This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | No | No Known Exploit
 | **686/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution [SNYK-JS-INI-1048974](https://snyk.io/vuln/SNYK-JS-INI-1048974) | Yes | Proof of Concept
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | No | Proof of Concept
 | **506/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS) [npm:debug:20170905](https://snyk.io/vuln/npm:debug:20170905) | No | Proof of Concept
 | **756/1000** **Why?** Mature exploit, Has a fix available, CVSS 7.4 | Uninitialized Memory Exposure [npm:npmconf:20180512](https://snyk.io/vuln/npm:npmconf:20180512) | Yes | Mature
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [npm:semver:20150403](https://snyk.io/vuln/npm:semver:20150403) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: @snyk/nodejs-runtime-agent
The new version differs by 38 commits.
224571c Merge pull request #122 from snyk/snyk-upgrade-b499e5dec6c8943e8e5be3b991567d16
3d90fb9 test: try and close the demo server cleanly
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/leobonn1/project/00bbb17a-f79e-456b-b9f2-4bdf64cf64c6?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/leobonn1/project/00bbb17a-f79e-456b-b9f2-4bdf64cf64c6?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"bccdebbc-bb0b-4185-ac2d-f81f489532a2","prPublicId":"bccdebbc-bb0b-4185-ac2d-f81f489532a2","dependencies":[{"name":"@snyk/nodejs-runtime-agent","from":"1.43.0","to":"1.47.3"},{"name":"npmconf","from":"0.0.24","to":"2.1.3"}],"packageManager":"npm","projectPublicId":"00bbb17a-f79e-456b-b9f2-4bdf64cf64c6","projectUrl":"https://app.snyk.io/org/leobonn1/project/00bbb17a-f79e-456b-b9f2-4bdf64cf64c6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ACORN-559469","SNYK-JS-INI-1048974","SNYK-JS-SEMVER-3247795","npm:semver:20150403","npm:debug:20170905","npm:npmconf:20180512"],"upgrade":["SNYK-JS-ACORN-559469","SNYK-JS-INI-1048974","SNYK-JS-SEMVER-3247795","npm:debug:20170905","npm:npmconf:20180512","npm:semver:20150403"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[589,686,696,479,506,756],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **589/1000****Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | No | No Known Exploit  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-INI-1048974](https://snyk.io/vuln/SNYK-JS-INI-1048974) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | No | Proof of Concept  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[npm:debug:20170905](https://snyk.io/vuln/npm:debug:20170905) | No | Proof of Concept  | **756/1000**
**Why?** Mature exploit, Has a fix available, CVSS 7.4 | Uninitialized Memory Exposure
[npm:npmconf:20180512](https://snyk.io/vuln/npm:npmconf:20180512) | Yes | Mature  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[npm:semver:20150403](https://snyk.io/vuln/npm:semver:20150403) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @snyk/nodejs-runtime-agent
The new version differs by 38 commits.- 224571c Merge pull request #122 from snyk/snyk-upgrade-b499e5dec6c8943e8e5be3b991567d16
- e03426f fix: upgrade needle from 2.5.2 to 2.6.0
- a51b60b Merge pull request #121 from snyk/snyk-upgrade-1b807b9de1acd5e1c9e71d472d42b551
- dbf7424 fix: upgrade debug from 4.1.1 to 4.3.2
- 93bbf24 Merge pull request #119 from antonsamper/master
- 41798c3 chore(package): update engine
- efc27b5 Merge pull request #116 from snyk/snyk-upgrade-d663568433e6c3f41671947a0885bd4b
- 0c70f97 fix: upgrade needle from 2.5.0 to 2.5.2
- 8946c95 Merge pull request #114 from snyk/feat/needle
- ac9aabf feat: upgrade needle (redirect bug)
- ade9436 Merge pull request #111 from snyk/snyk-fix-93368b07b9de27f1dbf0560f8ba14c21
- 4b5269a test: update test fixture to match acorn@5.7.2
- 919477e fix: package.json & package-lock.json to reduce vulnerabilities
- a502cbb Merge pull request #107 from snyk/docs/readme
- dde1526 docs: describe supported Node versions on our README.md
- 83fe936 Merge pull request #103 from snyk/chore/codeowners
- 4b0109f chore: codeowners
- 435f878 Merge pull request #99 from snyk/chore/bumps
- 8ef98c8 test: limit concurrency to 1
- c53384a chore: upgrade tap; js-yaml is no longer
- 50a0844 chore: bump semver
- 391a2c5 chore: low-risk bumps
- 800766c chore: run tests on random port
- 3d90fb9 test: try and close the demo server cleanly
See the full diff