[Snyk] Fix for 9 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/asn1/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixesassert: use same value equal for deepStrictEqual NaN nodejs/node#15036) (Need Payment IRS SSA Unemployment ASAP nodejs/node#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixesShould overwriting child_process.execFile result in changed behaviour of child_process.exec? nodejs/node#15076) (http2: adjust error types, increase test coverage nodejs/node#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs (node:7596) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: Something took too long to do. nodejs/node#13706) (test: remove common module from test it thwarts nodejs/node#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (doc: fix comment about http2.createSecureServer nodejs/node#15085)
• 68a49a9 Docs: Update Rollup Integrations (V0.12.6 release nodejs/node#15142)
• d867f81 Docs: Remove a dot from curly link (feature-request - include sqlite3 as builtin module for node v9.x nodejs/node#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (Should spawn with undefined env value be treated as "undefined" string? nodejs/node#15087)
• 16034f0 Docs: fix fixable example (doc: update README with SHASUMS256.txt.sig info nodejs/node#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixesdoc, util, console: clarify ambiguous docs nodejs/node#14027) (test: increase Http2ServerResponse test coverage nodejs/node#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixeshttp keepAliveTimeout triggers while writing large http responses nodejs/node#15082) (test: split path tests into multiple files nodejs/node#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (timers distribution predictability nodejs/node#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` ((v4.x-backport) zlib: fix crash when initializing failed nodejs/node#14860)
• 7f2346b Docs: Update release blog post template (doc: remove braces which shouldn't be there nodejs/node#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (n-api: refactor napi_addon_register_func nodejs/node#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (tcp socket localPort option does not work nodejs/node#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixescrypto: fix error of createCipher in wrap mode nodejs/node#15037) (tls: replace forEach with for nodejs/node#15053)

See the full diff

Package name: istanbul

The new version differs by 72 commits.

• 89e338f 0.4.5
• 7efe4dc update changelog, contributors
• da79378 Merge pull request [Snyk] Security upgrade @babel/traverse from 7.14.5 to 7.23.2 #673 from popomore/swap-fileset-for-glob
• 58f4c90 swap fileset for glob
• fef889b Merge pull request [Snyk] Fix for 2 vulnerabilities #657 from djorg83/master
• 91bb666 log filename when file fails to parse using esprima
• 5dbd62c 0.4.4
• 5642fb4 Update changelog, contributors
• f4195bb Merge pull request [Snyk] Fix for 1 vulnerabilities #507 from Victorystick/es-modules-support
• c521035 Merge pull request [Snyk] Security upgrade jest from 24.9.0 to 27.0.0 #628 from inversion/use-tmp-dir
• 66fffdc Merge pull request [Snyk] Fix for 1 vulnerabilities #597 from JamesMGreene/patch-1
• dfcab10 Merge pull request [Snyk] Security upgrade semantic-release from 17.4.7 to 21.0.2 #627 from a0viedo/patch-1
• abec3ae Merge pull request [Snyk] Security upgrade babel-loader from 8.3.0 to 9.1.3 #625 from ChALkeR/tmpdir
• a9aaf53 tmp dir setting was being ignored in TmpStore
• 522f465 link build badge to master branch
• 0b5e80d use os.tmpdir() instead of os.tmpDir()
• 5069661 Set "medium" coverage CSS color scheme to yellow
• 0e8c350 Merge pull request [Snyk] Security upgrade xo from 0.24.0 to 0.53.0 #587 from clickthisnick/chore-remove-trailing-spaces
• fc3ba35 0.4.3
• b3de106 Update changelog, contributors
• bb5b6e1 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #579 from jtangelder/fix-colors
• 0411600 return plain string when an invalid clazz is given
• a556a5e Merge pull request [Snyk] Fix for 1 vulnerabilities #552 from abejfehr/patch-1
• 369ed49 Merge pull request [Snyk] Fix for 1 vulnerabilities #545 from pra85/patch-1

See the full diff

Package name: tape

The new version differs by 4 commits.

• 99f32f5 4.0.0
• cf56a13 Drop 0.8 support
• a6bdf9c Expand reporters section into "things that go well with tape"
• d6acc1e Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Privilege Management