[Snyk] Fix for 16 vulnerabilities

[hof-bot-user]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lib/cli/init/template/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hof

The new version differs by 45 commits.

• bdfdef0 update github action
• 5b7f650 use yarn
• e611e5c package
• 15a3afc Update git flow
• 124ba81 Update npm publish delimiter
• 169ff5c Update package json to v19.0.0
• a46d37c Add browserify
• 795ce42 Fix linting
• 2555f45 Update linting and package lock using underscore dependency in httpntlm with nodemailer
• 9bf5288 Fix jest and karma tests
• 0c36797 Add all HOF frontend components
• f9dbc4a Fix linting
• 5d0813a Revert nodemailer-smtp-transport to 2.7.4
• 1c475d0 Add components and move tests and readmes to hof project for reference
• ffa192a Commit package.json lock file
• 1492abe Remove lodash.merge
• 0eabc5c Make request.js main dependency
• 375fc17 Fix linting issues
• e857801 Fix tests
• 787cebd Add hof controller and model to code base
• 52cdb02 Move hof wizard into the main hof repo
• 46cf1f0 Move hof-middleware into hof
• 6ffd8a4 Remove selective lodash dependencies
• d765e26 Add Redis to git action

See the full diff

Package name: hof-build

The new version differs by 104 commits.

• bb6b826 4.0.0
• 6420cdd [MAJOR]: Removed deprecated npm-sass and added dart-sass.
• 2ca9f95 3.1.6
• 5a3819c Merge pull request [Snyk] Security upgrade hof-build from 1.6.0 to 4.0.0 #44 from UKHomeOfficeForms/update-workflow
• 8b0ec68 Remove sas from package json file
• 24ca385 3.1.5
• f0bbee5 Merge pull request [Snyk] Security upgrade hof-build from 1.6.0 to 4.0.0 #43 from UKHomeOfficeForms/update-workflow
• d594b06 Add sas to the package json name
• 8210e42 3.1.4
• 19516de Merge pull request [Snyk] Security upgrade hof-build from 1.6.0 to 4.0.1 #42 from UKHomeOfficeForms/update-workflow
• f73df32 Update worflow to use organisation npm secret
• f284958 3.1.3
• d0a9e30 Merge pull request [Snyk] Security upgrade hof-build from 1.6.0 to 4.0.0 #40 from UKHomeOfficeForms/security/removed-shrinkwrapfile
• d390266 Removed shrinkwrap file
• 554fc62 3.1.2
• 5d51bb6 Merge pull request [Snyk] Security upgrade hof-build from 1.6.0 to 4.0.0 #39 from UKHomeOfficeForms/npm-patch2
• 6470984 Update git actions to use checkout v2.2.0
• c6a4f13 3.1.1
• 89dcbf4 Merge pull request Hof-17: Update hof package to 17 #38 from UKHomeOfficeForms/npm-patch2
• 5459b8e Automate publishing releases
• a827bc5 3.1.0
• db03695 Merge pull request Ensure file modes are preserved when copying files #37 from UKHomeOfficeForms/npm-patch2
• 382a2e6 [MINOR]: Update workflows and version to 3.1.0
• 0f5f134 Merge pull request [evergreen-travis] Update .travis.yml node versions #36 from UKHomeOfficeForms/npm-patch2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 NULL Pointer Dereference
🦉 Uncontrolled Recursion
🦉 More lessons are available in Snyk Learn