[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPTR-1577291	Yes	Proof of Concept
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: firebase-tools

The new version differs by 250 commits.

• 9df5e52 10.1.0
• fc2c57f use built-in cache with setup-node (#4006)
• 8e14e83 update mocha, nyc, chai (#3991)
• 9ae4fef shrinkwrap CLI dependencies (#4004)
• dfaa859 Add support for emulating functions from multiple sources at once (#3937)
• a90f28a update some dev dependencies (#3988)
• bf9021e updates inquirer; updates a couple packages in package-json for audit (#3985)
• e5d55e2 increase auth emulator timeout (#3986)
• e05d2e0 security(deps): upgrade to [email protected] (#3981)
• 8998185 upgrade exegesis* packages and regenerate api to update messages (#3977)
• 9e9a8cd upgrade typescript to 4.5 (#3957)
• edbe969 disabling http in the fetchwebsetup requests makes them much faster (#3984)
• 012f327 Revive the runtime config loader in the emulator runtime. (#3974)
• 1ca8364 Upgrade google-auth-library (#3972)
• 754c8e4 Fix bug where empty vpc connector setting was removed. (#3973)
• 9736bb0 Added finer grained metrics to ext:install. (#3940)
• 6ecb791 New provider metrics command for extension providers (#3938)
• c068382 upgrade npm in node12 container for building (#3958)
• 428ba3c [firebase-release] Removed change log and reset repo after 10.0.1 release
• b97dc4a 10.0.1
• 09e9dbc package-lock.json and npm audit package updates (#3954)
• 318087b Release Database Emulator v4.7.3. (#3955)
• f12728d [firebase-release] Removed change log and reset repo after 10.0.0 release
• 0da4c43 10.0.0

See the full diff

Package name: shelljs

The new version differs by 71 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (Use Parcel v2 scriptPilot/app-framework#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (Use Framework7 v4 scriptPilot/app-framework#903)
• 4bd22e7 chore(ci): fix codecov on travis (add ftp-upload defaultPassword to schema scriptPilot/app-framework#897)
• 2b3b781 fix: silent exec (v3 - In standalone mode webapp always has a black statusbar scriptPilot/app-framework#892)
• 37acb86 chore(npm): add ci-or-install script (add config.ftp.defaultPassword to ftp-deploy scriptPilot/app-framework#896)
• 4e861db chore(appveyor): run entire test matrix (v3 - add 'clean cache' script scriptPilot/app-framework#886)
• d079515 docs: remove gitter badge (Demo App - External images are not shown offline scriptPilot/app-framework#880)
• 4113a72 grep includes the i flag (Bring autocomplete / ajax in demo to live scriptPilot/app-framework#876)
• 8dae55f Fix(which): match only executable files (Ship external images with demo app scriptPilot/app-framework#874)
• 6d66a1a chore: rename some tests (Deployment to Netlify scriptPilot/app-framework#871)
• 131b88f Fix cp from readonly source (v3 - Copy app version to Xcode scriptPilot/app-framework#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (Check in prepublish if all changes are commited scriptPilot/app-framework#863)
• 72ff790 chore: bump dev dependencies and add package-lock (v3 - Bump version automatically on publish scriptPilot/app-framework#864)
• 93bbf68 Prevent require-ing bin/shjs (v3 - Update icons only if source file changed scriptPilot/app-framework#848)
• aa9d443 chore: output npm version in travis (v3 - ESLint issue because @capacitor/core not in dependencies when used scriptPilot/app-framework#850)
• 4733a32 chore(appveyor): do not use latest npm (v3 - iPhone X notch covers content on landscape homescreen app scriptPilot/app-framework#847)
• dd5551d chore: update shelljs-release version (v3 - Update statusbar color of ios homescreen app with configuration scriptPilot/app-framework#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic