[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: columnify

The new version differs by 34 commits.

• a532ca1 Release 1.6.0
• 92fdab6 Clean up readme badges, update stats.
• a350bf2 Add npm cache to CI.
• aae8411 Actually install & test in CI.
• b2fe72f Use github actions.
• 4b54106 Update node version in travis.yml.
• c820951 Update packages.
• 10ea59d Update packages.
• e768ed8 Revert "Merge pull request [Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #59 from njhoffman/master"
• 1cf9287 Merge pull request [Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #59 from njhoffman/master
• 091ddb0 Merge pull request [Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #60 from sreekanth370/master
• bece43f Merge pull request [Snyk] Fix for 1 vulnerabilities #49 from tdmalone/patch-1
• 4b72760 Merge branch 'master' into master
• e7c082a Merge pull request [Snyk] Security upgrade mocha from 5.2.0 to 6.2.3 #62 from viceice/patch-1
• db4ee97 chore: bump version
• 0bd797f chore: require node v8
• ea15deb fix: update strip-ansi to v6.0.1
• 33c942e compatibility updates
• 5cb6515 fixed transipiling errors
• a27ddb8 version bump
• 95d9a8e extract strip-ansi dependency
• 4895ec1 version bump
• 64c77f5 version bump
• 1d3ef4b add modules key and main eky to package.json

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (src: plug memory leaks nodejs/node#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (events: handle inherited properties properly nodejs/node#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (stream_base: expose and use External pointer nodejs/node#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (fix absolute path preloads when cwd is ENOENT nodejs/node#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (Profile on start nodejs/node#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (libtool: unrecognized option -static when building nodejs/node#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (tls: handle empty cert in checkServerIndentity nodejs/node#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (new Buffer doesn't handle unicode well nodejs/node#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (io.js Truck Factor nodejs/node#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (Release proposal: v3.1.0 nodejs/node#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (Release Proposal: v3.1.0 nodejs/node#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (hit a wall trying to install io.js nodejs/node#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (tty: stdio properties are undefined inside exec() child nodejs/node#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (Fix util extend issue nodejs/node#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (Win32 method name conventions? nodejs/node#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (child_process: set stdin properties when execed nodejs/node#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• f5fa6b8 chore: release 8.4.1
• cc37b88 fix: windows command missing space (test: fix default value for additional param nodejs/node#2553)
• 8083f6b deps: npmlog@6.0.0
• 787cf7f docs: fix typo in powershell node-gyp update
• 7073c65 chore: release 8.4.0
• a27dc08 feat: build with config.gypi from node headers
• 5a00387 feat: support vs2022 (src: check for --prof in ParseArgs nodejs/node#2533)
• fb85fb2 chore: release 8.3.0
• 5585792 feat(gyp): update gyp to v0.10.0 (added CSI (\x9b) as additionally allowable escape nodejs/node#2521)
• b05b4fe chore(deps): bump make-fetch-happen from 8.0.14 to 9.1.0
• 0a67dcd test: Python 3.10 was release on Oct. 4th (Input from TTY is strange nodejs/node#2504)
• f2ad87f chore: refactor the creation of config.gypi file
• bc47cd6 chore: release 8.2.0
• ed9a9ed feat(gyp): update gyp to v0.9.6 (The future of HTTP in Node nodejs/node#2481)
• 660dd7b doc: correct link to "binding.gyp files out in the wild" (src: improve startup time nodejs/node#2483)
• ec15a3e chore(deps): bump tar from 6.1.0 to 6.1.2 (Investigate flaky test test-dgram-multicast-multi-process nodejs/node#2474)
• 78361b3 ISSUE_TEMPLATE.md: Instructions for old versions (Investigate flaky test test-child-process-spawnsync nodejs/node#2470)
• f0882b1 fix: missing spaces
• c8c0af7 fix: doc how to update node-gyp independently from npm
• b6e1cc7 Add title to node-gyp version document (Merge v3.1.0 into next+1 nodejs/node#2452)
• b7bccdb ci: GitHub Actions Test on node: [12.x, 14.x, 16.x] (win,msi: Upgrade from old upgrade code nodejs/node#2439)
• 161c235 doc(wiki): safer doc names, remove unnecessary TypedArray doc
• b52e487 doc(wiki): link to docs/ from README
• f0a4835 doc(wiki): move wiki docs into doc/

See the full diff

Package name: npm-audit-report

The new version differs by 6 commits.

• 5ca3209 2.0.0
• afe44c6 force color support in CI
• 1148a75 Version 2 rewrite for Arborist audit data
• 5102576 simplify test fixture handling
• e179501 Update project settings to new standards
• 620842a feat: make this method synchronous

See the full diff

Package name: standard

The new version differs by 197 commits.

• 9c505a9 13.0.0
• 7f3dd5d eslint-config-standard-jsx@7.0.0
• 8cfb0ee eslint-config-standard@13.0.0
• e235cb5 changelog 13.0.0
• f125f0c add link to security disclosure policy
• bd44694 add nodejs logo; change logos to 4 per row
• f7f98bf Update CHANGELOG.md
• 5e6315c remove badge
• e3862be Update AUTHORS.md
• f796995 13.0.0-0
• 16ffaef Update CHANGELOG.md
• c1f817e bump deps
• ffb0b8e travis: drop node 6, add node 12
• d5565b5 Update CHANGELOG.md
• 4dcd00a add Nuxt.js logo
• ee3104d compress logos
• 6e077d7 standard
• d33bfe9 Merge pull request Is 1.6 is a stable version iojs ? nodejs/node#1308 from munierujp/update_japanese_documents
• dd8fe00 Create FUNDING.yml
• 318bfac readme/changelog: global installation changes
• 329a2e0 readme: fix typescript instructions
• db61e3f Update CHANGELOG.md
• 7c661eb Automatically pass on Node 6 or earlier
• 0cfc932 Update Japanese document for 40d1d5e

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (node-forward/node deactivation nodejs/node#192)
• 132b7ce Remove a project from "Users" section (doc: util: document --trace-deprecation nodejs/node#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (What branch/version and which of the contributing guides to use? nodejs/node#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (debugger: improve clearBreakpoint error and docs nodejs/node#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option ([Snyk] Security upgrade local-web-server from 2.6.0 to 3.0.0 #158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (lib,src: remove post-gc event infrastructure nodejs/node#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect