] Upgrade qs from 0.0.6 to 0.6.6 #82)

See the full diff

Package name: mongodb-js-fmt

The new version differs by 7 commits.

• c6eb112 0.0.4
• 4045480 Sunsetting this project
• 2376730 chore(package): update dependencies ([Snyk] Fix for 1 vulnerable dependencies #3)
• 244ded0 Update package.json with correct github url ([Snyk] Fix for 2 vulnerable dependencies #2)
• da67a88 Update travis.yml to node_js 4 from iojs-v2.3.4 ([Snyk-local] Fix for 14 vulnerable dependencies #1)
• 453ab45 💚
• d26536f 👕

See the full diff

Package name: postcss-calc

The new version differs by 80 commits.

• cefd2c3 8.0.0
• 44847c3 Update dependencies
• 6826ba5 update: use PostCSS 8 API. ([Snyk(Unlimited)] Upgrade undefsafe from 1.3.1 to 1.3.1 #125)
• f16d55c chore(release): 7.0.5
• 5621761 fix: reduction([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #121)
• 111a48d 7.0.4
• 9807c5e Correctly handle summands that cancel out and pull out common factors
• 7a3bc58 chore(release): 7.0.3
• 0282bdc fix: substracted css-variable from zero ([Snyk] Fix for 1 vulnerable dependencies #111)
• 295b1df Bump acorn from 6.1.1 to 6.4.1 ([Snyk-dev] Fix for 1 vulnerable dependencies #105)
• bcae630 7.0.2
• 5fcc943 Update dependencies ([Snyk] Fix for 1 vulnerable dependencies #102)
• 6260789 fix: incorrect reduction of subtraction from zero ([Snyk-local] Fix for 38 vulnerable dependencies #88) ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #93)
• 29ff26e refactor: reducer
• 0f01794 refactor: reducer
• d71d9cf fix: doesn't remove calc for single function
• b5e20dc refactor: parser ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #86)
• b91c6e9 feat: relax parser on unknown units ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #85)
• 69a3ca0 refactor: convert unit utils ([Snyk] Upgrade qs from 0.0.6 to 0.6.6 #84)
• 1cd2c5f fix: handle numbers with exponen composed ([Snyk] Upgrade node-uuid from 1.4.0 to 1.4.8 #83)
• c4db282 test: comments ([Snyk] Upgrade qs from 0.0.6 to 0.6.6 #82)
• 112178b ci: add node@10 ([Snyk] Upgrade node-uuid from 1.4.0 to 1.4.8 #81)
• 5e55420 test: newline ([Snyk] Fix for 1 vulnerable dependencies #80)
• 016a444 fix: handle plus sign before value ([Snyk] Fix for 13 vulnerable dependencies #79)

See the full diff

Package name: set-value

The new version differs by 34 commits.

• 17ac6b7 lint
• b057b1b Merge pull request [Snyk] Fix for 1 vulnerable dependencies #33 from ready-research/ready-research-Prototype-Pollution
• 383b72d Security Fix for Prototype Pollution
• 010f017 4.0.0
• 772e8f4 Merge pull request [Snyk-local] Fix for 34 vulnerable dependencies #29 from jonschlinkert/dev
• 599bccc fix node versions
• 2456e62 remove observables tests
• c4eb609 refactor
• a68f550 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #26 from petermorlion/array-support
• 0dc7ff3 Merge branch 'master' into array-support
• fb3e52d Merge pull request [Snyk] Fix for 2 vulnerable dependencies #24 from dkebler/setter-observable
• 8a69dfe Merge branch 'master' into setter-observable
• db9602f Merge pull request [Snyk] Fix for 2 vulnerable dependencies #22 from zeidoo/master
• 042bb56 Merge pull request [Snyk-local] Fix for 1 vulnerable dependencies #18 from abetomo/remove_sudo_settings_from_travis_yml
• f37500e Add support for arrays
• 4952147 swap missing parent assignment of {} to after last target check to avoid extraneous assignment and support setter with observable
• 6169f1b add support for array creation
• 8353e4d 3.0.2
• 310e95d run verb to generate README documentation
• dbce32f add test for PR [Snyk] Fix for 12 vulnerable dependencies #21
• 236f797 Merge pull request [Snyk] Fix for 12 vulnerable dependencies #21 from GlennKintscher/master
• 8deb5b1 Fix incorrect behavior for keys ending with a dot
• a5cb39c Remove sudo settings from .travis.yml
• e909d1f 3.0.1

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request [Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 #2105 from snyk/feat/webpack
• 7737f75 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request [Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request [Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 #2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 #2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 #2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 #2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 #2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 #2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request [Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 #2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 #2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request [Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Package name: string-width

The new version differs by 32 commits.

• 89eb79a 5.0.0
• cec9757 Require Node.js 12 and move to ESM
• 8158802 4.2.2
• b319f06 Improve performance ([Snyk] Fix for 35 vulnerable dependencies #28)
• 0ba0a95 4.2.1
• a9fc011 Improve performance by performing an early exit ([Snyk] Fix for 1 vulnerable dependencies #27)
• 5ad02fe Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #25)
• 34bca56 4.2.0
• 581d345 Update to strip-ansi v6.x ([Snyk] Fix for 2 vulnerable dependencies #24)
• b91fadb Tidelift tasks
• 17d56a3 Create funding.yml
• 5f30aaf Add Node.js 12 to testing ([Snyk] Fix for 2 vulnerable dependencies #23)
• 272fccd 4.1.0
• bd785c3 Refactor TypeScript definition to CommonJS compatible export ([Snyk] Fix for 2 vulnerable dependencies #22)
• 2ca2bc7 4.0.0
• 855b046 Require Node.js 8
• bd7822c Add TypeScript definition ([Snyk] Fix for 12 vulnerable dependencies #21)
• 3b3da68 3.1.0
• 235d991 Add support for terminal link ([Snyk] Fix for 14 vulnerable dependencies #20)
• 58147d2 3.0.0
• 5b6b7ca Require Node.js 6
• 0bc308a Support emoji ([Snyk-local] Fix for 1 vulnerable dependencies #17)
• 74d8d55 2.1.1
• d0d3ccb Meta tweaks

See the full diff

Package name: strip-ansi

The new version differs by 23 commits.

• 316ff53 7.0.0
• 7cda68d Require Node.js 12 and move to ESM
• d6d1128 Add @ Qix- to funding.yml
• 601423d Move to GitHub Actions
• 0a6e98d Add Node.js 14 to testing matrix ([Snyk] Fix for 1 vulnerable dependencies #35)
• 59533da 6.0.0
• 976f459 Require Node.js 8
• 57878e2 Tidelift tasks
• a022f23 Tidelift tasks
• b9c4929 5.2.0
• 81cd3cc Meta tweaks
• 89dc7f6 Add TypeScript definition ([Snyk] Fix for 35 vulnerable dependencies #28)
• 5cb7e20 Fix readme ([Snyk] Fix for 1 vulnerable dependencies #27)
• 581fd4e 5.1.0
• 41b0a8b Add support for terminal link ([Snyk] Fix for 1 vulnerable dependencies #26)
• 841f0c4 Add security section
• dfab677 5.0.0
• 6a25566 Require Node.js 6 and upgrade dependencies
• e8d149c Add Tidelift mention in the readme
• 52dcf65 Add related streaming version of this module to the readme ([Snyk] Fix for 1 vulnerable dependencies #15)
• c299056 4.0.0
• 740dac9 Bump ansi-regex
• 0978944 Require Node.js 4

See the full diff

Package name: wrap-ansi

The new version differs by 34 commits.

• 03b1cdf 8.0.0
• 4481b21 Require Node.js 12 and move to ESM
• d08a774 Move to GitHub Actions ([Snyk] Fix for 2 vulnerable dependencies #45)
• 5c06d3a Add @ Qix- to funding.yml
• c81bf7d 7.0.0
• f96455f Require Node.js 10
• 0e49047 Support hyperlinks in supported terminals ([Snyk] Fix for 1 vulnerable dependencies #37)
• a28eb7d 6.2.0
• df8c7c3 Update to strip-ansi v6.x ([Snyk] Fix for 1 vulnerable dependencies #41)
• 9dec39e 6.1.0
• adbac70 Normalize newline characters ([Snyk] Fix for 1 vulnerable dependencies #40)
• 7bcd854 6.0.0
• 9fbf24c Require Node.js 8
• ae43658 Tidelift tasks
• bc2c5f6 Force chalk to enable color codes for testing (