[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/v8/tools/clusterfuzz/js_fuzzer/package.json
  • deps/v8/tools/clusterfuzz/js_fuzzer/package-lock.json
  • deps/v8/tools/clusterfuzz/js_fuzzer/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 145aec1 7.16.0
• 83518a5 Build: changelog update for 7.16.0
• a62ad6f Update: fix false negative of no-extra-parens with NewExpression (doc: fix a link in api/async_hooks.md nodejs/node#13930)
• f85b4c7 Fix: require-atomic-updates false positive across await (fixesBuffer::Length hard crashes nodejs/node#11954) (Nodejs document printing nodejs/node#13915)
• 301d0c0 Fix: no-constant-condition false positives with unary expressions (N-API: add function for fatal error nodejs/node#13927)
• 555c128 Fix: false positive with await and ** in no-extra-parens (fixes(v7.x backport) test: check curve algorithm is supported nodejs/node#12739) (Server.getConnections() failed with "Slave closed before reply" nodejs/node#13923)
• d93c935 Docs: update JSON Schema links (buffer.toString() no longer accepts null as encoding nodejs/node#13936)
• 8d0c93a Upgrade: [email protected] (Crypto required but not loaded nodejs/node#13920)
• 9247683 Docs: Remove for deleted npm run profile script (src: document --abort-on-uncaught-exception nodejs/node#13931)
• ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (N-API: Add functions to delete properties nodejs/node#13924)
• dc76911 Chore: Add .pre-commit-hooks.yaml file (Memory continuous goes high nodejs/node#13628)
• 2124e1b Docs: Fix wrong rule name (child_process: special handling of process.on('message') nodejs/node#13913)
• 06b5809 Sponsors: Sync README with website
• 26fc12f Docs: Update README team and sponsors
• 902a032 7.15.0
• 6356778 Build: changelog update for 7.15.0
• 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs test: check uv_ip4_addr return value nodejs/node#13878) (console, doc, util: console.log() and util.format() are wrongly documented and may be inconsistent nodejs/node#13908)
• 0eb7957 Upgrade: [email protected] (Discussion/Tracking SnapshotCreator support nodejs/node#13877)
• 683ad00 New: no-unsafe-optional-chaining rule (fixesEINVAL during syscall=connect nodejs/node#13431) (test: remove unneeded HandleScope usage nodejs/node#13859)
• cbc57fb Fix: one-var autofixing for export (fixeserrors: improve invalid arg type nodejs/node#13834) (FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory nodejs/node#13891)
• 110cf96 Docs: Fix a broken link in working-with-rules.md (fs,doc,test: open reserved characters under win32 nodejs/node#13875)
• 0cb81a9 7.14.0
• fb3a594 Build: changelog update for 7.14.0
• 5f09073 Update: fix 'skip' options in no-irregular-whitespace (fixestest: replace indexOf with includes and startsWith nodejs/node#13852) (test: refactor indexOf uses to es6 equivalents nodejs/node#13853)

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (module,repl: remove repl require() hack nodejs/node#4026)
• 3f7b987 uncaughtException: report more than one exception per test (deps: upgrade to npm 2.14.12 nodejs/node#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (Investigate flaky test-fs-readfile-tostring-fail nodejs/node#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closestest: share maxBuffer between stdout and stderr nodejs/node#4035 (npm not found nodejs/node#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (Map: assigning array value in for... of loop not working nodejs/node#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (doc: add backlog for more server.listen variants nodejs/node#4025)
• 9650d3f add OpenJS Foundation logo to website (test: fix test-domain-with-abort-on-uncaught-exception.js on AIX nodejs/node#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (repl: show exception for out-of-range unicode escape sequence nodejs/node#3971)
• aca8895 Add link checking to docs build step (console.log(not_existing_object) nodejs/node#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (tools: add preinstall script for npm on OS X nodejs/node#3986)
• 18ad1c1 treat '--require esm' as Node option (benchmark should be executed in "strict mode" nodejs/node#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (EMFILE error appears in iojs v1.2.0 on Windows nodejs/node#3984)
• ad4860e Remove extraGlobals() (JSStream ReadStream Assertion Failure nodejs/node#3970)
• b269ad0 Clarify effect of .skip() (Do not send empty TCP packet in _http_outgoing.js nodejs/node#3947)
• 1e6cf3b Add Matomo to website (doc: repl: add defineComand and displayPrompt nodejs/node#3765)
• 91b3a54 fix style on mochajs.org (Investigate test-cluster-worker-isdead.js failure nodejs/node#3886)

See the full diff

Package name: pkg

The new version differs by 44 commits.

• 72a919d Release 4.4.1
• 7af8d04 adopt new version of 'resolve' dependency
• 718d974 fixes for globby. test fixes. bump pkg-fetch
• 89a1a49 update dependencies
• 7ff6430 test: test-50-bakery-4 for baking non-v8 options
• 061a977 tolerate underscore in bakes excluded from fabricator
• 50da752 Release 4.4.0
• 460b1c9 don't limit test-50-promisify to host-only
• 3952f39 node 8 changed from util.createPromise to new Promise as well
• ee56bd7 raise babel target to node 8
• 1d47858 adjustments (governance: Add new Collaborators (round 2) nodejs/node#680)
• b0da4ee tests: remove test-46-multi-arch from no-npm run
• 005117c tests: add node 12, remove node 6
• 8616bb6 update test-42-fetch-all to reflect base binaries we provide
• 215af15 upgrade pkg-fetch and babel
• 589c6a5 bootstrap.js: don't check PKG_DUMMY_ENTRYPOINT in worker threads
• 58f81cf adjust test-50-may-exclude to node 12
• 9121a16 bump pkg-fetch
• 3775ab6 path.resolve argv[1] for non-default entrypoint. fixestracing working group nodejs/node#671
• e736f85 Fix pkg example express app (assert: use util.inspect() to create error messages nodejs/node#668)
• 619fc78 Release 4.3.8-canary.0
• 95e9334 bump dependencies, including pkg-fetch
• 4bdbd6a Release 4.3.7
• bdb59b3 bump pkg-fetch version

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic