Chore: fixes some npm audit vulnerabilities

[lalaps[bot]]

This PR fixes some of found vulnerabilities.

Fixed 6 of 19 npm vulnerabilities. 13 issues left. Success Rate: 31.6%

Vulnerabilities:

Inefficient Regular Expression Complexity in chalk/ansi-regex Library: ansi-regex Affected versions: >=3.0.0 <3.0.1 Severity: high Fix: :heavy_check_mark: true Root Libraries:

decode-uri-component vulnerable to Denial of Service (DoS) Library: decode-uri-component Affected versions: <=0.2.0 Severity: low Fix: :x: 11.2.0 Root Libraries:

• :x: danger 8.0.0-alpha-1 - 11.1.3. Fixed in 11.2.0

ejs template injection vulnerability Library: ejs Affected versions: <3.1.7 Severity: critical Fix: :x: 3.11.1 Root Libraries:

• :x: ejs <3.1.7. Fixed in 3.11.1

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Library: follow-redirects Affected versions: <1.14.8 Severity: moderate Fix: :heavy_check_mark: true Root Libraries:

minimatch ReDoS vulnerability Library: minimatch Affected versions: <3.0.5 Severity: high Fix: :x: true Root Libraries:

• :heavy_check_mark: mocha 5.1.0 - 9.2.1. Fixed in true

Prototype Pollution in minimist Library: minimist Affected versions: <1.2.6 Severity: critical Fix: :heavy_check_mark: true Root Libraries:

Path Traversal: 'dir/../../filename' in moment.locale Library: moment Affected versions: <2.29.2 Severity: high Fix: :heavy_check_mark: true Root Libraries:

Command Injection in moment-timezone Library: moment-timezone Affected versions: >=0.1.0 <0.5.35 Severity: low Fix: :heavy_check_mark: true Root Libraries:

Packing does not respect root-level ignore files in workspaces Library: npm Affected versions: >=7.9.0 <8.11.0 Severity: high Fix: :heavy_check_mark: true Root Libraries:

Authorization Bypass in parse-path Library: parse-path Affected versions: <5.0.0 Severity: high Fix: :x: true Root Libraries:

Cross site scripting in parse-url Library: parse-url Affected versions: <6.0.1 Severity: moderate Fix: :heavy_check_mark: true Root Libraries:

Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Library: semantic-release Affected versions: >=17.0.4 <19.0.3 Severity: moderate Fix: :heavy_check_mark: true Root Libraries:

• :heavy_check_mark: semantic-release 17.0.4 - 19.0.2. Fixed in true

Regular expression denial of service in semver-regex Library: semver-regex Affected versions: <3.1.4 Severity: low Fix: :heavy_check_mark: true Root Libraries:

Command injection in simple-git Library: simple-git Affected versions: <3.3.0 Severity: high Fix: :x: 3.15.1 Root Libraries:

• :x: simple-git <=3.4.0. Fixed in 3.15.1

You can wait for the next updates with a full fix or merge immediately. In case of closing this PR, it will be recreated. If that's undesired, modify config.

---

This change is 

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information