[Snyk] Fix for 20 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/m365/spfx/commands/project/test-projects/spfx-1100-applicationcustomizer/package.json
  • src/m365/spfx/commands/project/test-projects/spfx-1100-applicationcustomizer/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	405/1000 Why? CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	427/1000 Why? Proof of Concept exploit, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	375/1000 Why? CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	No	No Known Exploit
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	375/1000 Why? CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	325/1000 Why? CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	306/1000 Why? CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-UIFABRICUTILITIES-571487	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	292/1000 Why? Proof of Concept exploit, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 250 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request New-Command: Outlook report mailboxusagecount pnp/cli-microsoft365#1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request New-Command: outlook report mailactivitycounts pnp/cli-microsoft365#1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request New command: spo report SharePointActivityUserDetail pnp/cli-microsoft365#1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request New-command: outlook report mailappusagedetail pnp/cli-microsoft365#1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request New-Command: outlook report mailappusageappsusercounts pnp/cli-microsoft365#1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request New-command: outlook report outlookusagedetails pnp/cli-microsoft365#1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Docs improvement: Docs version matching CLI version. pnp/cli-microsoft365#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Enhance 'site remove' supporting deletion o365 group connected site. Closes #1561 pnp/cli-microsoft365#1859)
• 723cbc4 Docs: Fix syntax in recipe example (New Command: teams user app remove. Closes #1711 pnp/cli-microsoft365#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Enhancement: extend 'flow run get' with approver information pnp/cli-microsoft365#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (UnhandledPromiseRejectionWarning: ParserError: Unexpected token type: Colon, value: : pnp/cli-microsoft365#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (New command: spo file sharinginfo get pnp/cli-microsoft365#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Added sample script closing #1506 pnp/cli-microsoft365#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (New command: List Microsoft To Do task lists pnp/cli-microsoft365#1609)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication