[Snyk] Fix for 33 vulnerabilities

[ZachT1711]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @microlink/mql

The new version differs by 140 commits.

• 151af5d build(no-release): generate bundle
• 5346eaf chore(release): 0.7.15
• 031f98d fix: linter
• 6f5ba3c build: update dependencies
• 6f712aa build(no-release): generate bundle
• 8a27ab2 chore(release): 0.7.14
• b24bb71 build(no-release): generate bundle
• bba51d7 chore(release): 0.7.13
• ea6d5ab build(no-release): generate bundle
• e171d27 chore(release): 0.7.12
• bae6ded build(no-release): generate bundle
• 5b90ec7 chore(release): 0.7.11
• 342d75c build: update dependencies
• 6934e01 build(no-release): generate bundle
• db04759 chore(release): 0.7.10
• 200ac4a build: update dependencies
• e71ef27 build(no-release): generate bundle
• ce54090 chore(release): 0.7.9
• 541a8bc build: update dependencies
• 0a780ab Merge pull request [Snyk] Security upgrade 3box from 1.17.1 to 1.20.0 #66 from microlinkhq/dependabot/npm_and_yarn/got-11.7.0
• 72d3138 build(deps): bump got from 11.6.2 to 11.7.0
• 9d24406 build(no-release): generate bundle
• 1e41d58 chore(release): 0.7.8
• d8872cf build: update dependencies

See the full diff

Package name: ethers

The new version differs by 15 commits.

• bd5e39e Updated changelog.
• 9e94c03 Updated elliptic library (#1439, #1782).
• 278b388 Added publishConfig to specify dist-tag.
• 106f8a2 Updated changelog.
• f79c965 Bumped elliptic version for security updates.
• 427e168 Updated dist files.
• fab14f8 Fixed typo in error message (#778).
• e8c89d7 Allow receive type in ABI without warning (Bump ethers from 4.0.48 to 5.3.1 3box/3box-dapp#746).
• b1c6575 Updated dist files.
• 3b7176f Fixed typo in error (Release to master 3box/3box-dapp#722).
• 5f7ddcd Fix EtherscanProvider from throwing outside async context (Bump ethers from 4.0.48 to 5.0.25 3box/3box-dapp#729).
• 4c9d740 Updated dist files.
• a930047 Added default API key for EtherscanProvider.
• 4e41871 Fixed typo in arguments name for waitForTransaction (Add HumanityDAO verification to 3Box profiles 3box/3box-dapp#477).
• 9947acc Partial support for non-English mnemonics for encrypted JSON wallets (Bump web3-eth-personal from 1.2.6 to 1.2.11 3box/3box-dapp#685).

See the full diff

Package name: node-sass

The new version differs by 97 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 5 commits.

• 09d29b3 5.0.5
• d0a7da7 feat(deps): update dependencies (Onboarding modal shown on first login even if I have a profile 3box/3box-dapp#154)
• 41d1e23 Redirect to css-minimizer-webpack-plugin for webpack 5 or above
• e9b84f1 5.0.4
• b3a3ada Update dependencies (Show modals on mobile? 3box/3box-dapp#133)

See the full diff

Package name: react-highlight

The new version differs by 1 commits.

• ebad4d4 Update README.md

See the full diff

Package name: web3

The new version differs by 250 commits.

• 02895cb Build for 1.7.5
• 34f6b68 v1.7.5
• 195f01d Manual build commit for 1.7.5-rc.1
• b640e26 v1.7.5-rc.1
• 96a7935 npm i
• 9476964 Merge branch '1.x' into release/1.7.5
• 84ac9b7 Fixed unit tests & removed dead code for web3-providers-http (#5228) (#5264)
• 2dcf142 Manual build commit for 1.7.5-rc.0
• ba30e1d v1.7.5-rc.0
• c93940b npm i and CHANGELOG update for 1.7.5 release
• fc7bfcd 1.x Libs Update including parse-url (#5254)
• ca827a7 fix Promise in Accounts.signTransaction() throwing errors that cannot be caught #4724 (#5080) (#5252)
• 35d8f7f Update AbstractProvider with correct typing (#5206)
• 57b6dc4 Add createAccessList type (#5146) (#5204)
• 46b5a5b fix remove wallet using an index when an account address and address lowercase are equal #5049 (#5050) (#5202)
• 2a1308f Fix transactionRoot -> transactionsRoot in BlockHeader (#5083) (#5197)
• 9e0d9d1 hexToNumber: return BigInt if result is bigger than max integer (#5157)
• 555aa0d web3-providers-http: Migrate from xhr2-cookies to cross-fetch (#5179)
• c034b8d Update `got` dependency for `web3-bzz` package (#5178)
• aae9d4a Updates on `README.md` Format (#5115)
• 8f05f19 Fixed documentation for web3.eth.accounts.signTransaction (#5121)
• 5b10473 Fix typo (#5116)
• 18da528 fix typos in web3-eth-accounts.rst & TESTING.md #5047 (#5048)
• e9ab4a5 Typo foudn (#5142)

See the full diff

Package name: web3-eth-personal

The new version differs by 250 commits.

• 8bfba23 v1.3.6
• 4fee853 Update geth-dev-assistant
• 69155de 1.3.6-rc.2 Fixes (#4065)
• 444bce7 Remove dtslint from ci scripts (#4064)
• 360b96a Fixing 1.3.6-rc.2 related issues (#4063)
• 7584ed7 Add web3-core-helpers as dev dependency
• 2823033 Add web3-core-helpers as dev dependency
• bd4509f 1.3.6-rc.2 fixes (#4062)
• 2d3c54a 1.3.6-rc.2 (#4059)
• b0822cd v1.3.6-rc.1
• 0b243e4 Built lib for 1.3.6-rc.1
• 5894e9e npm i
• 131fb16 Merge conflicts
• 73ef7e2 v1.3.6-rc.0
• e758f4b Built lib for 1.3.6-rc.0
• cddf991 Update CHANGELOG and ran npm i
• fdbda49 Bump underscore (#4051)
• 5d02719 Release/1.3.5 (#3974)
• 888d107 Feature/web3 eth iban es6 (#3964) (#3965)
• dc148e7 Clarify commitment to semantic versioning (#3961) (#3962)
• 88f59fe Debugging failing tests (#3959) (#3960)
• 8b2291b Rename tsc to compile (#3957) (#3958)
• bb259d9 add nvmrc file (#3817)
• 20bf22d Bump elliptic from 6.5.3 to 6.5.4 in /packages/web3-core-requestmanager (#3945)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn