[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	464/1000 Why? Has a fix available, CVSS 5	Prototype Pollution SNYK-JS-DOT-174124	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JSBEAUTIFY-2311652	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dot

The new version differs by 22 commits.

• 6adbd81 docs: note
• d00300e 1.1.3
• 87ccef3 test: update travis versions
• 4cc3253 chore: update dependencies
• 320e847 test: missing test files
• ef5f353 docs: security considerations
• c531369 test: exclude unused code from coverage
• b4fd211 test: doT.process
• fa3890d test: use doT required via the main module
• 2cf2226 fix: prevent possibility of execution of the code injected via prototype pollution when undefined is passed to compiled template function, closes #291
• 299b4da Merge pull request #237 from EdwardBetts/spelling
• 2dfe1af correct spelling mistake
• 9b46409 1.1.2
• fd8397b chore: browser entry point in package.json
• 3c9e590 Merge pull request #228 from theel0ja/patch-1
• 90e992e Improved formatting of markdown
• 4f4480b Merge pull request #226 from techmexdev/patch-2
• c4def1f Fix Markdown Headings
• 8cae202 Merge pull request #216 from designfrontier/feature/engine-attribute-for-easy-identification
• 790040e Switches to .name to be inline with constructor.name
• 224c94a Adds an engine attribute for easy identification
• e7accbf docs: update badge

See the full diff

Package name: js-beautify

The new version differs by 250 commits.

• 13b9a54 Release: 1.14.1
• ca785aa Merge remote-tracking branch 'origin/staging/main' into staging/release
• 49fa82c Bump version numbers for 1.14.1
• ef32da4 Update Changelog
• cb20409 Merge pull request #1993 from mhnaeem/feature/add-cmd-enter-for-mac
• 2df9f3e Fixing styling issues caught by CI
• 1f425d6 Merge remote-tracking branch 'origin/main' into feature/add-cmd-enter-for-mac
• 83f1bec Merge pull request #1996 from mhnaeem/bug/specify-black-package-version
• cf8617a bug: fix psf/black package version
• ab205a4 feature: allow mac users to use command+enter for submit button
• 6a919cc Merge pull request #1973 from kevinbackhouse/GHSL-2021-113-fix-ReDoS-second-attempt
• 19c5862 GHSL-2021-113: Fix ReDoS bug (second attempt).
• 37098ba Merge pull request #1970 from beautify-web/revert-1968-GHSL-2021-113-fix-ReDoS
• 229b237 Revert "GHSL-2021-113: fix ReDoS bug"
• 4b3fb85 Merge pull request #1968 from kevinbackhouse/GHSL-2021-113-fix-ReDoS
• 2024564 Merge branch 'main' into GHSL-2021-113-fix-ReDoS
• 034172d GHSL-2021-113: fix ReDoS bug
• f182350 Merge pull request #1967 from bitwiseman/task/normalize
• baee71c Fix diff
• ca29889 Update dependencies
• e5f6c48 Add line end normalization
• 157a3e0 Merge pull request #1966 from beautify-web/bitwiseman-patch-1
• d7774d9 Update main.yml
• 06aa63f Update main.yml

See the full diff

Package name: tom-sawyer

The new version differs by 8 commits.

• 3ca823b 0.1.8
• 96468e8 preparing for release of v0.1.8
• 11f4712 updated deps and fixed tests
• 8174b76 0.1.7
• 8b90ae2 preparing for release of v0.1.7
• e26f16e upgrading deps
• 5cde249 0.1.6
• fbc2cd7 preparing for release of v0.1.6

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn