[Snyk] Fix for 20 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/y18n/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	414/1000 Why? Has a fix available, CVSS 4	Insecure use of Tmp files npm:sync-exec:20160124	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coveralls

The new version differs by 3 commits.

• 2ed4d09 major version bump for node > 4.x
• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #172)

See the full diff

Package name: nyc

The new version differs by 230 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. ([Snyk] Fix for 1 vulnerabilities #896)
• d0b76e2 fix: Enable es-modules by default. ([Snyk] Fix for 1 vulnerabilities #889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #863)
• c325799 docs: reference babel 7 in all places ([Snyk] Security upgrade django from 2.0.1 to 3.2.18 #881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. ([Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #883)
• 8ab1ae3 chore: update dependencies ([Snyk] Security upgrade @google-cloud/profiler from 2.0.2 to 4.1.3 #872)
• 52b69ef fix: Update caching-transform options. ([Snyk] Security upgrade django from 2.0.1 to 3.2.18 #873)
• 624a723 chore: update dependencies ([Snyk] Security upgrade django from 1.6.1 to 3.2.18 #866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info ([Snyk] Security upgrade cryptography from 2.6.1 to 39.0.1 #860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report ([Snyk] Security upgrade cryptography from 2.6.1 to 39.0.1 #859)
• f09cf02 chore: update dependencies ([Snyk] Fix for 1 vulnerabilities #855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… ([Snyk] Fix for 1 vulnerabilities #853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 ([Snyk] Fix for 1 vulnerabilities #854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding ([Snyk] Fix for 1 vulnerabilities #851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase ([Snyk] Fix for 4 vulnerabilities #848)
• 570a08a chore(release): 11.9.0
• 1329a3b feat: add option that allows instrument to exit on error ([Snyk] Fix for 1 vulnerabilities #850)
• bc9ffe5 chore(release): 11.8.0

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: standard

The new version differs by 250 commits.

• fa0c1e4 update authors
• 81de719 16.0.0
• 9f94f98 prep changelog for 16.0.0
• f5b298a standard-engine@14
• 9f73bf2 eslint-config-standard-jsx@10
• 0ce671d eslint-config-standard@16
• dfea036 changelog
• c167c0a disable failing repos for 'no-var' rule
• 24ddf3f changelog
• 258ee48 disable no-var rule for cmd since it needs to run on all node versions
• 59dc70e remove eslint-plugin-standard
• 7c7dbec changelog
• 6fbe538 test: fix logs
• e5e0b37 test: disable failing repos
• a98eba7 test: re-enable disabled repos which now pass!
• 0bfd793 test: disable non-existent repo
• 6f9f2f1 test: add script to detect non-existent repos
• 0d429d0 test: remove non-existant repo
• 0b64eb3 test: add --write option to save changes to "disable" prop
• 8b97b72 test: add test packages into same repo
• e1b0466 changelog
• 692c0fe changelog
• c30a584 remove mkdirp dependency
• d1f9de1 remove broken eslint-index package

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Privilege Management
🦉 More lessons are available in Snyk Learn