[Snyk] Fix for 9 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-winstaller

The new version differs by 8 commits.

• dad268d 3.0.0
• 694f929 feat: copy .exe.config file (Enable user-selected entitlement for open/save demo electron/electron-api-demos#229)
• da145bb feat: Squirrel 1.9.1 (Errors in npm install on Windows 7 electron/electron-api-demos#288)
• 50bb564 feat: Allowed signWithParams with certificateFile/Password ([feature-request] make executable instructions electron/electron-api-demos#190)
• b07643b feat: Add Squirrel's --framework-version Option (Trojan detected electron/electron-api-demos#274) (Fix handling of the custom protocol on windows electron/electron-api-demos#275)
• a113097 chore: upgrade eslint, temp, & debug
• 5403c71 chore: upgrade to Node 6 (Hey! electron/electron-api-demos#293)
• 6210bab Upgrade asar to ^1.0.0

See the full diff

Package name: spectron

The new version differs by 72 commits.

• d2ecadc fix: disable contextIsolation on webframes
• 04f97b5 chore: disable windowByIndex commands
• f60fdbc chore: set fixtures to contentIsolation: false, update deprecation log number
• 86bffe8 chore: upgrade to Electron 12, import @ electron/remote
• f4d097a Merge pull request #783 from AviVahl/replace-request-with-got
• 87a00b7 v13.0.0
• d515796 test(ci): use github actions Linux container (#782)
• 495f7d8 chore(deps): replace "request" with "got"
• 1510a9b Merge pull request #778 from AviVahl/electron-11
• d763b84 chore(deps): electron@11, latest others
• 2bfc7dd Merge pull request #772 from andersk/prepare
• 72ed944 Change prepack script to prepare
• fc4c67e Version 12.0.0
• 89206bf chore: upgrade Electron to v10.0.0 (#713)
• cfeeebe chore: bump standard from 12.0.1 to 14.3.4 (#604)
• 7b8520e chore: bump eslint from 7.3.1 to 7.9.0 (#706)
• 22ee8ed chore: bump @ typescript-eslint/parser from 3.4.0 to 3.10.1 (#690)
• bb2a42c chore: bump @ typescript-eslint/eslint-plugin from 3.4.0 to 4.0.0 (#698)
• 1439291 chore: bump typescript from 3.9.2 to 4.0.3 (#711)
• 1b75bf0 chore: bump webdriverio from 6.1.20 to 6.5.2 (#712)
• cf6d97c Version 11.1.0
• c4fe27e chore: Add prettier and eslint (#633)
• 9fdb353 chore: upgrade webdriverio to 6.1.20 (#631)
• 0e91e2b chore: bump electron from 8.0.0 to 9.0.0 (#611)

See the full diff

Package name: standard

The new version differs by 250 commits.

• 9c505a9 13.0.0
• 7f3dd5d [email protected]
• 8cfb0ee [email protected]
• e235cb5 changelog 13.0.0
• f125f0c add link to security disclosure policy
• bd44694 add nodejs logo; change logos to 4 per row
• f7f98bf Update CHANGELOG.md
• 5e6315c remove badge
• e3862be Update AUTHORS.md
• f796995 13.0.0-0
• 16ffaef Update CHANGELOG.md
• c1f817e bump deps
• ffb0b8e travis: drop node 6, add node 12
• d5565b5 Update CHANGELOG.md
• 4dcd00a add Nuxt.js logo
• ee3104d compress logos
• 6e077d7 standard
• d33bfe9 Merge pull request #1308 from munierujp/update_japanese_documents
• dd8fe00 Create FUNDING.yml
• 318bfac readme/changelog: global installation changes
• 329a2e0 readme: fix typescript instructions
• db61e3f Update CHANGELOG.md
• 7c661eb Automatically pass on Node 6 or earlier
• 0cfc932 Update Japanese document for 40d1d5e

See the full diff

Package name: tap

The new version differs by 181 commits.

• 8f2baa7 16.0.0
• 65e599e drop support for node v10
• 84fc6df docs: changelog for v16
• e6acf7b update coveralls documentation to say to install it
• 3c7b3ef document coveralls removal in the cli help output
• 43bf1df undocument synonyms
• 1ff75a4 make coveralls an optional peer dep
• 3f1ae47 Add eslint for linting
• 162c1a8 Support Typescript for --before and --after
• 28d2d03 Fix script on using node-tap with codecov
• 3a0e81c docs: fix broken link
• 1b636b2 Add jsonpath-faster
• c4bdeef fix typo `than` to `that`
• 20fbd40 Update Node.js min version to 10.x in CONTRIBUTING
• 90dda0b update cli doc
• 636ab18 15.2.3
• e609d8f docs: changelog for 15.2
• c182328 [email protected]
• f576a60 docs: setting t.snapshotFile
• d9fa241 [email protected]
• a02f33e update cli doc
• d1500b6 15.2.2
• b784d77 tap-parser@11
• 567384e update cli doc

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn