[Snyk] Fix for 28 vulnerabilities

[freezy]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-URIJS-1055003	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-1078286	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-1319803	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-URIJS-1319806	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2401466	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-2415026	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2419067	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Misinterpretation of Input SNYK-JS-URIJS-2440699	Yes	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: koa-router

The new version differs by 91 commits.

• 8fe1d54 11.0.1
• d2ad849 feat: allow set router host match (Error: invalid_grant #156)
• 54a3198 11.0.0
• fdf7117 chore: drop node 12 from tests
• d0c6d8b feat: require node >= 12, modernize, bump deps
• 68253f6 fix(lib/test/doc): fix jsdoc and typo (chore(deps): update dependency @slack/client to v4.9.0 - autoclosed #146)
• c6a8fc8 feat: add `exclusive` option (chore(deps): update dependency @types/handlebars to v4.0.39 - autoclosed #129)
• 3454a7d doc: add comma for better understanding (chore(deps): pin dependency @types/strip-ansi to 3.0.0 #145)
• 13a634d Support symbols as route names (chore(deps): update dependency mongoose to v5.2.15 #143)
• 6ba3efa feat(deps): update minimal version from 8 -> 12 (ReplyError: NOSCRIPT No matching script. Please use EVAL. #152)
• 6db0e68 feat(default-params): replace || cond with default params (chore(deps): update dependency @types/bull to v3.3.20 #153)
• 6aca720 Improve path checking before route registration (Send mails on worker thread #155)
• 4fb50ac improve doc for prefix method. (Error: Received profile from ips:ips does not contain user id. #151)
• 65414f4 * update deps (Error: Could not retrieve access token from IPS. #150)
• 1aead99 doc: add header to refer to api reference. ([Snyk] Fix for 1 vulnerable dependencies #112)
• 05fe8dd Include type installation instructions in README ((unknown) #134)
• 5cec6fb Replace user with ctx.user in param docs (TypeError: Cannot create property 'headers' on boolean 'true' #136)
• 90dd73c 10.1.1
• 904db98 Correct @ hapi/boom usage example (chore(deps): update dependency @types/bull to v3.3.18 - autoclosed #128)
• fa48560 10.1.0
• e9fa04b Fix additional entry inejcted to params (Error: Whoopsie! #124)
• 344ba0b 10.0.0
• 89b7c02 Allow router.redirect() to accept external destinations (Typescript Rewrite #110)
• 56735f0 v9.4.0

See the full diff

Package name: nodegit

The new version differs by 17 commits.

• 0327c08 Bump to v0.27.0
• 7f24632 Merge pull request #1785 from nodegit/node-14
• e71eea7 Upgrade build environments
• b7c1259 Merge pull request #1784 from themadtitanmathos/fix/remote-callbacks-pointer-cleanup
• d5ad62c Remote needs to REALLY persist the callback/proxyOpts/headers
• 69b010a Use a different folder for ssh test keys
• 8a59c1c Bump to 0.27.0-alpha.1
• dcb94e9 Merge pull request #1772 from implausible/get-rid-of-promisify-node
• 5d008e0 Remove promisify-node and remove old callback api remnants
• be55439 Merge pull request #1771 from implausible/replace-request-with-got
• 6398d90 Replace deprecated package request with got
• 65b4350 Merge pull request #1770 from implausible/bump/openssl
• c007bb7 Bump OpenSSL prebuilt to 1.1.1c
• f267826 Merge pull request #1767 from implausible/feature/git_remote_rename
• dd6aa63 Expose git_remote_rename
• 1018e32 Merge pull request #1766 from implausible/dedupe-fetch
• 1507003 Dedupe Remote.prototype.fetch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn