[Snyk] Fix for 49 vulnerabilities

[vishaljsoni]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	Yes	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	505/1000 Why? Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-SETGETTER-1303099	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Command Injection SNYK-JS-TREEKILL-536781	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Uninitialized Memory Exposure npm:atob:20180429	Yes	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chai-http

The new version differs by 22 commits.

• a3715c4 4.4.0
• 83f4f9e build
• ce9866f Dependency updates to fix security vulnerabilities (#306)
• dbba17c ci: update npm token (Bump mongoose from 8.8.3 to 8.9.5 DavideViolante/Angular-Full-Stack#289)
• 0c2c350 docs: add badges to the README
• be1d005 ci: don't run publish-npm job unless push
• 0e78cee build(dev-deps): update semantic-release packages to latest versions
• ee4952e docs: update README examples to modern syntax
• 233118b feat: drop support for node < 10
• 04ebb3d ci: update release token (Bump mongoose from 8.7.1 to 8.8.3 DavideViolante/Angular-Full-Stack#287)
• edb5bca docs: add auth example with Bearer Token (IMPORTANT! Security Vulnerability Detected in your Repository DavideViolante/Angular-Full-Stack#282)
• 56e15ff ci: install node deps before release (Bump cookie, express and socket.io DavideViolante/Angular-Full-Stack#285)
• 55c0e80 ci: use correct `event_name` property (Remove type any in favor of generic class DavideViolante/Angular-Full-Stack#284)
• c34b299 ci: correctly template github event in `if` condition for release (Bump body-parser and express DavideViolante/Angular-Full-Stack#283)
• 4a196eb feat(deps): update superagent to ^6.1.0 (Bump send and express DavideViolante/Angular-Full-Stack#281)
• 601854f Build: Use GitHub Actions for CI/CD (implement generics in both server and client side DavideViolante/Angular-Full-Stack#255)
• 50d9db4 feat: add charset assertion (Upgrade to Angular v14 DavideViolante/Angular-Full-Stack#253)
• 7f5f260 docs: add extended request method explanations (Bump jsonpointer from 4.1.0 to 5.0.1 DavideViolante/Angular-Full-Stack#256)
• 7f9a8a5 ci: build before release, commit assets, remove .npmrc (Bump node-forge from 1.2.1 to 1.3.0 DavideViolante/Angular-Full-Stack#252)
• 9a99ed4 Merge pull request Bump follow-redirects from 1.14.5 to 1.14.8 DavideViolante/Angular-Full-Stack#250 from chaijs/ci/fix-tokens
• cfd84e3 ci: add secure variables to release stage
• da01dba ci: add semantic-release, update ci (Bump log4js from 6.3.0 to 6.4.1 DavideViolante/Angular-Full-Stack#248)

See the full diff

Package name: htmlhint

The new version differs by 132 commits.

• dee8ea2 chore(release): 0.15.2 [skip ci]
• 250169d fix(htmlhint.ts): replace deprecated request module with what-wg fetch (#670)
• f66fca4 chore(deps-dev): bump @ semantic-release/npm from 7.0.5 to 7.1.3 (#679)
• 1459ed5 chore(deps-dev): bump eslint-plugin-prettier from 3.1.4 to 3.4.1 (#680)
• 52c904e chore(deps): bump glob from 7.1.6 to 7.1.7 (#678)
• 2a6e1e6 chore(deps-dev): bump @ semantic-release/release-notes-generator from 9.0.1 to 9.0.3 (#677)
• fd1bcd6 chore(deps-dev): bump @ types/request from 2.48.5 to 2.48.7 (#675)
• 76ca88f chore(deps-dev): bump @ semantic-release/git from 9.0.0 to 9.0.1 (#674)
• 09f112c chore(deps): bump node-fetch from 2.6.0 to 2.6.2 (#676)
• e22682f chore(deps): bump path-parse from 1.0.6 to 1.0.7 (#667)
• 2d3d525 chore: create dependabot.yml (#663)
• ebaea6c docs: Update doctype-html5.md (#669)
• fbd10ac docs: remove Brackets mention (deprecated) (#660)
• 5629df2 chore: add new github actions (#658)
• 1b06568 chore: add label sync and labeler (#656)
• 0e5a331 chore(deps): bump normalize-url from 5.0.0 to 5.3.1 (#657)
• 2cd48bd chore(release): 0.15.1 [skip ci]
• 068645e fix: Unexpected behavior of the html lang require rule (#655)
• 891a6fb chore(release): 0.15.0 [skip ci]
• 51471a9 feat(rules): add html-lang-require rule (#632)
• 628e1f2 Added parsing angular's template (#651)
• a68bf8f docs: user-guide rules updates (#650)
• fa053d6 Add Mega-Linter in list of integrations (#579)
• 73d4178 Alphabetical rules order (#601)

See the full diff

Package name: karma

The new version differs by 120 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command (#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major (#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency (#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier (#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies (#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file (#3507)
• fdc4f9d refactor(test): remove no debug matching option (#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents (#3502)
• 4f2fe56 chore: add Node 14 to the build matrix (#3501)
• 100b227 refactor(test): move execKarma into the World (#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size (#3496)
• a3d1f11 refactor(test): add common method to start server in background (#3495)
• e4a5126 refactor(test): write config file in its own steps (#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic (#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim (#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 (#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized (#3486)
• 255bf67 refactor(test): migrate World to ES2015 (#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode (#3488)

See the full diff

Package name: nodemon

The new version differs by 7 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn