This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **636/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Arbitrary File Write via Archive Extraction (Zip Slip) [SNYK-JS-DECOMPRESSTAR-559095](https://snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095) | Yes | Proof of Concept
 | **484/1000** **Why?** Has a fix available, CVSS 5.4 | Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit
 | **631/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime [SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept
 | **536/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 4.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVERREGEX-1047770](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770) | Yes | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVERREGEX-1584358](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1584358) | Yes | No Known Exploit
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVERREGEX-1585624](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1585624) | Yes | Proof of Concept
 | **586/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVERREGEX-2824151](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-2824151) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: gulp-imagemin
The new version differs by 39 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
π§ [View latest project report](https://app.snyk.io/org/snugug/project/b9278098-ce02-4a0e-a425-6d157716cace?utm_source=github&utm_medium=referral&page=fix-pr)
π [Adjust project settings](https://app.snyk.io/org/snugug/project/b9278098-ce02-4a0e-a425-6d157716cace?utm_source=github&utm_medium=referral&page=fix-pr/settings)
π [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"2c84ee97-5cab-45fc-9c36-007c850ab25f","prPublicId":"2c84ee97-5cab-45fc-9c36-007c850ab25f","dependencies":[{"name":"gulp-imagemin","from":"3.4.0","to":"9.1.0"}],"packageManager":"npm","projectPublicId":"b9278098-ce02-4a0e-a425-6d157716cace","projectUrl":"https://app.snyk.io/org/snugug/project/b9278098-ce02-4a0e-a425-6d157716cace?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DECOMPRESSTAR-559095","SNYK-JS-GOT-2932019","SNYK-JS-INFLIGHT-6095116","SNYK-JS-SEMVERREGEX-1047770","SNYK-JS-SEMVERREGEX-1584358","SNYK-JS-SEMVERREGEX-1585624","SNYK-JS-SEMVERREGEX-2824151"],"upgrade":["SNYK-JS-DECOMPRESSTAR-559095","SNYK-JS-GOT-2932019","SNYK-JS-INFLIGHT-6095116","SNYK-JS-SEMVERREGEX-1047770","SNYK-JS-SEMVERREGEX-1584358","SNYK-JS-SEMVERREGEX-1585624","SNYK-JS-SEMVERREGEX-2824151"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[636,484,631,536,589,696,586],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
π¦ [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr)
π¦ [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **636/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Arbitrary File Write via Archive Extraction (Zip Slip)
[SNYK-JS-DECOMPRESSTAR-559095](https://snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095) | Yes | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit  | **631/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept  | **536/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVERREGEX-1047770](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVERREGEX-1584358](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1584358) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVERREGEX-1585624](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-1585624) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVERREGEX-2824151](https://snyk.io/vuln/SNYK-JS-SEMVERREGEX-2824151) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp-imagemin
The new version differs by 39 commits.- dc06255 9.1.0
- 127615e Update dependencies
- 7e6fcb0 9.0.0
- 70e07e8 Require Node.js 18
- 2f7ecc9 8.0.0
- 1b4baf6 Require Node.js 12.20 and move to ESM
- ed39463 Move to GitHub Actions (#351)
- 8b40da0 Update readme lossless note (#346)
- 1cbb7c5 7.1.0
- 67cceb3 Update `imagemin-gifsicle` optional dependency
- 97432ea 7.0.0
- aacca91 Require Node.js 10
- 279a91b Replace jpegtran with mozjpeg (#336)
- f4a2255 6.2.0
- 0460c78 Add `silent` option (#331)
- dfdba76 6.1.1
- 165bf8b Make Gulp an optional peer dependency
- 6c35e59 6.1.0
- 92e224a Update dependencies
- 97cd1c3 6.0.0
- 6e091ed Require Node.js 8
- c1c3346 Create funding.yml
- 8e731f0 5.0.3
- 3e68bd4 Fix another regression of b57f1d6 (#318)
See the full diff