[Snyk] Fix for 30 vulnerabilities

[ZachT1711]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-CHARTJS-1018716	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chart.js

The new version differs by 250 commits.

• 1d92605 Use Object.create(null) as `merge` target (The program can't start because chromiumcontent.dll is missing from your computer atom/atom#7920)
• dff7140 When objects are merged together, the target prototype can be polluted. (config onDidChange does not return keypath in event atom/atom#7918)
• d919188 Bump verison number to v2.9.4
• 42ed589 Fix Maximum call stack size exception in computeLabelSizes (Atom memory leak atom/atom#7883)
• 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (Uncaught Error: Encountered an invalid scope end id. Popped -23, expected to pop -63. atom/atom#7853)
• 2493cb5 Use node v12.18.2 on Travis CI (Uncaught Error: ENOTDIR: not a directory, open '/Users/username/Projects/proje... atom/atom#7864)
• 679ec4a docs: fix rollup external moment (Add SF UI font atom/atom#7587)
• 484f0d1 Preserve object prototypes when cloning (Delete me. atom/atom#7404)
• 2df6986 Look for any branch starting with release (Uncaught Error: Cannot find module 'fs-plus' atom/atom#7087) (Menu's do not show on secondary monitor atom/atom#7089)
• 26ea9f0 Update version number to 2.9.3 (Linux, Atom >0.188.0, Chrome 21, wrongly detected touchscreen interface atom/atom#6725)
• a307a2a Don't make legend empty when fill is false (Failed at the git-utils@3.0.0 install script 'node-gyp rebuild'. atom/atom#6719)
• c44229f Fix undefined variable (Cursor position messed up on reload when using antialiased font. atom/atom#6698)
• a985fec Stop unnecessary line calculations (Auto Indent isn't idempotent atom/atom#6671)
• 1cce8a5 Backward compatible default `fill` for radar charts (Autoindent not working properly atom/atom#6655)
• a920bfe Hide correct dataset from legend (Syntax settings error with split panes atom/atom#6661)
• 201fe46 Versatile clipping for lines ("snip" and all custom snippets not working atom/atom#6660)
• ad26311 Refresh package-lock to pick up new version of chartjs-colors (Option-Click on code fold arrow (bug/enhancement) atom/atom#6663)
• 8abfbcb Update version number to v2.9.2 (Atom Erroneously Rejects Package For DevDependency That Isn't Binary Compatible atom/atom#6657)
• 45550ed Combine performance docs (apm fails on CentOS 7 (rpm) due to compiled against too new libstdc++ atom/atom#6643)
• 65421bb Use `document` when `getRootNode` is unsupported (Atom crashes when I open large files atom/atom#6641)
• a92dd7b Release v2.9.1 (Debian package broken since 0.193 atom/atom#6618)
• 26b9d1f Merge pull request Normalize all package.json data atom/atom#6601 from chartjs/master
• ea100d4 Bump version number to 2.9.0 (Add a "package load paths" config for using packages in custom locations atom/atom#6600)
• 333118b Hover styling for dataset in 'dataset' mode (Add font size commands to View menu atom/atom#6527)

See the full diff

Package name: fs-admin

The new version differs by 4 commits.

• d9f578c 0.2.0
• 44fc30a upgrade devDependencies to latest versions ([Snyk] Upgrade @octokit/rest from 15.9.5 to 15.18.3 #4)
• 282d57c move mocha to a devDependency ([Snyk] Upgrade aws-sdk from 2.292.0 to 2.692.0 #3)
• b391668 add typings for the public API ([Snyk] Upgrade semver from 5.5.1 to 5.7.1 #2)

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (Impossible to write some chars on Windows with a German keyboard atom/atom#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (Selected text is deselected after right-click context menu is closed atom/atom#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (Check for Python27 on path when building on Win32 atom/atom#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (Updates Jasmine link in CONTRIBUTING.md atom/atom#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (Is there a way to override syntax/ui variables in user stylesheets? atom/atom#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (Fuzzy looking text in tabs atom/atom#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (Marker views for find and replace aren't rendered atom/atom#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (React: Don't measure line height / char width when editor is hidden atom/atom#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (Ensure .lines div is always at least the height of the scroll view atom/atom#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (Enhance view system to easily allow adding of panes inside a tabbed editor atom/atom#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (build error in Windows 7  atom/atom#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (The find panel needs a "close" button atom/atom#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (Atom text edit pane went unresponsive and then overwrote file with only my typed characters on save atom/atom#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (Atom dosen't match the style of the native title bar's style. atom/atom#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (Atom doesn't compile on FreeBSD11-amd64 atom/atom#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (Error after updating to 0.96 from 0.94 atom/atom#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (Reverse delete consumes too many characters atom/atom#4026)
• 3f7b987 uncaughtException: report more than one exception per test (Adjust scrollbar size atom/atom#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (Add modal workspace panels atom/atom#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes Strange behaviour in editor in cpp mode. atom/atom#4035 (Unify panel styling atom/atom#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (Font Size problem atom/atom#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (Way to completely disable a certain key shortcut? atom/atom#4025)
• 9650d3f add OpenJS Foundation logo to website (Installation: libgnome-keyring dependency error on Red Hat 6.5 atom/atom#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (Bug in TextBuffer::setTextInBufferRange() ? atom/atom#3971)
• aca8895 Add link checking to docs build step (Can't access pane view within onDidAddPane atom/atom#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (Move line up/down isn't working on linux atom/atom#3986)
• 18ad1c1 treat '--require esm' as Node option (Changing an underlying image file does not update the view atom/atom#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (Expand command registry to handle native events atom/atom#3984)
• ad4860e Remove extraGlobals() (Enter key not working on OSX Yosemite atom/atom#3970)
• b269ad0 Clarify effect of .skip() (Use Bluebird instead of Q ? atom/atom#3947)
• 1e6cf3b Add Matomo to website (Improve performance of deprecated API usage detection atom/atom#3765)
• 91b3a54 fix style on mochajs.org (Add GenericName to .desktop file atom/atom#3886)

See the full diff

Package name: yargs

The new version differs by 250 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Incrementally load packages with activation events atom/atom#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (Attempting to launch atom while it's updating should give me a nice message atom/atom#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Add the ability to cancel project.scan atom/atom#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (Provide a way to trigger a check for available updates. atom/atom#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (Fix mini editor leak atom/atom#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (The cursor's really hard to see when it's to the left of a matched search term. It's pretty hard to atom/atom#1330)
• c294d1b test: accept differently formatted output (Run atom CI on windows atom/atom#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (Handle native commands in render process atom/atom#1320)
• 0295132 fix: address issues with dutch translation (cmd-w shouldn't be able to close the tree-view. atom/atom#1316)
• 9f2468e doc: clarify parserConfiguration object structure (Add clean script atom/atom#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (Common core commands to workspaceView atom/atom#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (Text Aliasing atom/atom#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Command Injection SNYK-JS-TREEKILL-536781	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn