[Snyk] Fix for 12 vulnerabilities

[Omrisnyk]

Snyk has created this PR to fix 12 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Code Injection SNYK-JS-LODASH-1040724	239
	Prototype Pollution SNYK-JS-LODASH-567746	189
	Prototype Pollution SNYK-JS-Y18N-1021887	187
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	176
	Prototype Pollution SNYK-JS-LODASH-6139239	170
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159
	Prototype Pollution SNYK-JS-ASYNC-2441827	159
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159
	Prototype Pollution SNYK-JS-LODASH-608086	150
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	137
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	63

Release notes

Package name: ping

• 0.4.4 - 2023-03-11
  

  Restrict files being published by npm publish

• 0.4.2 - 2022-04-27
  

  updated version

• 0.4.1 - 2021-04-07
• 0.4.0 - 2020-12-26
  

  Version v0.4.0 release

• 0.3.0 - 2020-10-03
• 0.2.3 - 2020-04-08
• 0.2.2 - 2017-02-20

from ping GitHub release notes

Package name: winston

• 3.3.4 - 2022-01-10
  

  Compared to v3.3.3, this version fixes some issues and includes some updates to project infrastructure,
  such as replacing Travis with Github CI and dependabot configuration.
  There have also been several relatively minor improvements to documentation, and incorporation of some updated dependencies.
  Dependency updates include a critical bug fix [#2008] in response to self-vandalism by the author of a dependency.

  • [#1964] Added documentation for how to use a new externally maintained Seq transport.
  • [#1712] Add default metadata when calling log with string level and message.
  • [#1824] Unbind event listeners on close
  • [#1961] Handle undefined rejections
  • [#1878] Correct boolean evaluation of empty-string value for eol option
  • [#1977] Improved consistency of object parameters for better test reliability
• 3.3.3 - 2020-06-23
  
  • Prepare for 3.3.3 c416e3a
  • revert Fix bugs in type (#1807) (#1820) 35b0774
  • Fix issue #1817 (#1819) bc6f681

  v3.3.2...v3.3.3

• 3.3.2 - 2020-06-22
  
  • [#1814] Use fork of diagnostics on NPM to avoid making Docker images require git 0752614

  v3.3.1...v3.3.2

• 3.3.1 - 2020-06-22
  
  • Prep for 3.3.1 faac066
  • Add space between info.message and meta.message (#1740) 227ca0a
  • Fix bugs in createLogger type (#1807) ef97171
  • Fix typing for Profile.start (was Date, should be Number) (#1803) 0e1c812
  • Merge branch 'master' of github.com:winstonjs/winston 9e7bd71
  • [#1813] Use fork of diagnostics, avoiding indirect storage-engine dependency 67cd9b5
  • remove emitErrs note from README (its no longer supported) (#1810) 6545a7e

  v3.3.0...v3.3.1

• 3.3.0 - 2020-06-21
  
  • Prepare for v3.3.0 b6bc918
  • doc: fix whitespace and trailing comma. (#1778) 9354721
  • docs: add example of uncaughtRejections logging (#1780) 3d07a80
  • fix: change property of handleRejections (#1779) df25fa2
  • Add options to request (#1777) 950cbcd
  • Update package-lock.json (#1772) 1c75292
  • Exclude unnecessary files from npm package (#1768) e7d13d5
  • Fix removes a logger when pass undefined transport (#1785) 75f7edf
  • This adds Node.js 14 and removes Node.js 8 as: (#1793) 4b571ba
  • Update Sentry transport require change (#1754) 73ae01f
  • Fix typo (#1750) 7b67eb0
  • Fix Issue where winston removes transport on error (#1364) (#1714) 1679c49
  • Fix #1690 (#1691) 0e0cf14
  • Node 12 is LTS now 85a250a
  • Update README.md (#1743) bea9c34
  • Add defaultMeta to Logger index.d.ts (#1736) 319abf1
  • (typo) Missing label import in example (#1733) c719706
  • Update index.d.ts (#1729) 8944598
  • Fix npm logging levels on README.md (#1737) 7bb258c
  • #1567: document common transport options (#1723) 64744d7
  • Add Humio transport link to docs (#1705) ae2335b
  • UPDATE levels on readme (http added) (#1650) 785bd9e
  • Add PostgresQL transport to list of community transports (#1697) 4f44acb
  • feat(transports): add integrateion with winston-bigquery (#1700) 22801e1
  • add bearer auth capabilities to http transport; (#1662) a07bc17
  • [#1612] Remove no-op aed30ab
  • Upgrade all dependencies, test/build/lint results match master (#1686) 11f5ea2
  • added a Sentry transport for winston (#1684) d62470e
  • Update transports.md (#1683) 2d44d64
  • Made the code example fully executable (#1677) e325793
  • Updated async to lodash patched version (#1672) 9399f08
  • Updated transports.md (#1652) 15c9653
  • Fix logs files names (#1651) daeefbf
  • Add Slack Winston transport (#1661) 47e05e8
  • Add datadog winston transport (#1656) bf2b986
  • Update CI to remove Node 6 and support Node 12 (#1647) 05bed4d
  • Remove unused import (#1654) bc6a363
  • TS updates (#1625) 4e939b3
  • Update index.d.ts (#1623) 8423c03
  • Add typings for the isLevelEnabled(string) and isXXXEnabled() functions (#1622) 1a75544
  • Adding LogDNA Winston Transport (#1610) 8f4cddc
  • Expose child on default logger (#1603) 80d3439
  • [#1592], (@ akaustav) Fix year typo in CHANGELOG (#1593) 3a5413b
  • Update transports.md table of contents (#1605) a9065b1
  • Update transports.md (#1600) 635b468
  • [doc] Drop minor and patch versions from hero title to avoid future mistakes I will definitely make. efd7baf
  • [tiny doc] Update hero title. 85f2471

  3.2.1...v3.3.0

• 3.2.1 - 2019-01-29
  

  Version 3.2.1

from winston GitHub release notes

Package name: winston-daily-rotate-file

• 4.0.0 - 2019-09-06
  

  This release removes support for winston@2. If you're using this version of winston, please do not upgrade to this release, and instead remain on winston-daily-rotate-file@3.

  • removed support for nodejs < 8
  • add logRemoved event when log file is removed
  • add utc option to support UTC date substitution in filenames
  • add extension option to support file extensions on rotated files
• 3.10.0 - 2019-07-12
  

  3.10.0

from winston-daily-rotate-file GitHub release notes

Package name: yargs

• 17.6.0 - 2022-10-01
  

  17.6.0 (2022-10-01)

  Features

  • lang: Czech locale (#2220) (5895cf1)
  • usage: add YARGS_DISABLE_WRAP env variable to disable wrap (#2210) (b680ace)

  Bug Fixes

  • deno: use 'globalThis' instead of 'window' (#2186) (#2215) (561fc7a)
  • deps: cliui with forced strip-ansi update (#2241) (38e8df1)
  • dont clobber description for multiple option calls (#2171) (f91d9b3)
  • typescript: address warning with objectKeys (394f5f8)

    </li>
    <li>
      <b>17.5.1</b> - <a href="https://github.com/yargs/yargs/releases/tag/v17.5.1">2022-05-16</a></br><h3><a href="https://github.com/yargs/yargs/compare/v17.5.0...v17.5.1">17.5.1</a> (2022-05-16)</h3>
  

  Bug Fixes

  • add missing entries to published files (#2185) (5685382)
  • address bug when strict and async middleware used together (#2164) (cbc2eb7)
  • completion: correct zsh installation instructions (22e9af2)
  • handle multiple node_modules folders determining mainFilename for ESM (#2123) (e0823dd)
  • lang: add missing terms to Russian translation (#2181) (1c331f2)
  • prevent infinite loop with empty locale (#2179) (b672e70)
  • veriadic arguments override array provided in config (the same as multiple dash arguments). (4dac5b8)
• 17.5.0 - 2022-05-11
  

  17.5.0 (2022-05-11)

  Features

  • add browser.d.ts and check for existence of Error.captureStackTrace() (#2144) (6192990)

  Bug Fixes

  • completion: support for default flags (db35423)
  • import yargs/yargs in esm projects (#2151) (95aed1c)
• 17.4.1 - 2022-04-09
  

  17.4.1 (2022-04-09)

  Bug Fixes

  • coerce pollutes argv (#2161) (2d1136d)
  • completion: don't show positional args choices with option choices (#2148) (b58b5bc)
  • hide hidden options from completion (#2143) (e086dfa), closes #2142
  • show message when showHelpOnFail is chained globally (#2154) (ad9fcac)
• 17.4.0 - 2022-03-19
  

  17.4.0 (2022-03-19)

  Features

  • completion: choices will now work for all possible aliases of an option and not just the default long option (30edd50)
  • completion: positional arguments completion (#2090) (00e4ebb)

  Bug Fixes

  • completion: changed the check for option arguments to match options that begin with '-', instead of '--', to include short options (30edd50)
  • completion: fix for completions that contain non-leading hyphens (30edd50)
  • failed command usage string is missing arg descriptions and optional args (#2105) (d6e342d)
  • wrap unknown args in quotes (#2092) (6a29778)
• 17.3.1 - 2021-12-23
• 17.3.0 - 2021-11-30
• 17.2.1 - 2021-09-25
• 17.2.0 - 2021-09-23
• 17.1.1 - 2021-08-13
• 17.1.1-candidate.0 - 2021-08-13
• 17.1.0 - 2021-08-04
• 17.1.0-candidate.0 - 2021-07-15
• 17.0.2-candidate.1 - 2021-07-15
• 17.0.2-candidate - 2021-07-10
• 17.0.1 - 2021-05-03
• 17.0.0 - 2021-05-02
• 17.0.0-candidate.13 - 2021-04-26
• 17.0.0-candidate.12 - 2021-04-12
• 17.0.0-candidate.11 - 2021-04-11
• 17.0.0-candidate.10 - 2021-04-04
• 17.0.0-candidate.9 - 2021-04-04
• 17.0.0-candidate.8 - 2021-03-26
• 17.0.0-candidate.7 - 2021-03-14
• 17.0.0-candidate.6 - 2021-03-11
• 17.0.0-candidate.5 - 2021-03-10
• 17.0.0-candidate.4 - 2021-03-08
• 17.0.0-candidate.3 - 2021-02-22
• 17.0.0-candidate.2 - 2021-02-16
• 17.0.0-candidate.1 - 2021-02-15
• 17.0.0-candidate.0 - 2021-01-09
• 16.2.0 - 2020-12-05
• 16.1.1 - 2020-11-15
• 16.1.0 - 2020-10-16
• 16.0.4-candidate.0 - 2020-09-21
• 16.0.3 - 2020-09-10
• 16.0.2 - 2020-09-09
• 16.0.1 - 2020-09-09
• 16.0.0 - 2020-09-09
• 16.0.0-beta.3 - 2020-09-08
• 16.0.0-beta.2 - 2020-09-08
• 16.0.0-beta.1 - 2020-08-27
• 16.0.0-beta.0 - 2020-08-22
• 16.0.0-alpha.3 - 2020-08-19
• 16.0.0-alpha.2 - 2020-08-17
• 16.0.0-alpha.1 - 2020-08-17
• 16.0.0-alpha.0 - 2020-08-17
• 15.5.0-candidate.0 - 2021-02-22
• 15.4.1 - 2020-07-10
• 15.4.0 - 2020-07-02
• 15.4.0-beta.1 - 2020-07-01
• 15.4.0-beta.0 - 2020-05-15
• 15.3.2-beta.0 - 2020-04-17
• 15.3.1 - 2020-03-16
• 15.3.1-beta.0 - 2020-03-12
• 15.3.0 - 2020-03-08
• 15.3.0-beta.1 - 2020-03-08
• 15.3.0-beta.0 - 2020-03-02
• 15.2.0 - 2020-03-01
• 15.2.0-beta.2 - 2020-03-01
• 15.2.0-beta.1 - 2020-02-29
• 15.2.0-beta.0 - 2020-02-24
• 15.1.0 - 2020-01-02
• 15.0.2 - 2019-11-19
• 15.0.1 - 2019-11-16
• 15.0.0 - 2019-11-10
• 14.2.3 - 2020-03-13
• 14.2.2 - 2019-11-19
• 14.2.1 - 2019-10-30
• 14.2.0 - 2019-10-07
• 14.1.0 - 2019-09-06
• 14.0.0 - 2019-07-30
• 13.3.2 - 2020-03-13
• 13.3.0 - 2019-06-10

from yargs GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Code Injection

[//]: # ...

[Omrisnyk]

🎉 Snyk hasn't found any issues so far.

✅ code/snyk check is completed. No issues were found. (View Details)