[Snyk-dev] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lts/deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cli-columns

The new version differs by 4 commits.

• 89eaa84 drop travis and coveralls from readme
• 5da2489 upgrade deps, drop heavy dev deps, github actions, node 10+
• b9e986b Update readme.md
• ed6df24 Update copyright info

See the full diff

Package name: columnify

The new version differs by 34 commits.

• a532ca1 Release 1.6.0
• 92fdab6 Clean up readme badges, update stats.
• a350bf2 Add npm cache to CI.
• aae8411 Actually install & test in CI.
• b2fe72f Use github actions.
• 4b54106 Update node version in travis.yml.
• c820951 Update packages.
• 10ea59d Update packages.
• e768ed8 Revert "Merge pull request [Snyk-dev] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #59 from njhoffman/master"
• 1cf9287 Merge pull request [Snyk-dev] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #59 from njhoffman/master
• 091ddb0 Merge pull request [Snyk-dev] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #60 from sreekanth370/master
• bece43f Merge pull request [Snyk-dev] Fix for 24 vulnerabilities #49 from tdmalone/patch-1
• 4b72760 Merge branch 'master' into master
• e7c082a Merge pull request [Snyk-dev] Security upgrade gatsby from 2.18.18 to 4.14.0 #62 from viceice/patch-1
• db4ee97 chore: bump version
• 0bd797f chore: require node v8
• ea15deb fix: update strip-ansi to v6.0.1
• 33c942e compatibility updates
• 5cb6515 fixed transipiling errors
• a27ddb8 version bump
• 95d9a8e extract strip-ansi dependency
• 4895ec1 version bump
• 64c77f5 version bump
• 1d3ef4b add modules key and main eky to package.json

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• f5fa6b8 chore: release 8.4.1
• cc37b88 fix: windows command missing space (#2553)
• 8083f6b deps: [email protected]
• 787cf7f docs: fix typo in powershell node-gyp update
• 7073c65 chore: release 8.4.0
• a27dc08 feat: build with config.gypi from node headers
• 5a00387 feat: support vs2022 (#2533)
• fb85fb2 chore: release 8.3.0
• 5585792 feat(gyp): update gyp to v0.10.0 (#2521)
• b05b4fe chore(deps): bump make-fetch-happen from 8.0.14 to 9.1.0
• 0a67dcd test: Python 3.10 was release on Oct. 4th (#2504)
• f2ad87f chore: refactor the creation of config.gypi file
• bc47cd6 chore: release 8.2.0
• ed9a9ed feat(gyp): update gyp to v0.9.6 (#2481)
• 660dd7b doc: correct link to "binding.gyp files out in the wild" (#2483)
• ec15a3e chore(deps): bump tar from 6.1.0 to 6.1.2 (#2474)
• 78361b3 ISSUE_TEMPLATE.md: Instructions for old versions (#2470)
• f0882b1 fix: missing spaces
• c8c0af7 fix: doc how to update node-gyp independently from npm
• b6e1cc7 Add title to node-gyp version document (#2452)
• b7bccdb ci: GitHub Actions Test on node: [12.x, 14.x, 16.x] (#2439)
• 161c235 doc(wiki): safer doc names, remove unnecessary TypedArray doc
• b52e487 doc(wiki): link to docs/ from README
• f0a4835 doc(wiki): move wiki docs into doc/

See the full diff

Package name: npm-audit-report

The new version differs by 6 commits.

• 5ca3209 2.0.0
• afe44c6 force color support in CI
• 1148a75 Version 2 rewrite for Arborist audit data
• 5102576 simplify test fixture handling
• e179501 Update project settings to new standards
• 620842a feat: make this method synchronous

See the full diff

Package name: npmlog

The new version differs by 7 commits.

• 15366fb 5.0.0
• d81ce11 docs: changelog for v5.0.0
• e420957 BREAKING CHANGE: update deps, lint, test coverage ([Snyk-dev] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #79)
• f0454b0 deps: bump tap
• c989a1c chore: update CI for current Node LTS
• 5414070 Appease standard
• c9ed17d package-lock@1

See the full diff

Package name: update-notifier

The new version differs by 23 commits.

• adf7803 4.0.0
• fb5161c Remove the `callback` option (Bump remark-html from 7.0.0 to 13.0.2 in /current/tools/doc pmq20/node-packer#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (#174)
• ccaf686 Update dependencies
• b1525e6 Disable when `NODE_ENV` is `test` (#173)
• bf73119 Fix install command for npm global (Bump qs from 6.5.2 to 6.11.0 in /current/deps/v8/tools/turbolizer pmq20/node-packer#165)
• 592b025 3.0.1
• f8b4e60 Update Travis matrix
• a6d6b49 Update URL to TTY (Bump d3-color and d3 in /current/deps/v8/tools/turbolizer pmq20/node-packer#163)
• f9d168a Remove object spread to support node >=8.0.0 <8.6.0 (Bump decode-uri-component from 0.2.0 to 0.2.2 in /current/deps/v8/tools/turbolizer pmq20/node-packer#164)
• 1712928 Tidelift tasks
• 72f83d1 Create funding.yml
• a7bb3ee 3.0.0
• ad8ed1b Suggest yarn when installed with yarn ([Snyk-dev] Security upgrade rollup-plugin-typescript2 from 0.20.1 to 0.22.0 #132)
• 5f06620 Exit the update check process if it does not respond after 30s (Can the packaged executable file effectively protect the source code? pmq20/node-packer#156)
• 79e89ad Fix failing test (../deps/uv/include/uv.h:37:10: fatal error: enclose_io.h: No such file or directory pmq20/node-packer#155)
• c8faa84 Add `distTag` option ([Snyk-dev] Security upgrade eslint from 6.8.0 to 9.15.0 #151)
• 14632e4 Add failing test for Bump highlight.js from 9.18.1 to 10.1.2 in /current/tools/doc pmq20/node-packer#153 (Bump highlight.js from 9.18.1 to 10.4.1 in /current/tools/doc pmq20/node-packer#154)
• aafd8a0 Require Node.js 8
• 0d49f51 Add Tidelift mention in the readme
• 8df01b3 Fix docs position of `shouldNotifyInNpmScript` ([Snyk-dev] Fix for 118 vulnerabilities #143)
• d371834 Docs: isGlobal option does not default to true ([Snyk-dev] Security upgrade unified-args from 8.0.0 to 9.0.1 #142)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.