[Snyk] Fix for 11 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	Sandbox Bypass SNYK-JS-VM2-1585918	No	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-2309905	No	Proof of Concept
	Arbitrary Code Execution SNYK-JS-VM2-2990237	No	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-3018201	No	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5415299	No	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5422057	No	Proof of Concept
	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	No	No Known Exploit
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	No	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-5537100	No	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature

Commit messages

Package name: adm-zip

The new version differs by 134 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request [Snyk-dev Update] New fixes for 54 vulnerable dependency paths snyk-labs/nodejs-goof#315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request [Snyk-dev Update] New fixes for 14 vulnerable dependency paths snyk-labs/nodejs-goof#322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request [Snyk-dev Update] New fixes for 15 vulnerable dependency paths snyk-labs/nodejs-goof#327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request [Snyk-dev] Fix for 65 vulnerable dependency paths snyk-labs/nodejs-goof#331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Sandbox Bypass
🦉 Arbitrary Code Execution