[Snyk] Fix for 24 vulnerabilities

[DemoiselleFramework]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-filter

The new version differs by 3 commits.

• 845b913 5.1.0
• b00bb32 Meta tweaks
• 52df753 Remove deprecated gulp-util dependency ([Snyk] Security upgrade yeoman-generator from 2.0.5 to 4.11.0 #86)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
• 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request #2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Package name: typescript-formatter

The new version differs by 9 commits.

• 3bd3935 chore(tsfmt): bump version & generate CHANGELOG.md
• 626205e chore(tsfmt): clean up .npmignore
• c92c5b9 chore(tsfmt): add yarn.lock
• e8d7ff1 Merge pull request [Snyk] Fix for 25 vulnerabilities #83 from vvakame/rm-promise-polyfill
• f658d2d Merge pull request [Snyk] Security upgrade snyk from 1.192.0 to 1.230.7 #82 from vvakame/drop-filesGlob
• f735264 Merge pull request [Snyk] Fix for 1 vulnerabilities #81 from vvakame/feat-specified-config
• 025c543 feat(tsfmt): add --useTsconfig, --useTsfmt, --useTslint options to CLI closes [Snyk] Security upgrade snyk from 1.192.0 to 1.324.0 #67
• 3b0d38f feat(tsfmt): drop tsconfig.json's filesGlob support, it is unofficial field.
• 03ce823 feat(tsfmt): remove es6-promise devDependencies

See the full diff

Package name: yeoman-generator

The new version differs by 250 commits.

• aad5fac 5.0.0
• 4f4a802 Add transform to expected priority.
• 57d240c Remove only from test.
• 812751f Lint fix
• 33d050f Implement getFeatures for singleton support.
• 99ac2c5 Add transform priority.
• 5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#1278)
• fa408bd Bump actions/stale from v3.0.15 to v3.0.16 (#1275)
• d7103f3 Drop reference from yeoman-test repository
• b36f294 Bump yeoman-environment to 3.0.0-rc.1
• ee0d1ad Hide shared options and drop support for kebab case options.
• 310f72d Fix spawn destinationRoot.
• 8f4afe9 Switch composeWith to use environment.
• e9d0a15 Remove support for chainning at composeWith.
• c2245e1 Switch from node 10 to 12 at Travis.
• 5be7b07 5.0.0-rc.0
• 8a448b4 Bump yeoman-environment to 3.0.0-rc.0
• 6d6c4b0 Changes to queueTransformStream
• 632d60d Add option to skip parsing options.
• 7050e53 Pass destinationRoot to spawn-command by default.
• 097cd20 Implement package-json mixin.
• 52c90a2 Add merge support to Storage.
• f4336d9 5.0.0-beta.1
• 1952724 Change version to 5.0.0-beta.0

See the full diff

Package name: yosay

The new version differs by 12 commits.

• c698632 3.0.0
• 7e41f27 Require Node.js 18 and move to ESM
• edf8387 update deps and cleanup code ([Snyk] Fix for 1 vulnerabilities #32)
• 30c5652 Reduce test code duplication ([Snyk] Fix for 1 vulnerable dependencies #31)
• bcd9a70 2.0.2
• 33feb5b Add license file
• 6c3028e 2.0.1
• 72d685f Set charIndex correctly when sentence contains whitespace ([Snyk] Fix for 1 vulnerable dependencies #30)
• 4534a16 2.0.0
• 00c279f ES2015ify
• af09c7a Bump minimum supported `node` version to `node@4`. ([Snyk] Fix for 1 vulnerable dependencies #25)
• 1614e0a fix travis

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn