[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• 9bc615e 4.0.0
• f09742f Clean up documentation in preparation for AVA 4
• 0187779 Dependency updates
• 29024af Test compatibility with TypeScript 4.5
• 8df118b Use AVA 4 for the self-hosted tests
• bedd1d0 Remove dependency on `equal-length`
• d4ec097 Improve wording in TypeScript recipe
• b3a1b72 Mention experimental specifier resolution in TypeScript recipe
• 77623a5 Handle path sources
• 5cdeb9d 4.0.0-rc.1
• 88e7680 Final ESM tweaks
• 60b7cf8 Align shared worker protocol identifier with provider protocols
• ad521af Graduate shared workers to be non-experimental
• 0edfd00 Skip flaky tests in CI
• c4f6723 Use thread IDs
• af30e73 Remove dead code and obsolete TODOs
• 6ed3ad1 Reduce XO exceptions
• 5a48893 Update XO and fix problems
• a7737cd Update dependencies
• dc405ef Fix Mongoose recipe
• c214512 Find ava.config.* files outside of project directory
• 44aebd9 Exclude more files from code coverage
• def2885 Improve handling of temporary file changes in watch mode
• 1a62f15 Switch to .xo-config.cjs

See the full diff

Package name: standard

The new version differs by 14 commits.

• ef2351a Update AUTHORS.md
• 60b616f 13.1.0
• 8493c9d Update CHANGELOG.md
• 588e505 Merge pull request #1337 from standard/greenkeeper/eslint-6.1.0
• 9040ae8 fix(package): update eslint to version 6.1.0
• a263dfc Merge pull request #1336 from epixian/patch-1
• 15a1105 added oxford comma for consistency with next line
• 9539d71 13.0.2
• 9b9d0fc changelog
• d1d0b7a Fix global installs: standard-engine@~11.0.1
• edce3f3 Merge pull request #1323 from standard/greenkeeper/standard-engine-11.0.0
• 2f3c712 fix tests for standard-engine 11
• ae04dbb Cleanup the readme
• 0474066 fix(package): update standard-engine to version 11.0.0

See the full diff

Package name: yeoman-test

The new version differs by 164 commits.

• 73826ef 5.0.0
• ff0c7be Bump yeoman-generator and yeoman-environment and move to peer.
• fcdaf79 4.0.2
• 1983cd3 Add peerDependencies for better dedupe.
• 29b653b Disable dependabot for github actions.
• 22242bf Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#137)
• fe070ff 4.0.1
• 75efa14 Change acceptDependencies to new releases.
• 692a9c8 Switch to npm 7 at workflows.
• 33a3e5a Create package-lock.json with npm 7
• b5902e8 Adjusts for environment 3/generator 5.
• 5564d58 Update gh_pages workflow
• 84df43d Switch to main branch
• d5f1af0 Remove milestone and release workflows.
• 0e8fc79 Bump peter-evans/create-pull-request from v2 to v3.8.0 (#135)
• d20d44c 4.0.0
• 16c7ae8 Revert yeoman-environment and yeoman-generator to dependencies and add
• e7d4a6a Bump ini from 1.3.5 to 1.3.8
• 5cb90c3 Bump actions/setup-node from v2.1.2 to v2.1.4
• 4f466bb Fix false positive warning.
• d671104 Bump mem-fs-editor to 8.0.0
• 75041e0 Load yeoman-generator and yeoman-environment at use.
• 373fbb6 4.0.0-beta.0
• c674771 Method toPromise() now returns a RunResult instead of targetDir.

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 Open Redirect