[Snyk] Fix for 14 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-1070800	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Command Injection SNYK-JS-SSH2-1656673	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fs-admin

The new version differs by 71 commits.

• 4bc7dfe 0.20.0
• 0dcecb2 Merge pull request [Snyk] Security upgrade snyk from 1.437.2 to 1.680.0 #115 from atom/boolean-instead-of-number
• e82121c Merge pull request [Snyk] Security upgrade simple-git from 2.11.0 to 3.15.0 #150 from atom/dependabot/npm_and_yarn/prebuild-11.0.3
• 66b02f6 Merge pull request [Snyk] Fix for 1 vulnerabilities #141 from atom/dependabot/npm_and_yarn/node-gyp-8.4.1
• 5d924d9 Merge pull request ⬆️ Bump xmldom and plist #144 from atom/dependabot/npm_and_yarn/node-addon-api-4.3.0
• 7425d26 Bump prebuild from 11.0.0 to 11.0.3
• de16c9a Merge pull request [Snyk] Fix for 34 vulnerabilities #136 from atom/dependabot/npm_and_yarn/standard-16.0.4
• 29215ed Merge pull request [Snyk] Fix for 14 vulnerabilities #126 from atom/dependabot/npm_and_yarn/path-parse-1.0.7
• f385261 Bump node-gyp from 8.0.0 to 8.4.1
• 9bb9d5f Bump standard from 16.0.3 to 16.0.4
• bba736c Bump node-addon-api from 4.2.0 to 4.3.0
• e600ffe Merge pull request ⬆️ Bump minimatch from 3.0.4 to 3.0.5 #145 from atom/dependabot/npm_and_yarn/mocha-9.2.0
• f358060 Merge pull request [Snyk] Security upgrade snyk from 1.428.2 to 1.1064.0 #147 from atom/dependabot/npm_and_yarn/prebuild-install-7.0.1
• fdb6892 Bump mocha from 8.4.0 to 9.2.0
• 1f07e6b Bump prebuild-install from 6.1.2 to 7.0.1
• ae01fb9 Merge pull request [Snyk] Security upgrade electron-mksnapshot from 9.0.2 to 21.3.3 #148 from icecream17/patch-1
• d4cdffb macos hosted runners are available
• e212161 Merge pull request [Snyk] Fix for 34 vulnerabilities #133 from atom/dependabot/npm_and_yarn/node-addon-api-4.2.0
• f2bb058 Bump prebuild from 10.0.1 to 11.0.0 ([Snyk] Fix for 12 vulnerabilities #134)
• b356b00 Bump node-addon-api from 3.1.0 to 4.2.0
• 5f9d85b Bump path-parse from 1.0.6 to 1.0.7
• e215b58 Use Boolean instead of Number
• ad11452 Bump node-gyp from 7.1.2 to 8.0.0 ([Snyk] Security upgrade stylelint from 9.3.0 to 9.4.0 #109)
• 1fcf996 Bump mocha from 8.3.2 to 8.4.0 ([Snyk] Security upgrade snyk from 1.428.2 to 1.685.0 #114)

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (Impossible to write some chars on Windows with a German keyboard atom/atom#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (Selected text is deselected after right-click context menu is closed atom/atom#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (Check for Python27 on path when building on Win32 atom/atom#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (Updates Jasmine link in CONTRIBUTING.md atom/atom#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (Is there a way to override syntax/ui variables in user stylesheets? atom/atom#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (Fuzzy looking text in tabs atom/atom#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (Marker views for find and replace aren't rendered atom/atom#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (React: Don't measure line height / char width when editor is hidden atom/atom#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (Ensure .lines div is always at least the height of the scroll view atom/atom#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (Enhance view system to easily allow adding of panes inside a tabbed editor atom/atom#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (build error in Windows 7  atom/atom#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (The find panel needs a "close" button atom/atom#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (Atom text edit pane went unresponsive and then overwrote file with only my typed characters on save atom/atom#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (Atom dosen't match the style of the native title bar's style. atom/atom#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (Atom doesn't compile on FreeBSD11-amd64 atom/atom#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (Error after updating to 0.96 from 0.94 atom/atom#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: prebuild-install

The new version differs by 36 commits.

• 8250adf 7.1.1
• 4e2284c Replace use of npmlog dependency with console.error ([Snyk] Security upgrade stylelint from 9.3.0 to 14.0.0 #182)
• d1853cb Ensure script output can be captured by tests ([Snyk] Security upgrade legal-eagle from 0.14.0 to 0.16.0 #181)
• 5065bce 7.1.0
• f729abb Allow setting libc to glibc on non-glibc platform ([Snyk] Security upgrade snyk from 1.428.2 to 1.685.0 #176)
• 4a1ed43 7.0.1
• f71c6b9 Upgrade to the latest version of `detect-libc` ([Snyk] Security upgrade aws-sdk from 2.292.0 to 2.1354.0 #166)
• 8ee70f9 Clarify usage in README
• d8a8c0e Bump hallmark devDependency
• 542788b 7.0.0
• 8ebc076 Add release workflow
• ff4a4d8 Update badges in README
• 7468c14 Bump simple-get
• 1d53607 Bump tape devDependency
• 734ae27 Bump standard devDependency
• 477f347 Breaking: bump node-abi so that Electron 14+ gets correct ABI ([Snyk] Security upgrade npm from 6.14.8 to 7.21.0 #161)
• c96c526 6.1.4
• b3fad76 Move auth token to header instead of query param (⬆️ Bump simple-git from 2.11.0 to 3.16.0 in /script #160)
• a964e5b Remove _ prefix as it isn't allowed by npm config (⬆️ Bump qs from 6.4.0 to 6.4.1 #153)
• 57bcc06 Make 'rc.path' absolute ([Snyk] Security upgrade simple-git from 2.11.0 to 3.16.0 #158)
• cca87fb 6.1.3
• e08d75a Fixes ⬆️ Bump qs from 6.5.2 to 6.5.3 in /script #154: Inline no longer maintained `noop-logger` (⬆️ Bump flat and mocha #155)
• 5ee1a2f Point users towards prebuildify ([Snyk] Security upgrade simple-git from 2.11.0 to 3.15.0 #150)
• 97ff071 6.1.2

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request ctrl+click to add a cursor doesn't work on linux atom/atom#2105 from snyk/feat/webpack
• 7737f75 Merge pull request Tabulators are not aligned correctly atom/atom#2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request Uncaught RangeError: Invalid array length  atom/atom#2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request No .desktop file for Gnome/KDE atom/atom#2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request Cursor disappears after fold all atom/atom#2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request Can't run on CentOS 6.5 atom/atom#2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request auto indent config? atom/atom#2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request Resizing sidebar gives invisible cursor atom/atom#2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request gypnpm ERR! runas@0.5.4 install: node-gyp rebuild by build under Windows atom/atom#2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request Add default shortcuts for 'scroll to top' and 'scroll to end' atom/atom#2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request Plain text encoding issue? atom/atom#2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request Fix indenting of HTML tags for instance. Fix #1294 atom/atom#2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn