[Snyk] Fix for 2 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chromedriver

The new version differs by 55 commits.

• 33411c3 Build with proxy
• cc37306 Update Axios and fix some corner cases
• 9c1a3f1 Add lint to build
• 941cc09 Remove del from package
• ad1c308 Update del to use latest version
• ec78324 Don't ignore changes in build with json
• 22bfd9a Update security vulnerability
• 8255bb5 Cache each image using job
• 007aea0 Bump version to 107.0.0 (Enable parsing of negative decimals #176 gchq/CyberChef#389)
• d0b7209 Bump version
• efa8d3e Fix apple silicon arch for newer chromedriver build schema (Add tooltip to regex matches #279 gchq/CyberChef#386)
• 1c2229f updated to chromedriver 106
• 3105cf9 Update dependencies
• 77da648 Bump version to 105.0.0
• 34b1eaf Bump version to 104.0.0
• 4a2083b Fix build link in readme
• 09c003e Bump to chrome driver 103
• 30efbd6 Add create tag script
• 719c529 Bumb to chrome driver 102
• 6aabfa6 Update Axios to latest version
• ebe7524 Remove node 12 and 17 and add 18
• 2416486 Update mirror url
• dc067fd bump to chrome driver 101
• 8c122d9 fix: Check for stdout in sysctl

See the full diff

Package name: grunt

The new version differs by 27 commits.

• 0afeb5c 1.6.0
• 2805dc3 Merge pull request Add Salsa20 and XSalsa20 operation gchq/CyberChef#1750 from gruntjs/dep-update-jan28
• 3f1e423 README updates
• 8fd096d Bump to 16
• 42c5f95 Update more deps
• 1d88050 Bump eslint and node version
• 82d79b8 1.5.3
• 572d79b Merge pull request Feature request: Explain the DEF24 sponsorship gchq/CyberChef#1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request Bug report: URL DECODE MISS "+" gchq/CyberChef#1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request Accessibility - Aria labels for buttons gchq/CyberChef#1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• ad22608 Merge pull request Bug report: Base58 wrong conversion gchq/CyberChef#1742 from gruntjs/update-symlink-test
• 0652305 Fix symlink test
• a7ab0a8 1.5.0
• b2b2c2b Updated changelog
• 3eda6ae Merge pull request Bug report: AES CTR results differ from expected  gchq/CyberChef#1740 from gruntjs/update-deps-22-10
• 47d32de Update testing matrix
• 2e9161c More updates
• 04b960e Remove console log

See the full diff

Package name: grunt-zip

The new version differs by 10 commits.

• 7dce4a8 Release 1.0.0
• 2dbb7a6 Moved to Node.js >= 8 for async/await support
• 7fd1a91 Update JSZip to address vulnerability ([Snyk] Fix for 2 vulnerabilities #58)
• 71fdd5f Release 0.20.0
• 6e688e3 Upgraded to jszip@2.7.0 to fix vulnerability, fixes [Snyk] Fix for 1 vulnerabilities #54
• 9992632 Upgraded to mocha@10 for better CLI feedback
• 61bbf62 Release 0.19.0
• 287b64a Removed Node.js@18 from Travis CI for now
• 567695f Upgraded Travis CI environment
• 0e4aa26 Updated Travis CI badge

See the full diff

Package name: node-sass

The new version differs by 47 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: prompt

The new version differs by 3 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency Merge pull request #1 from gchq/master gchq/CyberChef#213
• 33febea add eslint

See the full diff

Package name: tesseract.js

The new version differs by 21 commits.

• 44d322e 3.0.0
• e3c4a6b Updated README for version 3
• f372818 Added automatic detection of simd support (Bug Report: PHP Deserialize - NULL values are incorrectly converted to JSON gchq/CyberChef#641)
• 8b56760 Updated to webpack 5 for compatibility with Node.js 18 (Operation request: Word Cloud Generator gchq/CyberChef#640)
• 13b95f6 Updated to Tesseract.js v.3; added exif-based rotation (Feature request: Hex to ascii gchq/CyberChef#638)
• a9ac00c Removed exif auto-rotation for browser per Bug report: Register not usable for ingredient type "number" gchq/CyberChef#604 (Enigma Rota Wiring Tables - Off by one gchq/CyberChef#634)
• 75ddd63 Revert "Add support for ImageData and fix a hang in buffer handling (Bug report: JSON to CSV not working for me gchq/CyberChef#610)"
• 1136e0a Revert "Ran linter"
• 2e478bd Ran linter
• 6784846 Add support for ImageData and fix a hang in buffer handling (Bug report: JSON to CSV not working for me gchq/CyberChef#610)
• be956cd Replaced child_process with worker_threads per Feature: MIME RFC2047 Decoding gchq/CyberChef#630 (Misc: Won't run on Localhost Chrome Windows 10 gchq/CyberChef#631)
• 61d0e55 Temporarily removed Node 18 since this fails on master.
• 74be03c Updated versions of node used in workflows
• 9442d9c Merge pull request Add Quoted-printable example gchq/CyberChef#629 from naptha/feat/benchmark
• 6aba959 Added benchmark code and assets per Operation request: Optical Character Recognition (OCR) gchq/CyberChef#628
• 58d2894 Ran linter
• a8287a9 Merge pull request Feature: Add swap input values button gchq/CyberChef#621 from SusanDoggie/patch-1
• 66085a7 Merge pull request Added PGP verify operation gchq/CyberChef#585 from andreialecu/fix-cachebadresponse
• 50a53f5 Fix for passing wrong arguments while calling fork function
• 01e8335 Fix caching of bad langData responses
• adcb5b8 Update FUNDING.yml

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (#4368)
• 7920364 feat: export initialized socket client (#4304)
• 4e7800e chore: update webpack (#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (#4366)
• 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (#4361)
• 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (#4358)
• ca8a53a chore: update deps and fix audit (#4356)
• 501f6aa chore(deps-dev): bump @ babel/runtime
• 7d2b4f0 chore(deps-dev): bump @ babel/core
• 95e26fe test: add cases for `webSocketURL` with `server` option (#4346)
• 84b4774 chore: migrate script for examples on `setupMiddlewares` option (#4347)
• a7ccab1 chore: replace deprecated String.prototype.substr() (#4343)
• 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (#4344)
• 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (#4339)
• 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 (#4341)
• dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (#4333)
• 552e4ab chore(deps-dev): bump @ babel/runtime
• af3de07 chore(deps-dev): bump @ babel/core
• a80fa1f chore(deps): bump @ types/ws
• 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (#4334)
• b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (#4330)
• 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (#4329)
• a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (#4328)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[secure-code-warrior-for-github]

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior