[Snyk-dev] Fix for 20 vulnerabilities

[lili2311]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • cyclic-dep/package.json
  • cyclic-dep/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @thebespokepixel/meta

The new version differs by 63 commits.

• b66c461 Update Dependencies
• dd5dda8 Update package
• f107d6f Fix
• 119eab2 Update as module
• 323dec2 Merge branch 'release/v2.0.4' into develop
• 5336b21 Update Documentation
• b901dc5 Update Dependencies
• a9182d6 Merge branch 'release/v2.0.3' into develop
• 5b68088 Update Documentation
• 7c53b9b Update Dependencies
• 3cbb771 Update, remove greenkeeper
• 4c753ff Merge branch 'release/v2.0.2' into develop
• 4cb96ad Update Documentation
• b87c50b Update Dependencies
• 7471498 Merge branch 'release/v2.0.1' into develop
• 7da2626 Update Documentation
• c5f0b9b Update Dependencies
• 4fbaf31 Fix travis
• 44aa5d8 Merge branch 'release/v2.0.0' into develop
• bcf20eb Update Documentation
• 4efa10a Update Dependencies
• 36c9b20 Merge branch 'release/v1.0.5' into develop
• 4e2ccd8 Update Documentation
• da53067 Update Dependencies

See the full diff

Package name: @thebespokepixel/string

The new version differs by 73 commits.

• 2db6dcf Update Dependencies
• 6347e66 Merge branch 'release/v2.0.1' into develop
• 687c38b Update Documentation
• c5d179d Update Dependencies
• 43834cf Merge branch 'master' into develop
• 8bdfcb7 Merge branch 'release/v2.0.0'
• 845f929 Add missing types
• 595934c Update Dependencies
• ace3cab Merge branch 'release/v1.0.3' into develop
• 6c77f1c Merge branch 'release/v1.0.3'
• ab8c49b Update Documentation
• 686074d Update Dependencies
• 168a121 Merge branch 'release/v1.0.2' into develop
• 78a0782 Merge branch 'release/v1.0.2'
• 8ad560f Update Documentation
• 00cfc1e Update Dependencies
• fce5cf6 Merge branch 'release/v1.0.1' into develop
• 5684b08 Merge branch 'release/v1.0.1'
• cc3ab5e Update Documentation
• a5a3939 Update Dependencies
• 256a712 Merge branch 'release/v1.0.0' into develop
• 1cc3413 Merge branch 'release/v1.0.0'
• 44c46b3 Update Documentation
• 9583b13 Update Dependencies

See the full diff

Package name: read-pkg-up

The new version differs by 17 commits.

• c4f8985 8.0.0
• e6fbe7f Require Node.js 12 and move to ESM
• 021b1ec Move to GitHub Actions ([Snyk] Fix for 1 vulnerable dependencies #16)
• c92040f 7.0.1
• d96ce60 Readme tweaks
• 69983fc Tidelift tasks
• 83476ad 7.0.0
• 4406073 Update dependencies
• 8140c73 Rename `.package` to `.packageJson`
• 9ecaa3e Tidelift tasks
• e473d2a Create funding.yml
• 5267672 6.0.0
• 1c15896 Rename `pkg` property to `package`, return `undefined` instead of empty object, add TypeScript definition ([Snyk-local] Fix for 1 vulnerable dependencies #10)
• 2c1d52f Add Node.js 12 to testing ([Snyk] Fix for 1 vulnerable dependencies #9)
• d8d5100 5.0.0
• 4412fe2 Require Node.js 8
• 5bb0a79 Upgrade `read-pkg` to v4 ([Snyk] Fix for 1 vulnerable dependencies #7)

See the full diff

Package name: term-ng

The new version differs by 83 commits.

• ad1deae Update Dependencies
• 03441af Merge branch 'release/v3.0.3' into develop
• cd20154 Update Documentation
• 05a8ed7 Update Dependencies
• ae9e3ff Merge branch 'release/v3.0.2' into develop
• 393907f Update Documentation
• 49bde21 Update Dependencies
• 2e6cf30 Merge branch 'release/v3.0.1' into develop
• 4e622b5 Update Documentation
• bbe14f6 Update Dependencies
• cb032d4 Merge branch 'master' into develop
• e97dcef Merge branch 'release/v3.0.0'
• 43256c4 Add missing deps
• beedef2 Update Dependencies
• d477998 Merge branch 'release/v2.0.2' into develop
• a2ff3f2 Merge branch 'release/v2.0.2'
• a8ae024 Update Documentation
• 219341f Update Dependencies
• ea3481f Merge branch 'release/v2.0.1' into develop
• 05db1ac Merge branch 'release/v2.0.1'
• 3e56e37 Update Documentation
• b8cb899 Update Dependencies
• 9315375 Merge branch 'release/v2.0.0' into develop
• fe04831 Merge branch 'release/v2.0.0'

See the full diff

Package name: truwrap

The new version differs by 100 commits.

• 6f4ac2a Update Dependencies
• 8f4f8d0 Remove n-selector
• 1d5a56e Merge branch 'release/v4.0.0' into develop
• 4c3ddbc Update Documentation
• 35bd1e2 Update Dependencies
• 69968d4 Update readme
• bcc718d Add tests
• bda86ef Fix image test
• 03fb038 Fix image test
• 75eaef8 Add image test
• 4dcccf2 Fix tests
• caf497f Remove cli
• de6b071 Merge branch 'release/v3.0.0' into develop
• c30385d Update Documentation
• b295bb0 Update Dependencies
• 240a6f3 Remove image testing - too platform specific
• 8c53778 Capture help tests
• 4f46bc6 Update for esm
• b39427b Merge branch 'release/v2.0.4' into develop
• 8da9f73 Update Documentation
• ffb24ee Update Dependencies
• c49929a Merge branch 'release/v2.0.3' into develop
• 648012f Update Documentation
• 9310731 Update Dependencies

See the full diff

Package name: update-notifier

The new version differs by 59 commits.

• 739ec6f 7.3.0
• 0b962bc Drop redundant dependency ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #236)
• cb073f0 Drop unused dependency ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #235)
• 2f885b4 7.2.0
• ad04288 Update dependencies
• 4c9ec84 7.1.0
• d7cc032 Meta tweaks
• 2980d33 Update dependencies ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #234)
• b4840e5 Fix CI
• 12e11d6 7.0.0
• 431dac4 Require Node.js 18
• a1d8d9d Drop Yarn install commands in update message
• 3046d0f Switch to `esmock` for tests ([Snyk(Unlimited)] Upgrade from thebespokepixel/string to thebespokepixel/string #225)
• 3b6b9b1 6.0.2
• d152f85 Fix license
• 020613b 6.0.1
• 3f7c9f3 Update dependencies ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #222)
• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1

See the full diff

Package name: verbosity

The new version differs by 95 commits.

• a9b9c74 Update Dependencies
• 558abae Merge branch 'release/v3.0.2' into develop
• f6fbe64 Update Documentation
• 7db3047 Update Dependencies
• 97034d9 Merge branch 'release/v3.0.1' into develop
• 32ed37a Update Documentation
• 3ebfcd4 Update Dependencies
• f9936b2 Merge branch 'master' into develop
• 18a31b6 Merge branch 'release/v3.0.0'
• f2789ab Add missing types
• 553f973 Update Dependencies
• 14d19b5 Update for esm
• 789414b Merge branch 'release/v2.0.2' into develop
• 48eb90b Merge branch 'release/v2.0.2'
• 3726c14 Update Documentation
• 28544b4 Update Dependencies
• b607e1e Merge branch 'release/v2.0.1' into develop
• d7f1aca Merge branch 'release/v2.0.1'
• f276b2a Update Documentation
• b675dce Update Dependencies
• fb3f478 Merge branch 'release/v2.0.0' into develop
• 3ab5777 Merge branch 'release/v2.0.0'
• 5fa354b Update Documentation
• b22429f Update Dependencies

See the full diff

Package name: yargs

The new version differs by 250 commits.

• c53e171 chore: v17.6.0 release
• 6cd8e2d chore(main): release 17.6.0 ([Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 #2213)
• 38e8df1 fix(deps): cliui with forced strip-ansi update ([Snyk] Fix for 1 vulnerabilities #2241)
• 394f5f8 fix(typescript): address warning with objectKeys
• 561fc7a fix(deno): use 'globalThis' instead of 'window' ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 #2186) ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #2215)
• 5895cf1 feat(lang): Czech locale ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 #2220)
• f91d9b3 fix: dont clobber description for multiple option calls ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 #2171)
• b680ace feat(usage): add YARGS_DISABLE_WRAP env variable to disable wrap ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 #2210)
• 659dbbb docs: update links to main branch
• 0251511 chore(main): release 17.5.1 ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.7.0 #2187)
• 22e9af2 fix(completion): correct zsh installation instructions
• cbc2eb7 fix: address bug when strict and async middleware used together ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #2164)
• 8912078 refactor: use prototype ([Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 #2165)
• 1c331f2 fix(lang): add missing terms to Russian translation ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #2181)
• 2109bd6 refactor: make isDefaulted private ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 #2188)
• b672e70 fix: prevent infinite loop with empty locale ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #2179)
• 4dac5b8 fix: passed arguments should take precedence over values in config ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #2100)
• e0823dd fix: handle multiple node_modules folders determining mainFilename for ESM ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 #2123)
• b42e0ca test: remove console.log ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 #2157)
• 5685382 fix: add missing entries to published files ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 #2185)
• fcb4d38 chore(main): release 17.5.0 ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 #2184)
• 7e85096 Revert "chore: Set permissions for GitHub actions ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 #2168)" ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #2183)
• 95aed1c fix: import yargs/yargs in esm projects ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 #2151)
• db35423 fix(completion): support for default flags

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Code Injection
🦉 More lessons are available in Snyk Learn