[Snyk] Fix for 42 vulnerabilities

[tejas002]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples ([Snyk] Fix for 1 vulnerable dependencies meanjs/mean#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Update development.js meanjs/mean#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Swig tempting language is not maintained meanjs/mean#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Getting a blank page after starting the app for the first time on Windows meanjs/mean#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Add comment to remind change for mongo replicaset connection (clean branch source) meanjs/mean#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (feat(articles): Simple test enhancement meanjs/mean#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (How can I run my mean app so that another application can call the backend api (of mean) to perform CRUD operations (on mean app) ? meanjs/mean#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (how to temporally disable the cors ?  meanjs/mean#1609)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 21 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (Revive E4X as EXQO with extended SAX as Methods. meanjs/mean#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` (RESTful API tests meanjs/mean#92)
• 7828646 Upgrade to Autoprefixer 8 (Enhancement: Side menu meanjs/mean#96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util (Enhancement: Verify user with email meanjs/mean#94)
• 60aead3 Test against Node.js v8 (Update header.client.view.html meanjs/mean#90)

See the full diff

Package name: gulp-csslint

The new version differs by 5 commits.

• c895cee 1.0.1
• 0a47d89 Only test against the latest note and lts
• c40191e Merge pull request [Snyk] Security upgrade gulp-load-plugins from 1.5.0 to 2.0.1 #62 from ladom/no-gulp-util
• 38488da gulp-util removed
• b74cfc3 gulp-util changed

See the full diff

Package name: gulp-csso

The new version differs by 4 commits.

• 9d07cc6 3.0.1
• 1d116fd Update changelog
• 1060fcd Drop dependency on deprecated `gulp-util` ([Snyk] Security upgrade socket.io from 2.0.3 to 3.0.0 #31)
• f488df3 Add links to CSSO release notes

See the full diff

Package name: gulp-eslint

The new version differs by 19 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (Error: Error setting TTL index on collection meanjs/mean#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (disabling JSONP from controllers and from expressjs by default meanjs/mean#213)
• 35eae57 update devDependencies (Social logins do not work for me... what am I missing? meanjs/mean#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 ("Unexpected request: GET .../.html" on Karma tests meanjs/mean#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (IOS web app support meanjs/mean#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README

See the full diff

Package name: gulp-imagemin

The new version differs by 41 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (LoopBack meanjs/mean#351)
• 8b40da0 Update readme lossless note (added dependencies to package.json meanjs/mean#346)
• 1cbb7c5 7.1.0
• 67cceb3 Update `imagemin-gifsicle` optional dependency
• 97432ea 7.0.0
• aacca91 Require Node.js 10
• 279a91b Replace jpegtran with mozjpeg (2 different views with forms for creating and updating articles - bad practice meanjs/mean#336)
• f4a2255 6.2.0
• 0460c78 Add `silent` option (0.4.0 meanjs/mean#331)
• dfdba76 6.1.1
• 165bf8b Make Gulp an optional peer dependency
• 6c35e59 6.1.0
• 92e224a Update dependencies
• 97cd1c3 6.0.0
• 6e091ed Require Node.js 8
• c1c3346 Create funding.yml
• 8e731f0 5.0.3
• 3e68bd4 Fix another regression of b57f1d6 (Move static files middleware before sessions meanjs/mean#318)
• 3ad32ab 5.0.2
• c7170ba Fix another regression in b57f1d6
• 51bb2ad 5.0.1
• 821dc8a Fix regression in b57f1d6 (Qa quiz meanjs/mean#316)

See the full diff

Package name: gulp-less

The new version differs by 6 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes fix getToggleElement on dropdown by updating to angular-bootstrap 0.12.0 #250 meanjs/mean#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Correcting Outdated Docs for Menu Service meanjs/mean#281)
• 9f9e643 3.4.0
• f58e0f7 Remove gulp-util

See the full diff

Package name: gulp-load-plugins

The new version differs by 4 commits.

• 2e24542 1.6.0
• d979a96 bump mocha to fix security issue
• 595ab83 Bump packages on vulnerability paths (passport-local suggestion meanjs/mean#138)
• 174cd3b Fix ESLint error (Sign in message meanjs/mean#133)

See the full diff

Package name: gulp-ng-annotate

The new version differs by 6 commits.

• 18ba641 2.1.0
• 998fbc9 Disable package lock
• 002e043 Migrate away from deprecated gulp-util
• edeac0f Fix travis build
• 9ce0ed8 Merge pull request [Snyk] Fix for 1 vulnerabilities #43 from suvjunmd/options
• 5ded9c5 Fixed options link

See the full diff

Package name: gulp-nodemon

The new version differs by 16 commits.

• b4234a3 Version bump
• 033c27b Merge pull request Sending error stack on 500 server error meanjs/mean#159 from bennyn/patch-1
• 7ce2da0 Support Ctrl + C on Windows
• 1a31fa2 Update nodemon. Remove (erroneously named) "test" folder.
• 628b239 Update README.md
• ff92bba Update README.md
• 9927ad5 Version 2.4.0, ignore package-lock.json in .gitignore
• d087b15 Merge pull request Added load-grunt-tasks to dependencies meanjs/mean#151 from cnshenj/master
• c1ef02d Update gulp to 4.x.x
• c49b947 Version bump
• 59be245 Merge pull request ACL and vertical branches meanjs/mean#135 from dmm/master
• f431571 Use locally installed gulp to run tasks.
• b271168 Merge pull request Sign in message meanjs/mean#133 from Dvbnhbq/patch-1
• de73518 Add some original nodemon colour
• 979bb1e Merge pull request Fix typo in Error handling controller code meanjs/mean#132 from XescuGC/update_readmee
• eee7812 Updated README with more clearly explanation of the 'tasks' option

See the full diff

Package name: gulp-rev

The new version differs by 8 commits.

• bb3a3fd 8.1.1
• e46406b Replace gulp-util with smaller modules (fig up - node container cannot connect to mongo container meanjs/mean#237)
• 6c9bcac Remove Code Sponsor
• fe0c551 8.1.0
• 47ffbe0 Bump `rev-path`
• fc74b5b Try out Code Sponsor
• cdf63fa Pass resolved, absolute paths to relPath() (Angular 1.3 meanjs/mean#220) (missing envs for docker / fig in development and test meanjs/mean#222)
• 567c340 Update readme.md (Error: Error setting TTL index on collection meanjs/mean#224)

See the full diff

Package name: gulp-sass

The new version differs by 38 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (How to do that session expiring automatically? meanjs/mean#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (fixing typos across documentation in gh-pages meanjs/mean#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (Request for JSCS meanjs/mean#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request Support Deploying MEANJS To Cloud Foundry meanjs/mean#681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request adding more client tests causes $location:nobase error meanjs/mean#667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: imagemin-pngquant

The new version differs by 25 commits.

• 0754402 9.0.0
• d285e92 Require Node.js 10 ([Snyk] Security upgrade gulp-sass from 3.1.0 to 5.0.0 #67)
• 61997a2 8.0.0
• 7049509 Require Node.js 8
• 6ce8a90 Use Travis to test on Windows ([Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #57)
• 97c4d23 Fix the default documented value for the `speed` option ([Snyk] Fix for 1 vulnerabilities #55)
• cdf2f26 7.0.0
• b2ad077 Add TypeScript definition ([Snyk] Security upgrade gulp-angular-templatecache from 2.0.0 to 3.0.1 #54)
• 0e0edd2 Fix the `quality` option
• fdac781 Update dependencies
• fd535b0 Change the `quality` option to be a float from 0 to 1
• 201aa20 Add strict options checks
• e6c1b97 Docs improvements
• 507d8ab Fix the documented `quality` option type
• b96f2ac Fix the default documented value for the `dithering` option
• 515fb7e Rename `floyd` option to `dithering` and drop the `nofs` option
• 479a3e8 6.0.1
• 6b0e2a6 Don't throw on inputs larger than 10 MB ([Snyk] Fix for 31 vulnerabilities #52)
• be923c2 6.0.0
• fcf28bb Update to pngquant 2.12.0
• ec458e9 Require Node.js 6
• 6b65fa9 Add `strip` option ([Snyk] Security upgrade ubuntu from latest to 22.10 #44)
• 5c3b75c 5.1.0
• bded797 Bump dependencies

See the full diff

Package name: run-sequence

The new version differs by 5 commits.

• 31103da 2.2.1
• 209e46c Drop dependency on deprecated `gulp-util` (Remove space which messes up the url local variable meanjs/mean#100)
• 37e17be 2.2.0
• c450122 Changelog, cleanup for orchestration events change
• 2155560 handle orchestration aborted events (Minor language fixes for front page. meanjs/mean#97)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn