[Snyk] Fix for 8 vulnerabilities

[ryan-ally]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/v8/tools/clusterfuzz/js_fuzzer/package.json
  • deps/v8/tools/clusterfuzz/js_fuzzer/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (module,repl: remove repl require() hack nodejs/node#4026)
• 3f7b987 uncaughtException: report more than one exception per test (deps: upgrade to npm 2.14.12 nodejs/node#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (Investigate flaky test-fs-readfile-tostring-fail nodejs/node#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closestest: share maxBuffer between stdout and stderr nodejs/node#4035 (npm not found nodejs/node#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (Map: assigning array value in for... of loop not working nodejs/node#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (doc: add backlog for more server.listen variants nodejs/node#4025)
• 9650d3f add OpenJS Foundation logo to website (test: fix test-domain-with-abort-on-uncaught-exception.js on AIX nodejs/node#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (repl: show exception for out-of-range unicode escape sequence nodejs/node#3971)
• aca8895 Add link checking to docs build step (console.log(not_existing_object) nodejs/node#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (tools: add preinstall script for npm on OS X nodejs/node#3986)
• 18ad1c1 treat '--require esm' as Node option (benchmark should be executed in "strict mode" nodejs/node#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (EMFILE error appears in iojs v1.2.0 on Windows nodejs/node#3984)
• ad4860e Remove extraGlobals() (JSStream ReadStream Assertion Failure nodejs/node#3970)
• b269ad0 Clarify effect of .skip() (Do not send empty TCP packet in _http_outgoing.js nodejs/node#3947)
• 1e6cf3b Add Matomo to website (doc: repl: add defineComand and displayPrompt nodejs/node#3765)
• 91b3a54 fix style on mochajs.org (Investigate test-cluster-worker-isdead.js failure nodejs/node#3886)

See the full diff

Package name: pkg

The new version differs by 44 commits.

• 72a919d Release 4.4.1
• 7af8d04 adopt new version of 'resolve' dependency
• 718d974 fixes for globby. test fixes. bump pkg-fetch
• 89a1a49 update dependencies
• 7ff6430 test: test-50-bakery-4 for baking non-v8 options
• 061a977 tolerate underscore in bakes excluded from fabricator
• 50da752 Release 4.4.0
• 460b1c9 don't limit test-50-promisify to host-only
• 3952f39 node 8 changed from util.createPromise to new Promise as well
• ee56bd7 raise babel target to node 8
• 1d47858 adjustments (governance: Add new Collaborators (round 2) nodejs/node#680)
• b0da4ee tests: remove test-46-multi-arch from no-npm run
• 005117c tests: add node 12, remove node 6
• 8616bb6 update test-42-fetch-all to reflect base binaries we provide
• 215af15 upgrade pkg-fetch and babel
• 589c6a5 bootstrap.js: don't check PKG_DUMMY_ENTRYPOINT in worker threads
• 58f81cf adjust test-50-may-exclude to node 12
• 9121a16 bump pkg-fetch
• 3775ab6 path.resolve argv[1] for non-default entrypoint. fixestracing working group nodejs/node#671
• e736f85 Fix pkg example express app (assert: use util.inspect() to create error messages nodejs/node#668)
• 619fc78 Release 4.3.8-canary.0
• 95e9334 bump dependencies, including pkg-fetch
• 4bdbd6a Release 4.3.7
• bdb59b3 bump pkg-fetch version

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic