[Snyk] Fix for 38 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-rebuild

The new version differs by 250 commits.

• 6f94aaa Merge pull request #1022 from VerteDinde/add-std17-flag-for-e20
• 3f5ff99 fix: ensure force-process-config is not passed to prerelease v20+ (#1023)
• 979361d fix: add std=c++17 flag for e20+
• 20107a8 Merge pull request #1015 from electron/dependabot/npm_and_yarn/typescript-4.6.4
• 3108e3d chore(deps-dev): bump typescript from 4.6.2 to 4.6.4
• 00e6ed3 Merge pull request #1014 from electron/dependabot/npm_and_yarn/types/node-17.0.34
• f9d77d2 chore(deps-dev): bump @ types/node from 17.0.33 to 17.0.34
• f3342e2 Merge pull request #1003 from electron/dependabot/npm_and_yarn/yargs-17.4.1
• 41fa566 Merge pull request #1013 from electron/dependabot/npm_and_yarn/types/node-17.0.33
• 9b3be7c chore(deps-dev): bump @ types/node from 17.0.21 to 17.0.33
• 641db3d chore(deps): bump yargs from 17.3.1 to 17.4.1
• e677ce6 Merge pull request #993 from electron/dependabot/npm_and_yarn/ts-node-10.7.0
• 3cb7db1 Merge pull request #995 from electron/dependabot/npm_and_yarn/mocha-9.2.2
• 2facce0 chore(deps-dev): bump mocha from 9.2.0 to 9.2.2
• 0e59898 chore(deps-dev): bump ts-node from 10.6.0 to 10.7.0
• 4d54c15 Merge pull request #990 from electron/dependabot/npm_and_yarn/types/yargs-17.0.9
• 1b45c84 Merge pull request #991 from electron/dependabot/npm_and_yarn/ts-node-10.6.0
• 708a1c4 Merge pull request #992 from electron/dependabot/npm_and_yarn/node-gyp-9.0.0
• 6d61b02 chore(deps): bump node-gyp from 8.4.1 to 9.0.0
• 7c01ce3 chore(deps-dev): bump ts-node from 10.5.0 to 10.6.0
• 8adb090 chore(deps-dev): bump @ types/yargs from 17.0.8 to 17.0.9
• f798bc5 Merge pull request #986 from electron/dependabot/npm_and_yarn/fs-extra-10.0.1
• 2df36e0 Merge pull request #987 from electron/dependabot/npm_and_yarn/types/node-17.0.21
• f4edeb5 Merge pull request #988 from electron/dependabot/npm_and_yarn/typescript-4.6.2

See the full diff

Package name: ember-ajax

The new version differs by 250 commits.

• 9f7a058 chore(release): 5.1.2
• b24279f Merge pull request #463 from boris-petrov/use-object-assign
• 5175d40 fix: resolve `ember-polyfills.deprecate-assign` deprecation warnings
• 5520bdf v5.1.1
• b818a9f v5.1.0
• 1b7a0f3 chore: update ignore files
• 77fbbb9 Merge pull request #459 from Turbo87/gh-actions
• 5fb626d chore: remove TravisCI config
• 903b5eb chore: add GitHub Actions config
• 597afc3 chore: change `ember-data` dependency to `~3.1.1`
• a499159 Merge pull request #454 from abrahamspaa/vulnerable-fix
• d44a567 Merge pull request #452 from boris-petrov/fix-ember-deprecation
• b1e1952 bump version najax
• 4dcd0f4 vulnerable fix
• a61cba6 Fix deprecated usage of `run.join`
• c178c5e Merge pull request #440 from jamescdavis/fix_ajax-request_mixin_public_property_types
• 2e2b0c5 fix: types on public properties in ajax-request mixin
• 838de17 Merge pull request #438 from boris-petrov/add-new-lts-releases-to-ci
• 78c3587 test: add Ember 3.4 and 3.8 to Travis
• 9de754a chore(release): 5.0.0
• bcebe35 Merge pull request #435 from Turbo87/ember-3.8
• a52533b Merge pull request #436 from Turbo87/ie11
• 57dc203 fix: always run tests in IE11 mode
• 2617549 chore: update `ember-source` to v3.8.0

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 250 commits.

• 398686f Release 3.0.2
• 795cb9a Merge pull request #408 from ember-cli/cache-lazily
• a8c3398 Make cacheKey calculation lazy
• 4a5c196 Drop documentation from README.
• 21645c7 [Security] Bump node-fetch from 2.6.0 to 2.6.1
• 7d1260c [Security] Bump http-proxy from 1.18.0 to 1.18.1
• 6ed45ef [Security] Bump dot-prop from 4.2.0 to 4.2.1
• 82d21b6 Bump @ ember/optional-features from 0.7.0 to 1.3.0
• 3570d96 Bump eslint-plugin-node from 9.2.0 to 11.1.0
• 95fc3d5 [Security] Bump websocket-extensions from 0.1.3 to 0.1.4
• 12ba58c [Security] Bump handlebars from 4.4.0 to 4.7.6
• e6862be [Security] Bump jquery from 3.4.1 to 3.5.0
• 30e19c0 [Security] Bump acorn from 7.1.0 to 7.1.1
• b5aa14c Bump ember-cli-babel from 7.12.0 to 7.14.1
• 1bd9e9d Bump qunit-dom from 0.9.1 to 0.9.2
• 8d15287 Bump lerna-changelog from 0.8.2 to 0.8.3
• 9e86687 Bump eslint-plugin-ember from 7.4.0 to 7.5.0
• 6d83ba0 Bump ember-try from 1.2.1 to 1.3.0
• 7cc5b5d Bump eslint-plugin-ember from 7.2.0 to 7.4.0
• 32f58a8 Bump qunit-dom from 0.9.0 to 0.9.1
• e2608bf Bump ember-source-channel-url from 1.1.0 to 2.0.1
• be42171 Bump eslint from 6.5.1 to 6.6.0
• d147af2 Bump ember-cli-htmlbars from 3.1.0 to 4.0.8 (#332)
• 2ce08fa Bump eslint-plugin-ember from 6.10.1 to 7.2.0 (#333)

See the full diff

Package name: ember-cli-qunit

The new version differs by 155 commits.

• 4ad1af2 release v4.4.0 🎉
• f4bd36b Merge pull request #212 from ember-cli/upgrade
• f32d88a bump ember-qunit
• 63ac2f2 Merge pull request #210 from samselikoff/upgrade-ember-qunit
• 300b36c Upgrade ember-qunit
• d3dc0f4 v4.3.2
• f4897da Add v4.3.2 to CHANGELOG.md.
• c3a2396 Update ember-qunit to v3.3.2.
• ac4ea28 v4.3.1
• 57b348a Add v4.3.1 to CHANGELOG.md.
• d92bb44 Merge pull request #204 from rwjblue/update-dependencies
• bc11e3a Fix issue with Chrome + Travis & setuid...
• f854e86 Update ember-qunit to latest version.
• 45dd8ec Update ember-cli-babel to latest version.
• 7f5ab89 Merge pull request #200 from kategengler/update-release-md
• 29e8b50 Remove bit about creating github releases, that hasn't been done for a
• 221a2d1 Update RELEASE.md for lerna-changelog & travis deploy
• 8bc7d15 v4.3.0
• 4f7d32e Add v4.3.0 to CHANGELOG.md.
• 371b9fa Update minimum version of ember-qunit to 3.3.0.
• f9da916 Update packages to latest allowed versions.
• 4d418f4 Update yarn.lock to match package.json.
• 497420c v4.2.1
• 9a48900 Add v4.2.1 to CHANGELOG.md.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Command Injection
🦉 More lessons are available in Snyk Learn