[Snyk] Fix for 12 vulnerabilities #18

mrnil · 2023-11-27T19:21:59Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-sass

The new version differs by 2 commits.

5775044 Update CHANGELOG.md
978b8f6 Update to major version 5 (#802)

See the full diff

Package name: notifications-node-client

The new version differs by 14 commits.

8f10cb5 Merge pull request #126 from alphagov/axios
c20dc54 Improved content
948b62f Wording improvements
491ae5f Merge pull request #128 from alphagov/fix-format
9a3d69b Fix personalisation in sending letter section
16c1d59 Update CHANGELOG.md
3201dcd Update client/notification.js
28548c7 Update CHANGELOG.md
3c6b083 Merge pull request #127 from alphagov/international-letters-address-line-7
71a1cb2 Update address fields to include line 7
eab1709 Add details of error handling interface change
1a011f4 Make clear `response.data` is to be looked at
c3084da Correct changelog with request response class and property name
e934aef Replace requests library with axios

See the full diff

Package name: universal-analytics

The new version differs by 13 commits.

4736a56 Version 0.5
6444683 Merge branch 'lekoaf-feat/inline-request'
eef566e Merge branch 'feat/inline-request' of https://github.com/lekoaf/universal-analytics into lekoaf-feat/inline-request
286a398 Merge pull request #134 from adityapatadia/patch-1
d086cea Merge pull request #138 from mantacode/master
1229f36 Merge pull request #154 from johndpope/patch-1
f4ffe5c Merge pull request #165 from AhmadIbrahiim/patch-1
980a576 Update README.md
3f24484 Update README.md
8d14502 feat: Use own version of request library
216b205 Better naming and updated docs
4ae354e Add option to change the name of the visitor instance on request object from the default "req.visitor"
54acd95 added nodejs 10 and 12 in travis tests