[Snyk] Security upgrade bootstrap from 3.3.7 to 5.0.0

[mconnor]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting SNYK-JS-BOOTSTRAP-7444617	688

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	None	0	8.34 MB	xhmikosr
npm/[email protected]	None	0	589 kB	lokesh.dhakar
npm/[email protected]	None	0	1.41 MB	bnjmnt4n
npm/[email protected]	environment, filesystem, unsafe	+3	322 kB	rfeng
npm/[email protected]	None	0	58.7 kB	0candy
npm/[email protected]	None	0	262 kB	0candy
npm/[email protected]	None	+1	237 kB	bajtos
npm/[email protected]	filesystem, network Transitive: environment, eval	+2	1.39 MB	jannyhou2016
npm/[email protected]	Transitive: environment	+7	149 kB	shinnn
npm/[email protected]	Transitive: network	+3	39.6 kB	dougwilson
npm/[email protected]	None	0	3.01 MB	gilmoreorless
npm/[email protected]	None	0	4.35 MB	ichernev
npm/[email protected]	filesystem, network Transitive: environment	+8	1.19 MB	mbroadst
npm/[email protected]	eval Transitive: environment	+4	82.9 kB	dougwilson
npm/[email protected]	None	0	196 kB	ccampbell
npm/[email protected]	None	0	224 kB	omnidan
npm/[email protected]	None	0	10.9 kB	andris
npm/[email protected]	network	0	40.3 kB	andris
npm/[email protected]	None	+1	14.8 kB	sindresorhus
npm/[email protected]	None	0	56.3 kB	paularmstrong
npm/[email protected]	Transitive: eval	+14	337 kB	ljharb
npm/[email protected]	None	0	20.6 kB	jaredhanson
npm/[email protected]	None	0	14.2 kB	jaredhanson
npm/[email protected]	None	0	16.7 kB	mstade
npm/[email protected]	None	0	28 kB	glenaauth0
npm/[email protected]	None	0	8.07 kB	jaredhanson
npm/[email protected]	None	0	4.47 kB	jaredhanson
npm/[email protected]	None	0	14.7 kB	jaredhanson
npm/[email protected]	network	0	43.2 kB	jaredhanson
npm/[email protected]	environment, filesystem, network, unsafe	0	76.8 kB	tknew
npm/[email protected]	unsafe Transitive: environment, filesystem	+4	279 kB	bendrucker
npm/[email protected]	None	+1	9.65 kB	gaearon
npm/[email protected]	None	+1	9.63 kB	gaearon
npm/[email protected]	environment Transitive: eval, filesystem	+3	5.27 MB	monastic.panic
npm/[email protected]	None	0	546 kB	jedwatson
npm/[email protected]	environment	+1	2.13 MB	gaearon
npm/[email protected]	None	0	16.1 kB	danawoodman
npm/[email protected]	None	+1	62.5 kB	calesce
npm/[email protected]	None	0	1.42 MB	neptunian
npm/[email protected]	None	0	434 kB	nkbt
npm/[email protected]	Transitive: environment, eval, filesystem	+3	2.34 MB	arunoda
npm/[email protected]	None	0	8.57 kB	gaearon
npm/[email protected]	environment	0	129 kB	timdorr
npm/[email protected]	None	0	107 kB	taion
npm/[email protected]	None	0	59.8 kB	timdorr
npm/[email protected]	environment	0	588 kB	timdorr
npm/[email protected]	None	0	37.2 kB	tjallingt
npm/[email protected]	environment	+1	553 kB	gaearon
npm/[email protected]	None	0	124 kB	yangmillstheory
npm/[email protected]	environment Transitive: eval, filesystem	+3	2.36 MB	berkeleytrue
npm/[email protected]	environment Transitive: eval	+1	6.74 MB	berkeleytrue
npm/[email protected]	None	0	3 MB	erikras
npm/[email protected]	environment	0	136 kB	timdorr
npm/[email protected]	environment, filesystem, network	+8	773 kB	mikeal
npm/[email protected]	None	0	72 kB	ellbee
npm/[email protected]	filesystem Transitive: environment	+9	213 kB	callumacrae
npm/[email protected]	eval	0	6.59 MB	mattpodwysocki
npm/[email protected]	environment, eval, filesystem, network	0	1.68 MB	alexbea
npm/[email protected]	eval	0	798 kB	fatso83
npm/[email protected]	environment, filesystem, network, shell	0	47 MB	snyk-admin
npm/[email protected]	None	0	3.58 kB	sindresorhus
npm/[email protected]	filesystem Transitive: environment	+16	215 kB	scottcorgan
npm/[email protected]	environment, filesystem Transitive: eval	+67	4.25 MB	ljharb
npm/[email protected]	None	0	34.3 kB	ctavan
npm/[email protected]	None	0	178 kB	cohara87
npm/[email protected]	Transitive: environment, filesystem	+4	94.7 kB	shellscape
npm/[email protected]	None	+1	39.2 kB	evilebottnawi
npm/[email protected]	filesystem Transitive: environment	+4	198 kB	mastilver
npm/[email protected]	Transitive: filesystem, unsafe	+6	127 kB	shama
npm/[email protected]	filesystem, unsafe Transitive: environment, eval	+16	3.04 MB	sokra
npm/[email protected]	environment, filesystem	+13	524 kB	oss-bot

🚮 Removed packages: npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/[email protected]	Install script: postinstall Source: node wrapper_dist/bootstrap.js exec	package.json	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]