[Snyk] Fix for 114 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/tweetnacl/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	Yes	Proof of Concept
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1021884	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1041745	Yes	Mature
	Improper Validation SNYK-JS-ELECTRON-1047306	Yes	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1048693	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1049321	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1049323	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1049547	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1050424	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1050427	Yes	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1050882	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1050999	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-1051000	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1064555	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1064558	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1064561	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1065981	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1070013	Yes	No Known Exploit
	Insufficient Validation SNYK-JS-ELECTRON-1070014	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1070015	Yes	No Known Exploit
	Heap Buffer Overflow SNYK-JS-ELECTRON-1085647	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1085705	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1085994	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1085996	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1085998	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1086693	Yes	No Known Exploit
	Access Restriction Bypass SNYK-JS-ELECTRON-1086694	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1086695	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1087442	Yes	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-1088600	Yes	Mature
	Insecure Defaults SNYK-JS-ELECTRON-1088602	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1252279	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1252280	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1253279	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1253281	Yes	No Known Exploit
	Out-of-bounds SNYK-JS-ELECTRON-1257943	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1258207	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1259349	Yes	No Known Exploit
	Integer Overflow or Wraparound SNYK-JS-ELECTRON-1260586	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-1261111	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1277203	Yes	No Known Exploit
	Integer Overflow SNYK-JS-ELECTRON-1277205	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1277526	Yes	No Known Exploit
	Out Of Bounds Read SNYK-JS-ELECTRON-1278596	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296553	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296555	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1296557	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1296559	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1296561	Yes	No Known Exploit
	Race Condition SNYK-JS-ELECTRON-1296563	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1296565	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1312313	Yes	No Known Exploit
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-1312314	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1312315	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1313765	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1313767	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1314896	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1315151	Yes	No Known Exploit
	Out-of-bounds Write SNYK-JS-ELECTRON-1315668	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1533614	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1534881	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1534882	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1534883	Yes	Mature
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1534884	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1536579	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1536581	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1536587	Yes	No Known Exploit
	Out-of-Bounds SNYK-JS-ELECTRON-1585619	Yes	Mature
	Type Confusion SNYK-JS-ELECTRON-1586050	Yes	No Known Exploit
	Buffer Overflow SNYK-JS-ELECTRON-1656742	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-1656743	Yes	Mature
	Out-of-Bounds SNYK-JS-ELECTRON-1656745	Yes	No Known Exploit
	Access Restriction Bypass SNYK-JS-ELECTRON-1656746	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-ELECTRON-1727344	Yes	Mature
	Sandbox Bypass SNYK-JS-ELECTRON-1731315	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-174045	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1910985	Yes	Mature
	Use After Free SNYK-JS-ELECTRON-1910987	Yes	No Known Exploit
	Exposure of Resource to Wrong Sphere SNYK-JS-ELECTRON-1910988	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-1910991	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-1911949	Yes	Proof of Concept
	Use After Free SNYK-JS-ELECTRON-1912074	Yes	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-ELECTRON-1912084	Yes	No Known Exploit
	Information Exposure SNYK-JS-ELECTRON-1912085	Yes	Mature
	Arbitrary Code Execution SNYK-JS-ELECTRON-483050	Yes	No Known Exploit
	Arbitrary Code Execution SNYK-JS-ELECTRON-483056	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-564272	Yes	No Known Exploit
	Heap Overflow SNYK-JS-ELECTRON-565051	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-ELECTRON-565052	Yes	No Known Exploit
	Improper Access Control SNYK-JS-ELECTRON-565362	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565366	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565368	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565441	Yes	No Known Exploit
	Buffer Underflow SNYK-JS-ELECTRON-565488	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565490	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565494	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565571	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565705	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-565709	Yes	No Known Exploit
	Site Isolation Bypass SNYK-JS-ELECTRON-565713	Yes	No Known Exploit
	Use After Free SNYK-JS-ELECTRON-570624	Yes	No Known Exploit
	Type Confusion SNYK-JS-ELECTRON-570833	Yes	Proof of Concept
	Arbitrary File Read SNYK-JS-ELECTRON-575393	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575394	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575395	Yes	No Known Exploit
	Privilege Escalation SNYK-JS-ELECTRON-575396	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept

Commit messages

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixesassert: use same value equal for deepStrictEqual NaN nodejs/node#15036) (Need Payment IRS SSA Unemployment ASAP nodejs/node#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixesShould overwriting child_process.execFile result in changed behaviour of child_process.exec? nodejs/node#15076) (http2: adjust error types, increase test coverage nodejs/node#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs (node:7596) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: Something took too long to do. nodejs/node#13706) (test: remove common module from test it thwarts nodejs/node#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (doc: fix comment about http2.createSecureServer nodejs/node#15085)
• 68a49a9 Docs: Update Rollup Integrations (V0.12.6 release nodejs/node#15142)
• d867f81 Docs: Remove a dot from curly link (feature-request - include sqlite3 as builtin module for node v9.x nodejs/node#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (Should spawn with undefined env value be treated as "undefined" string? nodejs/node#15087)
• 16034f0 Docs: fix fixable example (doc: update README with SHASUMS256.txt.sig info nodejs/node#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixesdoc, util, console: clarify ambiguous docs nodejs/node#14027) (test: increase Http2ServerResponse test coverage nodejs/node#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixeshttp keepAliveTimeout triggers while writing large http responses nodejs/node#15082) (test: split path tests into multiple files nodejs/node#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (timers distribution predictability nodejs/node#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` ((v4.x-backport) zlib: fix crash when initializing failed nodejs/node#14860)
• 7f2346b Docs: Update release blog post template (doc: remove braces which shouldn't be there nodejs/node#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (n-api: refactor napi_addon_register_func nodejs/node#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (tcp socket localPort option does not work nodejs/node#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixescrypto: fix error of createCipher in wrap mode nodejs/node#15037) (tls: replace forEach with for nodejs/node#15053)

See the full diff

Package name: tape-run

The new version differs by 33 commits.

• ee4654e 9.0.0
• 57adc5f Bump browser-run to support sandbox option. Closes[Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #82
• ccad1ea Include more detailed Headless Testing section ([Snyk] Security upgrade mocha from 8.2.1 to 9.2.2 #81)
• 31de6f9 8.0.0
• 20125a6 Bump browser-run to latest, fixing electron security issue ([Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #80)
• e93c616 travis: update node versions
• 463bed9 7.0.0
• e032edb bump browser-run to 7.0.1
• 01b5790 6.0.1
• e8c2b76 Add rollup documentation
• eb284e0 travis: remove old node versions
• 0056a90 6.0.0
• 544a86e update browser-run to fix installation issue
• 9fc2b4b 5.0.0
• 9fa041c Merge pull request [Snyk] Security upgrade strip-ansi from 3.0.1 to 4.0.0 #73 from cezaraugusto/update-browser-run
• bcb8fad update [email protected]
• 2186d4d 4.0.0
• 16b5fe6 remove package-lock
• f696cba 3.0.4
• f7c7a68 sponsors
• 5defaec 3.0.3
• 257098f support
• 193428b 3.0.2
• 4fdada2 upgrade electron (vulnerable)

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (Space in network share name(UNC path) causes unknown error nodejs/node#5160)
• eb93d92 fix corner case in `awaits` (Hack attempt on Windows - long path issue? nodejs/node#5158)
• a0250ec fix corner case in `dead_code` (test: fix flaky test-http-regr-gh-2928 nodejs/node#5154)
• 2580162 parse `let` as symbol names correctly (tools: remove excessive comments from .eslintrc nodejs/node#5151)
• 32ae994 fix issues in tests flagged by LGTM (test: enable to work pkcs12 test in FIPS mode nodejs/node#5150)
• 03aec89 fix corner cases in `strings` & `templates` (uncaughtException only catches the first uncaughtException. nodejs/node#5147)
• faf0190 document ECMAScript quirks (Ensure there's a channel before trying to send on it nodejs/node#5148)
• c8b0f68 fix corner case in `merge_vars` (Require with an uppercase make a new instance of module on mac osx nodejs/node#5143)
• 87b9916 fix corner case in `inline` (Release proposal: v5.5.1 (Stable) nodejs/node#5141)
• 940887f fix corner case in `evaluate` (crypto: add secure key comparsion function nodejs/node#5139)
• 0b2573c fix corner case in `templates` (Release proposal: v0.12.10 (LTS) nodejs/node#5137)
• 1575210 avoid potential RegExp denial-of-service (tools: disallow mixed spaces and tabs for indents nodejs/node#5135)
• f766bab enhance `templates` (Core dump on process.stdout.write() or console.log() for large files nodejs/node#5131)
• 436a293 enhance `dead_code` (doc: clarify dgram socket.send() multi-buffer support nodejs/node#5130)
• 55418fd fix corner case in `rests` (test: remove timer from test-http-1.0 nodejs/node#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (path: performance and stability improvements on all platforms nodejs/node#5123)
• c3aef23 fix corner case in `reduce_vars` (test: fix child-process-fork-regr-gh-2847 nodejs/node#5121)
• db94d21 fix corner case in `side_effects` (doc: fix dgram doc indentation nodejs/node#5118)
• 9634a9d fix corner cases in `optional_chains` (deps: upgrade to npm 2.14.17 nodejs/node#5110)
• befb99b fix corner case in `inline` (tools: lint for empty character classes in regex nodejs/node#5115)
• 02eb8ba fix corner case in `collapse_vars` (repl cannot handle single quote in regex, when within a function nodejs/node#5113)
• c09f63a fix corner case in `rests` (crypto: add pfx certs as CA certs too nodejs/node#5109)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Access Control
🦉 More lessons are available in Snyk Learn