[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: bl

The new version differs by 11 commits.

• f659836 Bumped v4.0.3
• 7a4ae7f Node v14
• d3e240e Fix unintialized memory access
• 1c590ad add license MIT tag to package.json ([Snyk] Security upgrade aws-sdk from 2.570.0 to 2.814.0 #83)
• 5059a24 4.0.2
• 9b46588 fix: dont rely in node globals
• 90a713b Bumped v4.0.1
• 72d1624 Merge pull request Bump handlebars from 4.5.1 to 4.7.6 #80 from annitya/patch-1
• eb9653c Remove false-positive apache-exploit.
• c2b0070 doc: fix travis link
• a657d40 Update examples to explicitly use BufferListStream. ([Snyk] Security upgrade bl from 4.0.0 to 4.0.3 #78)

See the full diff

Package name: minimist

The new version differs by 8 commits.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 [email protected]
• 94f92de [email protected]
• 7ac621c [email protected]
• 218caca [email protected]
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 [email protected]
• e9e5ee5 @ npmcli/[email protected]
• 991a3bd [email protected]
• f077724 [email protected]
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 [email protected]
• df57f0d @ npmcli/[email protected]
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: slay

The new version differs by 3 commits.

• a91691a 4.0.0
• c22e99e Fix security vulnerabilities ([fix] more spec details to build failures. #18)
• 7f444e7 [Snyk] Fix for 1 vulnerabilities ([fix] resolve packages webpack if exists #14)

See the full diff

Package name: slay-log

The new version differs by 11 commits.

• 6776dc6 2.3.2
• 66d8d0b 2.3.1
• 3ccf45f Security audit fixes (Empty file causes build to fail with exception #8)
• f20144e Merge pull request [dist] expose bin #3 from godaddy/DullReferenceException-patch-1
• 054db36 Merge pull request carpenter should use the webpack version of the package its building #7 from godaddy/dependabot/npm_and_yarn/eslint-utils-1.4.3
• 2159c09 Bump eslint-utils from 1.4.0 to 1.4.3
• bea7ef3 Merge pull request [api] add ability to upload the built npm assets to a s3 compatible… #4 from DullReferenceException/security-fixes
• 5f1b746 Test node 12 but not node 6
• 555b4d7 remove node 4
• e1e05c9 Fix security issues
• 11a84d5 Fix typos

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (#5160)
• eb93d92 fix corner case in `awaits` (#5158)
• a0250ec fix corner case in `dead_code` (#5154)
• 2580162 parse `let` as symbol names correctly (#5151)
• 32ae994 fix issues in tests flagged by LGTM (#5150)
• 03aec89 fix corner cases in `strings` & `templates` (#5147)
• faf0190 document ECMAScript quirks (#5148)
• c8b0f68 fix corner case in `merge_vars` (#5143)
• 87b9916 fix corner case in `inline` (#5141)
• 940887f fix corner case in `evaluate` (#5139)
• 0b2573c fix corner case in `templates` (#5137)
• 1575210 avoid potential RegExp denial-of-service (#5135)
• f766bab enhance `templates` (#5131)
• 436a293 enhance `dead_code` (#5130)
• 55418fd fix corner case in `rests` (#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (#5123)
• c3aef23 fix corner case in `reduce_vars` (#5121)
• db94d21 fix corner case in `side_effects` (#5118)
• 9634a9d fix corner cases in `optional_chains` (#5110)
• befb99b fix corner case in `inline` (#5115)
• 02eb8ba fix corner case in `collapse_vars` (#5113)
• c09f63a fix corner case in `rests` (#5109)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn