[Snyk] Fix for 11 vulnerabilities

[nathang21]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: codecov

The new version differs by 25 commits.

• e427d90 feat(services): add azure pipelines (#114)
• 023d204 Use small HTTP dependency (#110)
• 500f308 Update Readme
• 0ce3c76 v3.1.0
• 7c1f16e fix: support `.codecov.yml`/`codecov.yml` files for token (#108)
• 1fff4dc Allow custom `yaml` file. (#107)
• 77d7a5e Add ESLint (#93)
• 625807c Removing Makefile (#104)
• 94cd1c6 Change from istanbul to nyc (#103)
• b0b580b Update README.md
• 08ca881 v3.0.4
• 012ef08 Update dependencies (#102)
• f954f91 Prettier (#101)
• 16efd18 Update README.md
• 49257a9 Update Readme
• 15cdae3 v3.0.3
• 39dc2d8 Support non-git/hg root dirs (#75)
• a19efbe Updated readme
• 31926f7 v3.0.2
• 1114b03 Stop outputting upload-token in logs (#97)
• e903e88 v3.0.1 (#96)
• 75cc0dd package: unpin request so i stop getting these vulnerability reports (#91)
• 4a7561e add -X s3 to disable uploading to s3 (#84)
• 19facba Replace the `cd` command with the `pwd` option. (#85)

See the full diff

Package name: jsdoc

The new version differs by 132 commits.

• 0842185 4.0.0
• b018408 chore!: replace taffydb package with @ jsdoc/salty
• dc48aa6 3.6.11
• cccfd3d chore(deps): resolve dependency vulnerability
• ff5963a fix(deps): rollback klaw to 3.x (#2002)
• 2bf9f88 3.6.10
• ffa07da remove `npm preinstall` script (#1971)
• aab7b50 3.6.9
• 24c1354 fix installation error when installing via npm (#1970)
• c5ea65a 3.6.8
• a024054 update dependencies
• e1f1919 3.6.7
• f7a64bd chore(deps): update selected dependencies
• 3f5c462 3.6.6
• 95e3192 fix: correctly track interface members
• ef05a69 3.6.5
• a59b5cd fix: prevent circular refs when params have the same type expression
• 8d0fce6 chore: bump version; update release notes
• 91c9aa7 chore(deps): update dependencies
• ef33f07 3.6.3
• 0e468af 3.6.2
• d5e0eb0 Add 3.6.2 changelog.
• 61ae11c Ensure that ES 2015 classes appear in the generated docs when they're supposed to. (#1644)
• 03b8abd Add 3.6.1 changelog.

See the full diff

Package name: nodeunit

The new version differs by 5 commits.

• cd773a2 Merge pull request #356 from brodybits/tap-12
• 98f5a33 package.json use tap@^12.0.1 & mark version 0.11.3
• 91564c2 .travis.yml updates
• 6bd262c README.md fix first 2 section markers
• ec2ea88 add deprecation notice

See the full diff

Package name: nyc

The new version differs by 204 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
• f3c9e6c chore: Temporarily pin test-exclude (#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
• 7307626 chore: Remove cp-file module (#1230)
• dfd629d fix: Better error handling for main execution, reporting (#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
• a1dee03 chore: Update yargs (#1224)
• 8078a79 chore: Fix 404 in README.md. (#1220)
• 7a02cb7 chore: Add enterprise language (#1217)
• ea94c7f chore: Remove unused functions (#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
• f890360 docs: Fix URL to default excludes in README.md (#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
• cc77e13 chore: Add `use strict` to all except fixtures (#1197)
• bcbe1df chore: Update dependencies (#1196)
• 2735ee2 chore: 100% coverage (#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)

See the full diff

Package name: snyk

The new version differs by 10 commits.

• 933f3f1 feat: update snyk-resolve-deps to reduce size of dependencies
• 042c476 feat: remove update notifier
• 7e10aae feat: support yarn for protect scripts
• 6b6ce94 fix: dont suggest reinstallation for yarn projects
• 80e49fd fix: update test fixures expected version
• 38f993f fix: compatability with new pip version (10.0.0)
• db91114 feat: a seperate spinner for "Analyzing deps ..."
• 6a77349 fix: update snyk-go-plugin 1.4.5 -> 1.4.6
• 334f8b1 fix: remove vulns from analytics payload if present
• 58b5437 chore: adds security document

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn