[Snyk] Fix for 57 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	524/1000 Why? Has a fix available, CVSS 6.2	Remote Code Execution (RCE) SNYK-JS-BUNYAN-573166	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HTMLTOTEXT-571464	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	SQL Injection SNYK-JS-KNEX-471962	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-STATICEVAL-173693	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: brute-knex

The new version differs by 39 commits.

• 053e707 4.0.1
• 343e87b Merge pull request Change Fixtures to be Early Developer Info TryGhost/Ghost#13 from sainthkh/fix-ready-tap-error
• 7ab1950 Fix.
• eddcda4 package updates
• ae3d815 4.0.0
• 581477b Node 8+
• 838c588 Update deps
• bbd73db Merge pull request Admin Redirects TryGhost/Ghost#8 from kibertoad/chore/update-dependencies
• a8abcd1 Try to fix CI
• 1558228 Update dependencies
• 14a09a6 Release v3.0.1
• a2df350 🐛Moved eslint and should to dev dependencies (Remove CodeMirror Stylesheet TryGhost/Ghost#6)
• a5cd135 Release v3.0.0
• aca9d5a 🔥 Switch column types to big integer
• 97c4f00 Release v2.0.1
• 003d63b Fix travis?
• 652956b Added eslint
• ba2a900 Bump dependencies
• f6a7d92 🔥 Drop Node 4 support
• 1d29483 Updated README
• d9a4587 Fixed tests
• f00e79b Added default config files
• ab52a9b Run Node 6 + Node 8 on Travis for now
• 0133427 Added default values for `timestamp` columns

See the full diff

Package name: extract-zip

The new version differs by 9 commits.

• 2a8df24 1.6.8
• 30ab06c build(deps): upgrade mkdirp to 0.5.4 for security
• 2b2a84e build: ignore lock files
• 422a39f 1.6.7
• 1cd5ceb Merge pull request Error handlers and tests TryGhost/Ghost#72 from maxogden/upgrade-concat-stream
• 4514f66 Travis: test Node 8 & 10 as well
• 3aeb1b1 Upgrade concat-stream to 1.6.2
• c1aa196 Merge pull request Update Vagrant for bourbon TryGhost/Ghost#66 from tcoopman/patch-1
• 0e5693f use mkdirp 0.5.1

See the full diff

Package name: html-to-text

The new version differs by 78 commits.

• f277a07 Version bumped to 6.0.0
• ecf344c Tidy up the changelog [ci skip]
• b5ec48c npm badges [ci skip]
• 9987864 Codeclimate - don't use eslint plugin at all [ci skip]
• e5912e7 Update Travis config
• 8fb71fc Codeclimate - attempt 4 to fix eslint checks [ci skip]
• f41d013 Codeclimate - attempt 3 to fix eslint checks [ci skip]
• 6c7526b Codeclimate - attempt 2 to fix eslint checks [ci skip]
• f87c5af Codeclimate - attempt to fix eslint checks [ci skip]
• e8e5fe5 Codeclimate - eslint version [ci skip]
• a15ac45 Codeclimate config update [ci skip]
• 58b84c2 Contributors
• 6b37a99 Tidy up the license
• 8bc501d Link from Readme to Changelog
• ffc735f Note about the repo move
• 465786f Update repository links
• ccfac06 Changelog - missing change note [ci skip]
• a48400e Fix typo
• ccecba4 Maximum input length limit
• 4d57bf4 Update changelog
• 27cce50 Update readme
• 939baa3 Rewritten formatting, block-level tags, reorganized options, ...
• fc45e3b Change from "prepare" to "prepublishOnly"
• 304070c Let CLI tests more time for slow machines

See the full diff

Package name: jsonpath

The new version differs by 9 commits.

• c1dd8ec version 1.1.1
• 1303356 upgrade underscore dependency version
• eafa80c version 1.1.0
• c125a0c Merge pull request implements #38 html and scss for uploader TryGhost/Ghost#123 from chris-branch/master
• 778bc1e version 1.0.2
• 7fbf022 make jison a dev dependency and better support imports
• 9fec3fa Bug fix for permissions issue during global installs
• 71e7751 bump to version 1.0.1
• 999ed06 bump static-eval dependency version

See the full diff

Package name: knex

The new version differs by 250 commits.

• 48d8c7e Prepare 0.19.5 release
• e112a21 Remove unneeded logging
• 78a7e9a fix CLI tests fails caused by PR Settings screens redirect for certain roles TryGhost/Ghost#3416 (Transfer Owner doesn't update client side model TryGhost/Ghost#3466)
• 988fb24 Fix MSSQL escaping (Allow to select text in post url box TryGhost/Ghost#3382)
• 516b074 Enable linting in CI (Bug: Edit settings unhandled rejection - 504 Internal server error TryGhost/Ghost#3450)
• c1d2027 Fix handling of multiline SQL in SQLite3 schema (Rebind password to password input on signup page TryGhost/Ghost#3411)
• 53d8649 Update test to accommodate for increased precision in PG 12 (Redirect to error404 when user not found. TryGhost/Ghost#3465)
• 7fabae9 Migrations up/down commands: filename parameter (Settings screens redirect for certain roles TryGhost/Ghost#3416)
• fb095cb Add missing Migrator.list typing (Incorrect / Too many calls to User API  TryGhost/Ghost#3460)
• b744564 Fix Typescript type inference for to better support wildcard (*) calls Fix Invitations TryGhost/Ghost#3444 (Limit the Post & User lists for specific roles TryGhost/Ghost#3446)
• 68e1ae2 Support stored procedures in Oracle
• 5417cac Fix for concurrent child transactions failing (Required API version for Apps TryGhost/Ghost#2213) (Reset/Signin while signed in TryGhost/Ghost#3440)
• eb8f0c0 Make options argument optional in timeout (Remove email address from frontend TryGhost/Ghost#3442)
• 65969d6 Prepare 0.19.4 release
• 3464e4c Update dependencies (Make functional tests pass when run with the latest casperjs TryGhost/Ghost#3431)
• 019141c Add specific to SeederConfig type (Transient test failure TryGhost/Ghost#3429)
• 6c73b22 Fix some issues with QueryBuilder types (Remove 'Author' label from settings/users TryGhost/Ghost#3427)
• 4ade989 feat: add undefined columns to undefined binding(s) error (Make importer more robust for tags TryGhost/Ghost#3425)
• 75ac92f Update 0.19.3 changelog
• 8f40f8d migrate: Refactor _lockMigrations to avoid forUpdate (User Permissions: Edit, Add, Destroy & Role management TryGhost/Ghost#3395)
• 3f86d75 TypeScript definition: include schemaName in EnumOptions (Plural handlebars helper TryGhost/Ghost#3415)
• e5972b8 Prepare 0.19.3 release (New pluralise Handlebars helper TryGhost/Ghost#3414)
• d6426d7 Add ability to manually define schema for enu with useNative (Revert "Restore spam prevention" TryGhost/Ghost#3307) (Correct meta_title for author pages. TryGhost/Ghost#3413)
• 1ef1a4e Fix native enum with specified schema (Revert "Restore spam prevention" TryGhost/Ghost#3307) (User settings cog menu (show items appropriate to role) TryGhost/Ghost#3400)

See the full diff

Package name: markdown-it

The new version differs by 173 commits.

• d72c68b 12.3.2 released
• aca3396 dist rebuild
• ffc49ab Fix possible ReDOS in newline rule.
• 76469e8 12.3.1 released
• ae5a243 dist rebuild
• 1cd8a51 Fix tab preventing paragraph continuation in lists
• 830757c Fix spelling error in question Github Template (importing bad database multiple times stacks failure message TryGhost/Ghost#835)
• 2e31d34 12.3.0 released
• 393354c Dist rebuild
• 8564eed Dev deps bump
• 24abaa5 Improve emphasis algorithm
• e07a9dd typo fix
• 6e2de08 12.2.0 released
• 08827d6 dist rebuild
• 8bcc82a Parser: Set ordered list_item_open token info to input marker.
• 77fb937 Add pathological test from cmark
• e5986bb Always suffix indented code block with a newline
• 13cdeb9 12.1.0 released
• 13d8335 Dist rebuild
• eed156e Fix emphasis algorithm as per 0.30 spec
• 0b14fa0 Update CommonMark spec to 0.30
• 064d602 Updated highlight.js usage info
• df4607f 12.0.6 released
• e5b0eb3 dist rebuild

See the full diff

Package name: sanitize-html

The new version differs by 250 commits.

• fd3cb54 changelog credit
• 6012524 Merge pull request stops image/file drop onto editor markdown causing havoc TryGhost/Ghost#460 from apostrophecms/iframe-validation-redux
• 5395e36 markdown
• bff6d9f Merge pull request Adding Github Flavored Markdown support TryGhost/Ghost#459 from Aspedm/main
• 1ecf30f pass eslint
• 54851d0 new and interesting iframe validation exploits
• dafee4f Update README.md
• b77e1d9 2.3.1
• bdf7836 Merge pull request More codemirror syntax highlighting fixes TryGhost/Ghost#458 from apostrophecms/stop-idna-iframe-attacks
• 477b032 Updates README to specify node version (Removed swiping from Mobile Interactions TryGhost/Ghost#457)
• 5804fa9 changelog
• ca4b62a stop IDNA iframe attacks
• 7229906 Fleshes out changelog message
• 5d6c6e6 Updates the version number
• af6e348 Fixes a typo in the changelog
• 251e14a Merge pull request Casper.js tests fail on Vagrant TryGhost/Ghost#429 from TrySound/upgrade-htmlparser2
• 102c623 Upgrade to v6
• f07bf65 Upgrade htmlparser2
• 6a7b0ca bumps the version number (flashes.hbs => notifications.hbs TryGhost/Ghost#446)
• 4be8a61 Adds acknowledgement to changelog. (Kill stupid text-indent rules TryGhost/Ghost#445)
• d59fdac Merge pull request Settings subpages break with trailing slash in URL TryGhost/Ghost#444 from aHerbots/patch-1
• 34f00be Update CHANGELOG.md
• 5ae731e Update README.md
• 07d1523 Allow 'tel' links by default

See the full diff

Package name: sqlite3

The new version differs by 14 commits.

• d02f5c3 update changelog with nan update [skip ci]
• c18c701 [republish binary]
• a3dbf1d upgrade nan to latest
• cb34582 bump to v4.x (drops node v0.x support) [publish binary]
• c4659eb Merge pull request Ghost Import - Validate first. TryGhost/Ghost#952 from SebastianSchmidt/master
• f937dea Upgrade node-pre-gyp to version 0.9.0
• a469960 Merge pull request Infra: Run unit tests against sqlite and mysql TryGhost/Ghost#921 from mapbox/visual-studio-fixes
• 2d7c082 [publish binary]
• a719c73 use CALL
• 60c6d28 upgrade node-gyp for node v5 as well
• f7c4627 set NODE_MAJOR variable
• 22fb3d9 attempt to fix bat logic
• 6fc2f8b Start building for node v9 on unix
• 943da93 build against msvs_toolset=14 when we can

See the full diff

Package name: validator

The new version differs by 250 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (Link to the favicon using the asset helper TryGhost/Ghost#1738)
• 45901ec Merge pull request Fix for Issue #1843 - ghost-busboy middleware should not use user provided filename TryGhost/Ghost#1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (Blog logo is not styled/resized in post view TryGhost/Ghost#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (Live theme switching doesn't work on a subdirectory TryGhost/Ghost#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (Blog logo is not styled/resized in post view TryGhost/Ghost#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (Updated Casper to latest version TryGhost/Ghost#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (forceAdminSSL does not work when not behind reverse proxy TryGhost/Ghost#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (Static pages do not use dated permalinks TryGhost/Ghost#1772)
• 5773869 feat(isVAT): add dutch NL locale (Ability to configure multiple domains TryGhost/Ghost#1825)
• de1cb29 fix: Russian passport number regex (Quick edit post redirect TryGhost/Ghost#1810)
• 7bee611 add CDN use option with unpkg (Solves #1517, added markdown helper to parse markdown syntax. TryGhost/Ghost#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (forceAdminSSL may need to redirect to another domain TryGhost/Ghost#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (Default 404 error page is not styled when forceAdminSSL is true TryGhost/Ghost#1837)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic