This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept
 | **586/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | No | Proof of Concept
 | **484/1000** **Why?** Has a fix available, CVSS 5.4 | Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit
 | **586/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-HTTPCACHESEMANTICS-3248783](https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783) | Yes | Proof of Concept
 | **686/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution [SNYK-JS-LODASHSET-1320032](https://snyk.io/vuln/SNYK-JS-LODASHSET-1320032) | No | Proof of Concept
 | **646/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF) [SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | No | Proof of Concept
 | **646/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution [SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Prototype Pollution [SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: anymatch
The new version differs by 18 commits.
18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"f25cb8a9-8f78-4d18-8054-fbbe52748b31","prPublicId":"f25cb8a9-8f78-4d18-8054-fbbe52748b31","dependencies":[{"name":"anymatch","from":"2.0.0","to":"3.0.0"},{"name":"braces","from":"2.3.2","to":"3.0.0"},{"name":"browser-sync","from":"2.24.6","to":"2.28.0"},{"name":"chokidar","from":"2.0.4","to":"3.0.0"},{"name":"micromatch","from":"3.1.10","to":"4.0.0"},{"name":"npm","from":"6.2.0","to":"7.0.0"},{"name":"snyk","from":"1.88.2","to":"1.685.0"}],"packageManager":"npm","projectPublicId":"2d0e6801-a727-4748-acbf-2e75d2b7bc1f","projectUrl":"https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASHSET-1320032","SNYK-JS-REQUEST-3361831","SNYK-JS-SSRI-1246392","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASHSET-1320032","SNYK-JS-REQUEST-3361831","SNYK-JS-SSRI-1246392","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,586,484,586,686,646,696,646,589],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr)
🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | No | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HTTPCACHESEMANTICS-3248783](https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASHSET-1320032](https://snyk.io/vuln/SNYK-JS-LODASHSET-1320032) | No | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF)
[SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | No | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: anymatch
The new version differs by 18 commits.- d474c82 Release 3.0.0.
- dd660f8 Update deps.
- 64ce747 Update types.
- bd27242 Fixes.
- e18de05 Update to picomatch-stable.
- 30fa2c3 Merge pull request #28 from leonardodino/fix-package-name
- 6b01ef6 Fix package name typo in README.md
- b500318 Remove line.
- 57e0193 Bring back arg passing.
- 13343b0 Cache patterns. Performance boost.
- 5ece3fd Switch to picomatch. Update deps.
- cece732 Fix declarations.
- 0065fca Update readme.
- 4518091 Readme.
- 1e69e91 Update.
- 9ef72e8 Changelog.
- cb143fe Improve type matching.
- 02257b9 New version. More strict. Drop returnIndex and startIndex params for now.
See the full diffPackage name: braces
The new version differs by 16 commits.- abcf341 3.0.0
- 68a3fdf refactor
- bb5b5ba Remove appveyor from readme.
- 086008a travis: Drop sudo: false.
- 4ed704b add unit tests
- 60eb988 ranges
- 7b1abf0 Use proper nodejs versions for appveyor.
- 7b106b6 braces api
- 80eae1f Drop duplicate node v11 for travis.
- 58d868e windows support
- 27f7344 Appveyor: Drop support for nodejs <8 for now.
- 25424ec Drop support for nodejs <8 for now.
- ceef790 cover sets
- f5bf204 clean up examples
- 92ec96d start refactoring
- cd50063 2.3.2
See the full diffPackage name: browser-sync
The new version differs by 181 commits.- 52ab250 v2.28.0
- 019f8ea fix: remove document.write (#2019)
- 3b0581e browser-sync-2017 use chalk everywhere (#2018)
- c1db647 v2.27.12
- 6a8133d build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#2011)
- 61bfdd9 build(deps): bump cookiejar in /packages/browser-sync (#2006)
- 9d71626 build(deps): bump cookiejar in /packages/browser-sync-ui (#2005)
- f5fd00f build(deps): bump parse-url and lerna (#2000)
- 54d16e4 build(deps): bump minimist in /packages/browser-sync-ui (#1998)
- 98ae491 build(deps): bump minimist from 1.2.5 to 1.2.7 (#1997)
- 423d137 build(deps): bump socket.io-parser in /packages/browser-sync-ui (#1996)
- 9b46af3 build(deps): bump moment in /packages/browser-sync-ui (#1973)
- 769c4df build(deps): bump ua-parser-js in /packages/browser-sync (#2007)
- 01caeb3 v2.27.11
- 74873cc updated deps (#1995)
- 88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
- f6965a6 v2.27.10
- e6c7bed Updated portscanner to 2.2.0 (#1960)
- 6a587ec fix readme's
- 91258ae Merge branch 'browser-sync-1946-esbuild'
- f48d6b4 👋 app veyor
- 30c24dc Merge pull request #1947
- 9d24de5 drop webpack from UI
- 7a00341 build client with esbuild
See the full diffPackage name: chokidar
The new version differs by 161 commits.- 7b8e02a Release 3.0.0.
- e7bfe2f Move stuff.
- df7f22e Remove changelog from npm, move to hidden dir.
- 3df7692 Improve naming.
- 6e94ca2 Clean-up.
- 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (#833)
- 9e0965a Fix Windows tests in Travis CI (#832)
- c95a98f Update stuff.
- 187ff2b test: Trying to fix blinked tests for Travis CI. (#825)
- db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (#824)
- 41f8782 fix(FsEvents): Remove situation with NaN depth. (#823)
- 7cf3f7e Update readdirp to stable.
- 0927a62 Bump packages.
- 11cd857 Update nyc.
- 99c14d7 Uncomment fsevents.
- cf330a5 Update fsevents.
- 0e4fca5 Fix deps.
- 9c575d4 Fix Windows version (#821)
- 3323d59 fix(Linux): Make event loop hack for keep testing valid. (#820)
- 06214c5 Update to latest readdirp.
- 793639f Rename osxfswatch.
- 078bc2d Refactor and fix freaking tests.
- 2b9bb41 Try node 11.
- 3fe3d4e Test travis.
See the full diffPackage name: micromatch
The new version differs by 29 commits.- 89efcff 4.0.0
- f3238cb Merge pull request #151 from micromatch/dev
- 7c78f9a ensure args are strings
- 2e42796 bump picomatch
- 09f8260 windows, it's time we had a talk...
- a49f94c fix slashes in tests
- a6ab670 use braces patch, build readme
- 976d956 upgrade braces and picomatch
- a6596da add benchmarks
- 11168b1 rename unixify to windows
- 5bf40fe package.json: Use github versions of deps to test the env.
- 5d78d48 Drop node v6 since picomatch doesnt support it.
- 96ac3ba Remove duplicate node. Remove unsupported node v7.
- bf44408 Merge branch 'master' into dev
- b8abcf9 Merge remote-tracking branch 'origin/dev'
- e07df11 rebuild docs
- 47340ad Merge remote-tracking branch 'origin/master' into dev
- 52df06d refactor
- 09bd55c Merge pull request #149 from Glazy/hotfix/issue-template-update
- c32543d Add myself to package.json contributors list
- 86858bf Update issue template w/ typo and question change
- f2ce9d2 Merge pull request #130 from wtgtybhertgeghgtwtg/unescape
- 677f127 Merge pull request #134 from Tvrqvoise/v3-changelog
- 4a70a66 Merge pull request #141 from simlu/patch-1
See the full diffPackage name: npm
The new version differs by 250 commits.- 3b4ba65 7.0.0
- bbfc75d chore: fix weird .gitignore thing that happened somehow
- 8a2d375 docs: changelog for v7.0.0
- 365f2e7 read-package-json@3.0.0
- fafb348 npm-package-arg@8.1.0
- 9306c68 libnpmfund@1.0.1
- 569cd64 libnpmfund@1.0.0
- ac9fde7 Integration code for @ npmcli/arborist@1.0.0
- 704b9cd @ npmcli/arborist@1.0.0
- 3955bb9 hosted-git-info@3.0.6
- da240ef fix: patch config.js to remove duplicate values
- 9ae45a8 init-package-json@2.0.0
- 41ab36d eslint@7.11.0
- c474a15 npm-registry-fetch@8.1.5
- efc6786 fix: make sure publishConfig is passed through
- 1e4e6e9 docs: v7 using npm config refresh
- 5c1c2da fix: init config aliases
- 5bc7eb2 docs: v7 npm-install refresh
- 1a35d87 7.0.0-rc.4
- 7a5a557 docs: changelog for v7.0.0-rc.4
- f0cf859 chore: dedupe deps
- 0273745 make-fetch-happen@8.0.10
- 7bd47ca @ npmcli/arborist@0.0.33
- 9320b8e only escape arguments, not the command name
See the full diffPackage name: snyk
The new version differs by 250 commits.- 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
- 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
- 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
- 95631e7 test: migrate is-docker to jest
- babe22a test: migrate old-snyk-format to jest
- e22e94f feat: Snyk CLI is bundled with Webpack
- dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
- e7c314f Merge pull request #2178 from snyk/test/server-close
- 5e824c0 fix(protect): skip previously patched files
- ca2177a fix(protect): catch and log unexpected errors
- c9ddb44 chore(protect): move api url warnings to stderr
- e8fed38 refactor(protect): move stdout logs to top level
- 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
- 1522c5f test: server.close uses callbacks, not promises
- 13dce51 test: increase timeout for slow oauth test
- 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
- a1e3992 chore: don't run tests on master
- 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
- f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
- 1ed7d11 refactor: replace cc parser with split functions
- 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
- dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
- 7973015 fix: support quoted keys in inline tables
- 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin
See the full diff