[Snyk-dev] Fix for 4 vulnerabilities

[AriSorsko]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/snyk-protect/test/fixtures/single-patchable-module-with-quotes/node_modules/nyc/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: yargs

The new version differs by 100 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (fix: remove file flag from IaC help #1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (feat: add -p as alias for --prune-repeated-subdependencies #1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (feat: bump cocoapods plugin to update graph & cli interface deps #1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (fix(build): use node 14 for alpine executable #1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
• c294d1b test: accept differently formatted output (chore(test): add regression test for valid JSON bodies #1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (Fix/commit rename #1320)
• 0295132 fix: address issues with dutch translation (#1316)
• 9f2468e doc: clarify parserConfiguration object structure (feat:improve iac test json output #1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (chore:updated gitignore with vscode folder #1308)
• 14920d1 docs: remove --save option as it isn't required anymore (fix: propagate failed scans with --all-projects #1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

Package name: yargs-parser

The new version differs by 52 commits.

• 034e7c0 chore: update package version
• 6e36df1 fix: backport __proto__ fixes
• 7e01a2c chore: release 13.1.1 (chore: eslint instead of jscs #183)
• 47ccb0b fix: nargs should allow duplicates when duplicate-arguments-array=false (Fix html report generation and write monitor json result #164)
• 57b7883 fix: convert values to strings when tokenizing (#167)
• 6055974 fix: should populate "_" when given config with "short-option-groups" false (#179)
• 7f33140 docs: add description of "opts.configObjects" (#178)
• 981e151 refactor: remove duplicate check for `args[i]` in tokenize-arg-string.js (#175)
• 69ddfed chore(release): 13.1.0
• 89aa3cd chore: update dev deps
• b1012f8 docs: fix example halt-at-non-option (#165)
• a3936aa feat: add `strip-aliased` and `strip-dashed` configuration options. (#172)
• 0ae7fcb feat: support boolean which do not consume next argument. (#171)
• f184308 refactor: remove usage of `arguments` (Update README.md #169)
• c0cd851 refactor: Use Object.assign instead of custom function. (#168)
• 1404f79 doc: fix typo in CHANGELOG
• 710eeba chore(release): 13.0.0
• 18d0fd5 feat: don't coerce number from string with leading '0' or '+' (#158)
• ea6ce05 chore(release): 12.0.0
• 5a7c46a feat: default value is now used if no right-hand value provided for numbers/strings (#156)
• a02b1d5 doc: remove incorrect documenntation regarding opts.--
• 2fb71b2 fix: better handling of quoted strings (#153)
• ee122f8 chore(release): 11.1.1
• 79cda98 fix: ensure empty string is added into argv._ (#140)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[github-actions]

	Warnings
⚠️	"fix: packages/snyk-protect/test/fixtures/single-patchable-module-with-quotes/node_modules/nyc/package.json to reduce vulnerabilities" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against f771d3e