[Snyk] Fix for 32 vulnerabilities

[ryanoolala]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Arbitrary Code Execution SNYK-JS-THENIFY-571690	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	324/1000 Why? Has a fix available, CVSS 2.2	Uninitialized Memory Exposure npm:utile:20180614	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prompt

The new version differs by 33 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency Bump sockjs from 0.3.19 to 0.3.21 OpenZeppelin/ethernaut#213
• 33febea add eslint
• c071b85 Merge pull request Requesting new level instance does not populate contract var OpenZeppelin/ethernaut#198 from caub/1.1
• 88c403e 1.1.0
• 756fa65 Fix inconsistent options.noHandleSIGINT for windows
• 8d5495c Merge pull request Bump lodash-es from 4.17.11 to 4.17.20 OpenZeppelin/ethernaut#196 from caub/promisify
• 33ddf56 prompt.get promise: add test, update readme
• b92a9a9 promisify prompt.get
• 0ff93b6 Merge pull request Bump lodash-es from 4.17.11 to 4.17.15 OpenZeppelin/ethernaut#184 from dsych/windows-sigint
• 9e80863 triggering sigint on windows
• 1c95d1d Merge pull request Fix issue170 OpenZeppelin/ethernaut#171 from blahah/master
• 65ac6e2 Merge pull request Fix issue170 for solidity04 OpenZeppelin/ethernaut#172 from Shank09/Shank09-package.json
• d03edd0 Added missing keywords in package.json
• df42a26 Respect falsy overrides (fixes Update to solidity 0.5 OpenZeppelin/ethernaut#151)
• b732102 Merge pull request Bump lodash from 4.17.11 to 4.17.19 OpenZeppelin/ethernaut#169 from jordanyaker/master
• 6ebf54a Removed the pkginfo dependency. Updated the required version of winston.
• 7d1a28f Removed the pkginfo dependency.
• d550674 Merge pull request Fix event filtering when syncing player progress OpenZeppelin/ethernaut#163 from Eagerod/fixer/add-properties
• 9b5f65b Added a test addProperties() with no parameters.
• fb83773 Fixed an issue where the first parameter in a callback would not be the
• e7b5449 Merge pull request Upgrade from Ropsten test network OpenZeppelin/ethernaut#121 from rubbingalcoholic/master
• e493cb8 Merge pull request Solidity 0.5 Version: MaxListenersExceededWarning OpenZeppelin/ethernaut#153 from devrelm/devrelm.function-defaults
• 3046431 Merge pull request Solidity 0.5 Version: Shop - Out of gas OpenZeppelin/ethernaut#156 from littleguga/master

See the full diff

Package name: truffle

The new version differs by 250 commits.

• 90c9f7e Publish
• 8f135ce Update yarn.lock
• 17b997c Merge pull request #3152 from trufflesuite/gwei
• 53f037e Merge pull request #3146 from trufflesuite/update-mocha
• 7113313 Update highlightjs-solidity
• 6db3b6a Merge pull request #3150 from trufflesuite/cruz/trufflesuite/web3-provider-engine-15.0.0-2
• 4c81358 Upgrade dependency: @ trufflesuite/[email protected]
• c78e34c Merge pull request #3149 from trufflesuite/more-yul-jump-handling
• 9944cc8 Update debugger tests to 0.6.11
• 6714cc8 Fix interaction of phantom guard and jumps into unmapped code
• e5db488 Better format locations with missing source path
• 078ea1e Accept colors as a mocha config field
• 21aa179 Correct typo with color property
• 56feea0 Add color option to the mocha config
• 22f4cdc Leave the debugger package using an older version of Mocha to bump later
• afba441 Remove useColors option for mocha
• 1f5ac1f Remove node 8 from github actions tasks
• 3f19f30 Update travis config
• 6fbd31d Remove call in logger for tests
• 3e55bc7 Update Mocha
• 008497b Merge pull request #3145 from trufflesuite/bug/ethpm-method
• 32fe89a Update @ public to @ external to comply with changes to vyper in version 0.2.0
• df44f8b Add space in vyper command
• 9628aa3 Increase test timeout

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Use of Weak Hash
🦉 More lessons are available in Snyk Learn

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Vulnerable Libraries (5)

Severity	Details
Critical	pkg:npm/[email protected] upgrade to: > 3.0.0
Critical	pkg:npm/[email protected] upgrade to: > 1.0.0
Critical	pkg:npm/[email protected] upgrade to: > 1.0.0
Critical	pkg:npm/[email protected] upgrade to: > 1.0.0
Critical	pkg:npm/[email protected] upgrade to: > 5.1.34

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.