[Snyk] Fix for 29 vulnerabilities

[pengkobe]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Arbitrary Code Execution SNYK-JS-THENIFY-571690	No	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Command Injection SNYK-JS-TREEKILL-536781	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: egg

The new version differs by 33 commits.

• 383f3cf Release 2.23.0
• f77d1ba Release 2.23.0 (#3827)
• 6bfc0eb fix: error message rewrite when it has only a getter (#3796)
• 489f52b fix: handleRequest method should return a promise (#3820)
• 29a2f2f fix: more log for bodyParser (#3809)
• 6dc8a2d chore: fix ci (#3825)
• e30511e docs: add alinode supported platforms (#3821)
• c67ca20 docs: open should come with protocol (#3787)
• 9adcd40 docs(lifecyle): add class export in sample code (#3758)
• 4ca6273 fix: typos (#3768)
• b1cb533 chore: remove @ types/urllib (#3732)
• 3de31f5 fix(typings): add custom logger typings (#3697)
• 35af633 docs: https options en version (#3702)
• 9c23232 docs(sequelize): replace findById with findByPk (#3700)
• 3fccb4f docs: https options (#3701)
• 5b2dbd5 test: fix some test methods failed on windows platform (#3686)
• 4099902 fix：add the doc test on windows (#3654)
• 17fab1c docs: httpclient upload files (#3682)
• da2d439 docs（lifecyle): fix typo (#3681)
• f2a7ad9 Release 2.22.2 (#3666)
• 670ba34 fix(typings): optimize declaration of httpclient (#3665)
• e8dc7db chore: 2.22.1 (#3662)
• 85bd297 Release 2.22.1 (#3660)
• 04adcf9 fix: should restore agent messenger first (#3658)

See the full diff

Package name: egg-mock

The new version differs by 59 commits.

• 30a83f9 Release 5.6.0
• b0af3eb feat: upgrade globby to v11 (#137)
• 7345fae Release 5.5.0
• 9db9afa feat: add mockContextScope (#136)
• b7c5bb1 chore: auto release (#135)
• b9fe736 Release 5.4.0
• 0bd71bc 📦 NEW: Allow restore mockAgent only (#134)
• 6fdaf45 Release 5.3.0
• 6608f01 📦 NEW: mock context support ctxStorage (#133)
• 2ba6266 Release 5.2.1
• 18c366d fix: use global hook for register global hook (#132)
• 7054d88 Release 5.2.0
• 209c921 feat: add EGG_FRAMEWORK for bootstrap custom framework (#131)
• a2cc714 Release 5.1.0
• 22f508c feat: impl parallel app for mocha parallel mode (#130)
• fbbd8af Release 5.0.2
• 299f7ec 🐛 FIX: Should use urllib-next package (#129)
• 17a6713 🤖 TEST: Add httpclient streaming mocking (#128)
• d1ba441 Release 5.0.1
• ae766ff 👌 IMPROVE: Mock httpclient support delay ms and repeat times (#127)
• 30f6868 Release 5.0.0
• 60658ec 📦 NEW: [BREAKING] Support egg 3.0 (#126)
• e58c59e Release 4.2.1
• 983e610 feat: allow other envtype (#125)

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Command Injection
🦉 More lessons are available in Snyk Learn