[Snyk] Fix for 20 vulnerabilities

[rx007]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • build/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSZIP-73598	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: asar

The new version differs by 192 commits.

• db6d154 feat: give better hints when failing due to bad links (Readme updates atom/atom#241)
• 6c7d9f0 Merge pull request Merge dev into master atom/atom#239 from dsanders11/revert-main-commit
• cbc9cd9 Revert "chore: modernize JS in bin/asar.js"
• db163be chore: modernize JS in bin/asar.js
• a25691f docs: update README badges (add onBlur and onFocus events for the window atom/atom#236)
• ef6d44b build: update docker images (Active tab curve weirdness when blurred atom/atom#237)
• b1c8deb ci: use an available xcode version in CircleCI (Need better visuals for split screen atom/atom#223)
• 94cb8bd feat: add file hashes to asar header (Creating GitHub_Dark and GitHub_Light. atom/atom#221)
• 6fb376b build: do semantic-release on main
• b0415c8 build: use main branch for releases (A better dot atom atom/atom#220)
• 6a7c3a5 chore: update deps
• c9cc0a1 fix: CreateOptions.transform should return stream or void (Placing closing HTML tag onto newline predictably triggers RangeError atom/atom#195)
• 3f243e2 fix: correctly parse arguments for list --is-pack (A wild phantom caret appears atom/atom#194)
• 1ece9c8 build(deps-dev): upgrade mocha to ^7.1.1
• 04d8c79 build(deps-dev): upgrade standard to ^14.3.3
• 49bba74 fix: enforce Node version constraint for the CLI (Markdown preview disappears when Atom loses focus atom/atom#193)
• 19889b6 build: work around tsd bug
• c652ec4 build: limit what actually gets packaged
• f581511 build: use a newer Node version for releases
• f1a29ba feat: require Node 10.12.0 (Command to dump Atom state atom/atom#191)
• 0ee4133 chore: remove AppVeyor badge
• f9eb91d feat: add TypeScript definition (Make CI reliable atom/atom#190)
• c93997d build: replace AppVeyor with CircleCI's Windows support (Create CONTRIBUTING.md atom/atom#189)
• 170d05d refactor: reduce the usage of anonymous functions (Document themes atom/atom#188)

See the full diff

Package name: babel-eslint

The new version differs by 233 commits.

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base (Collaboration replication issue atom/atom#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference (Add pane-container:active-pane-item-changed event atom/atom#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert Indention off when pasting with autoIndentOnPaste: true atom/atom#584 (Remove dependency of bundled node atom/atom#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• 020d012 Treat type alias declarationlike function declaration (Indention off when pasting with autoIndentOnPaste: true atom/atom#584)
• b400cb1 Test eslint5, update peerDep (Add --help to atom.sh, fixes #685 atom/atom#690)
• c333bd6 Drop old monkeypatching behavior (Line height mismatch atom/atom#689)
• 6aa8b6f 9.0.0
• c7ee9ae Bump to babel@7.0.0 🎉 (Autocomplete CSS'ings  atom/atom#676)
• 3ece549 Docs: Make the default parserOptions more explicit (Incorrect text selection when using soft wrap and keyboard navigation atom/atom#673)
• 0b36951 Add logical assignment plugin (Trailing blank line whitespace truncated atom/atom#674)
• 5856ff5 Bump some devDeps
• 45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (Accidentaled web inspector atom/atom#668)
• bc97875 9.0.0-beta.3
• 74c5d62 update lock
• 6a45632 chore - fixing eslint-scope to a safe version; resolves Save as dialog does not use current file's path atom/atom#656. (Selecting multiple regions with multicursor breaks selections atom/atom#657)
• e0119e0 9.0.0-beta.2
• 198964b Merge pull request Add new commands for moving between words atom/atom#645 from rubennorte/support-new-flow-syntax-in-scope-analysis

See the full diff

Package name: github-releases

The new version differs by 8 commits.

• 950b7d0 0.4.2
• 3307791 Merge pull request [Snyk] Fix for 1 vulnerabilities #9 from roblourens/updateRequest
• f3ba8ce Remove package-lock.json
• dce6079 Update 'request' module for security
• f9d6c9e Fix downloading
• fc3b492 Fix error happend when converting CoffeeScript
• dbfb940 Convert CoffeeScript to JS
• 0ce3644 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Poisoning
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn