[Snyk] Fix for 5 vulnerabilities #5

nicholasess · 2022-10-06T20:04:24Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-fetch

The new version differs by 240 commits.

1ef4b56 backport of #1449 (#1453)
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
b5e2e41 update version number
2358a6c Honor the `size` option after following a redirect and revert data uri support
8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
1e99050 fix: Change error message thrown with redirect mode set to error (#653)
244e6f6 docs: Show backers in README
6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
47a24a0 chore: Add opencollective badge
7b13662 chore: Add funding link
5535c2e fix: Check for global.fetch before binding it (#674)
1d5778a docs: Add Discord badge
eb3a572 feat: Data URI support (#659)
086be6f Remove --save option as it isn't required anymore (#581)
95286f5 v2.6.0 (#638)
bf8b4e8 Allow agent option to be a function (#632)
0c2294e 2.5.0 release (#630)
0fc414c Allow third party blob implementation (#629)
d8f5ba0 build: disable generation of package-lock since it is not used (#623)

Package name: yargs

The new version differs by 188 commits.

a6e67f1 chore(release): 13.2.4
fc13476 chore: update standard-verison dependency
bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (#1317)
a3a5d05 docs: fix a broken link to MS Terminology Search (#1341)
b4f8018 build: add .versionrc that hides test/build
0c39183 chore(release): 13.2.3
08e0746 chore: update deps (#1340)
843e939 docs: make `--no-` boolean prefix easier to find in the docs (#1338)
84cac07 docs: restore removed changelog of v13.2.0 (#1337)
b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
c294d1b test: accept differently formatted output (#1327)
ac3f10c chore: move .hbs templates into .js to facilitate webpacking (#1320)
0295132 fix: address issues with dutch translation (#1316)
9f2468e doc: clarify parserConfiguration object structure (#1309)
e7f2937 chore(release): 13.2.2
edd0bb5 test: correct test description
03a9523 chore: forgoing dropping Node 6 until yargs@14 (#1308)
14920d1 docs: remove --save option as it isn't required anymore (#1301)
545c7f1 test: slightly reworded one test
4375680 chore(release): 13.2.1
dfcaa68 test: slight edit to test wording
3180224 fix: add zsh script to files array
0a96394 fix: support options/sub-commands in zsh completion
48249a2 chore(release): 13.2.0