[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	No	Proof of Concept
	643/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5	Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/snyk-cocoapods-plugin

The new version differs by 9 commits.

• ad6d93a Merge pull request #31 from snyk/fix/quote-args
• c73e049 fix: quote args
• eb1737c Merge pull request fix: patch filename compat with windows snyk/cli#30 from snyk/chore/update-dependencies
• 94be128 chore: update dependencies
• 8df6ea6 Merge pull request fix travis lint script snyk/cli#29 from snyk/chore/move-to-circleci
• 99f3b0d chore: move to CircleCI
• 92f6b11 Merge pull request chore: Update CI snyk/cli#27 from snyk/chore/update-co
• 82cd73f chore: fix lint
• 4182af2 chore: update co file

See the full diff

Package name: @snyk/snyk-hex-plugin

The new version differs by 15 commits.

• 95708c2 Merge pull request #25 from snyk/fix/quote-spawn-args
• e8dd2a3 fix: quote spawn args
• 86090ee Merge pull request #23 from snyk/chore/fix-release-node-image
• 7d6fcb0 chore: fix node image for release step
• 7e06ca8 Merge pull request #22 from snyk/chore/bump-node-to-16
• 205bdfc chore: bump node version to 16
• 404fd22 Merge pull request #21 from snyk/chore/fix-lint-and-windows-tests
• cdc219a fix: use scoop instead of choco
• 882133e fix: change back to 2.4.0 windows orb
• 368a2ae fix: use windows 5.0.0 orb
• 43635cd chore: use elixir 1.13.3 in test
• d17cbc5 chore: try remove allow downgrade
• 11d403e chore: fix lint
• 1f4db02 Merge pull request #19 from snyk/chore/add-contributing
• ba911a8 chore: add CONTRIBUTING.md

See the full diff

Package name: snyk-docker-plugin

The new version differs by 12 commits.

• 434e588 Merge pull request feat: Add support for 'scratch' based docker images snyk/cli#463 from snyk/fix/quote-args
• d730d76 fix: quote spawn args
• 2b999b8 Merge pull request feat: add git metadata to monitor payload snyk/cli#462 from snyk/fix/do-not-trim-go-versions
• 9043afb fix: use full version of go modules in dep-graph
• 9cd135f test: update snapshots for dep-graph schema 1.3.0
• 6af6f1a Merge pull request fix: improve gzip compression of the payloads to handle some larger ones snyk/cli#461 from snyk/fix/go-filepath-determination
• ad14d23 fix: go binary file path determination
• 64ec975 Merge pull request #451 from snyk/fix/go-binary-project-names
• 7c1c91d test: add test for Go binary without PCLN table
• c5f889d fix: handle Go binaries from the Go distributions
• abd3f57 Merge pull request fix: handle PHP projects with interdependent packages snyk/cli#460 from snyk/fix/manifest-unknown-err
• d6c1c53 fix: amending condition for 'manifest unknown' errors

See the full diff

Package name: snyk-gradle-plugin

The new version differs by 13 commits.

• 46fb3e3 Merge pull request fix: Add missing CLI help text for docker remediation snyk/cli#240 from snyk/fix/escape-child-process-arguments
• bb1c1c7 fix: escape child process arguments
• f115e10 fix: identify projects by path (feat: '--gradle-sub-project' option to handle multip-project gradle snyk/cli#234)
• 9398d14 Merge pull request feat: docker base image remediation advice snyk/cli#238 from snyk/fix/rest-packages-path
• ce194cd fix: TS2304 cannot find name 'Blob'
• 6643455 chore: default to node 12 when performing lint
• aa86b13 fix: rest package path
• b3e2b00 test: add gradleProjectName (fix: update message for path with file name error snyk/cli#237)
• 84f728b Merge pull request chore: enable tslint no-default-export snyk/cli#236 from snyk/fix/remove-reachability
• 547d91b fix: remove reachability
• 9af47fc fix: don't fail if matching config doesn't exist (fix: bump snyk-python-plugin to 1.8.2 - to handle pip 18 snyk/cli#235)
• 90d2c57 Merge pull request Fix/alert if path with filename snyk/cli#232 from snyk/feat/use-best-practice-packages-route
• edef32e feat: use /rest/packages best practice Snyk REST API endpoint

See the full diff

Package name: snyk-mvn-plugin

The new version differs by 8 commits.

• 2bfb3e2 Merge pull request #141 from snyk/fix/quote-args
• 02cda9b fix: escape child process arguments
• 13c6f33 Merge pull request #140 from snyk/chore/update-readme
• 38010e0 chore: update supported node versions
• a52d276 Merge pull request #139 from snyk/chore/refactor-update-circleci-config
• 9325c10 chore: update circleci config to use matrix
• b5d1b31 Merge pull request #138 from snyk/fix/remove-reachability
• 0b968bb fix: remove reachability

See the full diff

Package name: snyk-python-plugin

The new version differs by 6 commits.

• 6144e09 Merge pull request fix: adjust spacing on 'test' output snyk/cli#197 from snyk/fix/quote-spawn-args
• 8591abd fix: quote spawn args
• 43d4b85 Merge pull request chore: automate pkg assets publishing snyk/cli#192 from snyk/fix/support-pipenv-with-empty-packages
• a199379 fix: support pipenv empty packages
• 7938b02 Merge pull request #191 from snyk/chore/fix-broken-tests-and-bump-node-to-16
• 9aa61ba chore: fix broken tests and bump node to 16

See the full diff

Package name: snyk-sbt-plugin

The new version differs by 16 commits.

• 3e02fa4 Merge pull request #120 from snyk/fix/quote-args
• 99c09eb fix: escape child process arguments
• 63e5c44 Merge pull request [dont-merge] test: update proxyquire to 1.8.0 snyk/cli#118 from snyk/fix/scopekey-error-in-plugin-inspect
• 179e8c2 fix: filter out configs where isPublic is false
• 3aff460 Merge pull request #117 from snyk/chore/remove-redundant-files
• 07b8dad chore: remove redundant files from fixtures
• c1c8ba3 Merge pull request #115 from snyk/feat/relax-conditions-for-plugin-inspect
• 37e0114 feat: relax conditions for plugin inspect
• e451665 Merge pull request #114 from snyk/test/add-tests-for-latest-sbt-versions
• 24c0bc7 test: add tests for sbt 1.7.0
• 331f46b Merge pull request fix: add proxy support snyk/cli#112 from snyk/chore/add-debug-logs
• 4358d57 chore: add debug logs
• ef3f1f6 Merge pull request #111 from snyk/fix/reduce-sbt-output
• 735776e fix: reduce scala script output size
• 0c104cb Merge pull request #108 from snyk/test/sbt-1.7.0
• 05c1bc1 test: support for sbt v.1.7.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.