[Snyk] Fix for 4 vulnerabilities

[ahmed-dinar]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: blessed-contrib

The new version differs by 76 commits.

• 460ddd1 4.8.19
• e34f19e fix: update marked-terminal dep (#187)
• 4b690bc chore(package): lint rules and package changes (#182)
• 2957fad fix(security): update vulnerable dependency
• a497e6d 4.8.16
• 87b6a5b 4.8.15
• 567c34a add some missing definitions in TableOptions (#172)
• 9d715d8 fix(markdown): markdown breaks options.style (#169)
• 5d06b5f 4.8.14
• f0e8bf7 fix: broken lodash deeps requirement on non existing >4.7.11
• 854fdc9 4.8.13
• 651a0d9 fix(dependencies): apply snyk security update (#167)
• 34d209e 4.8.12
• 57ab901 add missing setters for MarkdownElement (#166)
• 1f06ff0 fix(picture): replace picture-tube (#162)
• 7c29d67 docs: add license file (#160)
• 552ecf4 4.8.10
• ed68bca feat: add eslint (#158)
• 0373df4 fix(deps): remove unused request library from deps (#156)
• 4ebc385 4.8.8
• dc41e94 Made changes to index.d.ts as it didn't compile under TypeScript 2.5.3 (#140)
• c99d7f7 4.8.7
• 2a04eb0 Fix y-axis line chart logic (#143)
• 1e896e4 release: 4.8.6 (#151)

See the full diff

Package name: ora

The new version differs by 33 commits.

• 91dcdaa 1.4.0
• 5fed76b Make `stopAnPersist()` not run if spinner is not enabled (#56)
• d348cbd Compress the screenshot with SVGO
• 9727444 Use animated SVG demo (#66)
• 0018549 Add Rust port to the Related section (#64)
• 7e319bd Remove Code Sponsor
• 90168b4 Add halo to the Related section in the readme (#63)
• f8d3705 Try out CodeSponsor
• 7fec243 Update dependencies (#60)
• a1d89fb Clarify `.promise` usage (#57)
• c53e7e7 Update to chalk 2 (#55)
• f1d5b51 Add link to CLISpinner repo (#51)
• ead1176 1.3.0
• d171606 Add text option to start function (#42)
• 4a60987 1.2.0
• 731d13d Massively simplify the tests by using test macros
• 1af6f85 Add `.info()` method
• fa9d59b Improve tests
• 725110a Fix tests
• 62d5c9c Add `spinner.warn()` (#36)
• 221b8a2 Meta tweaks
• f62b052 1.1.0
• ad2a191 Add ability to change text when stopping and persisting (#35)
• 05ec2e3 1.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution