[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk-config

The new version differs by 10 commits.

• 34bd34e Merge pull request #43 from snyk/fix/bundle-nconf
• b9cc6b6 feat: swap yargs parser with minimist
• 2b3935c feat: re-enable argv parsing with yargs
• 3b8a4e1 feat: add the original argv module
• 392e6f2 fix: use vendored nconf
• b90e7e7 fix: vendor nconf to remove vulnerable yargs version
• f2c0e1e chore: add the original nconf library
• eb0f55f Merge pull request #42 from snyk/test/add-more-test-cases
• bf4231e test: add more tests for argument parsing
• c10881d test: add test case for value type changing

See the full diff

Package name: snyk-docker-plugin

The new version differs by 95 commits.

• 1b8f409 Merge pull request fix: missing comma in .releaserc snyk/cli#294 from snyk/fix/update-snyk-config
• 9727f36 fix: update node-js-lockfile parser
• f2dbe55 Merge pull request feat: sha256 checksums for binary releases snyk/cli#293 from snyk/RUN-1041/update-readme
• 2602424 docs: correct env var names for tests
• 86b366d Merge pull request feat: add a CLI message when newer version is available snyk/cli#292 from snyk/test/dockerfile-bug
• 6813fda test: show a bug exists with injected base image in Dockerfiles
• cddb5f8 Merge pull request #291 from snyk/fix/types-for-scanned-facts
• 4462152 fix: add TypeScript types for any scanned Facts
• 2f20187 Merge pull request #289 from snyk/feat/detect-jar-hashes
• e662416 chore: Updated deb test to use sha
• bee3c84 feat: Extract jar hashes
• ee1dfb6 chore: Update unit-test & Jest config run dirs
• e73ec91 refactor: Extract nodejs binary if app scan enabled
• f525d5d feat: Added additional hash algorithm
• e789fa1 Merge pull request fix: move to the new version of nodejs-lockfile-parser  snyk/cli#288 from snyk/fix/dockerfile-instructions
• af4794f chore: stop Jest on first test failure
• b04baa6 fix: annotate packages with the instruction that introduced them
• fa736c9 Merge pull request feat: bump docker plugin snyk/cli#287 from snyk/fix/improviment_on_cleanup_pulled_image
• 43f92b0 fix: avoid race condition to remove pulled image and tmp folder
• 701cf5c Merge pull request docs: typos/grammar fixes snyk/cli#286 from snyk/fix/read-docker-host-env-var
• edf6726 fix: remove unused Docker functionality
• 70b618b fix: do not pass hardcoded Docker socket path
• e7458ae fix: capture errors in debug output
• d37aa0e Merge pull request Use consistent word style in the docs snyk/cli#285 from snyk/chore/delete-duplicate-tap-tests

See the full diff

Package name: snyk-mvn-plugin

The new version differs by 14 commits.

• fa682cc Merge pull request #95 from snyk/fix/update-snyk-config
• 55344d4 fix: update java-call-graph-builder
• 7f7bbec Merge pull request #94 from snyk/feat/windows-fix-for-reachable-vulns
• e00d815 feat: bump java call graph builder to fix windows issue
• 3a0360c Merge pull request #93 from snyk/feat/do-not-display-logs-downloading-call-graph
• 89fd14c feat: do not display logs while downloading the call graph generator
• 2a7e4c0 Merge pull request #92 from snyk/fix/fix-all-unmanaged-with-all-projects
• 9101804 fix: support allProjects only in scanAllUnmanaged flag
• 8bcb47b Merge pull request #91 from snyk/feat/upgrade-call-graph-builder
• c9a55ae feat: upgrade call graph builder to 1.15.1
• a34e6d9 Merge pull request #90 from snyk/feat/add-all-projects-to-scan-all-unmanaged
• c9cce6a lint
• ca0f2a7 make allProjects flag to set scanAllManaged to true
• 9106d45 feat: add recursive jars search in 'all-projects' mode in 'scan-all-unmanaged'

See the full diff

Package name: snyk-nodejs-lockfile-parser

The new version differs by 6 commits.

• c8e9342 Merge pull request #89 from snyk/fix/update-snyk-config
• 4c2a1f7 fix: use snyk-config version v4.0.0-rc.2
• af8ba81 Merge pull request #88 from snyk/feat/s-m-s
• 60e5bcd feat: libraries do not register source maps
• fff4ec6 Merge pull request fix snyk wizard run error on last step in npm apps or yarn apps. snyk/cli#87 from snyk/feat/upgrade-uuid
• c6a3041 feat: upgrade uuid (new import style)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution