[Snyk] Fix for 20 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-FRONTMATTER-569103	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-UNDEFSAFE-548940	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: front-matter

The new version differs by 57 commits.

• 90d23d1 4.0.1
• f71652c Fix case of `allowUnsafe` in boolean coercion
• 80ff5d4 Merge branch 'tyankatsu0105-test/add-declaration-test'
• 2d1bd3f feat: add options args to fm
• 854bab6 chore: remove unused file
• f4d091f test: add typescript description test
• 0ec3a2c 4.0.0
• 5e574da Merge branch 'peterbe-65-yamlsafeload'
• 188b598 Merge branch '65-yamlsafeload' of git://github.com/peterbe/front-matter into peterbe-65-yamlsafeload
• 331fff5 update .travis.yml
• 9658b13 feedbacked
• b87b7d9 and readme
• 7887a05 feedbacked
• 60b3b67 readme update
• 1d9094f yaml.safeLoad()
• eaf33a5 3.2.1
• 7c4156c Merge branch 'mourner-patch-1'
• 0058684 smaller published size
• c50fd45 Update my email
• 9a31548 3.2.0
• 979dc2d Merge branch 'tyankatsu0105-master'
• fb81da2 chore: update declaration
• 3c53424 chore: declaration
• af399ef 3.1.0

See the full diff

Package name: isomorphic-fetch

The new version differs by 12 commits.

• fc5e0d0 3.0.0
• 496fa43 Add version that was previously uncomitted to the package.json due to the previous release process
• 9f5a8b6 Add a list of alternatives
• 49280e6 Resolve minor security issue
• 0f5edd0 Explain why Isomorphic Fetch is needed in docs (#135)
• e32b006 Fix travis (#190)
• db0aa8c Update to latest version
• 8bf02c4 Bump node-fetch from 1.7.3 to 2.6.1 (#189)
• 89c7e70 Merge pull request #93 from paulmelnikow/fetch_ponyfill
• 25e3cab Add link to fetch-ponyfill
• 8d33aba Merge pull request #90 from josiah0/update-lintspaces-cli
• c22fcda Update lintspaces-cli

See the full diff

Package name: marked

The new version differs by 250 commits.

• 1ad8e69 Merge pull request #1731 from UziTech/release-1.1.1
• 7e17526 1.1.1
• 7fbee6e Merge pull request #1730 from UziTech/update-deps
• 6f7522f Merge pull request #1729 from UziTech/quick-ref
• f8024eb remove ending slash
• 524ae66 remove ending slash
• 0d6e056 build
• 04ac593 update dev deps
• f36f676 🗜️ build [skip ci]
• dddf9ae Merge pull request #1686 from calculuschild/EmphasisFixes
• 6b729ed Merge branch 'EmphasisFixes' of https://github.com/calculuschild/marked into EmphasisFixes
• e27e6f9 Sorted strong and em into sub-objects
• a761316 Merge pull request #1726 from UziTech/show-rules
• f8193ed add npm run rules
• ad720c1 Make emEnd const
• 1fb141d Make strEnd const
• 226bbe7 Lint
• cc778ad Removed redundancy in "startEM" check
• 211b9f9 Removed Lookbehinds
• 982b57e Merge pull request #1720 from vassudanagunta/docs-patch-1
• 2a847e6 clarify level of support for Markdown flavors
• bd4f8c4 Fix unrestricted "any character" for REDOS
• 4e7902e Gaaaah lint
• 4db32dc Links are masked only once per inline string

See the full diff

Package name: nodemailer

The new version differs by 248 commits.

• 7e02648 v6.6.1
• 1750c0f v6.6.0
• 0636d58 Merge branch 'master' of github.com:nodemailer/nodemailer
• 058d414 v6.6.0
• fcb0d1f test: 💍 aws ses SDK v3 support
• 2ef39e3 test: 💍 aws ses connection verification
• 6107585 fix: 🐛 ses verify, add support for v3 API
• bf57cf5 Fixes resolveContent with streams overriding data
• 91108d7 v6.5.0
• 87d9b25 Pass through textEncoding to subnodes.
• 271f91b Update index.js
• 9b5fb94 v6.4.18
• 625a9ed Update README.md
• 1d24d8b docs: added rudimentary sponsor quote block
• a455716 Added OhMySMTP to services
• 6e045d1 v6.4.17
• ba31c64 v6.4.16
• 7e7b2b2 v6.4.15
• fca2041 Update CHANGELOG.md
• b4ccfa3 Oups
• 24b93bf Add ethereal.email to well-known/services.json
• 0f132fa doc: make the code a little more accessible with some code comments.
• 1815bad v6.4.14
• dd26ddd v6.4.13

See the full diff

Package name: nodemailer-mailgun-transport

The new version differs by 27 commits.

• 1b175ff Merge pull request #76 from adrukh/master
• f34f13a Update version to allow for a new release
• 7f8c664 Update `mailgun-js` to fix a vulnerability
• 515320f Merge pull request #73 from APshenkin/mock
• 3a14ca9 Fix proxy. Add ability to mock mailgun
• 88a2de7 Merge pull request #69 from vinceprofeta/patch-1
• b6581ae Update mailgun-transport.js
• 70f8b97 Merge pull request #36 from fry2k/proxy
• 61c2acb Bumped version; merged vuln fix
• 0b8f3c7 Merge pull request #66 from Ilshidur/patch-1
• 09b831b Vulnerability fix : bump mailgun-js
• fd9b070 Merge pull request #64 from cospired/fix/replyto_bug
• 19f3df5 FIX: use mailData instead of mail.data like in the rest of the code. ref #63
• b489104 FIX replyTo handling
• c97efb7 add tests for replyTo address conversation and field transformation (from nodemailer interface to mailgun interface), ref #63
• 0dfdb5e Merge pull request #62 from fossamagna/add-messageId-to-info
• d4e456a Add info.messageId property
• eb32b2d fixes array of emails #56
• 548ea03 Merge pull request #58 from Ferrari/hotfix/array-receiver
• d2609bc fixed #56 support both array<string> & array<object> as email receiver
• 72ff707 New version with merges
• 0a66475 Merge pull request #55 from joshfriend/patch-1
• fb63a2f Merge pull request #54 from ADumaine/master
• e96afce Encourage installation from NPM instead of Git

See the full diff

Package name: nodemon

The new version differs by 234 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of [email protected]

See the full diff

Package name: parse-link-header

The new version differs by 8 commits.

• a7d59b6 2.0.0
• 72f05c7 Limit linkHeader length, throw error if exceeds (#25)
• 8521bd7 doc: fix grammar and add punctuations (#21)
• 38d795b 1.0.1
• 9b9927d bump xtend version to latest and add new version of nodejs to .travis
• 216de8a 1.0.0
• 0ac00b1 fix a problem with URLs containing a ';' character
• 56f7f29 Added format-link-header information to the README file.

See the full diff

Package name: redis

The new version differs by 204 commits.

• fc28860 Bump version to 3.1.1 (#1597)
• 2d11b6d fix #1569 - improve monitor_regex (#1595)
• 7e77de8 Add Chat (#1594)
• 5d3e995 Merge branch 'master' of https://github.com/NodeRedis/node-redis
• b797cf2 add user to README.md
• 79f34c2 Bump version to 3.1.0 (#1590)
• 7fdc54e fix for 428e1c8a7b2322c2650294638cb1663ac5692728 - fix auth retry when redis is in loading state
• 09f0fe8 "fix" tests
• 428e1c8 Add support for Redis 6 `auth pass [user]` (#1508)
• bb208d0 Add codeclimate badge (#1572)
• 47e2e38 Exclude examples from deepsource (#1579)
• fbca5cd Upgrade node and dependencies (#1578)
• 2188744 Create codeql-analysis.yml (#1577)
• 32861b5 Create .deepsource.toml (#1574)
• 2a34d41 Add LGTM badge (#1571)
• 69b7094 Workflows fixes (#1570)
• 49c4131 Merge pull request #1531 from marnikvde/improve-docs
• 3c8ff5c Merge branch 'master' into improve-docs
• 685a72d Merge pull request #1277 from dcharbonnier/patch-1
• 055f5c5 Merge branch 'master' into patch-1
• c78b6d5 Merge pull request #1527 from heynikhil/patch-1
• 53f1468 Merge branch 'master' into patch-1
• 232f191 Merge pull request #1563 from lebseu/patch-1
• e4cb073 Update README.md

See the full diff

Package name: serialize-javascript

The new version differs by 58 commits.

• b54341e v3.1.0
• 7cee7e4 Revert "support for bigint (#80)"
• 026a445 Bump mocha from 7.1.2 to 7.2.0 (#83)
• 5130a71 support for bigint (#80)
• ea76b23 Bump mocha from 7.1.1 to 7.1.2 (#82)
• 073c8d8 Bump nyc from 15.0.0 to 15.0.1 (#81)
• f21a6fb Don't replace regex / function placeholders within string literals (#79)
• 1ac487e [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
• c795cef Bump mocha from 7.1.0 to 7.1.1 (#77)
• 3064431 Bump mocha from 7.0.1 to 7.1.0 (#74)
• 9dbe8f6 Update example in README (#73)
• f5957ee v3.0.0
• eed510c Introduce support for Infinity (#72)
• 82bb2d2 Bump mocha from 7.0.0 to 7.0.1 (#71)
• fdfb10a Test on Node.js v12 (#70)
• 2f5f126 Bump mocha from 6.2.2 to 7.0.0 (#69)
• 35062c0 Bump nyc from 14.1.1 to 15.0.0 (#68)
• 6c43b02 v2.1.2
• 3e05a3f Ignore .nyc_output (#64)
• 3c46e8e Bump mocha from 6.2.0 to 6.2.2 (#62)
• 433fc9c 2.1.1
• 16a68ab Merge pull request from GHSA-h9rv-jmmf-4pgx
• 3bab6de Bump mocha from 6.2.1 to 6.2.2 (#60)
• 7a6b13d Bump mocha from 6.2.0 to 6.2.1 (#59)

See the full diff

Package name: validator

The new version differs by 250 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
• 45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (#1772)
• 5773869 feat(isVAT): add dutch NL locale (#1825)
• de1cb29 fix: Russian passport number regex (#1810)
• 7bee611 add CDN use option with unpkg (#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (#1837)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic