[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	464/1000 Why? Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-ACTIONSCORE-2980270	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (Seo github/docs#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 ([GitHub Desktop] Update preference/options menu github/docs#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (Affan0078 github/docs#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (https://www.google.com/url?sa=t&source=web&rct=j&url=https://github.c… github/docs#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (Update githubs-products.md github/docs#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (This issue is stale because it has been open 60 days with no activity. github/docs#3542)

See the full diff

Package name: domwaiter

The new version differs by 8 commits.

• 4f01a05 feat: Release from main
• b9017cc feat: Update default branch
• f535e19 1.4.0
• 692ed34 0.0.1
• c416e20 0.0.0
• d5b82c7 Update got, add MIT license
• 18fc27a feat: add parseDOM option ([Snyk] Security upgrade resolve-url-loader from 3.1.2 to 4.0.0 #7)
• 2c9fb43 feat: emit beforePageLoad event ([Snyk] Fix for 1 vulnerabilities #6)

See the full diff

Package name: husky

The new version differs by 58 commits.

• b9a0917 4.3.7
• 839d84a update pkg-dir dependency and some devDependencies
• 6a1b3da Upgrade find-versions to 4.0.0 (<SEC-DOCUMENT>9999999995-20-002969.txt : 20201027 <SEC-HEADER>9999999… github/docs#837)
• cbb0af7 4.3.6
• eb1eeb8 fix prepare-commit-msg on windows (fix endpoints-available-for-github-apps page github/docs#737)
• 65bc6e5 Update README.md
• cbd0e06 add prepare-commit-msg test
• 992c1e0 4.3.5
• 642af0c rollback do not exit with 1 if install fails
• ccb71b2 Update README.md
• 3c43bd5 4.3.4
• 1e1b289 update error message
• b29ee2b 4.3.3
• fd0233e ignore tsconfig.tsbuildinfo
• a5f1259 4.3.2
• 41472b7 provide workaround for npm7
• 6dc9a51 4.3.1
• 033a2ae exit with 1 if husky fails to install/uninstall
• 38a7163 update gitignore
• eff9aa3 Update README.md
• b616d84 Changed create-react-app repo url (Gh github/docs#759)
• bb0c414 Update README.md
• b05e72f Update node.js.yml
• 44e02bd Update node.js.yml

See the full diff

Package name: nodemon

The new version differs by 95 commits.

• 27e91c3 fix: update packge-lock
• 0144e4f fix: bump update-notifier to v6.0.0 (Update community Guidlines github/docs#2029)
• c870342 chore: update supporters
• 5c0b472 chore: add supporter
• e26aaa9 fix: support windows by using path.delimiter
• 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (The autoupdater does not support crons github/docs#1982) (Tiny headline adjustment for the Issue event types page github/docs#2004)
• de5d32a docs: Unified Node.js capitalization (#1986)
• e890927 docs: add note to faq with example showing how to watch any file extension (Add info on where posts are published to github/docs#1931)
• bc4547b chore: update sponsors
• 07159c5 chore: add supporters
• cd100da chore: update supporters
• 6a34922 chore: supporters
• e5d6067 chore: updating supporters
• 242f9f7 Merge branch 'main' of github.com:remy/nodemon
• 141e58c chore: update supporters
• 53422af ci(release): workflow uses 'npm' cache (Difficulty finding a post I just published from my Github Page github/docs#1933)
• 581c641 ci(node.js): workflow uses 'npm' cache (Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the [contributing guidelines](https://github.com/github/docs/blob/main/CONTRIBUTING.md). github/docs#1934)
• cb1c8b9 docs: Fix typo in faq.md (695566555324  github/docs#1950)
• 54784ab fix: bump prod dep versions
• 26db983 chore: update supporters
• 61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (cover triage level permissions for labels github/docs#1938)
• b449171 docs: Fix typo in faq.md
• 0a3175f chore: update supporters
• 18516d8 chore: add supporter

See the full diff

Package name: pa11y-ci

The new version differs by 21 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows (Update "Securing Your Webhooks" to prefer X-Hub-Signature-Sha-256 header github/docs#82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters (GitHub App Guide typo github/docs#129)
• 40ba01a Replace make with npm scripts and update Node versions (Use operationId for #anchor tags of REST API endpoint titles github/docs#139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults
• 9de41f3 Version 2.4.2
• 7cb5bd8 Replace npmignore with allow list for consistency
• fefa70b Retry launching browser if first time fails
• 6846233 Adds example of running pa11y-ci in Docker (Tests may be broken on Windows github/docs#137)
• 00ac4f9 refactor(npm): remove unnecessary files from package (#126)
• 18f1e60 Version 2.4.1 (#135)
• d0843ab Pin puppeteer version to avoid downloading twice (#134)
• 830d5a6 Update integration tests to remove DNS dependencies (Uncollapsed sidebar items are a bit confusing github/docs#133)
• cda8b5a Replace Travis with GH Actions

See the full diff

Package name: replace

The new version differs by 17 commits.

• 36c4b4a 1.2.2
• a046749 update deps
• cb12028 Merge pull request [Snyk] Security upgrade copy-webpack-plugin from 6.0.3 to 9.0.1 #33 from LosManos/patch-1
• 9f623be Merge pull request [Snyk] Security upgrade start-server-and-test from 1.12.0 to 2.0.3 #31 from ALMaclaine/dependabot/npm_and_yarn/y18n-4.0.3
• d216b15 Merge pull request [Snyk] Security upgrade start-server-and-test from 1.12.0 to 2.0.3 #30 from ALMaclaine/dependabot/npm_and_yarn/ansi-regex-5.0.1
• ce858c4 Merge pull request [Snyk] Security upgrade resolve-url-loader from 3.1.2 to 4.0.0 #29 from ALMaclaine/dependabot/npm_and_yarn/path-parse-1.0.7
• 3829e55 Merge pull request [Snyk] Fix for 11 vulnerabilities #28 from ALMaclaine/dependabot/npm_and_yarn/minimist-1.2.6
• be094f0 Update minimatch dependency to no vulnerability
• 47e2ad0 Bump y18n from 4.0.0 to 4.0.3
• ff64bc0 Bump ansi-regex from 5.0.0 to 5.0.1
• cc3b612 Bump path-parse from 1.0.6 to 1.0.7
• c528bab Bump minimist from 1.2.5 to 1.2.6
• f93d87d Update package.json
• d15e2b1 Merge pull request [Snyk] Fix for 10 vulnerabilities #24 from Dwarfess/patch-4
• 27b87e2 Update replace.js
• 38c0f16 Merge pull request [Snyk] Security upgrade nodemon from 2.0.4 to 3.0.0 #20 from drveresh/patch-1
• 94a1725 Set safe side options

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[pull-request-quantifier-deprecated]

This PR has 16 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +8 -8
Percentile : 6.4%

Total files changed: 1

Change summary by file extension:
.json : +8 -8

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[performance-testing-bot]

Unable to locate .performanceTestingBot config file

[vizipi]

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code.
This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below )   Feedback always welcome

Reviewers with knowledge related to these changes

Match %	Person	Commit Count	Common Files
100.00 %	Lunkhopao Haokip	6	1

---

Potential missing files from this Pull request

files commonly committed with a subset of this pr, but not committed this time. (click to collapse)

File	Percentile	rate
package-lock.json	79.22 %	183 out of 231 times

---

Committed file ranks

(click to expand)

100.00%[package.json]