[Snyk] Fix for 6 vulnerabilities

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | No | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Prototype Pollution
[SNYK-JS-MINIMIST-2429795](https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-MINIMIST-559764](https://snyk.io/vuln/SNYK-JS-MINIMIST-559764) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF)
[SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 250 commits.

e4f7551 v3.12.0
371185c v3.12.0-RC.2 (#3540)
d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
a722237 Remove lib folder from git (#3531)
e0f5c1a Move changelog to root (#3530)
f7bdce7 Duplicate dist files in root for older links (#3529)
0925cf1 Test-data module (#3525)
51fb02b Fixes #3504 / organizes tests (#3523)
efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
95b9007 Update changelog
6238bbc Fixes #3508 (#3509)
8338366 Update README.md
6313bc5 Update changelog
53bf877 Remove tree caching in import manager (#3498)
0f271f3 issue#3481 ignore missing debugInfo (#3482)
3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
0715d90 fix: Use make-dir instead of mkdirp (#3490)
2634494 Properly exit calc mode after use (#3493)
096dd22 Convert to auto-changelog (#3477)
842386b Fixes #3469 - Include tslib dependency (#3475)
1adaadb 3.11.0 (#3468)

See the full diff

Package name: node-telegram-bot-api

The new version differs by 212 commits.

5385d41 feat: update to v0.64.0 version
12d4d25 deps: Change request to @ cypress/request (#1145)
f17e801 docs: revokeChatInviteLink
595cdbd feat: Telegram Bot API 6.8 support (#1113)
dfe24a4 docs: update api.md for setWebHook (fix #1083) (#1084)
542002e feat: Telegram Bot API Support 6.6 + 6.7 [WIP] (#1069)
2885db0 Merge pull request #1094 from kaiserdj/patch-1
ad2b8c2 docs: Update group link
4ec6a68 docs: Update group link
ab0eb18 fix: Handle rejected when open a webhook in a port that was already in use
c4164a2 docs: Update README
6077f9b docs: update api.md for createNewStickerSet (#1043)
41f493b docs: update README.md (#1044)
53b5565 fix: remove try catch in _fixAddFileThumb
58261d1 feat: Telegram Bot API 6.4 Support (#1040)
4ef4fe9 Update incorrect link in tutorials.md (#1027)
ab59286 feat: Telegram Bot API v6.3 (#1020)
0eb8b80 fix: Parse entities when sending request (#1013)
ccdd146 docs: Fix readme with correct link to api docs
d853704 fix: Changelog
22d99fd docs: update @ types install note (#999)
fe4afd6 feat: Support Bot API v6.2 (#996)
c9b05e7 feat: Support test enviroment (#994)
f50cf98 Hotfix: tests + modify order src/telegram + docs (#988)

See the full diff

Package name: nodemon

The new version differs by 92 commits.

4be493c fix: don't ignore dot-directories
60d1add docs: add context to fences
9d49852 fix: update deps - chokidar@2.0.0 in particular
e90f15a fix: node < 6.4.0 causing crash on 'rs' trigger
e95ea6f fix: ignorePermissionErrors in chokidar
c121187 refactor: indexOf > includes (in node4)
8cec0fc chore: fix linting issue
718a9ad fix: correctly pass ignored rules to chokidar
64a82ff fix: fail gracefully if postinstall fails
2582d96 fix: clarify which config files are actually used
8cb26bf refactor: small tweaks to ES6-ish
6e7ce4b fix: swallow child.stdin err
d78bf3d fix: watch both js and mjs files if main file is JavaScript
0d9a892 fix: don't use fork with `node inspect`
de66c6b refactor: fix scoping issue in node@4
5a914cb fix: handle exit(2) better
6333fa5 chore: fix linting
6e839d4 fix: support implicit filename extension
48048aa fix: properly handle --no-update-notifier
c637717 fix: expose no update flag
f711537 chore: fix linting
7a04e2c fix: incorrect count of watch files being reported
7052648 docs: add SparkPost for their sponsorship ❤️
369eb11 chore: update issue template

See the full diff

Package name: pm2

The new version differs by 250 commits.

56ee2cd pm2@4.4.0
b73c61a bump CHANGELOG.md
caca206 psh
593b43c various fixes for N14
42a10f4 bump @ pm2/js-api + mocharc.yml -> mocharc.js
e41282d fixes for node 14 + shelljs
a38b6ed bump pkg
c667244 add node 14 to travis
6f704e6 Merge branch 'master' into development
5dfb667 pm2@4.3.1
9d763ed cli-table-redemption -> cli-tableau
3980bff bump cli-table-redemption
9ee8a0f pm2@4.3.0
956afe7 pm2@4.3.0-beta.1
851c44c update changelog
03d0b28 Merge pull request #4662 from Timic3/fix/common-module-import
d8a6d38 bump pm2-deploy
4d1aedf throttle cron test
8fae340 bump vizion
b097dc2 pkg.json version bump
7a5da59 drop date-fns
195eb6e drop lodash lib
526756d 4.3.0
7323438 Add .cjs (common JS) as a viable extension

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"f1566dfb-197c-4ec0-9e7b-f9eddd50eaa7","prPublicId":"f1566dfb-197c-4ec0-9e7b-f9eddd50eaa7","dependencies":[{"name":"less","from":"2.7.3","to":"3.12.0"},{"name":"node-telegram-bot-api","from":"0.27.1","to":"0.64.0"},{"name":"nodemon","from":"1.12.1","to":"1.14.11"},{"name":"pm2","from":"2.7.2","to":"4.4.0"}],"packageManager":"npm","projectPublicId":"97d60973-e04a-41e6-8345-a40d4a60c989","projectUrl":"https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-REQUEST-3361831","SNYK-JS-TOUGHCOOKIE-5672873"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-REQUEST-3361831","SNYK-JS-TOUGHCOOKIE-5672873"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,586,506,601,646,646],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr) 🦉 [Server-side Request Forgery (SSRF)](https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr)

KayvanMazaheri / pillo

[Snyk] Fix for 6 vulnerabilities #91

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.